ComboFix 11-04-12.02 - 1234 2011/04/13 23:36:41.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.48.1045.18.3069.2004 [GMT 2:00] Uruchomiony z: F:\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\drv\Tuner\Yuan\Resources\_desktop.ini c:\programdata\Microsoft\Windows\Start Menu\Programs\AV c:\programdata\Microsoft\Windows\Start Menu\Programs\AV\AVG Anti-Rootkit Free.lnk . . ((((((((((((((((((((((((( Pliki utworzone od 2011-03-13 do 2011-04-13 ))))))))))))))))))))))))))))))) . . 2011-04-13 18:18 . 2011-04-13 18:18 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-04-13 12:55 . 2011-04-13 12:56 -------- d-----w- C:\bd_logs 2011-04-13 11:35 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys 2011-04-13 08:24 . 2011-04-13 08:24 -------- d-----w- c:\programdata\ashampoo 2011-04-13 08:24 . 2011-04-13 08:24 -------- d-----w- c:\program files\Ashampoo 2011-04-13 03:53 . 2007-12-29 11:05 745472 ----a-w- c:\windows\system32\NETw4c32.dll 2011-04-13 03:53 . 2007-12-29 11:05 2777088 ----a-w- c:\windows\system32\NETw4r32.dll 2011-04-13 03:53 . 2007-12-29 11:05 2252800 ----a-w- c:\windows\system32\drivers\NETw4v32.sys 2011-04-13 03:52 . 2011-04-13 03:52 3 ----a-w- c:\windows\AFirst.cmd 2011-04-13 03:52 . 2007-09-10 15:38 17185336 ----a-w- c:\windows\eRy.exe 2011-04-13 03:52 . 2006-03-09 02:58 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll 2011-04-13 03:52 . 2007-02-09 09:41 182456 ----a-w- c:\windows\system32\drivers\SynTP.sys 2011-04-13 03:52 . 2007-02-09 09:38 110592 ----a-w- c:\windows\system32\SynTPCo4.dll 2011-04-13 03:52 . 2007-02-09 08:50 143360 ----a-w- c:\windows\system32\SynTPAPI.dll 2011-04-13 03:52 . 2007-02-09 08:43 196608 ----a-w- c:\windows\system32\SynCtrl.dll 2011-04-13 03:52 . 2007-02-09 08:42 163840 ----a-w- c:\windows\system32\SynCOM.dll 2011-04-13 03:52 . 2011-04-12 18:10 1618 ----a-w- c:\windows\CLEANUP.CMD 2011-04-13 03:52 . 2007-01-11 17:50 23 ----a-w- c:\windows\system32\$Acer$.cmd 2011-04-13 03:52 . 2007-01-11 17:50 23 ----a-w- c:\programdata\Microsoft\Crypto\RSA\MachineKeys\$Acer$.cmd 2011-04-13 03:52 . 2002-11-14 22:32 55808 ----a-w- c:\windows\devcon.exe 2011-04-12 22:02 . 2011-04-13 18:23 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-04-12 20:57 . 2010-09-08 12:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-04-12 20:57 . 2011-04-12 20:57 -------- dc----w- c:\windows\system32\DRVSTORE 2011-04-12 20:57 . 2011-04-12 20:57 -------- dc-h--w- c:\programdata\{437292BE-95BD-4B12-B699-6D217A03ACAF} 2011-04-12 20:56 . 2011-04-12 20:57 -------- d-----w- c:\programdata\Lavasoft 2011-04-12 20:56 . 2011-04-12 20:56 -------- d-----w- c:\program files\Lavasoft 2011-04-12 20:43 . 2011-04-12 20:43 -------- d-----w- c:\program files\Synaptics 2011-04-12 20:42 . 2007-07-17 17:33 368640 ----a-w- c:\windows\system32\CheckD2DSystem.exe 2011-04-12 20:42 . 2006-11-12 09:54 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe 2011-04-12 20:42 . 2006-11-10 15:27 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe 2011-04-12 20:42 . 2005-12-09 07:12 16384 ----a-w- c:\windows\system32\ClearEvent.exe 2011-04-12 20:41 . 2011-04-12 20:41 29184 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2011-04-12 20:41 . 2011-04-12 20:41 220160 ----a-w- c:\windows\system32\drivers\bthport.sys 2011-04-12 20:41 . 2011-04-12 20:41 19456 ----a-w- c:\windows\system32\drivers\bthenum.sys 2011-04-12 20:41 . 2011-04-12 20:41 181760 ----a-w- c:\windows\system32\fsquirt.exe 2011-04-12 20:40 . 2007-03-29 05:11 229376 ----a-w- c:\windows\system32\BtwRSupport.dll 2011-04-12 20:39 . 2011-04-12 20:39 -------- d-----w- c:\windows\system32\es-MX 2011-04-12 20:39 . 2011-04-12 20:39 -------- d-----w- c:\windows\system32\es-AR 2011-04-12 20:39 . 2011-04-12 20:39 -------- d-----w- c:\program files\WIDCOMM 2011-04-12 20:37 . 2011-04-12 20:37 621056 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-04-12 20:37 . 2011-04-12 20:37 36864 ----a-w- c:\windows\system32\cdd.dll 2011-04-12 20:35 . 2011-04-12 20:35 8138240 ----a-w- c:\windows\system32\ssBranded.scr 2011-04-12 20:35 . 2011-04-12 20:35 69632 ----a-w- c:\windows\system32\sendmail.dll 2011-04-12 20:33 . 2005-08-16 06:49 40960 ------w- C:\junction.exe 2011-04-12 20:32 . 2006-11-22 20:26 1706800 ----a-w- c:\windows\system32\gdiplus.dll 2011-04-12 18:39 . 2011-04-12 18:39 -------- d-----w- c:\program files\Launch Manager 2011-04-12 18:10 . 2011-04-12 18:10 -------- d-----w- C:\Convesoft 2011-04-12 18:10 . 2007-04-19 11:41 83554304 ----a-w- c:\windows\system32\acer.scr 2011-04-12 18:10 . 2007-05-10 13:21 40368034 ----a-w- c:\windows\system32\acer.exe 2011-04-12 18:10 . 2011-04-12 20:50 -------- d-----w- c:\program files\Acer Inc 2011-04-12 18:10 . 2011-04-12 18:10 -------- d-----w- c:\windows\ACER 2011-04-12 18:10 . 2011-04-13 10:43 -------- d-----w- c:\users\1234 2011-04-12 18:01 . 2011-04-12 18:01 -------- d-----w- c:\windows\system32\ENU 2011-04-12 18:01 . 2007-04-11 13:49 126976 ----a-w- c:\windows\system32\Imsmudlg.exe 2011-04-12 18:01 . 2007-03-21 10:58 304920 ----a-w- c:\windows\system32\drivers\iaStor.sys 2011-04-12 18:00 . 2011-04-12 18:00 -------- d-----w- c:\windows\BUVC_AP 2011-04-12 18:00 . 2007-05-08 18:49 57856 ----a-w- c:\windows\BR040264.exe 2011-04-12 18:00 . 2007-05-08 18:48 53248 ----a-w- c:\windows\BR040286.exe 2011-04-12 18:00 . 2011-04-12 18:00 -------- d-----w- c:\windows\Options 2011-04-12 17:59 . 2011-04-12 17:59 -------- d-----w- c:\windows\BisonC07 . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112] "IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2006-11-21 46728] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696] "BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664] Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-16 535336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\eNetHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712] R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-11-21 202872] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-13 15232] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-08 64288] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-04-13 1753048] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - COMHOST *Deregistered* - kgldqpob . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . . ------- Skan uzupełniający ------- . IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-Acer Tour Reminder - (no file) HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe HKLM-Run-Acer Tour - (no file) HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd HKLM-Run-eRecoveryService - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-13 23:41 Windows 6.0.6000 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(792) c:\windows\system32\eNetHook.dll . - - - - - - - > 'lsass.exe'(712) c:\windows\system32\eNetHook.dll . Czas ukończenia: 2011-04-13 23:43:22 ComboFix-quarantined-files.txt 2011-04-13 21:43 . Przed: 54,687,350,784 bajtów wolnych Po: 54,641,410,048 bajtów wolnych . - - End Of File - - 41437B34D4687A368D219C577096D9A4