rsit
http://wyslijto.pl/plik/xq8jpj6ldw
otl
http://wyslijto.pl/plik/4efpua2hgr
ComboFix 10-01-26.01 - Kiyo 2010-01-27 1:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.2908.2001 [GMT 9:00]
Uruchomiony z: c:\users\Kiyo\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3534407646-2922545102-3919244342-500
c:\users\Kiyo\AppData\Roaming\Desktopicon
c:\users\Kiyo\AppData\Roaming\Desktopicon\config.ini
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-12-26 do 2010-01-26 )))))))))))))))))))))))))))))))
.
2010-01-26 16:56 . 2010-01-26 16:56 -------- d-----w- c:\users\Kiyo\AppData\Local\temp
2010-01-26 16:56 . 2010-01-26 16:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-25 15:08 . 2010-01-25 15:09 -------- d-----w- c:\program files\trend micro
2010-01-25 15:08 . 2010-01-25 15:09 -------- d-----w- C:\rsit
2010-01-25 11:11 . 2010-01-25 11:11 -------- d-----w- c:\users\Kiyo\AppData\Roaming\Malwarebytes
2010-01-25 11:10 . 2010-01-07 07:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 11:10 . 2010-01-25 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 11:10 . 2010-01-25 11:10 -------- d-----w- c:\programdata\Malwarebytes
2010-01-25 11:10 . 2010-01-07 07:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 12:59 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 12:59 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-08 21:35 . 2010-01-25 10:25 -------- d-----w- c:\users\Kiyo\AppData\Roaming\DMCache
2010-01-08 21:34 . 2010-01-08 21:34 -------- d-----w- c:\program files\Internet Download Manager
2010-01-03 21:08 . 2010-01-03 21:08 -------- d-----w- c:\users\Kiyo\AppData\Local\vdownloader
2010-01-03 21:07 . 2010-01-03 21:08 -------- d-----w- c:\program files\Ask.com
2010-01-03 21:07 . 2010-01-03 21:07 -------- d-----w- c:\program files\Common Files\eBay
2009-12-30 09:47 . 2009-12-30 09:47 -------- d-----w- c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 16:46 . 2009-10-08 12:59 -------- d-----w- c:\programdata\Kaspersky Lab
2010-01-26 13:21 . 2009-07-07 09:17 -------- d-----w- c:\users\Kiyo\AppData\Roaming\Skype
2010-01-26 13:21 . 2009-07-07 10:53 -------- d-----w- c:\users\Kiyo\AppData\Roaming\skypePM
2010-01-25 18:06 . 2009-07-07 12:44 1 ----a-w- c:\users\Kiyo\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-25 14:52 . 2008-04-14 13:31 662056 ----a-w- c:\windows\system32\perfh015.dat
2010-01-25 14:52 . 2008-04-14 13:31 126908 ----a-w- c:\windows\system32\perfc015.dat
2010-01-25 10:26 . 2009-10-14 13:13 -------- d-----w- c:\programdata\eBay
2010-01-25 10:26 . 2009-10-14 13:12 -------- d-----w- c:\program files\eBay
2010-01-25 10:26 . 2009-04-16 06:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 16:43 . 2009-12-21 15:32 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-01-21 16:33 . 2009-11-11 10:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 02:12 . 2009-10-05 16:53 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-09 14:56 . 2009-07-06 11:56 53984 ----a-w- c:\users\Kiyo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-02 06:38 . 2010-01-22 16:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 16:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 16:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 16:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-25 12:42 . 2009-10-20 15:46 -------- d-----w- c:\program files\LG PC Suite II
2009-12-23 18:01 . 2009-07-06 11:47 -------- d-----w- c:\program files\Google
2009-12-21 15:25 . 2009-12-21 15:24 -------- d-----w- c:\users\Kiyo\AppData\Roaming\Gadu-Gadu 10
2009-12-17 15:05 . 2009-12-17 15:05 37376 ----a-w- c:\users\Kiyo\AppData\Roaming\Gadu-Gadu 10\_userdata\ggbho.2.dll
2009-12-14 14:43 . 2009-11-09 14:31 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-12-13 18:06 . 2009-12-13 18:06 -------- d-----w- c:\program files\LGInternetKit
2009-12-13 18:04 . 2009-10-20 15:48 -------- d-----w- c:\program files\LG Electronics
2009-12-02 13:07 . 2009-12-02 12:46 -------- d-----w- c:\programdata\OpenFM
2009-12-02 12:46 . 2009-12-02 12:46 -------- d-----w- c:\users\Kiyo\AppData\Roaming\OpenFM
2009-11-29 14:19 . 2009-07-06 11:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-27 19:51 . 2009-11-27 19:51 -------- d-----w- c:\users\Kiyo\AppData\Roaming\gtk-2.0
2009-11-27 19:40 . 2009-11-27 19:40 -------- d-----w- c:\program files\GIMP-2.0
2009-11-27 19:39 . 2009-09-24 16:32 -------- d-----w- c:\users\Kiyo\AppData\Roaming\Corel
2009-11-26 15:50 . 2009-09-24 16:26 7308 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-26 15:50 . 2009-09-24 16:33 168 --sha-r- c:\windows\system32\6AA07FFD20.sys
2009-11-24 06:12 . 2009-11-24 06:12 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2195.tmp.exe
2009-11-09 14:31 . 2009-11-09 14:31 3317784 ----a-w- c:\programdata\SpeedBit\DAP\Offers\VA3_DapSo.exe
2009-11-09 14:30 . 2009-11-09 14:30 99840 ----a-w- c:\programdata\SpeedBit\DAP\Updates\Condition.dll
2009-11-09 13:22 . 2009-12-09 15:04 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-09 15:04 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-09 15:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:41 . 2009-11-25 15:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-08 13:04 . 2009-10-08 13:04 604140 --sha-w- c:\windows\System32\drivers\ISwift3.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
2009-11-09 14:30 2655736 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 04:37 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-07 39408]
"Odkurzacz-MCD"="d:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-11-09 2803200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 316336]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-22 30192]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\fsc-reg\fscreg.exe" [2008-08-01 380688]
c:\users\Kiyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2008-11-24 18:44 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSC OSD Utility]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsc-reg]
2008-08-01 13:28 380688 ----a-w- c:\fsc-reg\fscreg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-06-18 12:25 268096 ----a-w- c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-22 16:44 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-12 08:59 170520 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-12 09:00 150040 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-12 09:00 145944 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-10-31 12:06 6609440 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3236136987-2309192795-984423249-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2009-05-15 21008]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [2009-07-08 449536]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [2009-05-16 19472]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [2009-04-16 337920]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-07-07 721904]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2009-10-24 56088]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 133104]
S3 GoogleDesktopManager-110309-193829;Menedżer Google Desktop 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-06 30192]
.
Zawartość folderu 'Zaplanowane zadania'
2010-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-17 16:36]
2010-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-17 16:36]
2010-01-26 c:\windows\Tasks\User_Feed_Synchronization-{0D89C24C-A74A-4813-B70B-43BB36D9AB9E}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Dodaj do blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Wyszukiwanie w serwisie eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 01:56
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86296158]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a3db322
\Driver\ACPI -> acpi.sys @ 0x8069bd4c
\Driver\atapi -> 0x86296158
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-3236136987-2309192795-984423249-1000_Classes\CLSID\{348bff8a-95c5-4fab-b044-c3a100a765f8}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000018
"Therad"=dword:00000012
[HKEY_USERS\S-1-5-21-3236136987-2309192795-984423249-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e3,89,03,e0,0b,58,29,52,87,dd,e9,b9,48,11,f3,57,07,b2,ca,fd,7a,
31,31,b1,11,a7,48,84,2f,45,b7,17,06,47,16,c0,4b,5c,08,fd,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2010-01-27 02:00:42
ComboFix-quarantined-files.txt 2010-01-26 17:00
Przed: 13 877 379 072 bajtów wolnych
Po: 13 733 113 856 bajtów wolnych
- - End Of File - - 7C743A2D453AC4354BEEF3177941EF72
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 26 gości