[KbkAK]

Hi, did everything, according to Malware Removal Guide, got logs, and my mom yelling at me to fix the PC. The problem is, i cant use many programs, like Msn Live messenger. After some period of time, computer is just "freezing", i cant do anything, mouse cursor cant move, all i can do is reboot. Ow, and after scanning/removing with these programs mentioned in Malware removal, 16-bit subsystem error isnt popping out, as it was before scan. Malwarebytes' Anti-Malware 1.36
Database version: 1955: 1955
Windows 5.1.2600 Dodatek Service Pack 3

2009-04-09 11:02:37
mbam-log-2009-04-09 (11-02-37).txt

Scan type: Quick Scan
Objects scanned: 87384
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 18
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c988a1bf-d300-4a4c-9a63-afdf23671052} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrlihaq (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c988a1bf-d300-4a4c-9a63-afdf23671052} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\o reans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\microsoft winupdate (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\FunWebProducts\Data\user (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\Bifrost (Backdoor.Bifrost) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\rqRliHAQ.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xm l (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport\cs\report\send_storage.xm l (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xm l (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport\cs\report\send_storage.xm l (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\FunWebProducts\Data\user\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Dane aplikacji\FunWebProducts\Data\user\zbucks.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\Bifrost\klog.dat (Backdoor.Bifrost) -> Quarantined and deleted successfully.
C:\WINDOWS\b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\syssetub.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msupdte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synia\Dane aplikacji\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/09/2009 at 11:24 AM

Application Version : 4.26.1000

Core Rules Database Version : 3836
Trace Rules Database Version: 1792

Scan type : Quick Scan
Total Scan Time : 00:30:36

Memory items scanned : 621
Memory threats detected : 0
Registry items scanned : 566
Registry threats detected : 50
File items scanned : 13425
File threats detected : 169

Adware.MyWebSearch
HKU\S-1-5-21-823518204-2000478354-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-823518204-2000478354-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-823518204-2000478354-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-823518204-2000478354-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-823518204-2000478354-839522115-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

Adware.HotBar/ShopperReports (Low Risk)
HKU\S-1-5-21-823518204-2000478354-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
HKU\S-1-5-21-823518204-2000478354-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

Adware.Zango/ShoppingReport
HKU\S-1-5-21-823518204-2000478354-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
HKU\S-1-5-21-823518204-2000478354-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
HKU\S-1-5-21-823518204-2000478354-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
HKU\S-1-5-21-823518204-2000478354-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
HKU\S-1-5-21-823518204-2000478354-839522115-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKU\S-1-5-21-823518204-2000478354-839522115-1007\Software\ShoppingReport

Adware.RX Toolbar
HKU\S-1-5-21-823518204-2000478354-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}

Unclassified.Oreans32
HKLM\System\ControlSet004\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet004\Enum\Root\LEGACY_oreans3 2
HKLM\System\ControlSet007\Services\oreans32
HKLM\System\ControlSet007\Enum\Root\LEGACY_oreans3 2
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ore ans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Ty pe
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#St art
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Er rorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Im agePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Di splayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Se curity
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Se curity#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\En um
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\En um#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\En um#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\En um#NextInstance

Adware.Tracking Cookie
C:\Documents and Settings\KosTa\Cookies\kosta@youporngay[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@server.cpmstar[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@6399[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ad[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@iacas.adbureau[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@adtech[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@adserver.o2[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ad.zanox[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@m1.webstats.motigo[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@adbrite[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@counter-strike[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@26263[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@atdmt[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@www.zanox-affiliate[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@wmvmedialease[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ads.pointroll[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ads.us.e-planning[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@questionmarket[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@youporncocks[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@eas.apm.emediate[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@2o7[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@teenpuberty[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ad1.clickhype[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@youporn[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@cgi-bin[3].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ads.gamershell[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@adserver.filefront[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@weborama[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@media.warrock[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@track.adform[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@toplist[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@bs.serving-sys[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@youpornmate[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@tradedoubler[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@tribalfusion[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@www.counter-strike.com[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@media.licenseacquisit ion[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@realmedia[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@mywebsearch[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@perfect-cumshot-in-slowmo-spritzing[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@serving-sys[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@specificclick[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@partypoker[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ads.sciaga[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ads-dev.youporn[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@gms.adbureau[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@content.licenseacquis ition[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@www.youngteengallerie s[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ad2.pixelate[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@hotbar[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@1071008078[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@clicktorrent[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@k2network.112.2o7[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@showit[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ads.morpheus[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ads.realtechnetwork[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@revenue[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@adserver.easyad[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ads.addynamix[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@1065844863[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@media6degrees[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@adstat.4u[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ads.glispa[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@5574[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@www.zango[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@partner2profit[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@1061602453[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@image.masterstats[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@server.iad.liveperson[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@revsci[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@atwola[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@hit.stat[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@adserver[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@xxxcounter[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@porntube[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@please[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@please[3].txt
C:\Documents and Settings\KosTa\Cookies\kosta@1072692559[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@tacoda[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@cgi[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@cgi-bin[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ad.adocean[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@board.counter-strike[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@windowsmedia[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ads.tk-net[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@yadro[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@content.yieldmanager. edgesuite[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@join.porntube[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@reduxads.valuead[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@adserver.adreactor[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@partygaming.122.2o7[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@www.youpornmate[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@content.yieldmanager[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ads2.itendix[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@porntube[1].txt
C:\Documents and Settings\KosTa\Cookies\kosta@ads.techguy[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@amlocalhost.trymedia[2].txt
C:\Documents and Settings\KosTa\Cookies\kosta@azjmp[2].txt
C:\Documents and Settings\KosTa\Ustawienia lokalne\Temp\Cookies\kosta@ads-dev.youporn[2].txt
C:\Documents and Settings\KosTa\Ustawienia lokalne\Temp\Cookies\kosta@atdmt[2].txt
C:\Documents and Settings\KosTa\Ustawienia lokalne\Temp\Cookies\kosta@youporn[2].txt
C:\Documents and Settings\Synia\Cookies\synia@2o7[2].txt
C:\Documents and Settings\Synia\Cookies\synia@ad.adocean[2].txt
C:\Documents and Settings\Synia\Cookies\synia@ad.yieldmanager[1].txt
C:\Documents and Settings\Synia\Cookies\synia@ad.zanox[1].txt
C:\Documents and Settings\Synia\Cookies\synia@ad1.clickhype[1].txt
C:\Documents and Settings\Synia\Cookies\synia@AdDisplayTrackerServl et[1].txt
C:\Documents and Settings\Synia\Cookies\synia@ads.glispa[2].txt
C:\Documents and Settings\Synia\Cookies\synia@ads.pointroll[1].txt
C:\Documents and Settings\Synia\Cookies\synia@ads.us.e-planning[1].txt
C:\Documents and Settings\Synia\Cookies\synia@adserver.easyad[1].txt
C:\Documents and Settings\Synia\Cookies\synia@adtech[1].txt
C:\Documents and Settings\Synia\Cookies\synia@apmebf[1].txt
C:\Documents and Settings\Synia\Cookies\synia@atdmt[2].txt
C:\Documents and Settings\Synia\Cookies\synia@bluestreak[1].txt
C:\Documents and Settings\Synia\Cookies\synia@bs.serving-sys[1].txt
C:\Documents and Settings\Synia\Cookies\synia@casalemedia[1].txt
C:\Documents and Settings\Synia\Cookies\synia@doubleclick[2].txt
C:\Documents and Settings\Synia\Cookies\synia@fastclick[1].txt
C:\Documents and Settings\Synia\Cookies\synia@hotbar[1].txt
C:\Documents and Settings\Synia\Cookies\synia@k2network.112.2o7[1].txt
C:\Documents and Settings\Synia\Cookies\synia@mywebsearch[1].txt
C:\Documents and Settings\Synia\Cookies\synia@overture[1].txt
C:\Documents and Settings\Synia\Cookies\synia@realmedia[1].txt
C:\Documents and Settings\Synia\Cookies\synia@revsci[2].txt
C:\Documents and Settings\Synia\Cookies\synia@server.iad.liveperson[2].txt
C:\Documents and Settings\Synia\Cookies\synia@serving-sys[2].txt
C:\Documents and Settings\Synia\Cookies\synia@specificclick[2].txt
C:\Documents and Settings\Synia\Cookies\synia@statcounter[1].txt
C:\Documents and Settings\Synia\Cookies\synia@tradedoubler[1].txt
C:\Documents and Settings\Synia\Cookies\synia@tribalfusion[1].txt
C:\Documents and Settings\Synia\Cookies\synia@www.burstnet[1].txt
C:\Documents and Settings\Synia\Cookies\synia@zedo[2].txt
C:\Documents and Settings\user\Cookies\user@2o7[1].txt
C:\Documents and Settings\user\Cookies\user@ad.adocean[2].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt
C:\Documents and Settings\user\Cookies\user@ad.zanox[1].txt
C:\Documents and Settings\user\Cookies\user@adrevolver[2].txt
C:\Documents and Settings\user\Cookies\user@adrevolver[3].txt
C:\Documents and Settings\user\Cookies\user@ads.pointroll[2].txt
C:\Documents and Settings\user\Cookies\user@adserver.gadu-gadu[1].txt
C:\Documents and Settings\user\Cookies\user@adtech[1].txt
C:\Documents and Settings\user\Cookies\user@apmebf[1].txt
C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
C:\Documents and Settings\user\Cookies\user@bluestreak[1].txt
C:\Documents and Settings\user\Cookies\user@bs.serving-sys[1].txt
C:\Documents and Settings\user\Cookies\user@content.yieldmanager.ed gesuite[2].txt
C:\Documents and Settings\user\Cookies\user@content.yieldmanager[1].txt
C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt
C:\Documents and Settings\user\Cookies\user@fastclick[1].txt
C:\Documents and Settings\user\Cookies\user@fastclick[2].txt
C:\Documents and Settings\user\Cookies\user@maxserving[1].txt
C:\Documents and Settings\user\Cookies\user@media.adrevolver[2].txt
C:\Documents and Settings\user\Cookies\user@mywebsearch[1].txt
C:\Documents and Settings\user\Cookies\user@questionmarket[2].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt
C:\Documents and Settings\user\Cookies\user@tracking.novem[1].txt
C:\Documents and Settings\user\Cookies\user@tradedoubler[1].txt
C:\Documents and Settings\user\Cookies\user@tribalfusion[2].txt
C:\Documents and Settings\user\Cookies\user@windowsmedia[2].txt
C:\Documents and Settings\user\Cookies\user@wunderloop.zanox[1].txt
C:\Documents and Settings\user\Cookies\user@zbox.zanox[1].txt
C:\Documents and Settings\user\Cookies\user@zedo[2].txt

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-823518204-2000478354-839522115-1007\SOFTWARE\Fun Web Products
HKU\S-1-5-21-823518204-2000478354-839522115-1007\SOFTWARE\MyWebSearch

Trojan.DNSChanger-Codec
C:\resycled

Trojan.Media-Codec/V4
HKCR\multimediaControls.chl
HKCR\multimediaControls.chl\CLSID

Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CONTROLSET006\SERVICES\TCPIP\PARAMETER S\INTERFACES\{98049287-DFCC-420D-9234-478342376C1D}#NAMESERVER

Trojan.Unclassified/MSUPDTE-Fake
HKLM\Software\Microsoft\Windows\CurrentVersion\Run #Microsoft WinUpdate [ C:\WINDOWS\system32\msupdte.exe ]

Trojan.K-Series/Variant
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\USTAWIENI A LOKALNE\TEMP\TEMPO-095.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\USTAWIENI A LOKALNE\TEMP\TEMPO-92F.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\USTAWIENI A LOKALNE\TEMP\TEMPO-DF7.TMP
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:29, on 2009-04-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Leawo\Youtube Download\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'Synia')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1007\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (User 'Synia')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1007\..\Run: [IDMan] E:\Internet Download Manager\IDMan.exe /onboot (User 'Synia')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Synia')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1007\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Synia')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1007\..\Run: [RGSC] E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent (User 'Synia')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1007\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Synia')
O4 - S-1-5-21-823518204-2000478354-839522115-1007 Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User 'Synia')
O4 - S-1-5-21-823518204-2000478354-839522115-1007 User Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User 'Synia')
O4 - Startup: ctfmon.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000(2)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{95899D09-2894-4C39-A922-039C0B32AD97}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{98049287-DFCC-420D-9234-478342376C1D}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\PROGRA ~1\Google\GOOGLE~4\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Usługa Google Update (gupdate1c9ae3b9e945216) (gupdate1c9ae3b9e945216) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12824 bytes

[evilfantasy]

Download from DDS by sUBs and save it to your Desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or forewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs:

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please include the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[KbkAK]

Here we go:

DDS (Ver_09-03-16.01) - NTFSx86
Run by KosTa at 16:10:35,90 on 2009-04-09
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1302 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KosTa\Pulpit\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.pl/
uWindow Title = neostrada tp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} - c:\progra~1\neostr~1\SEARCH~1.DLL
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: MorpheusToolbar BHO: {3f3714a1-89a4-46be-8af3-d0c9d1fb03f9} - MorpheusToolbar BHO
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Mario Forever Toolbar Helper: {8036d4d7-aad3-4793-ab49-329e437155a8} - c:\program files\mario forever toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
BHO: Pomocnik rejestracji usługi Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\leawo\youtube download\MoyeaCth.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\s wg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Mario Forever Toolbar: {463df6d5-bec1-4d67-b217-59db692dfc53} - c:\program files\mario forever toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: Morpheus Toolbar: {3f3714a9-89a4-46be-8af3-d0c9d1fb03f9} -
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Gadu-Gadu] "c:\program files\gadu-gadu\gg.exe" /tray
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [<NO NAME>]
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [WOOWATCH] c:\progra~1\neostr~1\Watch.exe
mRun: [WOOTASKBARICON] c:\progra~1\neostr~1\GestMaj.exe TaskBarIcon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\documents and settings\kosta\menu start\programy\autostart\ctfmon.exe
StartupFolder: c:\docume~1\kosta\menust~1\programy\autost~1\openo f~1.lnk - c:\program files\openoffice.org 2.2\program\quickstart.exe
IE: &Search - ?p=ZJfox000(2)
IE: &Winamp Search - c:\documents and settings\all users\dane aplikacji\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: { - c:\program files\messenger\msmsgs.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {95899D09-2894-4C39-A922-039C0B32AD97} = 194.204.159.1 217.98.63.164
TCP: {98049287-DFCC-420D-9234-478342376C1D} = 208.67.220.220,208.67.222.222
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~4\goec62~1.dll,c:\progra ~1\google\google~4\goec62~1.dll c:\progra~1\google\google~4\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {C988A1BF-D300-4A4C-9A63-AFDF23671052} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kosta\daneap~1\mozilla\firefox\profile s\r8z86l9b.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - google.pl
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\kosta\dane aplikacji\mozilla\firefox\profiles\r8z86l9b.defaul t\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\kosta\dane aplikacji\mozilla\firefox\profiles\r8z86l9b.defaul t\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dl l
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMorpBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyGlSh.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM5.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300

============= SERVICES / DRIVERS ===============

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-9-16 2915944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-8-18 468224]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sy s [2008-2-11 38656]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-3-3 116992]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\system32\appdrvrem01.exe svc --> c:\windows\system32\appdrvrem01.exe svc [?]
S2 gupdate1c9ae3b9e945216;Usługa Google Update (gupdate1c9ae3b9e945216);c:\program files\google\update\GoogleUpdate.exe [2009-3-26 133104]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-3-3 64000]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2009-2-24 34064]
S3 SNCT511;PC Camera (6005 CIF);c:\windows\system32\drivers\snct511.sys [2008-11-22 219264]
S3 w900bus;Sony Ericsson 900i driver (WDM);c:\windows\system32\drivers\w900bus.sys [2005-9-27 58256]
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;c:\windows\system32\drivers\w900mdfl.sys [2005-9-27 8336]
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;c:\windows\system32\drivers\w900mdm.sys [2005-9-27 94064]
S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;c:\windows\system32\drivers\w900mgmt.sys [2005-9-27 85504]
S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w900obex.sys [2005-9-27 83440]

=============== Created Last 30 ================

2009-04-09 12:17 <DIR> --d----- c:\docume~1\kosta\daneap~1\Nowe Gadu-Gadu
2009-04-09 10:56 <DIR> --d----- c:\docume~1\kosta\daneap~1\Malwarebytes
2009-04-09 10:55 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-09 10:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 10:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-09 10:55 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\Malwarebytes
2009-04-09 10:51 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\SUPERAntiSpyware.com
2009-04-09 10:51 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-09 10:51 <DIR> --d----- c:\docume~1\kosta\daneap~1\SUPERAntiSpyware.com
2009-04-06 21:40 <DIR> --d----- c:\program files\Lavalys
2009-04-04 19:00 <DIR> --d----- c:\program files\Microsoft
2009-04-04 19:00 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-03 22:04 123 ---shr-- C:\autorun.inf
2009-04-03 16:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-03 16:38 <DIR> --d----- c:\program files\Trend Micro
2009-04-02 19:01 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\Kaspersky Lab Setup Files
2009-04-01 20:41 51,823 a------- c:\windows\system32\command.com.bak
2009-04-01 20:41 2,596 a------- c:\windows\system32\config.nt.bak
2009-04-01 20:41 1,734 a------- c:\windows\system32\autoexec.nt.bak
2009-04-01 14:54 <DIR> --d----- c:\docume~1\kosta\daneap~1\Kingston
2009-03-31 11:45 <DIR> --d----- c:\documents and settings\kosta\Tracing
2009-03-31 00:40 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-25 17:28 325,346 a------- c:\windows\Mario_Forever_Toolbar_Uninstaller_8578. exe
2009-03-25 17:28 <DIR> --d----- c:\program files\Mario Forever Toolbar
2009-03-25 16:16 780,895 ----h--- c:\windows\system32\~tmp4394.$$$
2009-03-21 14:29 <DIR> --d----- c:\docume~1\kosta\daneap~1\LG Electronics
2009-03-18 13:49 380,928 a------- c:\windows\system32\vaultskn.ocx
2009-03-18 13:49 110,592 a------- c:\windows\system32\suppdll.dll
2009-03-18 13:49 77,824 a------- c:\windows\system32\FLKill.exe
2009-03-18 13:49 35,363 a------- c:\windows\system32\windrvNT.sys
2009-03-18 13:49 20,992 a------- c:\windows\system32\hhopen.ocx
2009-03-18 13:49 <DIR> --d----- c:\program files\Folder Lock
2009-03-16 19:58 <DIR> --d-h--- C:\LG3G
2009-03-16 19:56 <DIR> --d----- C:\lgupload
2009-03-16 19:42 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-03-16 19:42 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-03-16 19:42 <DIR> --d----- c:\program files\DivX
2009-03-16 19:41 21,632 a------- c:\windows\system32\drivers\lgusbmodem.sys
2009-03-16 19:41 19,840 a------- c:\windows\system32\drivers\lgusbdiag.sys
2009-03-16 19:41 12,416 a------- c:\windows\system32\drivers\lgusbbus.sys
2009-03-16 19:41 <DIR> --d----- c:\program files\LG Electronics
2009-03-16 19:40 <DIR> --d----- c:\program files\LG PC Suite 2
2009-03-16 12:51 <DIR> --d----- c:\docume~1\kosta\daneap~1\DAEMON Tools Pro
2009-03-16 12:51 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\DAEMON Tools Lite
2009-03-16 12:51 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-03-16 12:45 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-03-16 12:45 <DIR> --d----- c:\docume~1\kosta\daneap~1\DAEMON Tools Lite

==================== Find3M ====================

2009-04-09 12:46 138,920 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-09 12:46 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-04-09 12:46 189,072 a------- c:\windows\system32\PnkBstrB.exe
2009-04-06 22:34 503,518 a------- c:\windows\system32\perfh015.dat
2009-04-06 22:34 90,094 a------- c:\windows\system32\perfc015.dat
2009-04-01 13:39 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-22 18:45 144,384 a------- c:\windows\system32\miccyhook.dll
2009-03-19 14:03 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-02 20:47 34 a------- c:\documents and settings\kosta\jagex_runescape_preferences.dat
2009-02-18 16:19 139,152 a------- c:\docume~1\kosta\daneap~1\PnkBstrK.sys
2009-02-18 16:18 794,408 a------- c:\windows\system32\pbsvc.exe
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-18 12:38 421,888 a------- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-01-16 19:24 70,936 a------- c:\windows\system32\PhysXLoader.dll
2008-03-07 18:52 32 a------- c:\docume~1\alluse~1\daneap~1\ezsid.dat
2006-06-23 08:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 16:11:06,96 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2008-09-16 17:33:09
System Uptime: 2009-04-09 15:16:39 (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5K SE
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | LGA775 | 2005/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 59 GiB total, 6,576 GiB free.
D: is FIXED (NTFS) - 83 GiB total, 18,186 GiB free.
E: is FIXED (NTFS) - 91 GiB total, 38,127 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standardowa klawiatura 101/102 klawisze lub Microsoft Natural Keyboard PS/2
Device ID: ACPI\PNP0303\4&1400782C&0
Manufacturer: (Klawiatury standardowe)
Name: Standardowa klawiatura 101/102 klawisze lub Microsoft Natural Keyboard PS/2
PNP Device ID: ACPI\PNP0303\4&1400782C&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Kaspersky Anti-Virus NDIS Miniport
Device ID: ROOT\KL_KLIM5MP\0000
Manufacturer: Kaspersky Lab
Name: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller - Kaspersky Anti-Virus NDIS Miniport
PNP Device ID: ROOT\KL_KLIM5MP\0000
Service: klim5

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Kaspersky Anti-Virus NDIS Miniport
Device ID: ROOT\KL_KLIM5MP\0001
Manufacturer: Kaspersky Lab
Name: WAN Miniport (IP) - Kaspersky Anti-Virus NDIS Miniport
PNP Device ID: ROOT\KL_KLIM5MP\0001
Service: klim5

==== System Restore Points ===================

RP187: 2009-03-14 21:31:52 - Punkt kontrolny systemu
RP188: 2009-03-16 09:20:43 - Punkt kontrolny systemu
RP189: 2009-03-16 11:45:16 - SPTD setup V1.56
RP190: 2009-03-16 18:40:22 - Zainstalowane LG PC Suite
RP191: 2009-03-16 18:41:21 - Zainstalowane LG USB Modem driver
RP192: 2009-03-16 18:50:33 - Usunięte LG PC Suite
RP193: 2009-03-16 18:51:32 - Zainstalowane LG PC Suite
RP194: 2009-03-16 18:52:09 - Zainstalowane LG USB Modem driver
RP195: 2009-03-17 23:57:39 - Punkt kontrolny systemu
RP196: 2009-03-19 10:51:57 - Zainstalowane DawnOfWar
RP197: 2009-03-19 11:08:50 - Skonfigurowane DawnOfWar
RP198: 2009-03-19 11:10:25 - Zainstalowane DawnOfWar
RP199: 2009-03-20 20:33:27 - Punkt kontrolny systemu
RP200: 2009-03-21 22:05:30 - Punkt kontrolny systemu
RP201: 2009-03-23 11:11:02 - Punkt kontrolny systemu
RP202: 2009-03-23 12:07:23 - Installed Rockstar Games Social Club
RP203: 2009-03-24 14:19:25 - Installed Rockstar Games Social Club
RP204: 2009-03-25 16:47:26 - Installed Rockstar Games Social Club
RP205: 2009-03-26 17:54:11 - Punkt kontrolny systemu
RP206: 2009-03-27 18:27:11 - Punkt kontrolny systemu
RP207: 2009-03-29 20:19:48 - Punkt kontrolny systemu
RP208: 2009-03-30 23:46:20 - Punkt kontrolny systemu
RP209: 2009-03-31 23:14:46 - Installed Java(TM) 6 Update 13
RP210: 2009-04-01 00:17:21 - Operacja przywracania
RP211: 2009-04-01 11:58:43 - Operacja przywracania
RP212: 2009-04-02 16:52:46 - Installed ESET NOD32 Antivirus
RP213: 2009-04-02 16:50:56 - Skonfigurowane DawnOfWar
RP214: 2009-04-02 18:46:16 - Zainstalowany Kaspersky Anti-Virus 2009.
RP215: 2009-04-02 19:23:55 - Operacja przywracania
RP216: 2009-04-03 11:00:36 - Usunięty Kaspersky Anti-Virus 2009.
RP217: 2009-04-04 19:00:11 - Usunięty Kaspersky Anti-Virus 2009.
RP218: 2009-04-05 20:38:44 - Usunięty Kaspersky Anti-Virus 2009.
RP219: 2009-04-06 21:32:15 - Punkt kontrolny systemu
RP220: 2009-04-07 22:06:33 - Punkt kontrolny systemu
RP221: 2009-04-08 22:44:52 - Punkt kontrolny systemu
RP222: 2009-04-09 10:51:43 - Installed SUPERAntiSpyware Free Edition
RP223: 2009-04-09 11:52:27 - Installed Java(TM) 6 Update 13

==== Installed Programs ======================

7-Zip 4.42
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Aktualizator Google
Allok AVI to DVD SVCD VCD Converter 3.2.0920
Allok RM RMVB to AVI MPEG DVD Converter 1.4.4
ALLPlayer V2.4
Archiwizator WinRAR
Asystent rejestracji usługi Windows Live
Attansic Ethernet Utility
AutoUpdate
BearShare
Belarc Advisor 7.2
BitComet 1.09
Bratz Babyz
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Choice Guard
Claw
Corel Paint Shop Pro X
CryEngine(R)2 Sandbox(TM)2
Crysis WARHEAD(R)
DirectShow Pack (remove only)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Doom 3
DX-Ball 1.09
E.M. Youtube Video Download Tool 2.71
EVEREST Home Edition v2.20
FlashFXP v3
FLV Player 1.3.3
Folder Lock
Foxit Reader
Gadu-Gadu 7.7
GG Skin Manager 0.6 Beta
Google Desktop
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Grand Theft Auto IV
GTA4 Mod Installer 0.2.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
HSM3 - Senior Year DANCE!
Iron Man
Java 2 Runtime Environment, SE v1.4.0_03
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
JUST CAUSE
K-Lite Mega Codec Pack 3.5.0
KGB Archiver 1.2.1.24
L&H TTS3000 British English
Leawo Free FLV Converter Version: 1.3.4.0
Leawo Youtube Download version 1.3.0.0
LG PC Suite
LG USB Modem driver
Malwarebytes' Anti-Malware
Mario Forever 3.0
Mario Forever Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
Microsoft .NET Framework 3.5 Language Pack SP1 - plk
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ Run Time Lib Setup
Morpheus Toolbar
Mozilla Firefox (3.0.8)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB925673)
Narzędzie do przekazywania usługi Windows Live
neostrada tp
Nero 7 Ultra Edition
neroxml
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Launcher
Nowe Gadu-Gadu
NVIDIA Drivers
NVIDIA PhysX
OpenAL
OpenOffice.org 2.2
OpenOffice.org Installer 1.0
Opera 9.62
Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
PDF Settings
Peer Points Manager
Photo Lab PL 3.0.1
PhotoFiltre Studio
Podstawowe programy Windows Live
Postal 2 - Apocalypse Weekend
Postal 2: AWP
PowerDVD
PunkBuster Services
Puppy Luv a New Breed (remove only)
Real Alternative 1.50
RealPlayer
Realtek High Definition Audio Driver
Rockstar Games Social Club
Roll
S.T.A.L.K.E.R. - Clear Sky [v1.0007]
S.T.A.L.K.E.R. - Shadow of Chernobyl
SAGEM F@st 800-840
Security Update for Step By Step Interactive Training (KB898458)
Segoe UI
Skype™ 3.8
Soldier of Fortune Payback
Sony Ericsson PC Suite 1.20.173
Spybot - Search & Destroy
Stronghold Crusader
SubEdit-Player
SUPERAntiSpyware Free Edition
THE GODFATHER *DVD-RIP*
The Sims 2 Własny biznes
The Sims Deluxe
The Sims™ 2 Cztery pory roku
The Sims™ 2 Podróże
Tibia
Tibia MULTI-ip changer
TK3Online v1 with ePSXe 1.5.2
Tom Clancy's Ghost Recon Advanced Warfighter® 2
Total Commander (Remove or Repair)
TuneUp Utilities 2008
UharcGui
WarRock
WebFldrs XP
Winamp
Winamp Toolbar for Firefox
Winamp Toolbar for Internet Explorer
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Internet Explorer 7
Windows Live Communications Platform
Windows Live Messenger
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows XP Service Pack 3
Worms 3D
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

[evilfantasy]

Disable Spybot's TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with HijackThis fixes. Please disable TeaTimer for now until you are clean.

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D Resident
2. Run Spybot S&D
3. Go to the Mode menu, and make sure Advanced Mode is selected.
4. On the left hand side, choose Tools > Resident
uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

If TeaTimer will not turn off then uninstall Spybot until we are done cleaning.

----------

Uninstall malware

Go to Add/remove Programs and uninstall:

• AutoUpdate
• BearShare
• Morpheus Toolbar

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa

• Unzip the file and open the JavaRa.exe
• Click Remove Older Versions
• JavaRa will search for and remove any outdated version of Java and remove any that are found.
• Click Additional Tasks
• Place a check next to Remove Useless JRE Files and click Go
• Exit JavaRa
• Delete the JavaRa files from the Desktop

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

DDS::
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: Morpheus Toolbar: {3f3714a9-89a4-46be-8af3-d0c9d1fb03f9} - 
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [<NO NAME>]
IE: { - c:\program files\messenger\msmsgs.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
SEH: {C988A1BF-D300-4A4C-9A63-AFDF23671052} - No File

Firefox::
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll 

Folder::
c:\program files\asksbar

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[KbkAK]

Ok, everything done, posting log:
ComboFix 09-04-04.01 - KosTa 2009-04-09 20:40:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1503 [GMT 2:00]
Uruchomiony z: c:\documents and settings\KosTa\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\KosTa\Pulpit\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
* Utworzono nowy punkt przywracania
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\KosTa\Dane aplikacji\.#
c:\documents and settings\KosTa\Menu Start\Programy\Autostart\ctfmon.exe
c:\program files\Altnet
c:\program files\Altnet\Download Manager\dminfo3.cab
c:\program files\Altnet\Download Manager\dmsetup.bmp
c:\program files\Altnet\Download Manager\dmsetupbig.bmp
c:\program files\Altnet\Download Manager\jsinstall.cab
c:\program files\Altnet\Download Manager\jslegals.txt
c:\program files\Altnet\Download Manager\selectdir.txt
c:\program files\Altnet\Download Manager\selectdir1st.txt
c:\program files\asksbar
c:\program files\messenger\msmsgs.exe
c:\program files\Mozilla Firefox\plugins\NPMorpBr.dll
c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
c:\recycled\Recycled
c:\recycled\Recycled\ctfmon.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\BReWErS.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf
D:\resycled
E:\Autorun.inf
E:\resycled

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Pliki utworzone od 2009-03-09 do 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-09 12:17 . 2009-04-09 12:17 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\Nowe Gadu-Gadu
2009-04-09 10:56 . 2009-04-09 10:56 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\Malwarebytes
2009-04-09 10:55 . 2009-04-09 10:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-09 10:55 . 2009-04-09 10:55 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-04-09 10:55 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 10:55 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-09 10:51 . 2009-04-09 10:51 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-04-09 10:51 . 2009-04-09 10:51 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\SUPERAntiSpyware.com
2009-04-09 10:51 . 2009-04-09 10:51 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2009-04-09 09:50 . 2009-04-09 19:19 <DIR> d-------- c:\documents and settings\Synia\Tracing
2009-04-06 21:40 . 2009-04-06 21:40 <DIR> d-------- c:\program files\Lavalys
2009-04-04 19:00 . 2009-04-04 19:00 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-04-04 19:00 . 2009-04-04 19:00 <DIR> d-------- c:\program files\Microsoft
2009-04-03 16:53 . 2009-04-03 17:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-04-03 16:38 . 2009-04-03 16:38 <DIR> d-------- c:\program files\Trend Micro
2009-04-02 19:01 . 2009-04-02 19:01 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-04-01 20:41 . 2001-10-26 20:14 51,823 --a------ c:\windows\system32\command.com.bak
2009-04-01 20:41 . 2008-02-12 00:06 2,596 --a------ c:\windows\system32\config.nt.bak
2009-04-01 20:41 . 2001-10-26 17:45 1,734 --a------ c:\windows\system32\autoexec.nt.bak
2009-04-01 14:54 . 2009-04-04 14:37 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\Kingston
2009-03-31 11:45 . 2009-04-09 20:19 <DIR> d-------- c:\documents and settings\KosTa\Tracing
2009-03-31 00:40 . 2009-03-31 00:40 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-26 19:49 . 2009-04-07 21:55 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Google Updater
2009-03-25 17:28 . 2009-03-25 17:28 <DIR> d-------- c:\program files\Mario Forever Toolbar
2009-03-25 17:28 . 2009-03-25 17:28 325,346 --a------ c:\windows\Mario_Forever_Toolbar_Uninstaller_8578. exe
2009-03-25 16:16 . 2009-03-25 16:16 780,895 ---h----- c:\windows\system32\~tmp4394.$$$
2009-03-21 14:29 . 2009-03-21 14:29 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\LG Electronics
2009-03-18 13:49 . 2009-04-02 19:00 <DIR> d-------- c:\program files\Folder Lock
2009-03-18 13:49 . 2002-12-25 10:44 380,928 --a------ c:\windows\system32\vaultskn.ocx
2009-03-18 13:49 . 2004-05-10 13:42 110,592 --a------ c:\windows\system32\suppdll.dll
2009-03-18 13:49 . 2007-02-07 20:50 77,824 --a------ c:\windows\system32\FLKill.exe
2009-03-18 13:49 . 2009-03-18 13:50 35,363 --a------ c:\windows\system32\windrvNT.sys
2009-03-18 13:49 . 1999-04-23 23:22 20,992 --a------ c:\windows\system32\hhopen.ocx
2009-03-16 19:58 . 2009-04-05 12:43 <DIR> d--h----- C:\LG3G
2009-03-16 19:56 . 2009-03-16 19:56 <DIR> d-------- C:\lgupload
2009-03-16 19:42 . 2007-09-06 20:04 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-03-16 19:42 . 2007-09-06 20:04 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-03-16 19:41 . 2009-03-16 19:41 <DIR> d-------- c:\program files\LG Electronics
2009-03-16 19:41 . 2007-07-11 11:45 21,632 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2009-03-16 19:41 . 2007-07-11 16:51 19,840 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2009-03-16 19:41 . 2007-07-11 11:40 12,416 --a------ c:\windows\system32\drivers\lgusbbus.sys
2009-03-16 19:40 . 2009-03-16 19:51 <DIR> d-------- c:\program files\LG PC Suite 2
2009-03-16 12:51 . 2009-03-16 12:51 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-16 12:51 . 2009-03-16 12:51 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\DAEMON Tools Pro
2009-03-16 12:51 . 2009-03-16 12:51 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-03-16 12:45 . 2009-03-16 12:52 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\DAEMON Tools Lite
2009-03-16 12:45 . 2009-03-16 12:45 717,296 --a------ c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-09 18:44 --------- d-----w c:\documents and settings\KosTa\Dane aplikacji\OpenOffice.org2
2009-04-09 18:43 --------- d-----w c:\program files\neostrada tp
2009-04-09 18:31 --------- d-----w c:\program files\Java
2009-04-09 18:23 --------- d-----w c:\program files\Common Files\Corel
2009-04-09 18:14 --------- d-----w c:\program files\Gadu-Gadu
2009-04-09 17:19 --------- d-----w c:\documents and settings\Synia\Dane aplikacji\OpenOffice.org2
2009-04-09 10:46 138,920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-09 09:02 --------- d-----w c:\program files\Applications
2009-04-09 08:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-04 17:00 --------- d-----w c:\program files\Windows Live
2009-04-03 16:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-04-03 14:35 --------- d-----w c:\program files\Internet Download Manager
2009-04-03 14:32 --------- d-----w c:\documents and settings\KosTa\Dane aplikacji\DMCache
2009-04-03 14:30 --------- d-----w c:\documents and settings\KosTa\Dane aplikacji\IDM
2009-04-02 17:00 --------- d-----w c:\program files\Nero
2009-04-02 14:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-28 23:34 --------- d-----w c:\program files\BitComet
2009-03-26 17:53 --------- d-----w c:\program files\Google
2009-03-19 22:37 --------- d-----w c:\program files\Nowe Gadu-Gadu
2009-03-19 14:16 --------- d-----w c:\program files\AGEIA Technologies
2009-03-16 10:52 --------- d-----w c:\documents and settings\KosTa\Dane aplikacji\DAEMON Tools
2009-03-08 21:33 --------- d-----w c:\program files\IVT Corporation
2009-03-04 22:23 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-03-04 22:18 --------- d-----w c:\program files\Common Files\Adobe
2009-03-04 22:16 --------- d-----w c:\program files\Bonjour
2009-03-04 22:08 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-03 09:02 --------- d-----w c:\program files\Common Files\Ahead
2009-03-02 18:47 34 ----a-w c:\documents and settings\KosTa\jagex_runescape_preferences.dat
2009-03-01 13:50 --------- d-----w c:\program files\GG Skin Manager
2009-02-24 00:30 --------- d-----w c:\program files\Leawo
2009-02-24 00:30 --------- d-----w c:\documents and settings\KosTa\Dane aplikacji\Leawo
2009-02-20 19:28 --------- d-----w c:\program files\DX-Ball
2009-02-18 14:19 139,152 ----a-w c:\documents and settings\KosTa\Dane aplikacji\PnkBstrK.sys
2009-02-18 13:44 6,308,224 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-09 16:37 --------- d-----w c:\program files\WarRock
2009-01-18 10:38 421,888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe
2008-03-07 16:52 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2009-03-16 17:43 123,392 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-04-05 68856]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-02-06 98304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe " [2004-10-14 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-25 180269]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-16 157696]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-02-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

c:\documents and settings\Synia\Menu Start\Programy\Autostart\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

c:\documents and settings\KosTa\Menu Start\Programy\Autostart\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 17:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\SoE-payback\\sof3.exe"=
"e:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"e:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"d:\\Ghost recon 2\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"e:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"e:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\KosTa\\Moje dokumenty\\Call Of Duty [www.Gram24.pl]\\Call of Duty\\The Call of Duty\\CoDMP.exe"=
"d:\\Far Cry 2\\PC_Far.Cry.2 -.direct.play.-ToeD\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Metin2\\metin2.bin"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Download er_Engine.exe"=
"d:\\GTA IV\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"19394:TCP"= 19394:TCP:BitComet 19394 TCP
"19394:UDP"= 19394:UDP:BitComet 19394 UDP
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
"24707:TCP"= 24707:TCP:BitComet 24707 TCP
"24707:UDP"= 24707:UDP:BitComet 24707 UDP
"20773:TCP"= 20773:TCP:BitComet 20773 TCP
"20773:UDP"= 20773:UDP:BitComet 20773 UDP

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-09-16 2915944]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sy s [2008-02-11 38656]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-03-03 116992]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 gupdate1c9ae3b9e945216;Usługa Google Update (gupdate1c9ae3b9e945216);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 133104]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-03-03 64000]
S3 SNCT511;PC Camera (6005 CIF);c:\windows\system32\drivers\snct511.sys [2008-11-22 219264]
S3 w900bus;Sony Ericsson 900i driver (WDM);c:\windows\system32\drivers\w900bus.sys [2005-09-27 58256]
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;c:\windows\system32\drivers\w900mdfl.sys [2005-09-27 8336]
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;c:\windows\system32\drivers\w900mdm.sys [2005-09-27 94064]
S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;c:\windows\system32\drivers\w900mgmt.sys [2005-09-27 85504]
S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w900obex.sys [2005-09-27 83440]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
\Shell\Open\command - resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - resycled\boot.com e:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - z:\recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{34d3d648-f2f7-11dd-b379-4d6564696130}]
\Shell\AutoRun\command - G:\cfdflx.com
\Shell\explore\Command - G:\cfdflx.com
\Shell\open\Command - G:\cfdflx.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3af4ae32-d414-11dd-b332-4d6564696130}]
\Shell\AutoRun\command - G:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{445ec434-0ef5-11de-b3ad-4d6564696130}]
\shell\explore\command - G:\HIP.PIF
\shell\open\Command - G:\HIP.PIF

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{53cbf513-0bcb-11dd-b12a-4d6564696130}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com j:
\Shell\Open\command - resycled\boot.com j:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c1ee3115-0e57-11de-b3ac-4d6564696130}]
\Shell\AutoRun\command - G:\DPFMate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{12335227-0467-7703-0406-080505020802}]
c:\windows\smss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{71154876-EB52-0CE4-66DF-103A3D413F1A}]
c:\documents and settings\Synia\Dane aplikacji\server.exe s
.
Zawartość folderu 'Zaplanowane zadania'

2009-04-09 c:\windows\Tasks\1-Click Maintenance.job
- E:\OneClickStarter.exe []

2009-04-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 19:49]

2009-04-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 19:52]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
MSConfigStartUp-D11715039 - c:\windows\system32\DantonS 4.3.0. alpha.exe
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZJfox000(2)
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: { - c:\program files\Messenger\msmsgs.exe
TCP: {95899D09-2894-4C39-A922-039C0B32AD97} = 194.204.159.1 217.98.63.164
TCP: {98049287-DFCC-420D-9234-478342376C1D} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\KosTa\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - google.pl
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\KosTa\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\KosTa\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dl l
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 20:43:57
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki:

************************************************** ************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-2000478354-839522115-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,40,a4,2c,48,d9,b9,ff,54,91,88,e3,ab,84 ,64,21,66,8e,1c,4f,4c,43,fb,
33,d4,d7,3c,85,0b,22,c6,82,95,a2,00,3e,8a,04,24,22 ,09,49,af,df,39,5d,96,7a,\
"??"=hex:1f,12,97,d8,d3,1a,4f,81,ab,62,4d,49,50,b9 ,b3,19

[HKEY_USERS\S-1-5-21-823518204-2000478354-839522115-1005\Software\SecuROM\License information*]
"datasecu"=hex:ac,ab,01,9e,78,c6,f9,7b,c0,ee,a5,a7 ,3e,42,d6,fb,00,d5,3b,5c,8b,
8e,56,7b,29,40,ee,d4,23,3e,a3,4d,8f,e4,5e,95,96,1b ,f1,60,8d,67,df,0e,24,f5,\
"rkeysecu"=hex:7a,00,fb,8f,b6,4a,69,ac,6e,34,b4,ec ,86,a2,85,69

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{08c69cc 2-5bad-49ce-8cc7-1f2fc11e54a4}]
@Denied: (Full) (Everyone)
"Model"=dword:00000025
"Therad"=dword:00000009
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76 ,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,c0,72,23,ef,f0,f3 ,77,af,49,f5,68,62,d0,c2,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E916 4-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e8,5b,cb,25,b5,39,6e,c7,a4,8a,ce,8 c,9f,9c,4e,fa,50,55,25,7b,f6,
ea,f1,87,5c,54,05,54,6c,e8,93,69,ae,14,e8,51,21,d0 ,33,b6,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\progra~1\NEOSTR~1\TaskBarIcon.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.bin
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
************************************************** ************************
.
Czas ukończenia: 2009-04-09 20:46:39 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-04-09 18:46:36

Przed: 8 000 278 528 bajtów wolnych
Po: 9,131,950,080 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
375 --- E O F --- 2008-04-16 07:54:54

[evilfantasy]

See if this file will upload and scan please.

Please go to VirSCAN.org FREE on-line scan service
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

Code:

c:\windows\system32\~tmp4394.$$$

2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
Important: Wait for all of the scanning engines to complete.
5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.

----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34d3d648-f2f7-11dd-b379-4d6564696130}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3af4ae32-d414-11dd-b332-4d6564696130}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{445ec434-0ef5-11de-b3ad-4d6564696130}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53cbf513-0bcb-11dd-b12a-4d6564696130}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1ee3115-0e57-11de-b3ac-4d6564696130}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{12335227-0467-7703-0406-080505020802}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{71154876-EB52-0CE4-66DF-103A3D413F1A}]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[KbkAK]

Evilfantasy, i cant copy this online scan, i can give you a link to the rsults page instead:http://virscan.org/report/0ce4ae9f8d...a2f31525b.html
And Combo Log:
ComboFix 09-04-04.01 - KosTa 2009-04-10 10:47:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1554 [GMT 2:00]
Uruchomiony z: c:\documents and settings\KosTa\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\KosTa\Pulpit\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
* Utworzono nowy punkt przywracania
.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-09 12:17 . 2009-04-09 12:17 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\Nowe Gadu-Gadu
2009-04-09 10:56 . 2009-04-09 10:56 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\Malwarebytes
2009-04-09 10:55 . 2009-04-09 10:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-09 10:55 . 2009-04-09 10:55 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-04-09 10:55 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 10:55 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-09 10:51 . 2009-04-09 10:51 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-04-09 10:51 . 2009-04-09 10:51 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\SUPERAntiSpyware.com
2009-04-09 10:51 . 2009-04-09 10:51 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2009-04-09 09:50 . 2009-04-09 19:19 <DIR> d-------- c:\documents and settings\Synia\Tracing
2009-04-06 21:40 . 2009-04-06 21:40 <DIR> d-------- c:\program files\Lavalys
2009-04-04 19:00 . 2009-04-04 19:00 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-04-04 19:00 . 2009-04-04 19:00 <DIR> d-------- c:\program files\Microsoft
2009-04-03 16:53 . 2009-04-03 17:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-04-03 16:38 . 2009-04-03 16:38 <DIR> d-------- c:\program files\Trend Micro
2009-04-02 19:01 . 2009-04-02 19:01 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-04-01 20:41 . 2001-10-26 20:14 51,823 --a------ c:\windows\system32\command.com.bak
2009-04-01 20:41 . 2008-02-12 00:06 2,596 --a------ c:\windows\system32\config.nt.bak
2009-04-01 20:41 . 2001-10-26 17:45 1,734 --a------ c:\windows\system32\autoexec.nt.bak
2009-04-01 14:54 . 2009-04-04 14:37 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\Kingston
2009-03-31 11:45 . 2009-04-09 20:50 <DIR> d-------- c:\documents and settings\KosTa\Tracing
2009-03-31 00:40 . 2009-03-31 00:40 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-26 19:49 . 2009-04-10 10:18 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Google Updater
2009-03-25 17:28 . 2009-03-25 17:28 <DIR> d-------- c:\program files\Mario Forever Toolbar
2009-03-25 17:28 . 2009-03-25 17:28 325,346 --a------ c:\windows\Mario_Forever_Toolbar_Uninstaller_8578. exe
2009-03-25 16:16 . 2009-03-25 16:16 780,895 ---h----- c:\windows\system32\~tmp4394.$$$
2009-03-21 14:29 . 2009-03-21 14:29 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\LG Electronics
2009-03-18 13:49 . 2009-04-02 19:00 <DIR> d-------- c:\program files\Folder Lock
2009-03-18 13:49 . 2002-12-25 10:44 380,928 --a------ c:\windows\system32\vaultskn.ocx
2009-03-18 13:49 . 2004-05-10 13:42 110,592 --a------ c:\windows\system32\suppdll.dll
2009-03-18 13:49 . 2007-02-07 20:50 77,824 --a------ c:\windows\system32\FLKill.exe
2009-03-18 13:49 . 2009-03-18 13:50 35,363 --a------ c:\windows\system32\windrvNT.sys
2009-03-18 13:49 . 1999-04-23 23:22 20,992 --a------ c:\windows\system32\hhopen.ocx
2009-03-16 19:58 . 2009-04-05 12:43 <DIR> d--h----- C:\LG3G
2009-03-16 19:56 . 2009-03-16 19:56 <DIR> d-------- C:\lgupload
2009-03-16 19:42 . 2007-09-06 20:04 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-03-16 19:42 . 2007-09-06 20:04 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-03-16 19:41 . 2009-03-16 19:41 <DIR> d-------- c:\program files\LG Electronics
2009-03-16 19:41 . 2007-07-11 11:45 21,632 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2009-03-16 19:41 . 2007-07-11 16:51 19,840 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2009-03-16 19:41 . 2007-07-11 11:40 12,416 --a------ c:\windows\system32\drivers\lgusbbus.sys
2009-03-16 19:40 . 2009-03-16 19:51 <DIR> d-------- c:\program files\LG PC Suite 2
2009-03-16 12:51 . 2009-03-16 12:51 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-16 12:51 . 2009-03-16 12:51 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\DAEMON Tools Pro
2009-03-16 12:51 . 2009-03-16 12:51 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-03-16 12:45 . 2009-03-16 12:52 <DIR> d-------- c:\documents and settings\KosTa\Dane aplikacji\DAEMON Tools Lite
2009-03-16 12:45 . 2009-03-16 12:45 717,296 --a------ c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-10 08:52 --------- d-----w c:\program files\neostrada tp
2009-04-10 08:52 --------- d-----w c:\documents and settings\KosTa\Dane aplikacji\OpenOffice.org2
2009-04-09 18:31 --------- d-----w c:\program files\Java
2009-04-09 18:23 --------- d-----w c:\program files\Common Files\Corel
2009-04-09 18:14 --------- d-----w c:\program files\Gadu-Gadu
2009-04-09 17:19 --------- d-----w c:\documents and settings\Synia\Dane aplikacji\OpenOffice.org2
2009-04-09 10:46 138,920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-09 09:02 --------- d-----w c:\program files\Applications
2009-04-09 08:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-04 17:00 --------- d-----w c:\program files\Windows Live
2009-04-03 16:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-04-03 14:35 --------- d-----w c:\program files\Internet Download Manager
2009-04-03 14:32 --------- d-----w c:\documents and settings\KosTa\Dane aplikacji\DMCache
2009-04-03 14:30 --------- d-----w c:\documents and settings\KosTa\Dane aplikacji\IDM
2009-04-02 17:00 --------- d-----w c:\program files\Nero
2009-04-02 14:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-28 23:34 --------- d-----w c:\program files\BitComet
2009-03-26 17:53 --------- d-----w c:\program files\Google
2009-03-19 22:37 --------- d-----w c:\program files\Nowe Gadu-Gadu
2009-03-19 14:16 --------- d-----w c:\program files\AGEIA Technologies
2009-03-16 10:52 --------- d-----w c:\documents and settings\KosTa\Dane aplikacji\DAEMON Tools
2009-03-08 21:33 --------- d-----w c:\program files\IVT Corporation
2009-03-04 22:23 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-03-04 22:18 --------- d-----w c:\program files\Common Files\Adobe
2009-03-04 22:16 --------- d-----w c:\program files\Bonjour
2009-03-04 22:08 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-03 09:02 --------- d-----w c:\program files\Common Files\Ahead
2009-03-02 18:47 34 ----a-w c:\documents and settings\KosTa\jagex_runescape_preferences.dat
2009-03-01 13:50 --------- d-----w c:\program files\GG Skin Manager
2009-02-24 00:30 --------- d-----w c:\program files\Leawo
2009-02-24 00:30 --------- d-----w c:\documents and settings\KosTa\Dane aplikacji\Leawo
2009-02-20 19:28 --------- d-----w c:\program files\DX-Ball
2009-02-18 14:19 139,152 ----a-w c:\documents and settings\KosTa\Dane aplikacji\PnkBstrK.sys
2009-02-18 13:44 6,308,224 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-01-18 10:38 421,888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe
2008-03-07 16:52 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2009-03-16 17:43 123,392 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-09_20.45.45.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-10 08:52:34 16,384 ----atw c:\windows\system32\config\systemprofile\Ustawieni a lokalne\temp\Perflib_Perfdata_614.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-04-05 68856]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-02-06 98304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe " [2004-10-14 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-25 180269]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-16 157696]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-02-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

c:\documents and settings\Synia\Menu Start\Programy\Autostart\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

c:\documents and settings\KosTa\Menu Start\Programy\Autostart\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 17:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\SoE-payback\\sof3.exe"=
"e:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"e:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"d:\\Ghost recon 2\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"e:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"e:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\KosTa\\Moje dokumenty\\Call Of Duty [www.Gram24.pl]\\Call of Duty\\The Call of Duty\\CoDMP.exe"=
"d:\\Far Cry 2\\PC_Far.Cry.2 -.direct.play.-ToeD\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Metin2\\metin2.bin"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Download er_Engine.exe"=
"d:\\GTA IV\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"19394:TCP"= 19394:TCP:BitComet 19394 TCP
"19394:UDP"= 19394:UDP:BitComet 19394 UDP
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
"24707:TCP"= 24707:TCP:BitComet 24707 TCP
"24707:UDP"= 24707:UDP:BitComet 24707 UDP
"20773:TCP"= 20773:TCP:BitComet 20773 TCP
"20773:UDP"= 20773:UDP:BitComet 20773 UDP

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-09-16 2915944]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sy s [2008-02-11 38656]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-03-03 116992]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 gupdate1c9ae3b9e945216;Usługa Google Update (gupdate1c9ae3b9e945216);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 133104]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-03-03 64000]
S3 SNCT511;PC Camera (6005 CIF);c:\windows\system32\drivers\snct511.sys [2008-11-22 219264]
S3 w900bus;Sony Ericsson 900i driver (WDM);c:\windows\system32\drivers\w900bus.sys [2005-09-27 58256]
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;c:\windows\system32\drivers\w900mdfl.sys [2005-09-27 8336]
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;c:\windows\system32\drivers\w900mdm.sys [2005-09-27 94064]
S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;c:\windows\system32\drivers\w900mgmt.sys [2005-09-27 85504]
S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w900obex.sys [2005-09-27 83440]
.
Zawartość folderu 'Zaplanowane zadania'

2009-04-10 c:\windows\Tasks\1-Click Maintenance.job
- E:\OneClickStarter.exe []

2009-04-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 19:49]

2009-04-10 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 19:52]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZJfox000(2)
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: { - c:\program files\Messenger\msmsgs.exe
TCP: {95899D09-2894-4C39-A922-039C0B32AD97} = 194.204.159.1 217.98.63.164
TCP: {98049287-DFCC-420D-9234-478342376C1D} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\KosTa\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - google.pl
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\KosTa\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\KosTa\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dl l
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 10:52:57
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki:

************************************************** ************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-2000478354-839522115-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,40,a4,2c,48,d9,b9,ff,54,91,88,e3,ab,84 ,64,21,66,8e,1c,4f,4c,43,fb,
33,d4,d7,3c,85,0b,22,c6,82,95,a2,00,3e,8a,04,24,22 ,09,49,af,df,39,5d,96,7a,\
"??"=hex:1f,12,97,d8,d3,1a,4f,81,ab,62,4d,49,50,b9 ,b3,19

[HKEY_USERS\S-1-5-21-823518204-2000478354-839522115-1005\Software\SecuROM\License information*]
"datasecu"=hex:ac,ab,01,9e,78,c6,f9,7b,c0,ee,a5,a7 ,3e,42,d6,fb,00,d5,3b,5c,8b,
8e,56,7b,29,40,ee,d4,23,3e,a3,4d,8f,e4,5e,95,96,1b ,f1,60,8d,67,df,0e,24,f5,\
"rkeysecu"=hex:7a,00,fb,8f,b6,4a,69,ac,6e,34,b4,ec ,86,a2,85,69

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{08c69cc 2-5bad-49ce-8cc7-1f2fc11e54a4}]
@Denied: (Full) (Everyone)
"Model"=dword:00000025
"Therad"=dword:00000009
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76 ,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,c0,72,23,ef,f0,f3 ,77,af,49,f5,68,62,d0,c2,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E916 4-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e8,5b,cb,25,b5,39,6e,c7,a4,8a,ce,8 c,9f,9c,4e,fa,50,55,25,7b,f6,
ea,f1,87,5c,54,05,54,6c,e8,93,69,ae,14,e8,51,21,d0 ,33,b6,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\progra~1\NEOSTR~1\TaskBarIcon.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\OpenOffice.org 2.2\program\soffice.bin
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
************************************************** ************************
.
Czas ukończenia: 2009-04-10 10:55:24 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-04-10 08:55:21
ComboFix2.txt 2009-04-09 18:46:40

Przed: 9 106 628 608 bajtów wolnych
Po: 9,091,485,696 bajtów wolnych

Current=4 Default=4 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
305 --- E O F --- 2008-04-16 07:54:54

[evilfantasy]

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code:

:Processes
explorer.exe

:services

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BearShare"=-

:files
c:\windows\system32\~tmp4394.$$$ 

:Commands
[purity]
[emptytemp]
[start explorer]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

[KbkAK]

Heres the log:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-\\BearShare deleted successfully.
========== FILES ==========
c:\windows\system32\~tmp4394.$$$ moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\KosTa\USTAWI~1\Temp\etilqs_58KpNCu7NB7 lNvKARVxf scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\KosTa\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\rg4sfay scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ydf8dk scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\KosTa\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KosTa\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KosTa\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KosTa\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KosTa\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KosTa\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04102009_201635

Files moved on Reboot...
File C:\DOCUME~1\KosTa\USTAWI~1\Temp\etilqs_58KpNCu7NB7 lNvKARVxf not found!
File move failed. C:\WINDOWS\temp\rg4sfay scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ydf8dk scheduled to be moved on reboot.
C:\Documents and Settings\KosTa\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\KosTa\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\KosTa\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\KosTa\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\KosTa\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\KosTa\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r8z86l9b.defaul t\XUL.mfl moved successfully.

[evilfantasy]

• Click START then RUN
• Now type Combofix /u in the runbox
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

----------

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

• Click on SCAN NOW
• Click Accept.
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
• The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

• Next, in the Save as prompt, Save in area, select: Desktop.
• In the File name area use KScan, or something similar.
• In Save as type: click the drop arrow and select: Text file [*.txt]
• Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

If needed, this animation will guide you through the process.