ComboFix 12-07-07.04 - wyszo 2012-07-08 8:30.1.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1783 [GMT 2:00] Uruchomiony z: K:\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\F4D55EFF0001FAE200014BAA0CDF10C2 c:\documents and settings\All Users\Dane aplikacji\F4D55EFF0001FAE200014BAA0CDF10C2\F4D55EFF0001FAE200014BAA0CDF10C2.exe c:\program files\StartSearch plugin c:\program files\StartSearch plugin\IEhelperActiveX.dll c:\program files\StartSearch plugin\startsplg.crx c:\program files\StartSearch plugin\uninst.exe c:\windows\system32\dllcache\dlimport.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-08 do 2012-07-08 ))))))))))))))))))))))))))))))) . . 2012-07-08 05:30 . 2012-07-08 05:30 -------- d-----w- c:\documents and settings\wyszo\Dane aplikacji\hellomoto 2012-07-07 12:42 . 2012-07-07 12:42 -------- d-----w- c:\documents and settings\wyszo\Ustawienia lokalne\Dane aplikacji\Identities 2012-06-08 21:58 . 2012-06-08 23:19 -------- d-----w- c:\documents and settings\wyszo\Dane aplikacji\Skype . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-24 20:12 . 2012-04-06 08:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-24 20:12 . 2012-02-04 07:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 13:19 . 2012-01-10 23:08 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2012-01-10 23:08 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2012-01-10 23:08 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2009-08-06 18:24 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2012-01-10 23:08 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2012-01-10 23:08 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2009-08-06 18:24 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2012-01-10 23:08 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2012-01-10 23:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2009-08-06 18:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-05-31 13:22 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 07:59 . 2006-03-02 12:00 669696 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55 . 2006-03-02 12:00 1863424 ----a-w- c:\windows\system32\win32k.sys 2012-05-05 03:14 . 2006-03-02 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2004-08-04 00:39 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2012-01-10 23:06 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-20 19:30 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2012-04-20 19:30 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2012-04-20 19:29 . 2006-03-02 12:00 370688 ----a-w- c:\windows\system32\html.iec 2012-06-17 19:35 . 2012-01-15 15:39 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 569413] "ZDWLan_Utility"="c:\program files\WLAN_Software\ZD1211B\ZDWLan.EXE" [2007-11-12 487424] "AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2012-01-10 40960] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] "RTHDCPL"="RTHDCPL.EXE" [2006-02-10 15969280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "CIR"="c:\windows\system32\drivers\CIR.exe" [2006-03-08 36864] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880] "Browsers Protector"="c:\program files\Browsers Protector\regmon32.exe" [2012-02-15 147784] "sdchange"="c:\documents and settings\wyszo\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1091\sdchange.exe" [2012-07-08 51200] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\wyszo\Menu Start\Programy\Autostart\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\GRY\\COD MW\\iw3mp.exe"= "d:\\GRY\\FIFA11\\Game\\fifa.exe"= "c:\\Documents and Settings\\wyszo\\Dane aplikacji\\GameRanger\\GameRanger\\GameRanger.exe"= "d:\\GRY\\LOTR\\game.dat"= "d:\\GRY\\eFusion\\BlackShot\\system\\blackshot.exe"= . R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-08-05 34144] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-12-19 28800] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-01-29 242240] R2 MTC0301_CIR;CIR Device;c:\windows\system32\drivers\CIR.sys [2012-01-15 13941] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-01-15 612184] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-01-15 337880] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-01-15 20696] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 250056] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-03-20 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-06-22 21248] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 113120] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [2012-01-11 500736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' . 2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:12] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://startsear.ch/?aff=1&cf=368528de-8bd8-11e1-921c-002163e39d0b mStart Page = hxxp://startsear.ch/?aff=1&cf=368528de-8bd8-11e1-921c-002163e39d0b FF - ProfilePath - c:\documents and settings\wyszo\Dane aplikacji\Mozilla\Firefox\Profiles\xqwme6d5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=368528de-8bd8-11e1-921c-002163e39d0b&q= . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-hpqSRMon - (no file) AddRemove-StartSearch Toolbar - c:\program files\StartSearch plugin\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-08 08:35 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(768) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2012-07-08 08:36:57 ComboFix-quarantined-files.txt 2012-07-08 06:36 . Przed: 9 994 641 408 bajtów wolnych Po: 11 254 730 752 bajtów wolnych . - - End Of File - - E7A1C6B2C436D62BA85CD30387AF1F8F