ComboFix 10-04-21.01 - Kamil 2010-04-23 22:24:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.1789.643 [GMT 2:00]
Uruchomiony z: c:\users\Kamil\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2010-03-23 do 2010-04-23 )))))))))))))))))))))))))))))))
.
2010-04-23 20:33 . 2010-04-23 20:33 -------- d-----w- c:\users\Kamil\AppData\Local\temp
2010-04-23 20:33 . 2010-04-23 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-13 20:44 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-13 20:44 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-13 20:44 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-13 20:44 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-13 20:44 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-13 20:43 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-13 20:43 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-13 20:43 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-13 20:43 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 20:42 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 20:42 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 20:29 . 2008-01-21 06:24 662056 ----a-w- c:\windows\system32\perfh015.dat
2010-04-23 20:29 . 2008-01-21 06:24 126908 ----a-w- c:\windows\system32\perfc015.dat
2010-04-23 20:20 . 2009-10-28 21:37 -------- d-----w- c:\users\Kamil\AppData\Roaming\Skype
2010-04-23 19:59 . 2010-03-14 09:36 -------- d-----w- c:\users\Kamil\AppData\Roaming\ipla
2010-04-23 19:26 . 2009-10-28 21:39 -------- d-----w- c:\users\Kamil\AppData\Roaming\skypePM
2010-03-14 09:36 . 2010-03-14 09:36 -------- d-----w- c:\programdata\ipla
2010-03-14 09:36 . 2010-03-14 09:35 -------- d-----w- c:\program files\ipla
2010-03-14 09:35 . 2010-03-14 09:35 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-03-08 22:08 . 2008-10-10 12:25 -------- d-----w- c:\program files\Picasa2
2010-03-06 17:14 . 2010-03-06 17:10 -------- d-----w- c:\program files\PRO100
2010-03-05 17:08 . 2009-09-21 08:57 112 ----a-w- c:\users\Kamil\AppData\Roaming\wklnhst.dat
2010-03-02 09:24 . 2010-03-02 09:24 -------- d-----w- c:\users\Kamil\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1
2010-03-02 09:24 . 2010-03-02 09:24 -------- d-----w- c:\program files\e-Deklaracje
2010-03-02 09:24 . 2010-03-02 09:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-02 09:20 . 2010-03-02 09:24 38784 ----a-w- c:\users\Kamil\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-02 09:20 . 2010-03-02 09:24 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-24 08:16 . 2010-01-22 09:48 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 09:47 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 09:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 09:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-11 10:18 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-11 10:18 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-11 10:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-12 22:14 . 2010-02-12 22:14 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb9EFE.tmp.exe
2010-02-12 12:29 . 2009-09-26 08:44 680 ----a-w- c:\users\Kamil\AppData\Local\d3d9caps.dat
2010-02-12 10:48 . 2010-03-08 07:12 293376 ----a-w- c:\windows\system32\browserchoice.exe
2009-11-17 22:19 . 2009-11-17 22:19 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-10-10 39408]
“Nowe Gadu-Gadu”=“c:\program files\Nowe Gadu-Gadu\gg.exe” [2009-02-06 9302632]
“ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2008-11-24 869888]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-21 125952]
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” [2009-04-23 691656]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-21 202240]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2009-10-09 25623336]
“IPLA!”=“c:\program files\ipla\ipla.exe” [2010-02-02 14252952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe” [2008-01-21 1008184]
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-24 132496]
“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2008-01-21 61440]
“RtHDVCpl”=“RtHDVCpl.exe” [2008-04-08 6037504]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2007-12-06 1029416]
“NDSTray.exe”=“NDSTray.exe” [bU]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 40048]
“Toshiba TEMPO”=“c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe” [2008-08-26 103824]
“topi”=“c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe” [2007-07-10 581632]
“Google Desktop Search”=“c:\program files\Google\Google Desktop Search\GoogleDesktop.exe” [2009-11-17 30192]
“Camera Assistant Software”=“c:\program files\Camera Assistant Software for Toshiba\traybar.exe” [2008-09-26 417792]
“TPwrMain”=“c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE” [2008-01-17 431456]
“HSON”=“c:\program files\TOSHIBA\TBS\HSON.exe” [2007-10-31 54608]
“SmoothView”=“c:\program files\Toshiba\SmoothView\SmoothView.exe” [2008-01-25 509816]
“00TCrdMain”=“c:\program files\TOSHIBA\FlashCards\TCrdMain.exe” [2008-03-19 716800]
“Toshiba Registration”=“c:\program files\Toshiba\Registration\ToshibaRegistration.exe” [2008-01-11 574864]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-11-24 81000]
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” [2010-02-07 180269]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“aux”=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=“Service”
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
“DisableMonitoring”=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-05 721904]
R3 GoogleDesktopManager-110309-193829;Menedżer Google Desktop 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-17 30192]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
S1 aswSP;avast! Self Protection; [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2000-10-23 3608]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-08-26 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
.
.
------- Skan uzupełniający -------
.
uStart Page = wyborcza.biz/biznes/0,0.html?p=001
mStart Page = hxxp://www.google.com/ig/redirectdomain … &bmod=TSEE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red … &site=home
FF - ProfilePath - c:\users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\1ir0i4au.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref”, true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.renego_unrestricted_hosts”, “”);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.treat_unsafe_negotiation_as_broken”, false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.require_safe_negotiation”, false);
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-Expressivo - c:\program files\ivo\Expressivo\expressivo.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 22:33
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Czas ukończenia: 2010-04-23 22:36:02
ComboFix-quarantined-files.txt 2010-04-23 20:36
Przed: 68 261 339 136 bajtów wolnych
Po: 71 297 052 672 bajtów wolnych
-
- End Of File - - ECA0F1C968EEA3AC4EFF68B5A7A50CCF