Dr.Web zrobił skan, który trwał 11 godzin...Wykrył 8 trojanów typu BackDoor. Dziś ponownie przelecę go SP a potem zrobię Combofix i dam znać co z tego wyszło. Dodano po 5 47 : Witam ponownie. Oto logi z OTL oraz z ComboFix Ustawiłem prowizję na 0, ale nie wiem dlaczego w pierwszych dwóch plikach prowizja wciąż jest... EDIT Prowizji brak :)
ComboFix 10-03-09.08 - Tygrys 2010-03-10 14:42:17.1.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1250.48.1045.18.2046.1166 [GMT 1:00]
Uruchomiony z: c:\users\Tygrys\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\recycler\S-1-5-21-1390067357-1532298954-839522115-1003
c:\windows\system32\crt.dat
c:\windows\system32\kboem32.dat
.
((((((((((((((((((((((((( Pliki utworzone od 2010-02-10 do 2010-03-10 )))))))))))))))))))))))))))))))
.
2010-03-10 13:53 . 2010-03-10 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-10 13:53 . 2010-03-10 13:54 -------- d-----w- c:\users\Tygrys\AppData\Local\temp
2010-03-09 20:52 . 2010-03-09 20:52 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-03-09 20:51 . 2010-03-09 20:51 -------- d-----w- c:\program files\Glary Utilities
2010-03-09 17:16 . 2010-03-09 17:16 -------- d-----w- c:\program files\Common Files\Real
2010-03-09 17:16 . 2010-03-09 17:16 -------- d-----w- c:\program files\Real
2010-03-09 10:50 . 2010-03-09 10:50 -------- d-----w- c:\users\Tygrys\DoctorWeb
2010-03-09 10:35 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-09 10:34 . 2010-03-09 10:34 -------- d-----w- c:\programdata\Malwarebytes
2010-03-09 10:34 . 2010-03-09 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-09 10:34 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-08 21:39 . 2010-03-08 21:39 -------- d-----w- c:\program files\EMCO
2010-02-24 17:55 . 2010-02-24 17:55 552 ----a-w- c:\users\Tygrys\AppData\Local\d3d8caps.dat
2010-02-22 21:47 . 2010-02-22 21:47 29992 ----a-w- c:\windows\system32\drivers\GRD.sys
2010-02-22 21:46 . 2010-02-22 21:46 -------- d-----w- c:\users\Tygrys\AppData\Local\G DATA
2010-02-22 21:33 . 2010-02-22 21:45 55624 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2010-02-22 21:33 . 2010-02-22 21:46 47560 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2010-02-22 21:32 . 2010-02-22 21:32 35272 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2010-02-22 21:32 . 2010-02-22 21:42 28616 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2010-02-22 21:31 . 2010-02-22 21:43 40904 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2010-02-22 21:31 . 2010-02-22 21:44 -------- d-----w- c:\program files\Common Files\G DATA
2010-02-22 21:31 . 2010-02-22 21:39 -------- d-----w- c:\programdata\G DATA
2010-02-22 21:31 . 2010-02-22 21:31 -------- d-----w- c:\program files\G Data
2010-02-22 21:28 . 2010-02-22 21:28 -------- d-----w- c:\users\Tygrys\AppData\Local\Downloaded Installations
2010-02-22 20:17 . 2010-02-22 21:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-22 20:17 . 2010-02-22 20:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-19 21:37 . 2010-03-08 19:58 -------- d-----w- c:\program files\Total Video Converter
2010-02-15 11:20 . 2010-02-15 11:20 -------- d-----w- c:\program files\ipla
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 13:52 . 2009-10-11 20:00 -------- d-----w- c:\program files\pdfforge Toolbar
2010-03-09 22:32 . 2009-11-18 20:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-09 22:28 . 2007-05-30 23:29 277784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-03-09 22:26 . 2009-02-08 11:31 -------- d-----w- c:\program files\NetPanel
2010-03-09 10:48 . 2007-05-31 00:10 -------- d-----w- c:\program files\Google
2010-03-08 17:46 . 2008-04-23 13:06 -------- d-----w- c:\users\Tygrys\AppData\Roaming\uTorrent
2010-03-03 16:11 . 2009-09-24 15:45 34432 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-28 16:54 . 2008-08-28 18:57 -------- d-----w- c:\program files\Russkij Translator
2010-02-25 16:54 . 2008-04-23 12:01 106176 ----a-w- c:\users\Tygrys\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-02 15:50 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 22:08 . 2008-04-23 13:06 -------- d-----w- c:\program files\uTorrent
2010-02-22 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-20 10:15 . 2009-10-12 18:48 -------- d-----w- c:\programdata\Microsoft Help
2010-02-19 13:06 . 2008-10-18 20:32 -------- d-----w- c:\users\Tygrys\AppData\Roaming\ipla
2010-02-17 21:44 . 2008-04-23 12:33 -------- d-----w- c:\users\Tygrys\AppData\Roaming\Skype
2010-02-17 15:03 . 2008-04-26 18:55 -------- d-----w- c:\users\Tygrys\AppData\Roaming\skypePM
2010-02-16 14:37 . 2009-11-07 18:49 -------- d-----w- c:\users\Tygrys\AppData\Roaming\BESTplayer
2010-02-16 08:28 . 2008-10-18 20:32 -------- d-----w- c:\programdata\ipla
2010-02-11 09:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-03 09:46 . 2009-10-12 18:53 -------- d-----w- c:\program files\Microsoft Works
2010-02-02 18:00 . 2009-11-18 20:21 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-25 12:00 . 2010-02-24 10:04 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 10:04 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 10:04 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 10:04 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 10:04 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 10:04 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 10:04 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 10:04 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 10:04 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 10:04 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-21 18:44 . 2010-01-21 18:44 -------- d-----w- c:\program files\Bank smaków
2010-01-21 18:43 . 2009-11-27 14:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-21 18:43 . 2009-11-27 14:38 38784 ----a-w- c:\users\Tygrys\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-21 18:43 . 2009-11-27 14:38 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-15 15:10 . 2008-04-25 19:08 -------- d-----w- c:\users\Tygrys\AppData\Roaming\OpenOffice.org2
2010-01-15 15:04 . 2008-04-25 19:09 1 ----a-w- c:\users\Tygrys\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-14 13:37 . 2010-01-14 13:37 -------- d-----w- c:\users\Tygrys\AppData\Roaming\FastStone
2010-01-14 13:37 . 2010-01-14 13:37 -------- d-----w- c:\program files\FastStone Capture
2010-01-06 15:39 . 2010-02-24 10:04 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 10:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 10:04 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 10:04 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 10:04 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 10:04 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 10:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-22 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 10:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 10:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 10:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 18:29 . 2009-12-31 18:26 5299337 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-12-30 18:48 . 2009-12-30 18:48 782600 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 13:11 . 2009-10-29 21:19 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-12 14:15 . 2009-11-18 20:21 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-11 11:43 . 2010-02-10 08:38 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 08:38 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
" {B922D405-6D13-4A2B-AE89-08A030DA4402} " = " c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll " [2009-07-31 698880]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" Sidebar " = " c:\program files\Windows Sidebar\sidebar.exe " [2009-04-11 1233920]
" SpybotSD TeaTimer " = " c:\program files\Spybot - Search & Destroy\TeaTimer.exe " [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" GDFirewallTray " = " c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe " [2009-10-30 1123912]
" G DATA AntiVirus Trayapplication " = " c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe " [2009-12-21 950344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
" EnableUIADesktopToggle " = 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
" aux " =wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= " Service "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= " Service "
[HKLM\~\startupfolder\C:^Users^Tygrys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Tygrys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATSwpNav]
c:\program files\Fingerprint Sensor\ATSwpNav -run [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2006-09-26 04:49 151552 ----a-w- c:\program files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
2005-10-25 04:56 61440 ----a-w- c:\windows\VM303_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJUPDNV_Chitose]
2007-02-05 08:48 167936 ----a-w- c:\program files\Fujitsu\fjdvrupd\updatenv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndicatorUtility]
2007-02-09 23:39 97072 ----a-w- c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2010-02-02 21:45 14252952 ----a-w- c:\program files\ipla\ipla.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 05:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadBtnHnd]
2006-11-12 23:13 68400 ----a-w- c:\program files\Fujitsu\BtnHnd\BtnHnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadFUJ02E3]
2006-11-17 22:38 80688 ----a-w- c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadFujitsuQuickTouch]
2006-11-26 00:09 260912 ----a-w- c:\program files\Fujitsu\Application Panel\QuickTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
2007-01-24 15:35 2506752 ----a-w- c:\program files\Softex\OmniPass\scureapp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-11 00:08 2512392 ----a-w- c:\windows\System32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-09 05:26 68640 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-04-10 07:01 4431872 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2009-07-29 13:52 1024512 ----a-w- c:\program files\pdfforge Toolbar\SearchSettings.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-04 08:22 1822720 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-05-13 20:42 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-09 17:16 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2009-01-12 13:04 2908160 ----a-w- e:\wfdtv\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2009-01-16 16:35 90112 ----a-w- e:\wfdtv\DTVSchdl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
" DisableMonitoring " =dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
" DisableMonitoring " =dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
" DisableMonitoring " =dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
" VistaSp2 " =hex(b):44,48,63,c0,73,3f,ca,01
R0 omnipass;omnipass; [x]
R2 gupdate1c9d89b93bf6a3a;Google Update Service (gupdate1c9d89b93bf6a3a);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 133104]
R3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-27 27488]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-09-19 13224]
R3 RTL8187;AirLive WL1600USB;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]
R3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\system32\drivers\USBAVCap.sys [2007-01-27 785408]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [x]
R3 WFUSBIILE;WinFast PalmTop/Novo TV Video;c:\windows\system32\drivers\wfremora.sys [2007-12-04 81536]
R4 AirLiveUSB;AirLiveUSB;c:\program files\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtlService.exe [2007-07-27 36864]
S0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2006-08-28 8960]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-02-22 28616]
S0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 208896]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-10-12 33152]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd32.sys [2010-02-22 40904]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-02-22 29992]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2010-01-26 1054280]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2009-10-30 397896]
S2 AVKWCtl;G Data Stra¿nik systemu plików;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2009-11-25 1251488]
S2 FJVBCtrl;FJVBCtrl;c:\program files\Fujitsu\Fujitsu Hotkey Utility\FJVBCtrl.sys [2007-02-16 12848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2007-01-27 11776]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2009-11-25 1547104]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-02-22 55624]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2010-02-22 47560]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G DATA\GDScan\GDScan.exe [2009-11-26 302152]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-02-22 35272]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Zawartoæ folderu 'Zaplanowane zadania'
2010-03-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-03-09 18:27]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 16:04]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 16:04]
2010-03-10 c:\windows\Tasks\User_Feed_Synchronization-{D809EDAF-F666-4465-A39D-2E78C5C95051}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Skan uzupe³niaj¹cy -------
.
uStart Page = hxxp://www.google.pl/
IE: E & ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{94C70A96-012C-4171-98FC-C1971511F20D} - {94C70A96-012C-4171-98FC-C1971511F20D} - c:\program files\Russkij Translator\InternetTranslatorRusPol.dll
Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files\Spik\url_wpmsg.dll
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.babyradio.pl/oggX/OggX.ocx
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxps://megapanel.gem.pl/WebInstaller.dll
FF - ProfilePath - c:\users\Tygrys\AppData\Roaming\Mozilla\Firefox\Profiles\xu9d5hzf.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Spik\mozilla\npwpk.dll
FF - plugin: c:\users\Tygrys\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX - SPOSÓB POSTÊPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " ui.use_native_colors " , true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " ui.use_native_popup_windows " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.enable_click_image_resizing " , true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " accessibility.browsewithcaret_shortcut.enabled " , true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " javascript.options.mem.high_water_mark " , 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " javascript.options.mem.gc_frequency " , 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.auth.force-generic-ntlm " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " svg.smil.enabled " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " ui.trackpoint_hack.enabled " , -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.debug " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.agedWeight " , 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.bucketSize " , 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.maxTimeGroupings " , 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.timeGroupingSize " , 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.boundaryWeight " , 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.prefixWeight " , 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " html5.enable " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( " app.update.download.backgroundInterval " , 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( " app.update.url.manual " , " http://www.firefox.com " );
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( " browser.search.param.yahoo-fr-ja " , " mozff " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name " , " chrome://browser/locale/browser.properties " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description " , " chrome://browser/locale/browser.properties " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " xpinstall.whitelist.add " , " addons.mozilla.org " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " xpinstall.whitelist.add.36 " , " getpersonas.com " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " lightweightThemes.update.enabled " , true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.allTabs.previews " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " plugins.hide_infobar_for_outdated_plugin " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " plugins.update.notifyUser " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " toolbar.customization.usesheet " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.taskbar.previews.enable " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.taskbar.previews.max " , 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.taskbar.previews.cachetime " , 20);
.
- - - - USUNIÊTO PUSTE WPISY - - - -
MSConfigStartUp-Domino - c:\windows\Domino.EXE
MSConfigStartUp-Nokia - e:\nokia pc suite 6\PCSync2.exe
MSConfigStartUp-PC Suite Tray - e:\nokia pc suite 6\PCSuite.exe
MSConfigStartUp-VMSnap3 - c:\windows\VMSnap3.EXE
MSConfigStartUp-WinampAgent - c:\program files\Winamp3\winampa.exe
AddRemove-NokiaFREE Unlock Codes Calculator - c:\program files\NokiaFREE Unlock Codes Calculator\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 14:53
Windows 6.0.6002 Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomylnie ukoñczone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
" OODEFRAG10.00.00.01WORKSTATION " = " 97695CA23263D813BFDDAFAD274108288890F5B4C51A6F780BAC4E5A90A2BB880AE79A926CF43C0F0ACA7F16B752A592E761F5AEF224F7DD0A28EF4EF362DBBC9F540AF72EBA260F6F644BF70B91E12836097C6CCA4765FD1158099D045D822D03CD6DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6678EDD5E5BE2F6E667A6171C11EC38DE3DC20AEA6A7AFBFE4B64DF16BB71A849638656D19BCD0345418D88E2E8DFCE0C77B8D6D8FBA29AE1627B56A5C9BF41B9999FE10F26DDF510F546A2E5093FDF0AA02BC6976D36516BB4BDA709B6637CDBF68A1EC031C5C7791474CE66951C2C3E71B9970EA91520B896D2025367511B0619924BC9BA301E349F267BB4C4F4585AFADA0B17BFB250943FB3978DE312A5447ED52EFD625AE0A984419F11F05B4C42AE55E680E21669814B2D1F3357C067D38CC68DA7ED16BB740EFB32B39777B68D6247F3106ADAB935B7E3D3B3918FEFA70C2EB40146489F63EE62B0445A01090BD02101F9CFAFD498E84A74F286C011E4A92474BDF8E83FF9BBD31CE10048F6B89728DFEA32D810C9A72C43CACF2EE1E7F3191F0335861471ED06789D71AE7ACCBA736581562C851A1D2707062643BE3F614F0D67D1C2593463FDCD7F3DAA502E21716B502016930FDAAC0BE4EB00C6ABC9DD9A7A455210625D99AA0016C57AFB92E24F5F9D165CE2D2029B9AA3F9DBA5E7AE26BC2FFEFCCE80089D8DCF20BD84BEDBF2A87C3DC502DB428ECFF658A656DE8114214FA4260157CC3D8AE66AA2CC38C53C9B8D35F90EB3D93822AFD7111D31E94B130935D934CF3F9F4C766BF50EF55C941B4BB9E75CF78B741E3FC8CA0C48CBB86EE7372659B80DE41DC27D4BB4D032EAFE4E1841F72C6BA1CAB88EC6E9EF64CA8517C2E01349342BBBAF0EF46188A9AE9156B37B1DB8E52220D4233DB157C2F51C6885A1381C8817D8C8210E663F7DD612C585523E67B65C87EE9128109647B0EACF41C455AC33529BBB4BF14F7A3A5CB3A396C10069713C6386F9C66AA2AA789FE6C96A2ADBAD0A1ED9B744D7A63FBD9C1B090EBBD0F9AE86C0121D5459774CDB6A09F5A8714AEC6D18A468EE9042FB68FA0E3B7F150BA7BAE2A0F09AF90CAEB33B7C117A152BB10C9263073BEA4D1DA636EC950D93311E3ADB03CE3A2A1CA8B15F362679D3C88F6F065C8E93CA3B2AD96301A9D988D08B35BA288466F22C45D07D5966B5A06EC303D48730062DBCB2F9BE3BCA8E991DEDCFB3152686BE199403E322C572CFBC8FA30574DFD16FD8456F259C0F0A4EA14B239C628BB35F1129AC045B7CA89B2636A43F4558EB53E6F99B1BBD4FDC10BAA63A73BCCDBC08979B2870678602A07301C9D1B015FC7F92E9D1C5C92BCCB09B0C16D663 "
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
" MSCurrentCountry " =dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
.
Czas ukoñczenia: 2010-03-10 15:00:10
ComboFix-quarantined-files.txt 2010-03-10 14:00
Przed: 47 674 417 152 bajtów wolnych
Po: 47 819 710 464 bajtów wolnych
- - End Of File - - 3CA6EA5FFCDBCF05238ED1BB5BAA2EB4