ComboFix 11-09-28.01 - Piotr 2011-09-28 19:38:25.10.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1397 [GMT 2:00] Uruchomiony z: c:\documents and settings\Piotr\Moje dokumenty\Pobieranie\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Piotr\Moje dokumenty\Pobieranie\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\wbemprox.dll --> c:\WINDOWS\system32\wbem\wbemprox.dll . ((((((((((((((((((((((((( Pliki utworzone od 2011-08-28 do 2011-09-28 ))))))))))))))))))))))))))))))) . . 2011-09-28 17:14 . 2008-04-14 20:50 18944 ------w- C:\wbemprox.dll 2011-09-26 18:25 . 2008-04-14 20:50 140800 -c----w- c:\windows\system32\dllcache\sfc_os.dll 2011-09-26 18:25 . 2011-09-26 18:25 -------- d-----w- C:\_OTL 2011-09-24 19:28 . 2011-09-26 15:28 -------- d-----w- c:\program files\Ad-Remover 2011-09-24 17:00 . 2006-09-13 18:18 58624 -c--a-w- c:\windows\system32\dllcache\redbook.sys 2011-09-24 17:00 . 2006-09-13 18:18 58624 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-09-23 18:25 . 2011-09-23 18:25 -------- d-----w- c:\program files\CCleaner 2011-09-23 15:55 . 2004-08-03 22:38 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-09-23 15:32 . 2006-09-13 16:19 21504 ----a-w- c:\windows\system32\hidserv.dll 2011-09-20 21:37 . 2011-09-20 21:37 -------- d-----w- c:\program files\Windows Sidebar 2011-09-19 23:03 . 2011-09-19 23:03 -------- d--h--w- c:\windows\PIF 2011-09-19 22:15 . 2011-09-19 22:34 -------- d-----w- c:\documents and settings\Administrator . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-28 16:08 . 2010-02-10 22:16 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys 2011-09-28 16:07 . 2010-02-11 13:58 17488 ----a-w- c:\windows\gdrv.sys 2011-09-28 16:08 . 2011-05-07 22:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-09-26_20.37.55 ))))))))))))))))))))))))))))))))))))))))) . + 2011-09-28 16:07 . 2011-09-28 16:07 16384 c:\windows\Temp\Perflib_Perfdata_170.dat + 2011-09-28 16:08 . 2011-09-28 16:08 16384 c:\windows\Temp\Perflib_Perfdata_10c.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] "EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] "RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . c:\documents and settings\Piotr\Menu Start\Programy\Autostart\ Gadu-Gadu 10.lnk - c:\program files\Gadu-Gadu 10\gg.exe [2010-5-4 12477024] _uninst_36216817.lnk - c:\documents and settings\Piotr\Ustawienia lokalne\temp\_uninst_36216817.bat [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] 2003-05-21 16:37 229437 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] 2009-10-01 15:45 139944 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2003-10-23 17:51 233472 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2003-06-25 09:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2003-09-01 11:42 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe] 2009-10-01 15:45 766632 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPALauncher] 2009-08-10 20:48 503808 ----a-w- c:\program files\WPA Launcher\WPALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "d:\\Program files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Documents and Settings\\Piotr\\Pulpit\\utorrent.exe"= "c:\\WINDOWS\\system32\\lxeacoms.exe"= "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "e:\\Skype\\Phone\\Skype.exe"= "e:\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Tunngle\\TnglCtrl.exe"= "c:\\Program Files\\Tunngle\\Tunngle.exe"= "e:\\Program Files\\CAPCOM\\LOST PLANET 2\\LP2DX9.exe"= "e:\\Program Files\\CAPCOM\\LOST PLANET 2\\LP2DX11.exe"= "e:\\Program Files\\Tunngle\\TnglCtrl.exe"= "e:\\Program Files\\Tunngle\\Tunngle.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "e:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57781:TCP"= 57781:TCP:Pando Media Booster "57781:UDP"= 57781:UDP:Pando Media Booster . R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-12-29 40560] R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-02-10 219360] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2010-02-10 68136] R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?] R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2010-08-24 98984] R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2010-02-11 22016] R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2011-05-31 718072] R3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [2009-02-23 7168] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-02-11 1684736] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-12-29 13192] S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-02-11 17488] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-12-29 8456] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-12-29 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-12-29 11104] S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2010-02-11 29184] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2010-02-11 17536] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] SUnknown GVTDrv;GVTDrv; [x] . . ------- Skan uzupełniający ------- . uInternet Connection Wizard,ShellNext = hxxp://download.gigabyte.com.tw/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.21.99.95 192.168.0.1 FF - ProfilePath - c:\documents and settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\aue9jp8q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.infoeltech.com.pl/ FF - prefs.js: network.proxy.ftp - 127.0.0.1 FF - prefs.js: network.proxy.ftp_port - 9666 FF - prefs.js: network.proxy.gopher - 127.0.0.1 FF - prefs.js: network.proxy.gopher_port - 9666 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 9666 FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 9666 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 9666 FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-28 19:41 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1214440339-1897051121-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:d9,42,e9,ee,3a,52,0f,2a,e7,58,06,eb,88,09,2e,e9,44,38,f5,90,60, 0b,c9,a9,d9,ea,6a,7e,32,3b,52,4f,42,22,31,76,b6,2b,a0,fd,32,d9,da,67,cd,16,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(3704) c:\windows\system32\msxml3.dll c:\windows\system32\msi.dll . Czas ukończenia: 2011-09-28 19:41:44 ComboFix-quarantined-files.txt 2011-09-28 17:41 ComboFix2.txt 2011-09-27 21:07 ComboFix3.txt 2011-09-27 20:16 ComboFix4.txt 2011-09-26 20:38 . Przed: 21 349 933 056 bajtów wolnych Po: 21 336 506 368 bajtów wolnych . - - End Of File - - AA68A0F053FE4DCD530767C3BB7E62CD