14 Kwi 2011, 22:40
15 Kwi 2011, 15:37
15 Kwi 2011, 15:46
02 Maj 2011, 00:33
GMER 1.0.15.15572 - http://www.gmer.net
Rootkit quick scan 2011-05-02 00:33:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD2500BEVS-22UST0 rev.01.01A01
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kwtdapob.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85B2B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85B2B1F8
Device \Driver\atapi \Device\Ide\IdePort0 85B2B1F8
Device \Driver\atapi \Device\Ide\IdePort1 85B2B1F8
Device \Driver\atapi \Device\Ide\IdePort2 85B2B1F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
Device \FileSystem\fastfat \Fat 96A241F8
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
Device \FileSystem\Ntfs \Ntfs 85B2D1F8
---- EOF - GMER 1.0.15 ----
Awatar użytkownika
smoczatko
Postujący
Postujący
Posty: 135
Dołączenie: 05 Gru 2007, 10:38
02 Maj 2011, 08:56
03 Maj 2011, 17:40
03 Maj 2011, 19:27
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultthis.engineName: "2Shared Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms}"
[2011-04-24 23:00:44 | 000,000,000 | ---D | M] (Softonic-Polska Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ed4ie71m.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}(822)
[2011-04-25 10:20:07 | 000,000,000 | ---D | M] (2Shared Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ed4ie71m.default\extensions\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}
[2011-04-24 23:00:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ed4ie71m.default\extensions\engine@conduit(816).com
[2010-06-02 10:00:20 | 000,000,917 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ed4ie71m.default\searchplugins\conduit.xml
[2010-09-10 00:38:13 | 000,002,055 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ed4ie71m.default\searchplugins\daemon-search.xml
[2010-11-29 23:44:52 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
O3 - HKU\S-1-5-21-944294577-3658204863-1200378536-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [NBKeyScan] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKU\S-1-5-21-944294577-3658204863-1200378536-1000..\Run: [] File not found
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zip.exe.lnk = File not found
O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"=-
"JMB36X IDE Setup"=-
"NokiaMServer"=-
"RemoteControl10"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Odkurzacz-MCD"=-
:Commands
[clearallrestorepoints]
[emptytemp]
04 Maj 2011, 09:45
04 Maj 2011, 10:27
04 Maj 2011, 11:46
04 Maj 2011, 12:15
04 Maj 2011, 15:49
04 Maj 2011, 18:52
05 Maj 2011, 09:50
05 Maj 2011, 21:50