log:
http://wklej.org/id/187435/
– Dodane 27.10.2009 (Wt) 18:35 –
Oj.
to nie ten log OTL
po raz kolejny…
– Dodane 27.10.2009 (Wt) 21:41 –
To jest dobry log OTL:
http://wklej.org/id/187451/
– Dodane 29.10.2009 (Cz) 11:34 –
Log Combofix:
ComboFix 09-10-28.06 - kubek 2009-10-29 11:22.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2038.1343 [GMT 1:00]
Uruchomiony z: c:\documents and settings\kubek.KUBEKXP-PC\Moje dokumenty\Downloads\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\kubek.KUBEKXP-PC\Pulpit\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Utworzono nowy punkt przywracania
* Rezydentny antywirus jest aktywny
FILE ::
"c:\windows\kgqfweltedw.dll"
"c:\windows\mrvtdpqe.exe"
"c:\windows\nqgpedlr.dll"
"c:\windows\okmdepgb.dll"
"c:\windows\system32\khfEVPFx.dll"
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-88592010-846006287-4006485344-1000
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-09-28 do 2009-10-29 )))))))))))))))))))))))))))))))
.
2009-12-29 11:30 . 2009-12-29 11:30 -------- d-----w- c:\program files\Winstep
2009-12-29 11:27 . 2009-10-14 08:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-28 17:31 . 2009-12-28 17:31 -------- d-----w- c:\documents and settings\^^^Kubek^^^\IECompatCache
2009-12-28 17:31 . 2009-12-28 17:31 -------- d-----w- c:\documents and settings\^^^Kubek^^^\PrivacIE
2009-12-28 17:30 . 2009-12-28 17:30 -------- d-----w- c:\documents and settings\^^^Kubek^^^\Ustawienia lokalne\Dane aplikacji\Ahead
2009-12-28 17:30 . 2009-12-28 17:30 -------- d-----w- c:\documents and settings\^^^Kubek^^^\IETldCache
2009-12-28 17:30 . 2009-12-28 17:44 -------- d-----w- c:\documents and settings\^^^Kubek^^^\Ustawienia lokalne\Dane aplikacji\Microsoft
2009-12-28 17:30 . 2009-12-28 17:44 -------- d-----w- c:\documents and settings\^^^Kubek^^^\Ulubione
2009-12-28 17:30 . 2009-12-28 17:44 -------- d-----w- c:\documents and settings\^^^Kubek^^^\Szablony
2009-12-28 17:30 . 2009-12-28 17:44 -------- d-----w- c:\documents and settings\^^^Kubek^^^\Dane aplikacji
2009-12-28 17:30 . 2009-10-25 14:43 -------- d-----w- c:\documents and settings\^^^Kubek^^^\Ustawienia lokalne
2009-12-28 17:30 . 2009-12-28 17:44 -------- d-s---w- c:\documents and settings\^^^Kubek^^^
2009-12-28 09:45 . 2009-12-28 09:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TuneUp Software
2009-12-28 09:44 . 2009-10-15 13:33 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-28 09:44 . 2009-12-28 09:44 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}
2009-12-28 09:15 . 2009-12-28 09:15 172910 ----a-w- C:\cc_20091228_101523.reg
2009-12-25 15:32 . 2009-10-14 08:18 -------- d-----w- C:\wamp
2009-12-25 10:17 . 2009-09-24 16:55 49016 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-24 10:36 . 2009-12-24 10:36 -------- d-----w- C:\Adobe
2009-12-22 17:07 . 2009-12-22 17:08 -------- d-----w- C:\3a07cbfef00f8827fae4ef
2009-12-22 17:06 . 2009-12-22 17:22 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-22 07:36 . 2009-10-14 08:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Documents
2009-12-22 07:22 . 2009-10-14 08:20 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-12-20 09:10 . 2009-12-20 09:10 -------- d-----w- c:\program files\GIMP-2.0
2009-12-20 08:37 . 2009-12-20 08:37 -------- d-----w- c:\program files\Unlocker
2009-12-20 07:50 . 2009-12-20 07:50 -------- d-----w- c:\program files\My Drive Meter
2009-10-29 10:08 . 2005-05-03 18:43 69632 ------w- c:\windows\Alcmtr.exe
2009-10-29 07:44 . 2009-09-10 13:45 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-10-29 07:44 . 2009-09-10 13:45 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-10-27 19:31 . 2009-10-27 19:31 -------- d-----w- c:\program files\Lavalys
2009-10-27 13:02 . 2009-08-29 07:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-27 13:02 . 2009-08-29 07:52 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-27 13:02 . 2009-08-29 07:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-27 13:02 . 2009-08-29 07:52 1986048 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-27 13:02 . 2009-08-29 07:52 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-27 13:02 . 2009-08-29 11:22 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-27 10:41 . 2009-10-27 11:12 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TEMP
2009-10-27 10:39 . 2009-06-03 18:06 180224 ----a-w- c:\windows\system32\cnvshell.dll
2009-10-27 10:15 . 2004-04-19 17:53 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2009-10-27 10:15 . 2009-10-27 11:18 -------- d-----w- c:\program files\ImageConverter Plus
2009-10-27 10:00 . 2009-10-27 10:06 -------- d-----w- c:\program files\IconXP 2.03
2009-10-27 09:54 . 2009-10-27 10:05 -------- d-----w- c:\program files\IconXP
2009-10-27 09:09 . 2009-10-27 10:32 -------- d-----w- c:\program files\CubicExplorer
2009-10-27 08:54 . 2009-10-27 08:55 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\GHISLER
2009-10-25 17:12 . 2009-10-25 17:12 -------- d-----w- c:\program files\Sun
2009-10-25 16:16 . 2009-10-26 06:37 -------- d-----w- c:\program files\Findbasic
2009-10-25 16:16 . 2009-10-25 16:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Findbasic
2009-10-25 16:16 . 2009-10-27 08:55 -------- d-----w- c:\windows\Icons
2009-10-25 16:16 . 2009-10-25 16:20 -------- d-----w- c:\program files\FileSubmit
2009-10-25 14:20 . 2009-10-25 14:20 -------- d-----w- c:\windows\NLDRV
2009-10-25 13:58 . 2009-04-10 15:19 180224 ----a-w- c:\windows\system32\igfxres.dll
2009-10-25 13:50 . 2009-09-10 13:45 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2009-10-25 13:49 . 2009-09-10 13:45 56832 -c--a-w- c:\windows\system32\dllcache\convlog.exe
2009-10-25 13:46 . 2009-09-10 13:45 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-10-25 13:37 . 2008-04-14 19:51 152064 ----a-w- c:\windows\system32\irftp.exe
2009-10-25 13:37 . 2008-04-14 19:51 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-10-25 13:37 . 2008-04-14 19:50 28672 ----a-w- c:\windows\system32\irmon.dll
2009-10-25 13:29 . 2009-09-10 13:45 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-10-25 13:29 . 2009-09-10 13:45 13312 ----a-w- c:\windows\system32\irclass.dll
2009-10-25 13:29 . 2009-09-10 13:45 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-10-25 13:29 . 2009-09-10 13:45 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-10-23 18:15 . 2009-10-23 18:17 -------- d-----w- c:\windows\vf_hip
2009-10-23 18:15 . 2009-10-23 18:16 -------- d-----w- c:\program files\Hide IP Platinum
2009-10-23 17:57 . 2009-10-23 18:08 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Hide IP NG
2009-10-23 17:57 . 2009-10-23 18:08 -------- d-----w- c:\program files\Hide IP NG
2009-10-23 15:47 . 2009-10-23 15:47 -------- d-----w- c:\program files\Gadget Extractor
2009-10-23 15:43 . 2009-10-23 15:43 -------- d-----w- c:\program files\Windows Sidebar
2009-10-23 15:42 . 2009-10-23 15:42 -------- d-----w- C:\b71a55e9fb9838ee6e9ea6e75147735e
2009-10-23 15:41 . 2009-10-23 15:41 -------- d-----w- c:\program files\Alky for Applications
2009-10-23 07:28 . 2009-10-23 07:30 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Nitro PDF
2009-10-23 07:28 . 2009-09-15 08:16 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2009-10-23 07:28 . 2009-09-15 08:15 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2009-10-23 07:27 . 2009-10-23 07:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Nitro PDF
2009-10-23 07:27 . 2009-10-23 07:27 -------- d-----w- c:\program files\Common Files\Nitro PDF
2009-10-23 07:27 . 2009-10-23 07:27 -------- d-----w- c:\program files\Nitro PDF
2009-10-23 07:26 . 2009-10-23 07:26 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Downloaded Installations
2009-10-15 21:44 . 2009-10-15 21:44 -------- d-----w- C:\98f502015a4805735a
2009-10-14 12:55 . 2009-10-14 12:56 -------- d-----w- C:\v
2009-10-14 09:18 . 2009-10-14 09:23 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\AveDesk
2009-10-14 09:17 . 2009-10-14 09:20 -------- d-----w- c:\program files\AveDesk
2009-10-13 17:25 . 2009-10-13 17:25 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-10-13 17:25 . 2009-10-13 17:25 -------- d-----w- c:\program files\Windows Mobile 6 SDK
2009-10-12 18:55 . 2009-10-12 18:55 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Stardock
2009-10-12 18:31 . 2009-10-12 18:31 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-12 18:30 . 2009-10-12 18:30 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-12 15:13 . 2009-10-25 17:20 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\.VirtualBox
2009-10-11 15:23 . 2009-10-11 15:23 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Ceiiular
2009-10-11 15:20 . 2009-10-11 15:20 -------- d-----w- c:\program files\Show Desktop
2009-10-11 15:06 . 2009-10-11 15:06 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Library
2009-10-11 15:06 . 2009-10-11 15:06 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\com.adobe.ExMan
2009-10-11 14:57 . 2009-10-11 14:57 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-11 08:01 . 2009-10-11 08:18 -------- d-----w- C:\ts2
2009-10-09 16:43 . 2009-10-09 16:45 -------- d-----w- C:\pen
2009-10-09 08:09 . 2009-10-09 08:09 -------- d-----w- C:\Windows 7 (E)
2009-10-09 07:30 . 2009-10-11 08:08 -------- d-----w- C:\windowsxp
2009-10-02 15:18 . 2009-10-02 15:18 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Opera
2009-10-02 15:18 . 2009-10-25 14:04 -------- d-----w- c:\program files\Opera
2009-10-02 15:08 . 2009-10-02 15:08 0 ----a-w- c:\windows\nsreg.dat
2009-10-02 15:08 . 2009-10-02 15:08 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-10-01 15:49 . 2009-09-15 15:17 -------- d-----w- C:\antysledz
2009-10-01 15:34 . 2009-10-11 15:05 -------- d-----w- c:\program files\Adobe Media Player
2009-10-01 15:01 . 2009-10-11 15:06 -------- d-----r- C:\MSOCache
2009-10-01 13:59 . 2009-10-01 13:59 -------- d-----w- c:\program files\Kwyshell
2009-10-01 13:35 . 2009-09-09 19:15 115856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-10-01 13:35 . 2009-09-09 19:15 91856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-10-01 13:35 . 2009-09-09 19:15 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-10-01 13:23 . 2009-10-01 13:23 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\ABBYY
2009-10-01 13:20 . 2009-10-01 13:20 -------- d-----w- c:\program files\Common Files\ABBYY
2009-10-01 13:16 . 2009-10-01 13:30 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\ABBYY
2009-10-01 13:16 . 2009-10-01 13:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ABBYY
2009-10-01 13:16 . 2009-10-01 13:23 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-10-01 13:12 . 2009-10-01 13:13 -------- d-----w- c:\temp\FR90PE
2009-10-01 13:12 . 2009-10-01 13:12 -------- d-----w- C:\temp
2009-10-01 12:38 . 2009-10-01 12:38 -------- d-----w- c:\windows\tessdata
2009-10-01 12:38 . 2009-10-01 12:38 -------- d-----w- c:\program files\Softi Software
2009-10-01 12:37 . 2009-10-01 12:37 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Softi Software
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 08:45 . 2009-05-14 15:20 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-12-22 07:23 . 2009-03-04 18:07 -------- d-----w- c:\program files\Common Files\Stardock
2009-10-29 10:22 . 2008-04-15 12:00 490866 ----a-w- c:\windows\system32\perfh015.dat
2009-10-29 10:22 . 2008-04-15 12:00 84078 ----a-w- c:\windows\system32\perfc015.dat
2009-10-29 10:17 . 2009-04-12 14:38 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\ipla
2009-10-29 10:08 . 2009-02-26 16:14 -------- d-----w- c:\program files\Realtek
2009-10-27 12:31 . 2009-09-10 13:44 -------- d-----w- c:\program files\Weemi
2009-10-27 12:25 . 2009-06-26 10:14 -------- d-----w- c:\program files\Microsoft Studio
2009-10-27 11:46 . 2009-09-10 13:45 3539968 ----a-w- c:\windows\system32\logonuiX.exe
2009-10-27 11:18 . 2009-05-24 17:18 -------- d-----w- c:\program files\Thoosje Vista Sidebar
2009-10-27 11:18 . 2009-04-22 08:26 -------- d-----w- c:\program files\DivX
2009-10-27 11:18 . 2009-03-20 17:09 -------- d-----w- c:\program files\Inno Setup 5
2009-10-27 11:18 . 2009-04-15 07:42 -------- d-----w- c:\program files\Free FLV Converter
2009-10-27 11:18 . 2009-03-04 18:02 -------- d-----w- c:\program files\Avanquest update
2009-10-27 11:02 . 2009-02-27 19:52 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-27 09:14 . 2009-03-31 08:16 -------- d-----w- c:\program files\WinFlip
2009-10-25 13:44 . 2009-04-10 14:58 23016 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-23 18:33 . 2009-04-26 08:12 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\BitTorrent
2009-10-23 17:09 . 2009-04-01 15:40 -------- d-----w- c:\program files\ESET
2009-10-23 15:47 . 2009-04-10 15:09 49464 ----a-w- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-10-15 21:43 . 2009-05-10 12:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help
2009-10-14 10:57 . 2009-02-27 16:39 -------- d-----w- c:\program files\Styler
2009-10-14 08:20 . 2009-05-14 17:37 -------- d-----w- c:\program files\ViGlance
2009-10-14 08:20 . 2009-03-31 05:46 -------- d-----w- c:\program files\Visplore
2009-10-14 08:20 . 2009-08-31 18:23 -------- d-----w- c:\program files\DebugMode
2009-10-14 08:19 . 2009-08-12 18:12 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-10-14 08:18 . 2009-05-14 17:35 -------- d-----w- c:\program files\ViStart
2009-10-12 18:50 . 2009-06-26 08:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Electronic Arts
2009-10-01 15:33 . 2009-02-26 07:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-27 07:44 . 2009-08-31 21:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-23 13:53 . 2009-07-21 07:21 -------- d-----w- c:\program files\Gem Ball Ancient Legends
2009-09-23 13:52 . 2009-03-06 08:00 -------- d-----w- c:\program files\Stardock
2009-09-23 13:35 . 2009-06-26 08:10 -------- d-----w- c:\program files\Electronic Arts
2009-09-23 13:32 . 2009-03-14 18:52 -------- d-----w- c:\program files\EA GAMES
2009-09-22 15:40 . 2009-09-22 15:40 -------- d-----w- c:\program files\4t Tray Minimizer
2009-09-15 08:17 . 2009-09-15 08:17 61760 ----a-w- c:\windows\system32\ASTSRV.EXE
2009-09-13 08:42 . 2009-09-13 08:42 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\TuneUp Software
2009-09-09 19:15 . 2009-09-09 19:15 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-09-09 19:15 . 2009-09-09 19:15 100368 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-09-07 15:18 . 2009-09-07 15:18 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\GlobalSCAPE
2009-09-07 13:40 . 2009-09-07 13:17 153509 ----a-w- c:\windows\hpoins14.dat
2009-09-07 13:30 . 2009-09-07 13:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\HP Product Assistant
2009-09-07 13:30 . 2009-05-10 12:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\HP
2009-09-07 13:29 . 2009-09-07 13:29 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-07 13:18 . 2009-09-07 13:18 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Malwarebytes
2009-09-04 08:04 . 2009-09-04 08:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\RealHideIP
2009-09-01 07:06 . 2009-04-23 09:56 -------- d-----w- c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Nowe Gadu-Gadu
2009-08-31 18:45 . 2009-07-15 11:50 -------- d-----w- c:\program files\bobyte
2009-08-29 07:52 . 2009-09-10 13:45 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-12 17:09 . 2009-08-12 17:09 226010 ----a-w- C:\cc_20090812_190919.reg
2009-08-03 11:36 . 2009-08-12 17:12 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-08-12 17:12 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
.
------- Sigcheck -------
[-] 2009-09-10 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-06-13 16377344]
c:\documents and settings\kubek.KUBEKXP-PC\Menu Start\Programy\Autostart\
4t Tray Minimizer.lnk - c:\program files\4t Tray Minimizer\4t-min.exe [2009-9-22 1091584]
Skr˘t do egui.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-5-14 2029640]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-16 07:44 174328 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^kubek.KUBEKXP-PC^Menu Start^Programy^Autostart^ViGlance OneStep.exe]
path=c:\documents and settings\kubek.KUBEKXP-PC\Menu Start\Programy\Autostart\ViGlance OneStep.exe
backup=c:\windows\pss\ViGlance OneStep.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kubek2^Menu Start^Programy^Autostart^Styler.lnk]
path=c:\documents and settings\Kubek2\Menu Start\Programy\Autostart\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-09-10 69248]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-09-10 212520]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-10-01 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-10-01 41424]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-09-15 188736]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-10-12 604416]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-10-01 91856]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-09-09 100368]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-03-23 30032]
S2 CoLinuxDriver;CoLinuxDriver;\??\c:\ubuntu\Portable_Ubuntu\linux.sys --> c:\ubuntu\Portable_Ubuntu\linux.sys [?]
S2 Findbasic Service;Findbasic Service;c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Findbasic\findbasic131.exe [2009-10-25 54776]
S2 gupdate1c9ef5be5f3a182;Usługa Google Update (gupdate1c9ef5be5f3a182);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
"c:\program files\Windows Sidebar\sidebar.exe" /RegServer
.
Zawartość folderu 'Zaplanowane zadania'
2009-10-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
2009-10-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-17 14:52]
2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 14:57]
2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 14:57]
2009-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1491950412-2009852829-4049741679-1003Core.job
- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-10 17:06]
2009-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1491950412-2009852829-4049741679-1003UA.job
- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-10 17:06]
2009-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-1177238915-1003.job
- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-10 17:06]
2009-10-29 c:\windows\Tasks\User_Feed_Synchronization-{F18B4246-7B93-4B2B-932B-4B1708AC5A73}.job
- c:\windows\system32\msfeedssync.exe [2009-09-10 13:45]
.
.
------- Skan uzupełniający -------
.
FF - ProfilePath - c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Mozilla\Firefox\Profiles\9snnallf.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 11:31
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2E774316-4A34-AD93-7E3D-2FA9BB15338B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"haoecdjcjhjcbkfj"=hex:6a,61,6a,64,6a,68,63,6b,62,6a,63,65,6b,64,62,6f,70,65,
66,6f,00,ea
"iamemceihflomihehd"=hex:6a,61,6a,64,6a,68,63,6b,62,6a,63,65,6b,64,62,6f,70,65,
66,6f,00,00
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(1396)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
.
Czas ukończenia: 2009-10-29 11:33
ComboFix-quarantined-files.txt 2009-10-29 10:33
ComboFix2.txt 2009-10-25 14:43
Przed: 18 247 036 928 bajtów wolnych
Po: 18 269 405 184 bajtów wolnych
- - End Of File - - B24238B21702E962C86F838BCFBBDA6C