ComboFix 09-05-06.08 - Sławek 2009-05-08 16:08.4 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.48.1045.18.1013.327 [GMT 2:00]
Uruchomiony z: c:\users\Sławek\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-08 do 2009-05-08 )))))))))))))))))))))))))))))))
.
2009-05-08 14:03 . 2005-08-25 23:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
2009-05-08 14:03 . 2009-05-08 14:03 -------- d-----w c:\programdata\Simply Super Software
2009-05-08 14:03 . 2009-05-08 14:03 -------- d-----w c:\users\All Users\Simply Super Software
2009-05-08 14:03 . 2009-05-08 14:03 -------- d-----w c:\program files\Trojan Remover
2009-05-07 14:52 . 2009-05-07 14:52 -------- d-----w c:\programdata\Wru
2009-05-07 14:52 . 2009-05-07 14:52 -------- d-----w c:\users\All Users\Wru
2009-05-07 14:46 . 2009-05-07 14:52 -------- d-----w c:\program files\Wru
2009-05-06 17:41 . 2009-05-06 17:41 -------- d-----w c:\program files\VideoLAN
2009-04-23 19:35 . 2004-06-22 18:06 1040384 ----a-w c:\windows\system32\GnucCOM.dll
2009-04-23 19:29 . 2009-04-23 19:29 -------- d-----r c:\users\Public\Videos
2009-04-23 16:53 . 2009-04-23 16:53 -------- d-----r c:\users\Public\Music
2009-04-23 03:07 . 2009-04-23 03:07 -------- d-----w c:\programdata\is-VP1QQ
2009-04-23 03:07 . 2009-04-23 03:07 -------- d-----w c:\users\All Users\is-VP1QQ
2009-04-23 03:06 . 2009-05-08 14:13 35696672 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-23 03:06 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\55459069.sys
2009-04-20 03:27 . 2009-04-20 03:27 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-20 03:22 . 2009-05-07 14:10 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-20 03:20 . 2009-04-20 03:20 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-20 03:19 . 2009-05-07 14:07 -------- d-----w c:\program files\Microsoft
2009-04-20 03:18 . 2009-04-20 03:18 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-20 03:18 . 2009-05-07 14:15 -------- d-----w c:\program files\Windows Live
2009-04-20 03:09 . 2009-04-20 03:09 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-19 19:17 . 2009-05-06 04:43 -------- d---a-w c:\programdata\TEMP
2009-04-19 19:17 . 2009-05-06 04:43 -------- d---a-w c:\users\All Users\TEMP
2009-04-19 19:17 . 2006-05-25 13:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
2009-04-19 19:17 . 2006-06-19 11:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
2009-04-19 19:17 . 2002-03-05 23:00 75264 ----a-w c:\windows\system32\unacev2.dll
2009-04-19 19:17 . 2003-02-02 18:06 153088 ----a-w c:\windows\system32\UNRAR3.dll
2009-04-19 03:19 . 2009-04-23 03:04 -------- d-----w c:\users\Public\Documents
2009-04-16 05:05 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 05:05 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 05:05 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-16 05:05 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-16 05:05 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 05:05 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 05:05 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 05:04 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-16 05:04 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-16 05:04 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-16 05:04 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-16 05:04 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-16 05:04 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-16 05:04 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-16 05:04 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-16 05:04 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-16 05:04 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-16 05:02 . 2009-03-03 04:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-16 05:02 . 2009-03-03 02:28 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-16 05:02 . 2009-03-03 04:37 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 13:25 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-15 13:13 . 2009-04-15 13:13 -------- dc-h--w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 13:13 . 2009-04-15 13:13 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 06:21 . 2009-04-23 03:06 371960 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-07 14:20 . 2009-02-11 13:04 -------- d-----w c:\program files\The Learning Company
2009-05-07 14:18 . 2007-08-16 18:10 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-07 14:05 . 2008-10-24 19:07 -------- d-----w c:\program files\NAPI-PROJEKT
2009-04-20 03:28 . 2006-12-05 05:19 662056 ----a-w c:\windows\system32\perfh015.dat
2009-04-20 03:28 . 2006-12-05 05:19 126908 ----a-w c:\windows\system32\perfc015.dat
2009-04-20 03:24 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infpub.dat
2009-04-20 03:24 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-20 03:24 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-20 02:57 . 2008-06-27 17:29 -------- d-----w c:\program files\DivX
2009-04-17 01:13 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-15 13:12 . 2008-11-04 19:37 -------- d-----w c:\program files\Lavasoft
2009-04-12 19:14 . 2008-11-25 20:04 -------- d-----w c:\program files\BearShare Applications
2009-03-21 14:41 . 2008-10-24 05:33 -------- d-----w c:\program files\GRETECH
2009-02-09 03:10 . 2009-03-11 03:51 2033152 ----a-w c:\windows\system32\win32k.sys
2008-08-20 20:35 . 2006-11-02 12:48 174 --sh--w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-30 1829712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-04-29 1053576]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7DF4A605-CD08-4F3F-9044-0DDA3763E0AC}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
"{CAB18D13-701F-4C0D-B484-4F4F1FEAB785}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
"{9574A42F-8091-486C-BBA6-58CDD37A8852}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{BA766D29-5B63-4DA1-9CCC-FDB4B2D2D7D0}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{719DB1A9-1B04-4FEC-9CB2-D48DF985EC8E}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia
"{28DF4FC8-1333-4FDA-8DA4-63B0E1489711}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2715FE0A-B12F-407F-8585-35673A0AAD97}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{448902C4-351D-4E22-812F-9C5E0F5480A3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3F0DC591-68FC-4CB2-AD1D-76F09EC4636F}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{6FE56862-751F-4BD5-AEA1-2BB1F19B7BCF}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{488F99ED-C6AF-4EA6-8D3B-0D1F33A10963}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{AB4551A0-21A5-44E2-A4BF-2E02FCF34815}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{7CFEE1BA-360C-48DE-909F-CE898F9A1ADF}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{E4AE49AB-0C0C-4610-8FB0-36FED54B770C}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{78A0D0A5-ACFD-42EE-8E82-4AEDDAA233F7}c:\\users\\sławek\\documents\\utorrent.exe"= UDP:c:\users\sławek\documents\utorrent.exe:utorrent.exe
"UDP Query User{128E1958-EEBE-4C09-8248-D779DDC9CFDD}c:\\users\\sławek\\documents\\utorrent.exe"= TCP:c:\users\sławek\documents\utorrent.exe:utorrent.exe
"TCP Query User{06126338-F474-4EF9-9C76-CD7FD0CAD791}c:\\users\\sławek\\documents\\utorrent.exe"= UDP:c:\users\sławek\documents\utorrent.exe:utorrent.exe
"UDP Query User{787822D8-EAC0-41EB-8F2A-D47439439553}c:\\users\\sławek\\documents\\utorrent.exe"= TCP:c:\users\sławek\documents\utorrent.exe:utorrent.exe
"TCP Query User{A07BEBC6-AE68-4447-840E-6E621B6141D4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C333ACA0-FE18-4112-9563-66A03EB71216}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{11959E56-F36C-4E0A-BE19-4EE79CC4CF31}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{73B11B00-56B1-4094-AA37-D6DC5D41CD6D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{3644FC34-A181-4CD8-8039-BF23082A3A60}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{D7C851B4-160C-41A1-9749-51AF4D69D46A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{5AF5FFA9-6B58-4D57-A0F9-EA537D504386}"= UDP:8461:GoD High Port
"{BFCCE6A7-53FD-4519-9D0F-F96B5F929942}"= UDP:8462:GoD Low Port
"TCP Query User{5B24DC66-7687-4613-B6C4-852CF18B8A03}d:\\god\\god.exe"= UDP:d:\god\god.exe:GoD
"UDP Query User{ADC2E118-FE62-4537-B472-001637673034}d:\\god\\god.exe"= TCP:d:\god\god.exe:GoD
"TCP Query User{9C2942F3-0360-4657-A494-6D155492CF89}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{B66E41AA-4DFB-4E82-BB4F-B0155741701D}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{BEE9261F-F1F8-465C-8006-563A5CF93AC4}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{F114E01D-522F-4174-9554-485C2BD8AFFD}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{AAAE3F0E-CA15-42F4-A9AB-56D9026E52BB}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{CF35B39F-2635-47D4-842F-7D5FD44B2B81}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{C9100C22-D026-40FD-8194-847EFBC3087B}"= UDP:d:\pobrane 1\uTorrent.exe:µTorrent (TCP-In)
"{46307126-1515-4A14-B15D-8879038F28A1}"= TCP:d:\pobrane 1\uTorrent.exe:µTorrent (UDP-In)
"{72B76AC0-2D19-45DC-9C29-0ED018612119}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-11-04 114768]
R1 is-VP1QQdrv;is-VP1QQdrv;c:\windows\System32\drivers\55459069.sys [2009-04-23 148496]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-11-04 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-11-04 51792]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-08-17 179712]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\System32\drivers\e4ldr.sys [2008-11-25 69656]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\System32\drivers\e4usbaw.sys [2008-11-25 104344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Skan uzupełniający -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://pl.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Sławek\AppData\Roaming\Mozilla\Firefox\Profiles\e06h5rjd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 16:14
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-109616326-2995623209-3042806892-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Czas ukończenia: 2009-05-08 16:16
ComboFix-quarantined-files.txt 2009-05-08 14:16
Przed: 24 949 063 680 bajtów wolnych
Po: 24 842 244 096 bajtów wolnych
204 --- E O F --- 2009-05-07 05:02
[code][/code]
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 6 gości