ComboFix 09-04-24.01 - Administrator 2009-04-24 14:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2039.1230 [GMT 2:00]
Uruchomiony z: e:\daniell\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-24 do 2009-4-24 )))))))))))))))))))))))))))))))
.
2009-04-23 17:13 . 2009-04-23 17:13 -------- d-----w c:\program files\Trend Micro
2009-04-23 16:55 . 2009-04-24 08:11 -------- d--h--w C:\$AVG8.VAULT$
2009-04-23 16:46 . 2009-04-23 16:46 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-23 16:46 . 2009-04-23 16:46 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-23 16:46 . 2009-04-23 16:46 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-23 16:45 . 2009-04-23 16:45 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-23 16:45 . 2009-04-23 16:45 -------- d-----w c:\program files\AVG
2009-04-23 16:45 . 2009-04-23 16:45 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\avg8
2009-04-23 15:46 . 2009-04-23 15:46 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera
2009-04-23 15:46 . 2009-04-23 15:46 -------- d-----w c:\program files\Opera
2009-04-21 20:38 . 2004-01-21 22:35 40960 ----a-w c:\windows\SSubTmr6.dll
2009-04-21 19:48 . 2009-04-21 20:17 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Tlen.pl
2009-04-21 19:48 . 2009-04-21 19:48 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Tlen.pl
2009-04-21 19:48 . 2009-04-22 18:26 -------- d-----w c:\program files\Tlen.pl
2009-04-19 17:51 . 2009-04-19 17:51 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Cooliris
2009-04-15 22:03 . 2009-04-15 22:03 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\OpenFM
2009-03-30 07:54 . 2009-03-30 07:54 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Thinstall
2009-03-25 21:31 . 2009-03-25 21:31 54156 ---ha-w c:\windows\QTFont.qfn
2009-03-25 21:31 . 2009-03-25 21:31 1409 ----a-w c:\windows\QTFont.for
2009-03-25 18:03 . 2009-03-25 18:03 9618 ----a-w c:\windows\system32\shutdown.rar
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 17:44 . 2007-05-16 06:49 -------- d-----w c:\program files\SkanerOnline
2009-04-18 17:48 . 2009-02-23 17:20 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\uTorrent
2009-04-18 09:02 . 2009-02-28 14:28 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu
2009-04-15 21:54 . 2009-02-28 14:28 -------- d-----w c:\program files\Nowe Gadu-Gadu
2009-04-03 16:08 . 2007-06-01 14:45 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Skype
2009-03-31 11:50 . 2009-03-14 14:36 -------- d-----w c:\program files\Last.fm
2009-03-29 21:24 . 2001-10-26 17:15 66836 ----a-w c:\windows\system32\perfc015.dat
2009-03-29 21:24 . 2001-10-26 17:15 389412 ----a-w c:\windows\system32\perfh015.dat
2009-03-17 13:48 . 2009-03-17 13:48 104448 --s-a-r c:\windows\system32\kmvtjmun.dll
2009-03-14 17:32 . 2007-02-24 15:29 -------- d-----w c:\program files\Winamp
2009-03-14 14:37 . 2009-03-14 14:37 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Last.fm
2009-03-06 17:11 . 2007-10-11 16:32 30292 ----a-w C:\mksbasel.cpp.log
2009-02-28 16:41 . 2009-02-28 16:19 -------- d-----w c:\program files\AP Tuner
2009-02-24 20:57 . 2009-02-24 20:57 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\BESTplayer
2009-02-24 20:08 . 2009-02-24 20:08 -------- d-----w c:\program files\NAPI-PROJEKT
2009-02-24 16:26 . 2007-03-17 20:57 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Azureus
2009-02-23 17:20 . 2009-02-23 17:20 -------- d-----w c:\program files\uTorrent
2009-02-23 17:12 . 2009-02-23 17:12 -------- d-----w c:\program files\BitTorrent
2009-02-23 15:20 . 2007-02-24 15:40 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Digidesign
2008-11-01 09:22 . 2007-02-24 12:00 70168 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-08-03 12:44 . 2007-08-03 12:44 476752 ----a-w c:\documents and settings\All Users\Dane aplikacji\pswi_preloaded.exe
2007-02-24 11:58 . 2007-02-24 11:58 138 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2009-01-03 21:2007-03-17 18:28 47:35 . c:\program files\mozilla firefox\components\jar50.dll
2009-01-03 21:2007-03-17 18:28 47:35 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-03 21:2007-03-17 18:28 47:35 . c:\program files\mozilla firefox\components\myspell.dll
2009-01-03 21:2007-03-17 18:28 47:36 . c:\program files\mozilla firefox\components\spellchk.dll
2009-01-03 21:2007-03-17 18:28 47:36 . c:\program files\mozilla firefox\components\xpinstal.dll
2008-12-01 16:22 . 2007-08-03 12:42 88 --sh--r c:\windows\system32\C92ABD1C55.sys
2008-12-01 16:22 . 2007-08-03 12:42 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"= "c:\windows\system32\ieframe.dll" [2008-06-23 6066176]
[HKEY_CLASSES_ROOT\clsid\{f2cf5485-4e02-4f68-819c-b92de9277049}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="c:\program files\Tlen.pl\Tlen.exe" [2009-01-17 5853672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2006-04-09 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-23 1932568]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= e:\soft\jdk-6-doc\docs\index.html
FriendlyName=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2008-06-23 233472]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-23 16:46 10520 ----a-w c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"midi1"= ma_cmidn.dll
"midi3"= ma_cmidn.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"OracleServiceMAINASE"=2 (0x2)
"OracleOraHome92TNSListener"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"aspnet_state"=3 (0x3)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\DC\\DCPlusPlus.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"e:\\soft\\eclipse-jee-europa-winter-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\daniell\\utorrent.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45242:TCP"= 45242:TCP:PrefetchIntel CursorsOptions
"55822:UDP"= 55822:UDP:PrefetchIntel SystemBuild
"23573:UDP"= 23573:UDP:PrefetchIntel schemasIME
"12478:TCP"= 12478:TCP:PrefetchIntel ProfilesAssemblies
R2 Netprov;Driver Storage;c:\windows\system32\svchost.exe [2004-08-04 14336]
R3 dkvglt;dkvglt; [x]
R3 iLokDrvr;iLok;c:\windows\system32\DRIVERS\iLokDrvr.sys [2005-12-21 27328]
R3 Tomcat6;Apache Tomcat;c:\tomcat6\bin\tomcat6.exe [2008-01-28 57344]
R4 OracleServiceMAINASE;OracleServiceMAINASE; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-23 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-23 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-23 298264]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\DRIVERS\mausbft.sys [2006-04-04 106112]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Netprov
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff0dfc8d-c569-11db-8468-000fea29d13f}]
\Shell\AutoRun\command - J:\USBNB.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -
ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
Notify-WgaLogon - (no file)
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
Trusted Zone: imaginecup.com
Trusted Zone: wildnoodle.com\www
Handler: http\[u]0[/u]x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\[u]0[/u]x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\[u]0[/u]x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\AVG\AVG8\avgpp.dll
Handler: msdaipp\[u]0[/u]x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nchdd8f4.default\
FF - prefs.js: browser.startup.homepage - hxxp://iz.bimber.pl/search.php?action=show_new
FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nchdd8f4.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 14:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dkvglt]
"ImagePath"="\??\c:\windows\system32\[u]0[/u]1.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netprov]
"ServiceDll"="c:\windows\system32\kmvtjmun.dll"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-329068152-1035525444-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6D3090F7-CA56-F294-2171-DEAFB0557951}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaokobhnfjfcbongnjfhmbephajgfc"=hex:64,61,64,62,69,64,6a,6d,00,c0
"oacmopbfhkoodgfdgkfhidglnhgeec"=hex:69,61,6c,61,67,62,6c,65,67,64,65,6c,6d,69,
62,66,68,62,00,00
"naalefgojgindelpobiimpofplcb"=hex:69,61,6c,61,67,62,6c,65,67,64,65,6c,6d,69,
62,66,68,62,00,00
.
Czas ukończenia: 2009-04-24 14:15
ComboFix-quarantined-files.txt 2009-04-24 12:15
Przed: 4 477 534 208 bajtów wolnych
Po: 5 523 095 552 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
282 --- E O F --- 2008-09-18 22:22