ComboFix 10-11-09.01 - Buki 2010-11-09 19:51:42.1.4 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3326.1323 [GMT 1:00] Uruchomiony z: d:\download\ComboFix.exe AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . ((((((((((((((((((((((((( Pliki utworzone od 2010-10-09 do 2010-11-09 ))))))))))))))))))))))))))))))) . 2010-11-08 20:06 . 2010-11-08 20:06 -------- d-----w- c:\documents and settings\Buki\Ustawienia lokalne\Dane aplikacji\VS Revo Group 2010-11-08 20:06 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys 2010-11-07 20:58 . 2010-11-07 21:12 -------- d-----w- c:\documents and settings\Buki\Ustawienia lokalne\Dane aplikacji\2K Games 2010-11-07 20:57 . 2010-11-07 20:57 -------- d-----w- c:\program files\NVIDIA Corporation 2010-11-07 20:55 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-11-07 20:55 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-11-07 20:55 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-11-07 20:55 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-11-07 20:55 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2010-11-07 20:55 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2010-11-07 20:55 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-11-07 20:55 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-11-07 20:55 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-11-07 20:55 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2010-11-07 20:55 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2010-11-07 20:55 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2010-11-07 20:13 . 2010-11-07 20:13 -------- d-----w- C:\UsbFix 2010-10-26 07:12 . 2010-10-26 07:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-10-26 07:11 . 2010-10-26 07:11 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-10-16 15:27 . 2010-10-16 15:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Synetic 2010-10-16 15:26 . 2010-04-05 11:31 241664 ----a-w- c:\windows\system32\mp4sds32.ax 2010-10-16 15:26 . 2009-04-07 01:59 424960 ----a-w- c:\windows\system32\wmavds32.ax 2010-10-16 15:26 . 2001-05-16 14:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll 2010-10-13 08:37 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 08:37 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 08:37 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-09 13:42 . 2009-04-14 11:51 16608 ----a-w- c:\windows\gdrv.sys 2010-10-27 14:18 . 2009-04-14 12:16 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-10-27 14:17 . 2009-04-14 14:54 233960 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-10-27 14:17 . 2009-04-14 12:16 233960 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-09-18 10:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 13:10 . 2009-04-14 12:16 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-09-10 05:52 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:52 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:52 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-09-01 11:52 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:57 . 2004-08-04 12:00 1853056 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:03 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:54 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-11-11 870400] "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "IVONA ControlCenter"="c:\program files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" [2010-05-28 1576960] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "nwiz"="nwiz.exe" [2009-03-27 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016] "RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008] "SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824] "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Buki\Menu Start\Programy\Autostart\ CurseClientStartup.ccip [2010-2-26 0] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Program Files\\Xfire\\Xfire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "d:\\Program Files\\Electronic Arts\\Bitwa o Śródziemie II\\game.dat"= "e:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "d:\\PES 2010\\pes 2010\\program files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"= "d:\\PES 2010\\pes 2010\\Crack\\pes2010.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "d:\\Program Files\\Ubisoft\\Assassins Creed II\\AssassinsCreedIIGame.exe"= "d:\\Program Files\\Mozilla Firefox\\firefox.exe"= "e:\\Program Files\\Ubisoft\\AssassinsCreedIIGame.exe"= "e:\\Program Files\\Ubisoft\\AssassinsCreedII.exe"= "e:\\Program Files\\Ubisoft\\UPlayBrowser.exe"= "d:\\Download\\PDFReader_Setup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-07-17 721904] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 114984] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-04-14 80392] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 135664] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 MemStPCI;Kontroler modułów pamięci Memory Stick Sony (PCI);c:\windows\system32\drivers\MemStPCI.SYS [2009-08-04 26112] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-11-08 27064] . Zawartość folderu 'Zaplanowane zadania' 2010-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 20:31] 2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 20:31] 2010-11-09 c:\windows\Tasks\Norton Security Scan for Buki.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-31 04:32] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ uInternet Settings,ProxyOverride = ;*.local IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Buki\Dane aplikacji\Mozilla\Firefox\Profiles\jiuz4mqy.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.4.dll FF - plugin: c:\documents and settings\Buki\Dane aplikacji\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Buki\Dane aplikacji\Mozilla\Firefox\Profiles\jiuz4mqy.default\extensions\cctvplayer-plugin@www.cctv.com\plugins\npCCTVplayer.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - USUNIĘTO PUSTE WPISY - - - - Toolbar-{511131f1-4629-4254-a85f-ed7b6d75dd3c} - (no file) Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file) HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKCU-Run-GameTracker - c:\program files\GameTracker\GTLite.exe AddRemove-Ocena Opisowa N - h:\ocena opisowa\uninstall_N.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-09 19:54 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... c:\documents and settings\Buki\Dane aplikacji\Mozilla\Firefox\Profiles\jiuz4mqy.default\parent.lock 0 bytes skanowanie pomyślnie ukończone ukryte pliki: 1 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-854245398-1214440339-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:97,a5,3c,0d,2e,81,fe,fd,e7,d6,06,f4,1d,7f,95,ed,67,91,e5,6e,20,da,2f, 78,b6,cf,ca,c3,ac,d4,95,e3,05,9a,04,34,47,c7,60,78,26,f2,8b,32,39,3d,57,1a,\ "??"=hex:67,91,6e,36,74,e9,30,d3,34,26,41,8d,80,10,56,12 [HKEY_USERS\S-1-5-21-854245398-1214440339-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:b6,51,ff,81,bb,42,c1,7c,56,3b,11,b8,99,17,86,1c,41,f3,21,4d,58, eb,ef,63,56,9d,28,ca,a4,0b,0c,3a,ae,15,56,1c,3d,94,aa,f6,ce,e3,de,1e,3a,2a,\ "rkeysecu"=hex:02,9d,ba,0a,d1,46,c0,32,e9,92,5a,28,f9,c8,c4,08 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(3836) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\wmp.dll c:\windows\system32\wmploc.dll c:\windows\system32\wmpps.dll c:\windows\system32\jscript.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Czas ukończenia: 2010-11-09 19:55:57 ComboFix-quarantined-files.txt 2010-11-09 18:55 Przed: 80 848 773 120 bajtów wolnych Po: 81 148 137 472 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut - - End Of File - - C438E187672A42A9869123B32AD48DD6