ComboFix 11-11-13.01 - crowli 2011-11-13 12:13:05.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3583.3167 [GMT 1:00] Uruchomiony z: c:\documents and settings\crowli\Moje dokumenty\Pobieranie\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Rezydentny antywirus jest aktywny . . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\1B1e82A6.txt c:\documents and settings\crowli\Dane aplikacji\SkyrimLauncher.exe c:\windows\$NtUninstallKB16776$ c:\windows\$NtUninstallKB16776$\2362417513 c:\windows\$NtUninstallKB16776$\392910563\@ c:\windows\$NtUninstallKB16776$\392910563\bckfg.tmp c:\windows\$NtUninstallKB16776$\392910563\cfg.ini c:\windows\$NtUninstallKB16776$\392910563\Desktop.ini c:\windows\$NtUninstallKB16776$\392910563\kwrd.dll c:\windows\$NtUninstallKB16776$\392910563\L\flbbsmad c:\windows\$NtUninstallKB16776$\392910563\U\00000001.@ c:\windows\$NtUninstallKB16776$\392910563\U\00000002.@ c:\windows\$NtUninstallKB16776$\392910563\U\00000004.@ c:\windows\$NtUninstallKB16776$\392910563\U\80000000.@ c:\windows\$NtUninstallKB16776$\392910563\U\80000004.@ c:\windows\$NtUninstallKB16776$\392910563\U\80000032.@ c:\windows\system32\ccrpTmr6.dll c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job c:\windows\Temp\_ex-08.exe c:\windows\Temp\_ex-68.exe D:\install.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2011-10-13 do 2011-11-13 ))))))))))))))))))))))))))))))) . . 2011-11-13 08:57 . 2011-11-13 08:57 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2011-11-12 18:00 . 2011-11-12 18:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-11-12 18:00 . 2011-11-12 18:00 -------- d-----r- c:\documents and settings\NetworkService\Ulubione 2011-11-12 16:48 . 2011-11-12 16:49 -------- d-----w- c:\documents and settings\crowli\Ustawienia lokalne\Dane aplikacji\Skyrim 2011-11-10 22:23 . 2011-11-10 22:23 19123536 ----a-w- c:\documents and settings\crowli\Dane aplikacji\TESV.exe 2011-11-07 14:54 . 2011-11-07 14:54 -------- d-----w- C:\Graphics 2011-11-07 14:54 . 2009-03-10 22:25 191488 ------w- c:\windows\system32\mwgfx.dll 2011-11-07 14:54 . 2008-10-20 12:44 237056 ------w- c:\windows\system32\mwgfx24.dll 2011-11-07 14:54 . 2008-09-05 07:32 104960 ------w- c:\windows\system32\mwdds.dll 2011-11-07 14:54 . 2007-08-19 08:37 28672 ------w- c:\windows\system32\mwgfxcopy.exe 2011-11-07 14:54 . 2004-05-14 10:13 56832 ------w- c:\windows\system32\mwace.dll 2011-11-04 17:28 . 2011-11-04 17:28 -------- d-----w- c:\documents and settings\crowli\Dane aplikacji\Day 1 Studios 2011-11-04 17:28 . 2011-11-04 17:28 -------- d-----w- c:\documents and settings\crowli\Ustawienia lokalne\Dane aplikacji\SKIDROW 2011-11-03 16:03 . 2007-12-18 17:14 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys 2011-11-03 16:03 . 2006-01-11 16:50 24576 ----a-w- c:\windows\system32\AsIO.dll 2011-11-03 16:03 . 2011-11-03 16:03 -------- d-----w- c:\program files\ASUS 2011-11-03 16:03 . 2008-01-04 12:34 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys 2011-11-03 16:03 . 2008-01-04 12:34 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys 2011-11-03 16:02 . 2001-09-05 03:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-11-03 16:02 . 2001-09-05 03:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll 2011-11-03 16:02 . 2001-09-05 03:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-11-03 16:02 . 2001-09-05 03:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-11-03 16:02 . 2002-07-26 10:07 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2011-11-03 15:55 . 2009-04-24 19:22 141568 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys 2011-11-03 15:55 . 2009-03-04 20:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll 2011-11-03 15:55 . 2011-03-03 19:52 -------- d-----w- c:\program files\Realtek 2011-11-03 15:55 . 2011-03-03 16:34 -------- dc----w- c:\windows\system32\DRVSTORE 2011-11-03 15:55 . 2008-08-19 02:56 53248 ----a-w- c:\windows\system32\CSVer.dll 2011-11-03 15:54 . 2011-11-03 15:54 -------- d-----w- C:\Intel 2011-11-03 15:54 . 2009-04-02 20:30 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS 2011-10-30 14:10 . 2011-10-30 14:12 -------- d-----w- c:\documents and settings\BBBB 2011-10-29 18:24 . 2011-10-29 18:24 -------- d-----w- c:\program files\CCleaner 2011-10-29 18:02 . 2011-10-29 18:02 -------- d-----w- c:\program files\Common Files\Java 2011-10-25 15:51 . 2011-10-08 04:50 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-10-25 15:51 . 2011-10-08 04:50 54272 ----a-w- c:\windows\system32\nvwddi.dll 2011-10-25 15:51 . 2011-10-29 18:37 285224 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-10-25 15:51 . 2011-10-29 18:37 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-10-25 15:51 . 2011-10-29 18:36 285224 ----a-w- c:\windows\system32\nvdrsdb1.bin 2011-10-25 15:48 . 2011-10-08 04:50 65536 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-25 15:48 . 2011-10-08 04:50 919872 ----a-w- c:\windows\system32\nvdispco32.dll 2011-10-25 15:48 . 2011-10-08 04:50 877376 ----a-w- c:\windows\system32\nvgenco32.dll 2011-10-25 15:48 . 2011-10-08 04:50 17956864 ----a-w- c:\windows\system32\nvoglnt.dll 2011-10-25 15:48 . 2011-10-08 04:50 2398016 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-25 15:48 . 2011-10-08 04:50 5595136 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-25 15:48 . 2011-10-08 04:50 2449408 ----a-w- c:\windows\system32\nvapi.dll 2011-10-25 15:48 . 2011-10-08 04:50 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-25 15:48 . 2011-10-08 04:50 17240064 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-18 15:35 . 2011-10-18 15:35 -------- d-----w- c:\program files\PyFFI 2011-10-18 15:23 . 2011-10-18 15:36 -------- d-----w- c:\program files\NifTools 2011-10-18 15:22 . 2011-10-18 15:23 -------- d-----w- c:\documents and settings\crowli\Dane aplikacji\GetRightToGo 2011-10-18 15:20 . 2011-10-18 15:20 -------- d-----w- c:\documents and settings\crowli\Dane aplikacji\Blender Foundation 2011-10-18 15:19 . 2011-10-18 15:19 -------- d-----w- c:\program files\Blender Foundation 2011-10-18 15:18 . 2011-10-18 15:35 -------- d-----w- C:\Python26 2011-10-15 21:03 . 2011-10-15 21:04 -------- d-----w- c:\documents and settings\crowli\Dane aplikacji\.minecraft . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-12 20:28 . 2009-12-05 11:38 58880 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-10-16 07:46 . 2011-05-18 15:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-10 14:22 . 2009-12-05 10:46 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-08 04:50 . 2009-12-05 11:26 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-10-08 04:50 . 2009-12-05 11:26 4226688 ----a-w- c:\windows\system32\nv4_disp.dll 2011-10-03 03:06 . 2010-06-20 16:35 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 00:37 . 2010-06-20 16:35 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-28 07:06 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 09:41 . 2010-03-18 08:09 614400 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2006-03-02 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-06 14:10 . 2006-03-02 12:00 1859200 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:40 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:40 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:40 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:58 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-11-09 18:30 . 2011-03-21 18:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2004-12-25 770048] "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Launch PC Probe II"="c:\program files\ASUS\PC Probe II\Probe2.exe" [2009-05-15 2146816] "RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256] "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\World of Warcraft\\Launcher.exe"= "c:\\Riot Games\\League of Legends\\lol.launcher.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\World of Warcraft Public Test\\Launcher.exe"= "d:\\World of Warcraft Public Test\\BackgroundDownloader.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "8376:TCP"= 8376:TCP:League of Legends Launcher "8376:UDP"= 8376:UDP:League of Legends Launcher "6994:TCP"= 6994:TCP:League of Legends Launcher "6994:UDP"= 6994:UDP:League of Legends Launcher "8377:TCP"= 8377:TCP:League of Legends Launcher "8377:UDP"= 8377:UDP:League of Legends Launcher "8378:TCP"= 8378:TCP:League of Legends Launcher "8378:UDP"= 8378:UDP:League of Legends Launcher "8379:TCP"= 8379:TCP:League of Legends Launcher "8379:UDP"= 8379:UDP:League of Legends Launcher "8380:TCP"= 8380:TCP:League of Legends Launcher "8380:UDP"= 8380:UDP:League of Legends Launcher "6979:TCP"= 6979:TCP:League of Legends Launcher "6979:UDP"= 6979:UDP:League of Legends Launcher "6940:TCP"= 6940:TCP:League of Legends Launcher "6940:UDP"= 6940:UDP:League of Legends Launcher "8381:TCP"= 8381:TCP:League of Legends Launcher "8381:UDP"= 8381:UDP:League of Legends Launcher "8382:TCP"= 8382:TCP:League of Legends Launcher "8382:UDP"= 8382:UDP:League of Legends Launcher "6957:TCP"= 6957:TCP:League of Legends Launcher "6957:UDP"= 6957:UDP:League of Legends Launcher "6976:TCP"= 6976:TCP:League of Legends Launcher "6976:UDP"= 6976:UDP:League of Legends Launcher "8383:TCP"= 8383:TCP:League of Legends Launcher "8383:UDP"= 8383:UDP:League of Legends Launcher "8393:TCP"= 8393:TCP:League of Legends Lobby "8393:UDP"= 8393:UDP:League of Legends Lobby "8390:TCP"= 8390:TCP:League of Legends Game Client "8390:UDP"= 8390:UDP:League of Legends Game Client "6977:TCP"= 6977:TCP:League of Legends Launcher "6977:UDP"= 6977:UDP:League of Legends Launcher "6881:TCP"= 6881:TCP:Blizzard Downloader: 6881 "1135:TCP"= 1135:TCP:*:Disabled:Akamai NetSession Interface "5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-25 2253120] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-03-03 1691480] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] . Zawartość folderu 'Zaplanowane zadania' . . ------- Skan uzupełniający ------- . TCP: DhcpNameServer = 62.233.233.233 87.204.204.204 FF - ProfilePath - c:\documents and settings\crowli\Dane aplikacji\Mozilla\Firefox\Profiles\1vu6bw40.default\ FF - prefs.js: browser.startup.homepage - www.onet.pl . . ------- Skojarzenia plików ------- . .scr=DWGTrueViewScriptFile . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) SafeBoot-09523297.sys MSConfigStartUp-Akamai NetSession Interface - c:\documents and settings\crowli\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-13 12:19 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,c4,ef,1a,de,21,0d,48,99,f3,1c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,c4,ef,1a,de,21,0d,48,99,f3,1c,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(2204) c:\windows\system32\WININET.dll c:\windows\system32\AcSignIcon.dll c:\program files\Gadu-Gadu\ggwhook.dll c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Creative\Shared Files\CTDevSrv.exe c:\windows\RTHDCPL.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\RunDLL32.exe c:\windows\system32\nvsvc32.exe c:\program files\ASUS\AASP\1.00.95\aaCenter.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Czas ukończenia: 2011-11-13 12:21:42 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-11-13 11:21 . Przed: 34 331 471 872 bajtów wolnych Po: 35 381 612 544 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - DCE0B82E8E14D53CF6E9B08FBDFEEC2D