ComboFix 09-09-07.03 - Lubina 2009-09-08  9:31.1.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.255.97 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Lubina\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-08-08 do 2009-09-08  )))))))))))))))))))))))))))))))
.

2009-09-08 07:06 . 2009-09-08 07:06	33792	----a-w-	c:\windows\system32\msgsvc.dll
2009-09-08 07:06 . 2009-09-08 07:06	33792	----a-w-	c:\windows\system32\dllcache\msgsvc.dll
2009-09-08 06:56 . 2009-09-08 06:41	182912	------w-	c:\windows\system32\drivers\ndis.sys
2009-09-08 06:45 . 2009-09-08 06:41	182912	------w-	c:\windows\system32\dllcache\ndis.sys
2009-09-07 09:56 . 2008-12-11 06:38	159600	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2009-09-07 09:56 . 2009-09-07 10:08	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-09-07 09:55 . 2009-04-03 09:18	130936	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2009-09-07 09:55 . 2008-12-18 10:16	73840	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-07 09:55 . 2009-09-07 09:59	--------	d-----w-	c:\program files\Common Files\PC Tools
2009-09-07 09:55 . 2008-12-10 09:36	64392	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2009-09-07 09:55 . 2009-09-07 09:59	--------	d-----w-	c:\program files\Spyware Doctor
2009-09-07 09:55 . 2009-09-07 09:55	--------	d-----w-	c:\documents and settings\Lubina\Dane aplikacji\PC Tools
2009-09-07 09:55 . 2009-09-07 09:55	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-09-07 09:45 . 2009-09-07 09:45	--------	d-----w-	c:\documents and settings\Lubina\DoctorWeb
2009-09-06 10:29 . 2009-09-06 10:42	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-09-06 10:29 . 2009-09-06 10:34	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-09-05 10:13 . 2009-09-05 10:13	--------	d-----w-	c:\windows\system32\wbem\snmp
2009-09-05 10:13 . 2009-09-05 10:13	--------	d-----w-	c:\windows\srchasst
2009-09-05 10:13 . 2009-09-05 10:13	--------	d-----w-	c:\windows\system32\xircom
2009-09-05 10:13 . 2009-09-05 10:13	--------	d-----w-	c:\program files\microsoft frontpage
2009-09-05 08:50 . 2009-09-05 08:50	153104	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2009-08-22 14:48 . 2009-08-22 14:49	--------	d-----w-	c:\program files\SopCast
2009-08-16 20:59 . 2001-10-26 12:57	12160	----a-w-	c:\windows\system32\drivers\mouhid.sys

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 20:55 . 2009-02-19 18:26	--------	d-----w-	c:\program files\Valve
2009-08-12 06:03 . 2009-01-14 13:04	--------	d-----w-	c:\program files\Lx_cats
2009-08-10 07:54 . 2009-01-12 22:46	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-08-08 14:31 . 2009-02-02 19:41	--------	d-----w-	c:\documents and settings\Lubina\Dane aplikacji\uTorrent
.

------- Sigcheck -------

[-] 2007-07-10 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll

[-] 2007-07-13 . CE7193C5F7C01B19768E066087C1C919 . 814592 . . [7.00.6000.20583] . . c:\windows\system32\wininet.dll

[-] 2007-10-15 . 0FB6743E937C7BB248B2530A5A77ABC6 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-10-18 . 9AA8AEEE2C77B68AF93691758EB0A78B . 2066816 . . [5.1.2600.3051] . . c:\windows\system32\ntkrnlpa.exe

[-] 2007-10-18 . 1AEB1A9AA55DE24BDA1D441989AE4492 . 2189824 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe

[-] 2007-10-17 . 16DF8A100E8966E48BA00C86F6C89972 . 974848 . . [6.00.2900.2649] . . c:\windows\explorer.exe

[-] 2007-10-17 . 64AF31FD88F01255BD841AA9B2DD030F . 104448 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe

[-] 2007-07-13 . A29DE506E89C131C0AACC86047CB1373 . 3856896 . . [7.00.6000.20591] . . c:\windows\system32\mshtml.dll

[-] 2009-09-08 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2009-09-08 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2007-10-09 . 89878732D5EB0C845AD2356081142F2A . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-03-31 790528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-10-17 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-10-09 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WiselinkPro"=3 (0x3)
"MSDTC"=3 (0x3)
"lanmanserver"=2 (0x2)
"WudfSvc"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"SwPrv"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"helpsvc"=2 (0x2)
"CiSvc"=3 (0x3)
"lxcc_device"=3 (0x3)
"ERSvc"=2 (0x2)
"xmlprov"=3 (0x3)
"TermService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Sybase\\Shared\\Sybase Central 4.3\\win32\\scjview.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Packet Tracer 5.0\\bin\\PacketTracer5.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2009-01-15 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2009-01-15 5248]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-07 130936]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-03-04 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-03-04 41744]
R3 rtl8180;PLANET WL-8303 Wireless PCI Adapter NT Driver;c:\windows\system32\drivers\RTL8180.sys [2009-01-12 184576]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-03-04 87568]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-09-07 348752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-03-04 31824]
S4 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-01-08 4136960]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - SYSMONLOG
*Deregistered* - PROCEXP113
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://wp.pl/
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Lubina\Dane aplikacji\Mozilla\Firefox\Profiles\h4qb2nng.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 09:37
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(1328)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\stobject.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
Czas ukończenia: 2009-09-08  9:40
ComboFix-quarantined-files.txt  2009-09-08 07:40

Przed: 391 778 304 bajtów wolnych
Po: 374 153 216 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

178