ComboFix 11-01-18.04 - poniat 2011-01-19 17:57:21.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1033.18.3062.1680 [GMT 1:00] Uruchomiony z: c:\users\poniat\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Pliki utworzone od 2010-12-19 do 2011-01-19 ))))))))))))))))))))))))))))))) . 2011-01-19 17:06 . 2011-01-19 17:06 -------- d-----w- c:\users\poniat\AppData\Local\temp 2011-01-19 17:06 . 2011-01-19 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-18 22:32 . 2011-01-18 22:32 -------- d-----w- c:\users\poniat\AppData\Local\Hold'em_Manager 2011-01-18 21:51 . 2011-01-18 22:06 -------- d-----w- C:\HMArchive 2011-01-18 21:51 . 2011-01-18 21:51 -------- d-----w- c:\users\poniat\AppData\Local\IsolatedStorage 2011-01-18 21:51 . 2011-01-18 21:51 -------- d-----w- c:\users\poniat\AppData\Roaming\HEM Data 2011-01-18 21:37 . 2011-01-18 21:50 -------- d-----w- c:\program files\RVG Software 2011-01-18 21:36 . 2011-01-18 21:50 -------- d-----w- c:\program files\PSQLINSTALL 2011-01-18 21:28 . 2011-01-18 22:26 -------- d-----w- c:\program files\SkanerOnline 2011-01-18 21:28 . 2011-01-18 21:36 -------- d-----w- c:\program files\TableNinja 2011-01-18 21:09 . 2011-01-18 21:09 -------- d-----w- c:\users\poniat\AppData\Local\In_The_Money_LLC 2011-01-18 21:07 . 2011-01-18 23:33 -------- d-----w- c:\users\poniat\AppData\Local\In The Money 2011-01-18 21:07 . 2011-01-18 21:07 -------- d-----w- c:\program files\In The Money 2011-01-17 20:50 . 2011-01-17 20:50 -------- d-----w- c:\users\poniat\AppData\Roaming\Ahead 2011-01-17 20:47 . 2003-03-29 15:45 89184 ----a-w- c:\windows\system32\drivers\imagedrv.sys 2011-01-17 20:47 . 2001-06-26 07:15 38912 ----a-w- c:\windows\system32\picn20.dll 2011-01-17 20:47 . 2011-01-17 20:47 -------- d-----w- c:\program files\Common Files\Ahead 2011-01-17 20:47 . 2001-07-06 17:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll 2011-01-17 20:47 . 2001-07-06 13:41 569344 ----a-w- c:\windows\system32\imagr5.dll 2011-01-17 20:47 . 2001-07-06 11:44 544768 ----a-w- c:\windows\system32\imagx5.dll 2011-01-17 20:47 . 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe 2011-01-17 20:27 . 2011-01-17 20:27 -------- d-----w- c:\program files\Alcohol Soft 2011-01-17 20:16 . 2011-01-17 20:16 -------- d-----w- c:\program files\UltraISO 2011-01-17 20:16 . 2011-01-17 20:16 -------- d-----w- c:\program files\Common Files\EZB Systems 2011-01-17 20:07 . 2011-01-17 20:11 -------- d-----w- c:\program files\Temp 2011-01-17 18:48 . 2011-01-17 18:48 -------- d-----w- c:\users\gwacker 2011-01-17 18:47 . 2011-01-17 18:47 -------- d-----w- c:\program files\PostgreSQL 2011-01-17 18:46 . 2011-01-17 18:46 373 ----a-w- c:\users\poniat\AppData\Local\postgresinstall.bat 2011-01-17 18:21 . 2011-01-17 18:21 -------- d-----w- c:\users\poniat\AppData\Local\PokerStrategy.com 2011-01-17 18:10 . 2011-01-17 18:10 -------- d-----w- c:\program files\PokerStrategy.com 2011-01-17 18:07 . 2011-01-17 18:07 -------- d-----w- c:\users\poniat\AppData\Local\Downloaded Installations 2011-01-17 17:56 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-01-17 17:56 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2011-01-17 17:56 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2011-01-17 17:56 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2011-01-17 17:56 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-01-12 21:57 . 2011-01-12 21:57 -------- d-----w- c:\users\poniat\AppData\Local\Apple Computer 2011-01-12 21:50 . 2011-01-12 21:50 -------- d-----w- c:\users\poniat\AppData\Roaming\Apple Computer 2011-01-09 14:04 . 2011-01-09 14:04 -------- d-----w- c:\users\poniat\AppData\Roaming\YoudaGames 2011-01-09 14:03 . 2011-01-09 14:03 -------- d-----w- c:\program files\Governor of Poker 2 Premium Edition 2011-01-06 19:13 . 2011-01-06 19:13 -------- d-----w- c:\users\poniat\AppData\Local\cache 2011-01-06 19:03 . 2011-01-06 19:36 -------- d-----w- c:\users\poniat\AppData\Local\FullTiltPoker 2011-01-06 19:03 . 2011-01-06 19:36 -------- d-----w- c:\program files\Full Tilt Poker 2011-01-01 21:03 . 2011-01-01 21:03 -------- d-----w- c:\users\poniat\AppData\Local\Real 2011-01-01 13:56 . 2011-01-01 13:57 -------- d-----w- c:\program files\vShare 2010-12-25 14:48 . 2010-12-25 14:48 -------- d-----w- c:\users\poniat\AppData\Local\ArcSoft 2010-12-25 14:48 . 2010-12-25 16:24 -------- d-----w- c:\users\poniat\AppData\Roaming\ArcSoft 2010-12-25 14:43 . 2010-12-25 14:48 -------- d-----w- c:\programdata\ArcSoft 2010-12-25 14:43 . 2010-12-25 20:40 -------- d-----w- c:\program files\Common Files\ArcSoft 2010-12-25 14:43 . 2001-09-05 03:18 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll 2010-12-25 14:43 . 2001-09-05 03:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll 2010-12-25 14:43 . 2001-09-05 03:14 176128 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll 2010-12-25 14:43 . 2001-09-05 03:13 32768 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll 2010-12-25 14:43 . 2010-12-25 14:43 -------- d-----w- c:\users\poniat\AppData\Roaming\Philips . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 10:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-12-29 430080] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-07-25 149280] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 154136] "NDSTray.exe"="NDSTray.exe" [BU] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416] "HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-01-25 716800] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-20 340520] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ TB-Tray.lnk - c:\program files\Thunderbird-Tray\TBTray.exe [2005-11-8 38912] c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2007-7-27 389120] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536] R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112] R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264] R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-24 691696] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960] S2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [2007-12-18 196704] S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSIE5E1.tmp [2010-09-30 189696] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976] S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://vshare.toolbarhome.com/?hp=df IE: Dodaj do blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: everestpoker.com\account FF - ProfilePath - c:\users\poniat\AppData\Roaming\Mozilla\Firefox\Profiles\cfkvhuwd.default\ FF - prefs.js: browser.startup.homepage - hxxp://wp.pl/ FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar . . ------- Skojarzenia plików ------- . .scr=AutoCADScriptFile . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-CPN Notifier - c:\program files\Cake Poker 2.0\PokerNotifier.exe HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-19 18:06 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????"%=m????P?w?x?w???w???w?? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPDFReadSpool] "ImagePath"="c:\windows\Installer\MSIE5E1.tmp" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'Explorer.exe'(2688) c:\program files\Gadu-Gadu\ggwhook.dll . Czas ukończenia: 2011-01-19 18:10:03 ComboFix-quarantined-files.txt 2011-01-19 17:09 Przed: 66 360 844 288 bytes free Po: 71 092 854 784 bytes free Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,6 - - End Of File - - B2C42DF4974EA46BF224970722BC159D