ComboFix 12-07-08.01 - Administrator 2012-07-09 2:39.2.3 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.3198.2803 [GMT 2:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-09 do 2012-07-09 ))))))))))))))))))))))))))))))) . . 2012-07-09 00:34 . 2012-07-09 00:34 -------- d-----w- c:\windows\LastGood 2012-07-08 23:56 . 2012-07-08 23:56 -------- d-----w- c:\documents and settings\Administrator 2012-06-27 18:01 . 2012-06-27 18:01 -------- d-----w- c:\program files\Vid-Saver 2012-06-23 21:14 . 2012-06-23 21:14 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-09 00:31 . 2009-06-10 14:57 16608 ----a-w- c:\windows\gdrv.sys 2012-07-08 23:38 . 2010-03-20 23:37 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys 2012-06-23 21:14 . 2012-05-27 21:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 21:14 . 2012-02-27 18:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((( SnapShot@2012-07-09_00.27.58 ))))))))))))))))))))))))))))))))))))))))) . + 2001-10-26 14:15 . 2012-07-09 00:40 52528 c:\windows\system32\perfc015.dat - 2001-10-26 14:15 . 2012-07-09 00:17 52528 c:\windows\system32\perfc015.dat + 2001-08-17 19:30 . 2012-07-09 00:40 42068 c:\windows\system32\perfc009.dat - 2001-08-17 19:30 . 2012-07-09 00:17 42068 c:\windows\system32\perfc009.dat + 2012-07-09 00:34 . 2011-02-22 06:13 22992 c:\windows\LastGood\system32\DRIVERS\AVGIDSEH.sys + 2001-10-26 14:15 . 2012-07-09 00:40 363176 c:\windows\system32\perfh015.dat - 2001-10-26 14:15 . 2012-07-09 00:17 363176 c:\windows\system32\perfh015.dat + 2001-08-17 19:30 . 2012-07-09 00:40 317992 c:\windows\system32\perfh009.dat - 2001-08-17 19:30 . 2012-07-09 00:17 317992 c:\windows\system32\perfh009.dat + 2012-07-09 00:34 . 2011-04-04 22:59 297168 c:\windows\LastGood\system32\DRIVERS\avgtdix.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="e:\programy\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "VirtualCloneDrive"="e:\programy\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-08-08 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-08-08 13925480] "TRACERT"="c:\documents and settings\WARRIOR\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\2954\TRACERT.exe" [2012-07-08 48640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=MC0w&prod=55&ver=10.0.1424" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "e:\\Programy\\Gadu-Gadu\\gg.exe"= "e:\\uTorent\\uTorrent.exe"= "e:\\Programy\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "e:\\UbBrothers in Arms - Hell's Highway\\Binaries\\biahh.exe"= "f:\\Codemasters\\DiRT\\DiRT.exe"= "e:\\Programy\\FireFox\\firefox.exe"= "e:\\Programy\\Gadu-Gadu\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-06-10 691696] R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2011-08-19 22176] S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-10-17 20328] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-09-16 21992] S2 DUMeterSvc;DU Meter Service;e:\programy\DU Meter\DUMeterSvc.exe [2011-12-05 1432976] S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [2009-06-10 68136] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 250056] S3 AODDriver;AODDriver;c:\program files\Gigabyte\ET6\i386\AODDriver.sys [2009-02-23 7168] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000] S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;e:\programy\DU Meter\DUM_XP32.sys [2011-12-05 16744] S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-03-21 17488] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664] S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2010-03-21 24944] S3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\drivers\kvnet.sys [2009-03-23 29696] S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-03-09 91496] S3 SaiHFF04;SaiHFF04;c:\windows\system32\drivers\SaiHFF04.sys [2007-05-01 132232] S3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\system32\drivers\SaiIFF04.sys [2007-05-01 16256] . Zawartość folderu 'Zaplanowane zadania' . 2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 21:14] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 15:09] . 2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 15:09] . 2012-07-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-06-17 20:18] . . ------- Skan uzupełniający ------- . uInternet Connection Wizard,ShellNext = hxxp://toolbar.avg.com/p-uninstall?cid={5B9F0F1C-4071-4D37-9BBD-9EABC4DE8AAB}&mid=d0a35c8db57e0da0ab303d86ba91c8be-a07d1fda78c8db468fef06538416b4eea7f7bc35&lang=en&ds=AVG&pr=fr&d=2012-07-09%2002:10&v=10.0.0.7 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.21.99.95 192.168.0.1 DPF: {FD47E0E7-D528-4D72-9386-E608448119C6} - hxxp://www.superstarracing.net/miniclip/ChatRepublicPlayer.cab FF - ProfilePath - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-09 02:41 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DUMeterSvc] "ImagePath"="e:\programy\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(288) c:\windows\system32\WININET.dll . Czas ukończenia: 2012-07-09 02:42:05 ComboFix-quarantined-files.txt 2012-07-09 00:42 ComboFix2.txt 2012-07-09 00:30 . Przed: 6 186 119 168 bajtów wolnych Po: 6 165 463 040 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - 0219D5B216789192E8BB82A5259088D7