ComboFix 10-09-29.04 - Admin 2010-09-30 16:09:53.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.290 [GMT 2:00] Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\bjchgmxs.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_hydsz -------\Service_hydsz ((((((((((((((((((((((((( Pliki utworzone od 2010-08-28 do 2010-09-30 ))))))))))))))))))))))))))))))) . 2010-09-30 13:23 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-30 13:23 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-09-30 13:23 . 2010-09-07 14:53 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2010-09-30 13:23 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-26 09:39 . 2008-03-17 09:56 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys 2010-09-26 09:39 . 2008-03-17 09:03 101376 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys 2010-09-26 09:39 . 2008-03-16 12:47 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys 2010-09-26 09:39 . 2008-01-22 13:09 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2010-09-26 09:39 . 2007-08-09 02:13 24448 ----a-r- c:\windows\system32\drivers\ewdcsc.sys 2010-09-26 09:39 . 2010-09-29 12:39 -------- d-----w- c:\program files\PLAY ONLINE 2010-09-23 07:49 . 2010-09-29 12:38 -------- d-----w- c:\documents and settings\Gość 2010-09-14 16:17 . 2010-09-14 16:17 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\blueconnect 2010-09-14 16:17 . 2009-06-30 09:52 983040 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\LiveUpdate.exe 2010-09-14 16:17 . 2009-06-30 09:52 151552 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\XMessageBox.dll 2010-09-14 16:17 . 2009-06-23 14:43 110592 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\ouc.exe 2010-09-14 16:17 . 2008-10-11 08:39 927504 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\mfc40u.dll 2010-09-14 16:17 . 2006-12-28 03:34 499712 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\msvcp71.dll 2010-09-14 16:17 . 2006-12-28 03:34 1047552 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\MFC71u.dll 2010-09-14 16:17 . 2006-12-28 03:34 348160 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\msvcr71.dll 2010-09-14 16:17 . 2006-12-28 03:34 1060864 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\mfc71.dll 2010-09-14 16:17 . 2005-08-10 06:19 401462 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\msvcp60.dll 2010-09-09 10:03 . 2010-09-09 10:03 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-30 13:22 . 2010-09-30 13:22 -------- d-----w- c:\program files\Alwil Software 2010-09-30 13:22 . 2010-09-30 13:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software 2010-09-30 13:11 . 2010-09-30 13:11 0 ----a-w- c:\windows\nsreg.dat 2010-09-29 12:48 . 2001-10-26 17:15 74346 ----a-w- c:\windows\system32\perfc015.dat 2010-09-29 12:48 . 2001-10-26 17:15 448338 ----a-w- c:\windows\system32\perfh015.dat 2010-09-09 12:13 . 2010-01-03 12:45 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Skype 2010-09-09 10:02 . 2010-05-24 11:22 -------- d-----w- c:\program files\Common Files\SmartCom 2010-09-07 15:12 . 2010-09-30 13:23 38848 ----a-w- c:\windows\avastSS.scr 2010-09-07 15:11 . 2010-09-30 13:23 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-07 14:52 . 2010-09-30 13:23 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-07 14:47 . 2010-09-30 13:23 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-09-07 14:47 . 2010-09-30 13:23 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-09-07 14:46 . 2010-09-30 13:23 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell] @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}" [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}] 2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6610:TCP"= 6610:TCP:bgwikpra R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-09-30 340048] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-09-30 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-09-30 17744] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-02-14 2825088] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-06-04 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-06-04 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-06-04 72728] S2 hydsz;Center Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-01-03 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-06-04 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-06-04 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-06-04 72728] S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys --> c:\windows\system32\drivers\ewfiltertdidriver.sys [?] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?] S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-10-05 468768] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs hydsz . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=101 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\u41ll8e7.default\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-30 16:14 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hydsz] "ServiceDll"="c:\windows\system32\bjchgmxs.dll" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(4080) c:\windows\system32\nview.dll c:\windows\system32\NVWRSPL.DLL c:\windows\system32\nvwddi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\rundll32.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\windows\system32\nvsvc32.exe . ************************************************************************** . Czas ukończenia: 2010-09-30 16:15:36 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-09-30 14:15 Przed: 97 417 764 864 bajtów wolnych Po: 97 555 931 136 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 7DBFC1BF90AA12B3AF9E34EB26C255A5