ComboFix 11-05-16.04 - Łukasz 2011-05-17 16:35:28.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.649 [GMT 2:00] Uruchomiony z: c:\documents and settings\Łukasz\Pulpit\kosz\ComboFix.exe AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Zapora osobista *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * Rezydentny antywirus jest aktywny . . . ((((((((((((((((((((((((( Pliki utworzone od 2011-04-17 do 2011-05-17 ))))))))))))))))))))))))))))))) . . 2011-05-17 14:24 . 2011-05-17 14:24 -------- d-----w- C:\_OTL 2011-05-12 18:59 . 2004-03-02 15:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys 2011-05-12 18:59 . 2004-03-02 15:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys 2011-05-12 18:59 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll 2011-05-12 18:59 . 2004-07-26 15:16 476320 ------w- c:\windows\system32\ImagXpr7.dll 2011-05-12 18:59 . 2004-07-26 15:16 471040 ------w- c:\windows\system32\ImagXRA7.dll 2011-05-12 18:59 . 2004-07-26 15:16 262144 ------w- c:\windows\system32\ImagXR7.dll 2011-05-12 18:59 . 2004-07-26 15:16 1568768 ------w- c:\windows\system32\ImagX7.dll 2011-05-12 18:59 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe 2011-05-12 18:59 . 2011-05-12 18:59 -------- d-----w- c:\program files\Ahead 2011-05-12 18:59 . 2011-05-12 18:59 -------- d-----w- c:\program files\Common Files\Ahead 2011-05-12 07:31 . 2011-05-12 07:35 -------- d-----w- c:\documents and settings\Łukasz\Dane aplikacji\Gmail Notifier 2011-05-12 07:31 . 2011-05-12 07:31 -------- d-----w- c:\program files\Gmail Notifier 2011-05-10 04:57 . 2011-05-10 04:57 -------- d-sh--w- c:\documents and settings\Łukasz\IECompatCache 2011-05-07 19:51 . 2011-05-13 13:50 -------- d-----w- c:\documents and settings\Łukasz\Ustawienia lokalne\Dane aplikacji\Temp 2011-05-06 04:54 . 2011-05-06 04:54 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-06 04:54 . 2011-05-06 04:54 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-06 04:54 . 2011-05-06 04:54 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-06 04:54 . 2011-05-06 04:54 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-06 04:54 . 2011-05-06 04:54 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-06 04:54 . 2011-05-06 04:54 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-06 04:54 . 2011-05-06 04:54 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-06 04:54 . 2011-05-06 04:54 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-04-30 04:57 . 2011-04-30 04:58 -------- d-----w- c:\program files\MATMIC Weather 2011-04-28 13:40 . 2011-05-04 05:10 -------- d-----w- c:\program files\uTorrent 2011-04-28 13:36 . 2011-04-28 13:36 -------- d-----w- c:\program files\CCleaner 2011-04-24 09:10 . 2011-04-24 09:10 -------- d-----w- c:\program files\Edgard 2011-04-20 05:39 . 2011-05-02 20:43 -------- d-----w- c:\documents and settings\Łukasz\Dane aplikacji\dvdcss 2011-04-18 16:30 . 2011-04-18 16:31 -------- d-----w- c:\program files\NAPI-PROJEKT . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-14 14:01 . 2011-03-14 14:01 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys 2011-03-14 13:58 . 2011-03-14 13:58 96384 ----a-w- c:\windows\system32\drivers\sptd3261.sys 2011-03-14 13:58 . 2011-03-14 13:58 664064 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-03-07 05:33 . 2011-03-14 09:33 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:36 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:53 . 2004-08-04 12:00 1858176 ----a-w- c:\windows\system32\win32k.sys 2011-02-28 08:00 . 2011-03-14 10:25 80896 ----a-w- c:\windows\system32\ff_vfw.dll 2011-02-22 23:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:08 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:08 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:43 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2004-08-04 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-04 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:54 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2011-05-06 04:54 . 2011-05-06 04:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-01-30 1716224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-04 2219184] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 21:51 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2011-01-07 18:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2011-01-07 18:58 111208 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2010-11-04 07:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager] 2008-06-10 10:14 107248 ----a-w- c:\program files\Livebox\SessionManager\SessionManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper] 2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Livebox\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-03-14 664064] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-07-29 115008] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-04 810144] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?] . . ------- Skan uzupełniający ------- . uStart Page = about:blank IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Łukasz\Dane aplikacji\Mozilla\Firefox\Profiles\5aq1e723.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.dziennik.pl/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-17 16:38 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(2180) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL . Czas ukończenia: 2011-05-17 16:40:22 ComboFix-quarantined-files.txt 2011-05-17 14:40 ComboFix2.txt 2011-05-15 15:06 . Przed: 21 682 601 984 bajtów wolnych Po: 21 673 021 440 bajtów wolnych . - - End Of File - - 6432AA8DD49827AC88B75F7E1E05E421