ComboFix 09-02-27.01 - Firma 2009-02-27 22:20:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1407.890 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Firma\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Firma\Pulpit\CFScript
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: ActiveArmor Firewall *disabled*
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
FILE ::
c:\windows\system32\eeccaebea_z.dll
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\eeccaebea_z.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-27 do 2009-02-27 )))))))))))))))))))))))))))))))
.
2009-02-27 22:08 . 2009-02-27 22:08
d-------- c:\program files\Trend Micro
2009-02-27 20:38 . 2009-02-27 20:38 d-------- c:\program files\WinDirStat
2009-02-27 19:52 . 2009-02-27 19:52 d-------- c:\program files\DVDInfoPro
2009-02-27 19:04 . 2009-02-27 19:05 d-------- c:\windows\LastGood
2009-02-27 16:49 . 2009-02-27 16:49 d-------- c:\program files\Hitman Pro 3
2009-02-27 16:49 . 2009-02-27 18:16 d-------- c:\documents and settings\All Users\Dane aplikacji\Hitman Pro 3
2009-02-27 16:49 . 2009-02-27 17:13 d-------- c:\documents and settings\All Users\Dane aplikacji\Hitman Pro
2009-02-27 14:56 . 2009-02-27 14:56 d-------- c:\windows\system32\xircom
2009-02-27 14:56 . 2009-02-27 14:56 d-------- c:\program files\microsoft frontpage
2009-02-27 14:22 . 2009-02-27 14:22 d-------- c:\program files\Spybot - Search & Destroy
2009-02-27 14:22 . 2009-02-27 14:54 d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-02-11 21:34 . 2009-02-11 21:34 d-------- c:\documents and settings\All Users\Dane aplikacji\Pinnacle Studio
2009-02-11 21:19 . 2009-02-11 21:19 d-------- c:\program files\AdorageI-SAL
2009-02-11 21:19 . 2009-02-11 21:20 d-------- c:\program files\AdorageI-GfxDatas
2009-02-11 20:49 . 2009-02-11 20:49 362 --a------ C:\Skrót do ElsaWin.lnk
2009-02-10 18:05 . 2009-02-10 18:15 82 --a------ c:\windows\SuperUtil.ini
2009-02-10 18:01 . 2009-02-10 18:01 d-------- c:\program files\SuperLogix
2009-02-08 18:28 . 2009-02-08 18:28 d-------- c:\documents and settings\Firma\Dane aplikacji\Crystal Player
2009-02-08 18:01 . 2009-02-08 18:01 d-------- C:\divx
2009-02-07 10:47 . 2009-02-07 10:47 d-------- c:\program files\Paragon Software
2009-02-07 10:47 . 2007-03-30 00:46 4,245,008 --a------ c:\windows\system32\qtp-mt334.dll
2009-02-07 10:47 . 2007-03-30 00:46 247,824 --a------ c:\windows\system32\prgiso.dll
2009-02-07 10:47 . 2007-03-30 00:46 13,840 --a------ c:\windows\system32\wnaspi32.dll
2009-02-06 15:55 . 2009-02-06 15:55 61 --a------ c:\windows\smscfg.ini
2009-02-06 14:06 . 2009-02-06 14:07 d-------- c:\program files\HDD Regenerator
2009-02-06 12:21 . 2009-02-06 12:21 d-------- c:\documents and settings\Firma\Dane aplikacji\Symantec
2009-02-06 12:14 . 2007-03-28 20:49 128,104 --a------ c:\windows\system32\drivers\WimFltr.sys
2009-02-06 12:14 . 2007-03-28 20:23 14,072 --a------ c:\windows\system32\drivers\vproeventmonitor.sys
2009-02-06 12:13 . 2007-03-28 20:29 131,944 --a------ c:\windows\system32\drivers\symsnap.sys
2009-02-06 12:13 . 2007-03-28 20:29 37,864 --a------ c:\windows\system32\drivers\v2imount.sys
2009-02-06 12:12 . 2009-02-27 14:47 d-------- c:\documents and settings\All Users\Dane aplikacji\Symantec
2009-02-06 11:52 . 2009-02-06 11:52 d-------- c:\documents and settings\LocalService\Dane aplikacji\Acronis
2009-02-06 11:46 . 2009-02-06 11:46 d-------- c:\documents and settings\All Users\Dane aplikacji\Acronis
2009-02-06 11:46 . 2009-02-06 11:46 441,760 --a------ c:\windows\system32\drivers\timntr.sys
2009-02-06 11:46 . 2009-02-06 11:46 129,248 --a------ c:\windows\system32\drivers\snapman.sys
2009-02-06 11:46 . 2009-02-06 11:46 44,384 --a------ c:\windows\system32\drivers\tifsfilt.sys
2009-02-06 11:45 . 2009-02-06 11:45 d-------- c:\program files\Acronis
2009-02-06 11:45 . 2009-02-06 11:45 368,480 --a------ c:\windows\system32\drivers\tdrpman.sys
2009-02-05 12:25 . 2009-02-05 12:25 d-------- C:\mpc3
2009-02-05 12:23 . 2009-02-05 12:23 d-------- c:\program files\Codec Pack - All In 1
2009-02-05 12:23 . 2009-02-05 12:23 737,280 --a------ c:\windows\iun6002.exe
2009-02-05 12:18 . 2009-02-05 12:18 d-------- c:\program files\Exact Audio Copy
2009-02-05 12:18 . 2009-02-05 12:18 d-------- c:\documents and settings\Firma\Dane aplikacji\AD ON Multimedia
2009-02-05 12:18 . 2009-02-05 12:18 d-------- c:\documents and settings\Firma\Dane aplikacji\AccurateRip
2009-02-05 12:18 . 2009-02-05 12:18 34 --a------ c:\windows\cdplayer.ini
2009-02-05 12:11 . 2009-02-05 12:14 d-------- C:\audiograbber
2009-02-04 18:39 . 2009-02-04 18:40 d-------- c:\program files\Ad Muncher
2009-02-04 08:54 . c:\windows\system32\?z??|??
2009-02-03 16:31 . 2009-02-03 16:31 d-------- c:\documents and settings\Firma\Dane aplikacji\SEO Altimeter
2009-02-03 16:30 . 2009-02-03 16:31 d-------- c:\program files\SEO Altimeter
2009-02-02 17:41 . 2009-02-02 17:41 1,680 --a------ c:\windows\system32\esnecil.nlp
2009-02-02 17:41 . 2009-02-04 08:54 1,680 --a------ c:\windows\system32\esnecil.ind
2009-02-02 17:41 . 2009-02-02 17:41 4 --a------ c:\windows\vx86036.dat
2009-02-02 17:38 . 2006-02-16 14:29 102,592 --a------ c:\windows\system32\corojdk11.dll
2009-02-02 17:32 . 2009-02-27 21:16 d-------- c:\program files\eTECH
2009-01-31 14:12 . 2009-01-31 14:12 d-------- c:\documents and settings\Firma\Dane aplikacji\TomTom
2009-01-31 14:10 . 2009-02-09 13:53 d-------- c:\program files\TomTom HOME 2
2009-01-31 13:57 . 2009-01-31 13:57 d-------- c:\program files\yDGpatch
2009-01-30 12:19 . 2008-09-30 07:22 8,490,496 --------- c:\windows\system32\dllcache\shell32.dll
2009-01-30 12:19 . 2008-09-30 07:22 300,032 --------- c:\windows\system32\dllcache\ulib.dll
2009-01-30 12:19 . 2008-09-29 11:21 133,632 --------- c:\windows\system32\drivers\exfat.sys
2009-01-30 12:19 . 2008-09-29 11:21 133,632 --------- c:\windows\system32\dllcache\exfat.sys
2009-01-30 12:19 . 2008-09-30 07:22 77,824 --------- c:\windows\system32\dllcache\ifsutil.dll
2009-01-30 12:19 . 2008-09-30 07:22 57,344 --------- c:\windows\system32\uexfat.dll
2009-01-30 12:19 . 2008-09-30 07:22 57,344 --------- c:\windows\system32\dllcache\uexfat.dll
2009-01-30 12:19 . 2008-09-30 07:22 18,944 --------- c:\windows\system32\dllcache\fmifs.dll
2009-01-30 12:19 . 2008-09-29 11:20 9,216 --------- c:\windows\system32\dllcache\fs_rec.sys
2009-01-29 15:37 . 2009-01-31 13:26 d-------- c:\documents and settings\Firma\Dane aplikacji\PaRaMeter
2009-01-29 15:36 . 2009-01-29 15:37 d-------- c:\program files\PaRaMeter
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 21:21 --------- d-----w c:\documents and settings\Firma\Dane aplikacji\DMCache
2009-02-27 18:39 --------- d-----w c:\program files\ICQToolbar
2009-02-27 18:02 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-27 15:44 --------- d-----w c:\program files\cFosSpeed
2009-02-27 14:12 --------- d-----w c:\program files\DivX
2009-02-27 14:10 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-27 14:07 --------- d-----w c:\program files\Boris FX, Inc
2009-02-27 14:07 --------- d-----w c:\program files\Banner Maker Pro 7
2009-02-27 13:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-27 13:25 --------- d-----w c:\program files\USB Disk Security
2009-02-27 13:25 --------- d-----w c:\program files\Easy Gif Animator Extension
2009-02-26 09:12 --------- d-----w c:\documents and settings\Firma\Dane aplikacji\IDM
2009-02-25 14:17 --------- d-----w c:\documents and settings\Firma\Dane aplikacji\uTorrent
2009-02-20 16:14 --------- d-----w c:\documents and settings\Firma\Dane aplikacji\Skype
2009-02-20 09:16 --------- d-----w c:\documents and settings\Firma\Dane aplikacji\skypePM
2009-02-11 20:33 --------- d-----w c:\documents and settings\Firma\Dane aplikacji\proDAD
2009-02-11 19:54 --------- d-----w c:\program files\Pinnacle
2009-02-11 19:48 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Pinnacle
2009-02-07 07:52 --------- d-----w c:\program files\Deutsch Translator 2
2009-02-01 19:46 --------- d-----w c:\program files\Trojan Remover
2009-01-20 14:35 --------- d-----w c:\program files\Omvl
2009-01-20 14:35 --------- d-----w c:\program files\Chiave Hardware Eutron
2009-01-16 11:48 22,328 ----a-w c:\documents and settings\Firma\Dane aplikacji\PnkBstrK.sys
2009-01-16 08:25 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-14 11:22 --------- d-----w c:\documents and settings\Firma\Dane aplikacji\FFSJ
2009-01-09 12:11 --------- d-----w c:\program files\Spik
2009-01-08 13:55 --------- d-----w c:\program files\Internet Download Manager
2009-01-07 08:02 --------- d-----w c:\program files\Foxit Software
2009-01-07 08:02 --------- d-----w c:\documents and settings\Firma\Dane aplikacji\Foxit
2008-07-20 10:24 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-07-20 08:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2008-07-20 08:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008072020080721\index.dat
2008-07-20 08:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Firma\Dane aplikacji\FFSJ ----
2009-01-16 13:00 573 --a------ c:\documents and settings\Firma\Dane aplikacji\FFSJ\FFSJ.cfg
---- Directory of c:\program files\Omvl ----
2005-11-11 12:06 756224 --a------ c:\program files\Omvl\DreamXXIN\ProgBaseC.exe
2005-11-11 11:51 99152 --a------ c:\program files\Omvl\DreamXXIN\Firmware\2568_#02000.po8
2005-10-21 16:51 689664 --a------ c:\program files\Omvl\DreamXXIN\ConfigBase.dll
2005-10-14 09:17 99090 --a------ c:\program files\Omvl\DreamXXIN\Firmware\2001N_#01300.po4
2005-10-10 11:20 377856 --a------ c:\program files\Omvl\DreamXXIN\Languages.dll
2005-09-02 15:48 736768 --a------ c:\program files\Omvl\DreamXXIN\SerAebDL.dll
2005-07-14 10:11 436224 --a------ c:\program files\Omvl\DreamXXIN\Resources.dll
------- Sigcheck -------
2008-05-02 07:48 361344 8e036eec565910417ea020ce0962aa24 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-02-27_19.04.32.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 20:50:10 66,560 ----a-w c:\windows\LastGood\system32\cdm.dll
+ 2008-04-14 20:51:00 431,616 ----a-w c:\windows\LastGood\system32\wuapi.dll
+ 2008-04-14 20:51:52 112,128 ----a-w c:\windows\LastGood\system32\wuauclt.exe
+ 2008-04-14 20:51:02 1,135,616 ----a-w c:\windows\LastGood\system32\wuaueng.dll
+ 2008-04-14 20:51:02 113,664 ----a-w c:\windows\LastGood\system32\wucltui.dll
+ 2008-04-14 20:51:02 32,256 ----a-w c:\windows\LastGood\system32\wups.dll
+ 2008-04-14 20:51:02 120,320 ----a-w c:\windows\LastGood\system32\wuweb.dll
- 2008-04-14 20:50:10 66,560 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
- 2009-02-27 17:30:06 59,440 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-27 18:06:51 59,440 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-27 17:30:06 75,486 ----a-w c:\windows\system32\perfc015.dat
+ 2009-02-27 18:06:51 75,486 ----a-w c:\windows\system32\perfc015.dat
- 2009-02-27 17:30:06 395,200 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-27 18:06:51 395,200 ----a-w c:\windows\system32\perfh009.dat
- 2009-02-27 17:30:06 451,352 ----a-w c:\windows\system32\perfh015.dat
+ 2009-02-27 18:06:51 451,352 ----a-w c:\windows\system32\perfh015.dat
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
- 2008-04-14 20:51:00 431,616 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-04-14 20:51:52 112,128 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-04-14 20:51:02 1,135,616 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-04-14 20:51:02 113,664 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-04-14 20:51:02 120,320 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-07 2606512]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2009-02-04 713216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-13 7626752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-03-01 c:\windows\system32\advpack.dll]
c:\documents and settings\Firma\Menu Start\Programy\Autostart\
cFosSpeed Updater.exe [2008-12-12 30046]
Rapidshare Inspector Updater.exe [2009-01-28 33982]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]bootdelete
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Documents and Settings\\Firma\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Firma\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spik\\Spik.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2008-11-06 30656]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2007-08-09 816376]
R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [2008-07-21 147456]
R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [2008-07-21 241664]
R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [2008-07-21 217088]
R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [2008-07-21 368640]
R2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [2008-07-21 249856]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2008-04-14 14336]
R2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSGate.exe [2008-07-21 81920]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [2008-07-21 1306624]
S0 FO_PAnt;FotoOffice VirtualDisc Driver;c:\windows\system32\Drivers\FO_PAnt.sys --> c:\windows\system32\Drivers\FO_PAnt.sys [?]
S1 SuperMounter;SuperMounter; [x]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4d0907e-5643-11dd-9650-806d6172696f}]
\Shell\AutoRun\command - F:\setup.exe
.
Zawartość folderu 'Zaplanowane zadania'
2009-02-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
2009-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1425521274-1801674531-1003.job
- c:\documents and settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-11-12 17:59]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Konwertuj do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konwertuj miejsce docelowe łącza do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Konwertuj wybrane łącza do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Konwertuj zaznaczenie do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konwertuj zaznaczenie do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\elsawin\bin\wiprot.dll
Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files\Spik\url_wpmsg.dll
FF - ProfilePath - c:\documents and settings\Firma\Dane aplikacji\Mozilla\Firefox\Profiles\91qmqd6y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - component: c:\documents and settings\Firma\Dane aplikacji\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\documents and settings\Firma\Dane aplikacji\Mozilla\Firefox\Profiles\91qmqd6y.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll
FF - plugin: c:\documents and settings\Firma\Dane aplikacji\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwpk.dll
FF - plugin: c:\program files\Spik\mozilla\npwpk.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 22:22:04
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,99,51,58,1b,25,
7b,ea,bb,c8,28,51,af,b0,29,a3,98,3e,af,63,4b,26,6b,a3,5d,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bb,25,47,10,71,cd,53,45,8c,db,f6,af,81,8f,06,4e,b0,75,5d,5e,4f,
88,56,7e,1f,2d,35,21,2f,35,bf,00,fa,90,4b,a1,6c,1c,ca,77,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c0,c2,75,0e,22,
8b,86,65,71,3b,04,66,8b,46,0d,96,71,ba,ce,41,24,fc,b2,ec,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6588b550-b883-4175-a04d-64cc36e9a884}]
@Denied: (Full) (Everyone)
"Model"=dword:00000145
"Therad"=dword:0000000f
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,c0,be,2d,ce,ce,e5,bc,ea,5a,66,42,25,45,7c,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,9d,02,a3,af,8e,
74,98,e2,25,da,ec,7e,55,20,c9,26,29,d3,de,f6,e4,e5,15,ac,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,48,2b,bc,df,d8,
ca,dc,c5,3e,1e,9e,e0,57,5a,93,61,b3,b5,c6,12,17,25,0c,38,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a3,68,8d,5b,75,5b,5e,c6,73,94,02,6f,c3,6e,21,93,d2,91,91,99,6b,
36,e8,9a,15,ac,46,5b,23,41,4b,44,20,df,63,86,5e,e8,cd,d2,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,b6,8a,82,6b,a2,
fd,40,ca,cd,44,cd,b9,a6,33,6c,cd,c4,46,a4,e4,85,89,f3,22,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,b9,47,cd,3f,9b,
74,5f,d5,b0,18,ed,a7,3f,8d,37,a4,4e,4b,b5,38,90,ec,87,63,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a7b55f3d-cd12-4eb6-9ff0-ddb0a64e1817}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ef
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,33,ba,25,5a,3a,
50,14,ad,31,77,e1,ba,b1,f8,68,02,9b,09,be,b7,b2,db,2a,89,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,e8,13,e3,28,b6,
ba,e0,b2,83,6c,56,8b,a0,85,96,ab,70,b4,84,1b,a2,5f,15,ea,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,76,d8,8f,45,ce,
01,43,c9,51,fa,6e,91,28,9e,14,cc,de,d1,41,a0,c4,42,59,28,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,1c,5b,21,38,93,
b2,d3,e2,b1,cd,45,5a,a8,c4,f8,b9,56,25,c7,96,b8,08,13,a9,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,a0,1a,43,20,9c,
54,44,0b,e3,0e,66,d5,eb,bc,2f,6b,c0,47,62,f7,d1,20,4e,e9,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,63,a5,d1,4c,b1,
39,78,a5,fa,ea,66,7f,d4,3b,6b,70,c6,09,64,e1,b1,18,10,6f,6c,43,2d,1e,aa,22,\
.
Czas ukończenia: 2009-02-27 22:23:08
ComboFix-quarantined-files.txt 2009-02-27 21:22:54
ComboFix2.txt 2009-02-27 18:05:21
Przed: 4 895 408 128 bajtów wolnych
Po: 4,882,202,624 bajtów wolnych
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
382