Untitled

ComboFix 10-05-15.03 - konrad 2010-05-16 17:25:30.1.
2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1637 [GMT 2:0
0]
Uruchomiony z: c:\documents and settings\konrad\Pulpit\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-010
1-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC
6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezydentny antywirus jest aktywny
.
[i] ADS - WINDOWS: deleted 8 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))
))))))))))))))))))))))
.
c:\documents and settings\All Users\Dane aplikacji\Zwangie
c:\documents and settings\konrad\Dane aplikacji\Desktopicon
c:\documents and settings\konrad\Dane aplikacji\EurekaLog
c:\documents and settings\konrad\Moje dokumenty\reg.reg
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\MSVCP71.DLL
c:\program files\RelevantKnowledge\MSVCR71.DLL
c:\windows\system32\Config.cfg
c:\windows\system32\gmail.dll
E:\Autorun.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2010-04-16 do 2010-05-16 )))))))
))))))))))))))))))))))))
.
2010-05-16 15:20 . 2010-05-16 15:29 0 ----a-w- c:\windows\syste
m32\jcsball.dat
m32\jerror.dat
2010-05-16 15:15 . 2010-05-16 15:15 -------- d-----w- c:\progr
am files\Trend Micro
2010-05-16 14:15 . 2010-05-16 14:58 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2010-05-16 14:15 . 2010-05-16 14:19 -------- d-----w- c:\progr
am files\Spybot - Search & Destroy
2010-05-16 08:50 . 2010-05-16 15:01 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\Winamp
2010-05-16 08:42 . 2006-08-25 03:47 115880 ------w- c:\windows\syste
m32\pxinsi64.exe
2010-05-16 07:35 . 2010-05-16 07:36 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\OrbNetworks
2010-05-16 07:35 . 2010-05-16 07:35 -------- d-----w- c:\progr
am files\Winamp Remote
2010-05-08 13:29 . 2010-05-08 13:29 56 ---ha-w- c:\windows\syste
m32\ezsidmv.dat
2010-05-08 13:29 . 2010-05-08 13:29 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\skypePM
2010-05-08 13:21 . 2010-05-08 14:07 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\Skype
2010-05-08 11:15 . 2010-05-08 11:15 -------- d-----w- c:\progr
am files\Common Files\Skype
2010-05-08 11:15 . 2010-05-08 11:15 -------- d-----r- c:\progr
am files\Skype
2010-05-08 11:15 . 2010-05-08 11:15 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\Skype
2010-05-08 08:43 . 2010-05-16 12:10 304160 ----a-w- C:\PA207.DAT
m32\Remove.exe
m32\CoInst_071102.dll
m32\drivers\PFC027.SYS
2010-05-08 07:35 . 2010-05-08 07:35 -------- d-----w- c:\progr
am files\Aitinc
m32\P207USD.dll
2010-05-08 07:35 . 2010-05-08 07:35 -------- d-----w- c:\progr
am files\Common Files\PAC207
2010-05-08 07:35 . 2010-05-08 07:35 -------- d-----w- c:\windo
ws\PixArt
2010-05-08 07:26 . 2010-05-08 07:26 8854 ----a-r- c:\documents and
settings\konrad\Dane aplikacji\Microsoft\Installer\{2AAC15D7-D1DE-45CF-B26A-C1D
82C115214}\UNINST_Uninstall_OV5_2AAC15D7D1DE45CFB26AC1D82C115214.exe
settings\konrad\Dane aplikacji\Microsoft\Installer\{2AAC15D7-D1DE-45CF-B26A-C1D
82C115214}\ARPPRODUCTICON.exe
2010-05-08 07:26 . 2010-05-08 07:26 -------- d-----w- c:\windo
ws\OvtCam
2010-05-08 07:26 . 2010-05-08 07:26 -------- d-----w- c:\windo
ws\OVT
2010-05-08 07:26 . 2010-05-08 07:26 -------- d-----w- c:\windo
ws\My Product Name
2010-05-08 07:25 . 2010-05-08 07:25 -------- d-----w- c:\temp\
webcam
2010-05-08 07:25 . 2010-05-08 07:25 -------- d-----w- C:\temp
2010-05-08 06:46 . 2010-05-08 06:47 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\GetRightToGo
2010-05-07 21:22 . 2010-05-07 21:22 -------- d-----w- c:\progr
am files\ATP Video
m32\drivers\BT848.sys
2010-05-07 21:04 . 2010-05-07 21:04 -------- d-----w- c:\docum
ents and settings\All Users\Uniblue
2010-05-07 21:04 . 2010-05-07 21:04 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\Uniblue
2010-05-07 21:02 . 2010-05-07 21:02 -------- d-----w- c:\progr
am files\Uniblue
2010-05-07 21:00 . 2010-05-07 21:00 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\UAB
2010-05-07 20:59 . 2010-05-07 20:59 -------- d-----w- c:\docum
ents and settings\konrad\Ustawienia lokalne\Dane aplikacji\PC_Drivers_Headquarte
rs
2010-05-07 20:59 . 2010-05-07 20:59 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\PC Drivers HeadQuarters
2010-05-07 20:58 . 2010-05-07 20:58 -------- d-----w- c:\progr
am files\PC Drivers HeadQuarters
2010-05-07 18:30 . 2010-05-07 18:30 -------- d-----w- c:\progr
am files\AP Tuner
2010-05-05 12:43 . 2010-05-05 12:43 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\OxyCube
2010-05-05 12:42 . 2010-05-07 19:20 -------- d-----w- c:\progr
am files\Oxygen Software
2010-05-05 12:41 . 2010-05-05 12:41 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\Leadertech
2010-05-05 11:52 . 2008-11-07 16:55 16928 ------w- c:\windows\syste
m32\spmsgXP_2k3.dll
2010-05-05 11:40 . 2010-05-05 11:40 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\Nokia
m32\drivers\pccsmcfd.sys
m32\WUDFUpdate_01007.dll
2010-05-05 11:24 . 2010-05-05 11:24 -------- d-----w- c:\progr
am files\PC Connectivity Solution
m32\drivers\usbser_lowerfltj.sys
m32\drivers\usbser_lowerflt.sys
m32\drivers\ccdcmbo.sys
m32\nmwcdcocls.dll
m32\drivers\ccdcmb.sys
m32\wdfcoinstaller01009.dll
2010-05-05 11:22 . 2010-05-05 11:14 35748120 ----a-w- c:\docum
ents and settings\All Users\Dane aplikacji\Installations\{73C0DA51-DB32-4F66-970
B-7298F3CAF37F}\NokiaSoftwareUpdaterSetup_en.exe
2010-05-05 11:22 . 2010-05-05 11:22 36864 ----a-w- c:\documents and
settings\All Users\Dane aplikacji\Installations\{73C0DA51-DB32-4F66-970B-7298F3
CAF37F}\Installer\CommonCustomActions\Sleep.exe
CAF37F}\Installer\CommonCustomActions\msxml6Exec.exe
CAF37F}\Installer\CommonCustomActions\vcredistExec.exe
2010-05-05 11:07 . 2004-08-03 21:08 25600 -c--a-w- c:\windows\syste
m32\dllcache\usbser.sys
m32\drivers\usbser.sys
2010-05-05 10:44 . 2010-05-05 10:44 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\AdobeAUM
2010-05-03 11:56 . 2010-05-03 11:56 -------- d-----w- c:\progr
am files\Guitar Pro 5
2010-05-01 08:15 . 2010-05-01 08:15 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\Tibia
2010-04-27 18:55 . 2010-04-27 18:55 -------- d-----w- c:\progr
am files\Common Files\Adobe AIR
settings\konrad\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\a
irappinstaller\airappinstaller.exe
2010-04-26 14:26 . 2010-05-06 18:59 -------- d-----w- c:\progr
am files\MindSoft Utilities 2009 for Windows XP
2010-04-26 14:26 . 2010-04-26 14:26 -------- d-----w- c:\windo
ws\MindSoft Utilities 2009 for Windows XP
2010-04-25 06:13 . 2010-05-06 18:00 -------- d-----w- c:\progr
am files\Guitar Pro 6
2010-04-24 19:30 . 2010-05-06 18:00 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\Guitar Pro 6
2010-04-24 19:30 . 2010-04-24 19:30 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\Guitar Pro 6
2010-04-21 20:07 . 2010-04-21 20:07 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\Apple Computer
2010-04-21 19:58 . 2010-04-21 19:58 -------- d-----w- c:\docum
ents and settings\konrad\Library
2010-04-21 19:58 . 2010-04-21 19:58 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\com.adobe.ExMan
2010-04-21 19:57 . 2009-09-28 12:56 180224 ----a-w- c:\windows\qtcf.
dll
2010-04-21 19:29 . 2010-04-21 19:50 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\FLEXnet
2010-04-21 19:22 . 2010-04-21 19:22 -------- d-----w- c:\progr
am files\Adobe Media Player
settings\konrad\Dane aplikacji\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C
04F52DD52}\Icon386ED4E3.exe
2010-04-21 19:10 . 2010-04-21 19:10 -------- d-----w- c:\progr
am files\Windows Installer Clean Up
2010-04-21 18:39 . 2010-04-21 19:19 -------- d-----w- c:\docum
ents and settings\konrad\Ustawienia lokalne\Dane aplikacji\Adobe
2010-04-21 18:36 . 2010-04-21 18:36 -------- d-----w- c:\progr
am files\Common Files\Macrovision Shared
2010-04-21 18:34 . 2010-04-21 19:23 -------- d-----w- c:\progr
am files\Common Files\Adobe
2010-04-19 20:39 . 2010-04-19 20:39 -------- d-----w- c:\progr
am files\Common Files\Borland Shared
2010-04-19 19:41 . 2010-04-19 19:41 -------- d-----w- c:\progr
am files\Borland
2010-04-18 07:11 . 2010-04-18 07:11 -------- d-----w- c:\progr
am files\ESET
2010-04-18 07:09 . 2010-05-16 15:29 393248 --sha-w- c:\windows\syste
m32\drivers\fidbox.dat
m32\drivers\fidbox2.dat
2010-04-17 18:29 . 2010-04-17 18:29 -------- d-----w- c:\docum
ents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Vuze_Remote
2010-04-17 14:06 . 2010-04-17 14:22 61782 ----a-w- c:\windows\War3U
nin.dat
2010-04-17 14:06 . 2010-04-17 14:22 2829 ----a-w- c:\windows\War3U
nin.pif
2010-04-17 14:06 . 2010-04-17 14:22 139264 ----a-w- c:\windows\War3U
nin.exe
m\Wowpost.exe
m\Winaspi.dll
m32\Wnaspi32.dll
m32\drivers\Aspi32.sys
2010-04-17 10:35 . 2010-03-26 10:01 64032 ----a-w- c:\windows\ALCMT
R.EXE
settings\konrad\Dane aplikacji\Mozilla\Firefox\Profiles\1sfuiss4.konrad\extensi
ons\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
settings\konrad\Dane aplikacji\Mozilla\Firefox\Profiles\1sfuiss4.konrad\extensi
ons\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2010-04-16 16:39 . 2010-04-16 16:39 -------- d-----w- c:\progr
am files\Conduit
2010-04-16 16:39 . 2010-04-17 07:43 -------- d-----w- c:\docum
ents and settings\konrad\Ustawienia lokalne\Dane aplikacji\Vuze_Remote
2010-04-16 16:39 . 2010-05-16 07:25 -------- d-----w- c:\progr
am files\Vuze_Remote
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
m32\drivers\fidbox.idx
2010-05-16 15:20 . 2009-09-02 22:14 16608 ----a-w- c:\windows\gdrv.
sys
m32\drivers\fidbox2.idx
2010-05-16 15:13 . 2009-10-04 19:16 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\foobar2000
2010-05-16 15:11 . 2009-10-24 10:54 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\Azureus
settings\All Users\Dane aplikacji\Last.fm\Client\UninstWA\unins000.exe
2010-05-16 08:51 . 2010-02-04 18:30 -------- d-----w- c:\progr
am files\Winamp
2010-05-16 07:26 . 2009-10-24 08:12 2560 ----a-w- c:\windows\_MSRS
TRT.EXE
2010-05-09 17:41 . 2009-10-24 08:26 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\XP Visual Tools
2010-05-09 10:01 . 2009-10-24 10:54 -------- d-----w- c:\progr
am files\Vuze
2010-05-08 07:35 . 2009-09-02 22:16 -------- d--h--w- c:\progr
am files\InstallShield Installation Information
2010-05-07 19:23 . 2009-09-06 14:08 -------- d-----w- c:\progr
am files\Nokia
2010-05-07 19:21 . 2010-01-24 11:49 -------- d-----w- c:\progr
am files\XPControler
2010-05-06 05:46 . 2009-10-23 20:16 -------- d-----w- c:\progr
am files\CCleaner
m32\perfc015.dat
m32\perfh015.dat
2010-05-05 11:57 . 2009-09-06 14:08 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\PC Suite
m32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
m32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
settings\konrad\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-05-05 11:33 . 2009-09-06 14:06 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\Installations
m32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
m32\drivers\MsftWdf_user_01_07_00.Wdf
2010-05-05 11:03 . 2009-09-06 14:09 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\PC Suite
m32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
m32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-05-05 10:59 . 2009-09-06 14:12 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\Nokia Multimedia Player
2010-05-05 10:58 . 2009-09-06 14:09 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\Nokia
2010-05-05 10:47 . 2010-03-30 14:25 -------- d-----w- c:\progr
am files\Gadu-Gadu 10
2010-05-05 10:45 . 2009-09-02 22:15 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\AdobeUM
2010-05-03 06:34 . 2009-09-17 18:51 -------- d-----w- c:\progr
am files\Opera
2010-04-21 20:07 . 2009-11-27 19:41 -------- d-----w- c:\progr
am files\QuickTime
2010-04-21 19:10 . 2009-10-06 16:13 -------- d-----w- c:\progr
am files\MSECache
2010-04-21 18:08 . 2009-09-05 09:14 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\gtk-2.0
m32\drivers\PnkBstrK.sys
m32\PnkBstrB.exe
2010-04-18 07:18 . 2010-01-24 12:23 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\Findbasic
2010-04-17 10:58 . 2010-01-05 16:32 -------- d-----w- c:\progr
am files\JDownloader
2010-04-17 10:35 . 2009-09-02 22:25 -------- d-----w- c:\progr
am files\Realtek
2010-04-17 10:07 . 2009-09-02 20:47 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\Kaspersky Lab
2010-04-17 09:59 . 2010-03-08 17:09 -------- d-----w- c:\progr
am files\R-Studio
2010-04-17 09:59 . 2010-03-30 14:27 -------- d-----w- c:\progr
am files\IDoser v4
2010-04-17 09:34 . 2009-11-11 17:34 -------- d-----w- c:\progr
am files\Alcohol Soft
m32\drivers\sptd.sys
m32\PnkBstrA.exe
2010-04-16 15:00 . 2010-03-28 17:06 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\ipla
2010-04-15 17:53 . 2010-04-15 17:53 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\Alwil Software
2010-04-15 17:53 . 2010-04-01 16:40 -------- d-----w- c:\progr
am files\Alwil Software
2010-04-15 17:43 . 2010-04-15 17:41 5372 ----a-w- c:\windows\Brico
PackFoldersDelete.cmd
2010-04-15 17:43 . 2010-01-24 16:23 71634 ----a-w- c:\windows\Brico
PackUninst.cmd
m32\uxtheme.dll
m32\TuneUpDefragService.exe
m32\emptyregdb.dat
m32\d3d9caps.dat
2010-04-01 08:53 . 2010-02-13 19:03 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\VMware
2010-04-01 08:53 . 2010-02-13 19:06 -------- d-----w- c:\docum
ents and settings\LocalService\Dane aplikacji\VMware
2010-03-28 17:06 . 2010-03-28 17:06 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\ipla
m32\drivers\RtkHDAud.sys
2010-03-26 10:01 . 2010-01-15 18:32 358944 ----a-w- c:\windows\vncut
il.exe
2010-03-26 10:01 . 2009-09-03 17:02 84512 ----a-w- c:\windows\SOUND
MAN.EXE
2010-03-26 10:01 . 2009-09-03 17:02 1833504 ----a-w- c:\windows\SkyTe
l.exe
2010-03-26 10:01 . 2009-09-03 17:02 9721888 ----a-w- c:\windows\RTLCP
L.EXE
2010-03-26 10:01 . 2009-09-03 17:02 1489440 ----a-w- c:\windows\RtlUp
d.exe
m32\RtkCoInstXP.dll
2010-03-26 10:01 . 2010-01-15 18:32 129568 ----a-w- c:\windows\RtkAu
dioService.exe
2010-03-26 10:01 . 2009-09-03 17:02 19522592 ----a-w- c:\windo
ws\RTHDCPL.EXE
2010-03-26 10:01 . 2009-09-03 17:02 2177568 ----a-w- c:\windows\MicCa
l.exe
2010-03-26 10:01 . 2009-09-03 17:02 2815520 ----a-w- c:\windows\ALCWZ
RD.EXE
2010-03-24 12:21 . 2009-09-03 17:58 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\OpenFM
2010-03-22 20:19 . 2010-03-22 20:19 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-03-22 20:19 . 2010-03-22 20:19 -------- d-----w- c:\docum
ents and settings\konrad\Dane aplikacji\Gadu-Gadu 10
2010-03-22 06:22 . 2009-09-02 22:25 1247776 ----a-w- c:\windows\RtlEx
Upd.dll
2010-03-20 22:59 . 2010-03-07 15:25 -------- d-----w- c:\progr
am files\Ontrack
settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
m32\vbscript.dll
m32\drivers\snapman.sys
m32\wininet.dll
m32\CmdLineExt.dll
m32\drivers\mrxsmb.sys
m32\ntkrnlpa.exe
m32\ntoskrnl.exe
2008-09-09 16:57 . 2008-09-09 16:57 8 --sha-r- c:\windows\neoqa
z2.dll
2009-11-29 01:51 . 2009-11-29 01:51 2 --shatr- c:\windows\winst
art.bat
.
------- Sigcheck -------
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . .
c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . .
c:\windows\system32\dllcache\wuauclt.exe
[-] 2007-06-13 . 8DB0650B211425B9CDB7D1C4A8F6B482 . 1034752 . . [6.00.2900.3156]
. . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-03 . 196C130D31317FE53DE984220B5E13B9 . 975872 . . [6.00.2900.2180]
. . c:\windows\explorer.exe
[-] 2004-08-03 . 196C130D31317FE53DE984220B5E13B9 . 975872 . . [6.00.2900.2180]
. . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))
))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.d
ll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17
cc}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbV
uze.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.d
ll" [2010-03-17 2355224]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.d
ll" [2010-03-17 2355224]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe"
[2009-11-16 163144]
"XP Visual Tools"="c:\program files\CronoSoft\XP Visual Tools\XP_Visual.exe" [20
07-01-10 243200]
"UberIcon"="c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
" [2006-05-21 180224]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
[2007-03-18 630784]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-05-04 11981408]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2
009-03-05 2260480]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD4067"="del" [X]
"SpybotDeletingB9480"="command.com" [2001-10-26 51823]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-0
2 15872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"GBTUpd"="c:\program files\Gigabyte\GBTUpd\PreRun.exe" [2008-04-03 297480]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27
1744896]
c:\documents and settings\konrad\Menu Start\Programy\Autostart\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.ex
e [2007-3-19 630784]
Winamp.lnk - c:\program files\Winamp\winamp.exe [2010-1-14 1552736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1
"NoStrCmpLogical"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.s
ys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" "sleep"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common File
s\Ahead\Lib\NMBgMonitor.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe"
-automount
"UberIcon"="c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
"
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch
.exe" -start
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplicati
on.exe -startup
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"GBTUpd"=c:\program files\GIGABYTE\GBTUpd\PreRun.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"tray3"=c:\windows\System32\RecvMessage.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\
CS4ServiceManager.exe" -launchedbylogin
"PAC207_Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-05
-14 731840]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Giga
byte\EasySaver\essvr.exe [2009-09-03 80392]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sy
s [2009-09-02 35840]
R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [2010-05-08 616064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-11 691696]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sy
s [2010-05-07 371349]
S2 COM Service;COM Service;c:\program files\Gigabyte\G.O.M\GCSVR.exe [2009-09-03
16384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-01-15 1691480]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2009-09-03 24944]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\wind
ows\system32\drivers\RTLTEAMING.SYS [2009-09-02 28416]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.
SYS [2009-09-02 17408]
.
Zawartość folderu 'Zaplanowane zadania'
2010-05-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
2010-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&
gc=1&q=%s
IE: &Download All using 4shared Desktop
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL
.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B
9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: 5f800.com
Trusted Zone: com.tw\download.gigabyte
Trusted Zone: it168.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\konrad\Dane aplikacji\Mozilla\Firef
ox\Profiles\1sfuiss4.konrad\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.
aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google Powered Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sred
ir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\konrad\Dane aplikacji\Mozilla\Firefox\
Profiles\1sfuiss4.konrad\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\compo
nents\WinampTBPlayer.dll
Profiles\1sfuiss4.konrad\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\compo
nents\FFExternalAlert.dll
Profiles\1sfuiss4.konrad\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\compo
nents\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky
.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_us
erdata\npgg.2.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80
e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension\
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors",
true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-gene
ric-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", fals
e);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{97
2ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.prop
erties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{97
2ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/brows
er.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update
.notifyUser", false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -
URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
AddRemove-Tasker_is1 - c:\program files\Tasker\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-05-16 17:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-796845957-1085031214-839522115-1003\Software\Microsoft\Syst
emCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-796845957-1085031214-839522115-1003\Software\Microsoft\Wind
ows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami -----------
----------
- - - - - - - > 'winlogon.exe'(1236)
c:\windows\system32\klogon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Czas ukończenia: 2010-05-16 17:30:46
ComboFix-quarantined-files.txt 2010-05-16 15:30
Przed: 31523618816 bajtów wolnych
Po: 31517212672 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect /tutag=71vyqq /kernel=tukernel.exe
- - End Of File - - 312975DA492B2026FAA2ABB53BB2A842

Untitled

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Untitled

Uploaded by

Copyright:

Available Formats

ComboFix 10-05-15.03 - konrad 2010-05-16 17:25:30.1.

You might also like