przez wojtas 25 Mar 2009, 19:20
File::
c:\windows\system32\stu2.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
expand X:\i386\userinit.ex_ C:\Windows\sytem32\userinit.exe
przez Gacek89 01 Kwi 2009, 14:42
ComboFix 09-03-23.01 - Krzysiek 2009-04-01 14:34:28.15 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.235 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Opera\Opera\profile\cache4\temporary_download\CFScript.txt
AV: System Antywirusowy NOD32 2.51 *On-access scanning enabled* (Updated)
FW: Outpost Firewall Pro *enabled*
* Utworzono nowy punkt przywracania
* Resident AV is active
FILE ::
c:\windows\system32\stu2.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\stu2.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-01 do 2009-04-01 )))))))))))))))))))))))))))))))
.
2009-03-31 14:58 . 2009-03-31 14:58 <DIR> d-------- c:\documents and settings\Iza.GACEK\Dane aplikacji\Skype
2009-03-25 12:37 . 2004-08-04 02:44 25,088 --a------ c:\windows\system32\userinit.exe
2009-03-25 11:04 . 2009-03-25 11:20 <DIR> d-------- C:\SDFix
2009-03-24 20:47 . 2009-03-25 20:05 <DIR> d-------- C:\JDownloader 0.4.936
2009-03-17 20:38 . 2009-03-17 20:38 <DIR> d-------- C:\w200_usb_signed_drivers
2009-03-17 20:38 . 2007-03-25 07:33 97,056 --a------ c:\windows\system32\drivers\w200mdm.sys
2009-03-17 20:38 . 2007-03-25 07:33 88,560 --a------ c:\windows\system32\drivers\w200mgmt.sys
2009-03-17 20:38 . 2007-03-25 07:33 86,368 --a------ c:\windows\system32\drivers\w200obex.sys
2009-03-17 20:38 . 2007-03-25 07:33 61,504 --a------ c:\windows\system32\drivers\w200bus.sys
2009-03-17 20:38 . 2007-03-25 07:33 9,328 --a------ c:\windows\system32\drivers\w200mdfl.sys
2009-03-17 20:38 . 2007-03-25 07:33 6,208 --a------ c:\windows\system32\drivers\w200cmnt.sys
2009-03-17 20:38 . 2007-03-25 07:33 6,208 --a------ c:\windows\system32\drivers\w200cm.sys
2009-03-17 20:38 . 2007-03-25 07:33 5,840 --a------ c:\windows\system32\drivers\w200whnt.sys
2009-03-17 20:38 . 2007-03-25 07:33 5,840 --a------ c:\windows\system32\drivers\w200wh.sys
2009-03-05 00:21 . 2009-03-05 00:21 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-05 00:21 . 2009-03-05 00:21 1,409 --a------ c:\windows\QTFont.for
2009-03-04 20:23 . 2009-03-27 01:54 <DIR> d-------- C:\jagoda
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-01 10:45 --------- d-----w c:\documents and settings\Krzysiek\Dane aplikacji\Dropbox
2009-03-31 19:05 --------- d-----w c:\documents and settings\Krzysiek\Dane aplikacji\MegauploadToolbar
2009-03-28 18:17 --------- d-----w c:\documents and settings\Iza.GACEK\Dane aplikacji\MEGAUPLOADTOOLBAR
2009-03-19 17:13 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-14 08:47 --------- d-----w c:\program files\Opera
2009-03-12 11:52 --------- d-----w c:\program files\ESET
2009-03-04 17:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 22:19 --------- d-----w c:\program files\SkanerOnline
2009-02-18 22:13 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-02-15 11:46 --------- d-----w c:\documents and settings\Krzysiek\Dane aplikacji\Skype
2009-02-15 11:19 --------- d-----w c:\documents and settings\Krzysiek\Dane aplikacji\skypePM
2009-02-10 15:05 --------- d-----w c:\program files\Common Files\Logitech
2009-01-21 16:11 473,600 ----a-w c:\windows\system32\SkanerOnline.dll
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-03-24_17.53.34,35 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2009-02-19 18:25:37 6,725,632 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-03-25 09:05:30 6,832,128 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
- 2009-02-19 18:25:37 376,832 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2009-03-25 09:05:30 376,832 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-10-29 19:05:06 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-30 19:44:00 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-10-26 07:14:50 63,130 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-29 10:31:16 63,130 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-26 07:14:50 80,642 ----a-w c:\windows\system32\perfc015.dat
+ 2009-03-29 10:31:16 80,642 ----a-w c:\windows\system32\perfc015.dat
- 2008-10-26 07:14:50 403,528 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-29 10:31:16 403,528 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-26 07:14:50 460,578 ----a-w c:\windows\system32\perfh015.dat
+ 2009-03-29 10:31:16 460,578 ----a-w c:\windows\system32\perfh015.dat
+ 2009-04-01 10:43:07 16,384 ----atw c:\windows\temp\Perflib_Perfdata_338.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 09:20 143360 --a------ d:\program files\Dropbox\DropboxExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 09:20 143360 --a------ d:\program files\Dropbox\DropboxExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 09:20 143360 --a------ d:\program files\Dropbox\DropboxExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Konnekt"="d:\konnekt\konnekt.exe" [2005-05-24 503808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-09-06 921600]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2006-05-11 356420]
"Copy Handler"="c:\program files\Copy Handler\ch.exe" [2005-01-31 146432]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"Outpost Firewall"="c:\program files\Agnitum\Outpost Firewall\outpost.exe" [2006-03-30 91648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\Krzysiek\Menu Start\Programy\Autostart\
Dropbox.lnk - d:\program files\Dropbox\Dropbox.exe [2008-09-26 24096981]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BOINC Manager.lnk - d:\program files\BOINC\boincmgr.exe [2008-03-04 4150016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 03:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Krzysiek^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=c:\documents and settings\Krzysiek\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 11:25 6731312 d:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-01-15 16:14 147456 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:44 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 d:\gadu-gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a--c--- 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 d:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexPPS.exe]
--a------ 2002-01-24 11:09 174592 c:\windows\system32\LEXPPS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:55 1667584 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 14:33 13574144 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-04-04 14:20 81920 c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 14:33 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2008-08-16 16:01 264704 d:\program files\Odkurzacz\odk_mcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 02:05 200704 d:\poweriso\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2007-11-29 13:11 144448 d:\ai roboform\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 18:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-07-12 04:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-18 17:24 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 07:28 36352 d:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 04:12 76304 c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2008-02-29 04:12 76304 c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 14:33 1630208 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r---c--- 2006-05-16 12:04 2879488 c:\windows\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 VFILT;Outpost Firewall Kernel Driver;c:\program files\Agnitum\Outpost Firewall\Kernel\filtnt.sys [2007-09-10 125216]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\PostgreSQL\8.2\bin\pg_ctl.exe [2007-09-17 79948]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\adblock.dll [2007-09-10 33600]
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\arp.dll [2007-09-10 17440]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\content.dll [2007-09-10 4896]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\dnscache.dll [2007-09-10 14304]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\ftpfilt.dll [2007-09-10 9024]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\htmlfilt.dll [2007-09-10 11552]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\httpfilt.dll [2007-09-10 13248]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\imapfilt.dll [2007-09-10 7200]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\mailfilt.dll [2007-09-10 14912]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\nntpfilt.dll [2007-09-10 6752]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\pop3filt.dll [2007-09-10 9984]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\protect.dll [2007-09-10 16960]
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\secret.dll [2007-09-10 9696]
S3 FoxAwdWINFLASH;FoxAwdWINFLASH;c:\program files\LiveUpdate\FoxAwdWINFLASH.sys [2006-01-01 4380]
S3 KEYBOARDWDFilter;KEYBOARDWDFilter;c:\windows\system32\drivers\KEYBOARDWD.SYS [2007-11-17 6528]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2009-03-17 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2009-03-17 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2009-03-17 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2009-03-17 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2009-03-17 86368]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\Setup.exe -auto
.
Zawartość folderu 'Zaplanowane zadania'
2009-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2009-04-01 c:\windows\Tasks\backup.job
- c:\windows\system32\ntbackup.exe [2004-08-04 00:44]
2009-03-22 c:\windows\Tasks\Schedule Task Weekly.job
- d:\program files\Registry Easy\RE.exe []
.
.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 165.91.83.23:3128
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pasek Narzędzi RoboForm - file://d:\ai roboform\RoboFormComShowToolbar.html
IE: Personalizuj Menu - file://d:\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Wypełnij Pola - file://d:\ai roboform\RoboFormComFillForms.html
IE: Zapisz Pola - file://d:\ai roboform\RoboFormComSavePass.html
LSP: c:\windows\system32\imon.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\zsrau2p3.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 14:36:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1957994488-1450960922-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:e6,fb,3d,3b,79,9b,a6,ff,be,9b,77,d9,b1,07,f1,98,72,34,dc,f5,0e,
a3,fa,f0,e4,e4,a7,9b,11,00,f6,5e,f0,65,10,d0,02,c6,42,84,a2,66,ec,41,8a,a5,\
"rkeysecu"=hex:cd,b6,20,60,58,b7,73,a4,11,39,29,11,5e,d8,fc,c8
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(1304)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Czas ukończenia: 2009-04-01 14:38:45
ComboFix-quarantined-files.txt 2009-04-01 12:38:04
ComboFix2.txt 2009-03-25 09:26:17
ComboFix3.txt 2009-03-24 16:54:45
Przed: 1 219 538 944 bajtów wolnych
Po: 1,369,346,048 bajtów wolnych
309
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 7 gości