Oto log z ComboFix
ComboFix 09-04-18.05 - Krzysztof 2009-04-18 15:40.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.1021.477 [GMT 2:00]
Uruchomiony z: c:\users\Krzysztof\Desktop\ComboFix.exe
FW: Outpost Firewall Pro *disabled*
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-18 do 2009-04-18 )))))))))))))))))))))))))))))))
.
2009-04-18 13:21 . 2009-04-18 13:21 -------- d-----w c:\program files\Trend Micro
2009-04-15 05:00 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 05:00 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 05:00 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-11 13:56 . 2009-04-11 13:56 -------- d-----r c:\program files\Skype
2009-03-30 18:29 . 2009-03-31 11:09 -------- d-----w c:\program files\Silkroad
2009-03-25 18:27 . 2009-03-25 18:27 174890239 ----a-w c:\windows\MEMORY.DMP
2009-03-24 17:31 . 2009-03-24 20:45 5343584 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-24 17:31 . 2009-03-24 17:32 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-24 15:57 . 2009-03-24 17:33 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-24 15:56 . 2009-03-24 15:56 -------- d-----w c:\users\All Users\Symantec
2009-03-24 15:56 . 2009-03-24 15:56 -------- d-----w c:\programdata\Symantec
2009-03-23 14:47 . 2009-04-02 13:18 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-23 14:14 . 2009-04-02 13:19 -------- d-----w c:\program files\SkanerOnline
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 11:33 . 2008-09-17 18:37 -------- d-----w c:\users\Krzysztof\AppData\Roaming\Skype
2009-04-15 06:23 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-14 04:38 . 2008-09-18 20:00 -------- d—a-w c:\programdata\TEMP
2009-04-14 04:32 . 2008-09-18 19:59 -------- d-----w c:\program files\Spyware Doctor
2009-04-11 13:56 . 2008-08-13 14:28 -------- d-----w c:\programdata\Skype
2009-04-11 13:28 . 2008-08-13 14:30 -------- d-----w c:\users\Krzysztof\AppData\Roaming\skypePM
2009-04-07 05:31 . 2008-09-09 15:50 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-05 05:31 . 2006-12-05 05:22 662056 ----a-w c:\windows\System32\perfh015.dat
2009-04-05 05:31 . 2006-12-05 05:22 126908 ----a-w c:\windows\System32\perfc015.dat
2009-03-24 17:32 . 2008-08-13 16:48 -------- d-----w c:\programdata\Kaspersky Lab
2009-03-23 14:42 . 2008-08-01 17:53 34130 ----a-w C:\mksbasel.cpp.log
2009-03-17 03:38 . 2009-04-15 04:59 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-15 04:59 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 04:59 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-14 09:32 . 2009-03-14 05:20 9 ----a-w C:\1.txt
2009-03-14 05:20 . 2009-03-14 05:20 0 ----a-w C:\asNetDbg.txt
2009-03-14 05:20 . 2009-03-14 05:20 0 ----a-w C:\asMsgDbg.txt
2009-03-14 05:20 . 2009-03-14 05:20 0 ----a-w C:\asErrlog.txt
2009-03-14 05:20 . 2009-03-14 05:20 0 ----a-w C:\asDbg.txt
2009-03-10 06:01 . 2009-02-27 06:19 -------- d-----w c:\users\Krzysztof\AppData\Roaming\Nowe Gadu-Gadu
2009-03-03 04:46 . 2009-04-15 04:59 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 04:59 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 04:59 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-15 04:59 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 04:59 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 04:59 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 04:59 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 04:59 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 04:59 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-15 04:59 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 04:59 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 04:59 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-15 04:59 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-02 19:31 . 2009-03-02 12:41 1056646770 ----a-w c:\users\Krzysztof\SilkroadOnline_GlobalOfficial_v1_180.exe
2009-02-27 06:19 . 2009-02-27 06:19 -------- d-----w c:\program files\Nowe Gadu-Gadu
2009-02-25 11:16 . 2008-08-13 16:45 -------- d-----w c:\programdata\eMule
2009-02-24 06:50 . 2009-02-24 06:50 -------- d-----w c:\users\Krzysztof\AppData\Roaming\BinarySense
2009-02-23 21:40 . 2008-12-05 05:57 -------- d-----w c:\users\Krzysztof\AppData\Roaming\uTorrent
2009-02-23 16:16 . 2008-09-09 15:50 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-23 15:29 . 2008-08-20 10:47 -------- d-----w c:\program files\NetPanel
2009-02-23 15:24 . 2009-02-23 15:23 -------- d-----w c:\program files\Odkurzacz
2009-02-23 15:21 . 2008-09-09 15:35 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-13 08:49 . 2009-04-15 04:59 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-15 04:59 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 05:35 2033152 ----a-w c:\windows\System32\win32k.sys
2009-01-04 19:54 . 2009-01-04 19:54 19490 ----a-w c:\users\Krzysztof\Day_the_Earth_Stood_Still_The_(NAPiSY-104937).NS.zip
2008-12-29 06:49 . 2008-08-13 10:22 53944 ----a-w c:\users\Krzysztof\AppData\Local\GDIPFONTCACHEV1.DAT
2008-12-22 13:45 . 2008-08-13 13:37 27715 ----a-w c:\users\Krzysztof\AppData\Roaming\nvModes.dat
2008-09-19 18:02 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-08-27 20:01 . 2008-08-13 10:22 680 ----a-w c:\users\Krzysztof\AppData\Local\d3d9caps.dat
2008-08-13 14:30 . 2008-08-13 14:30 56 —ha-w c:\users\All Users\ezsidmv.dat
2008-08-13 14:30 . 2008-08-13 14:30 56 —ha-w c:\programdata\ezsidmv.dat
2008-08-20 10:2008-08-20 10:49 49:07 . c:\program files\mozilla firefox\components\gemgecko.dll
2008-08-13 10:53 . 2008-08-13 10:53 76 --sh–r c:\windows\CT4CET.bin
2007-03-05 23:49 . 2007-03-05 23:49 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DELL Webcam Manager”=“c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe” [2007-07-27 118784]
“OEM02Mon.exe”=“c:\windows\OEM02Mon.exe” [2007-05-09 36864]
“OrderReminder”=“c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe” [2006-01-30 98304]
“SigmatelSysTrayApp”=“c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe” [2007-05-06 405504]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-10-04 8497696]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-10-04 81920]
“NVHotkey”=“c:\windows\system32\nvHotkey.dll” [2007-10-04 86016]
“OutpostFeedBack”=“c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe” [2008-08-05 435528]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 81000]
“WrtMon.exe”=“c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe” [2006-09-20 20480]
“Smart Start UP”=“c:\program files\NewSoft\Smart Start UP\PnPDetect.exe” [2006-12-19 104528]
“OutpostMonitor”=“c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe” [2008-08-22 1157448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“EnableShellExecuteHooks”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\progra~1\agnitum\outpos~1\wl_hook.dll
[HKLM~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DigiScan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DigiScan.lnk
backup=c:\windows\pss\DigiScan.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“TCP Query User{3650C8F4-B09C-4F4B-AFB7-21D4AFEB66CE}c:\program files\emule\emule.exe”= UDP:c:\program files\emule\emule.exe:eMule
“UDP Query User{710749FC-75FD-4022-9AD5-37AE0DCE206E}c:\program files\emule\emule.exe”= TCP:c:\program files\emule\emule.exe:eMule
“TCP Query User{8EEEC4C5-0C39-404A-8461-EDB035543D67}c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe”= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup
“UDP Query User{DFDD0DE5-C904-4903-8E6F-35A6CF4DF553}c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe”= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup
“TCP Query User{A2384648-30DE-4910-A546-FD9B1E9BB67B}d:\silkroad\silkerrsender.exe”= UDP:d:\silkroad\silkerrsender.exe:FTPSender MFC ?? ???
“UDP Query User{2AC2EB0F-0A66-49A5-90CD-EBC22237907B}d:\silkroad\silkerrsender.exe”= TCP:d:\silkroad\silkerrsender.exe:FTPSender MFC ?? ???
“TCP Query User{75FD173E-3FB8-4CF4-B3E0-EE753C85F925}c:\program files\jlc’s software\internet tv\internet tv.exe”= UDP:c:\program files\jlc’s software\internet tv\internet tv.exe:Internet TV
“UDP Query User{8241C44F-70F1-468C-8D4D-2DA3D2B05F58}c:\program files\jlc’s software\internet tv\internet tv.exe”= TCP:c:\program files\jlc’s software\internet tv\internet tv.exe:Internet TV
“TCP Query User{3D6F3DFB-C517-455E-9112-5C16562B79C6}c:\program files\bitcomet\bitcomet.exe”= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
“UDP Query User{8AE592AA-E9B7-4998-9272-2A508A44DD0D}c:\program files\bitcomet\bitcomet.exe”= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
“TCP Query User{DA3F8644-CED1-4F66-8888-ACD1606A51FA}c:\program files\bitcomet\bitcomet.exe”= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
“UDP Query User{8EBDD5FC-E521-443F-94E4-BCA568D8990D}c:\program files\bitcomet\bitcomet.exe”= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
“{32AFB510-D1F6-4714-86EB-3129A9610DB8}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{E620BAD9-FA09-4733-85A8-FC5C389153F3}”= UDP:19267:BitComet 19267 TCP
“{6CE861CB-9AEA-491D-BEC0-8515FFA7AAAD}”= TCP:19267:BitComet 19267 UDP
“TCP Query User{BBA3F94E-9342-4CB5-80E3-4A81E2869112}c:\program files\microsoft games\age of mythology\aomx.exe”= UDP:c:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion
“UDP Query User{40EE95BF-B230-4A71-A64F-F946A8671670}c:\program files\microsoft games\age of mythology\aomx.exe”= TCP:c:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion
“{D8D3566C-DC65-4E9F-9274-2E26B6653D06}”= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
“{CD781F7A-C1A7-4402-A55B-04F7BBAF6E78}”= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2008-07-11 33408]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2008-10-03 48736]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2008-06-30 28688]
S1 aswSP;avast! Self Protection; [x]
S1 SandBox;SandBox;c:\windows\system32\DRIVERS\SandBox.sys [2008-07-11 673920]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2008-08-05 1238344]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2008-06-30 242704]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-05-09 235584]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5229986f-80dc-11dd-90fc-001c23b4253f}]
\shell\AutoRun\command - qwc.exe
\shell\explore\Command - qwc.exe
\shell\open\Command - qwc.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
Trusted Zone: arcabit.com\arcaonline
Trusted Zone: bazaria.pl\www
DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 15:46
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
c:\program files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
Czas ukończenia: 2009-04-18 15:48
ComboFix-quarantined-files.txt 2009-04-18 13:48
Przed: 65 607 168 000 bajtów wolnych
Po: 65 356 316 672 bajtów wolnych
Current=1 Default=1 Failed=0 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
190 — E O F — 2009-04-15 06:04
I
le masz zainstalowanej pamięci? Bo jeśli np. 4 GB to dużo za dużo masz zajęte , ale jeśli 512 MB to wcale nie za dużo