ComboFix 12-07-08.02 - Elfik 2012-07-09 17:42:55.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1148 [GMT 2:00] Uruchomiony z: c:\documents and settings\Elfik\Moje dokumenty\Pobieranie\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\msmqinst.log c:\windows\system32\dllcache\dlimport.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-09 do 2012-07-09 ))))))))))))))))))))))))))))))) . . 2012-07-09 14:43 . 2012-07-09 14:43 -------- d-----w- C:\_OTL 2012-07-09 13:53 . 2012-07-09 13:53 -------- d-----w- c:\documents and settings\Elfik\Dane aplikacji\hellomoto 2012-06-23 19:13 . 2012-06-23 19:13 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-06-19 17:52 . 2012-06-19 17:52 -------- d-----w- c:\windows\system32\Adobe 2012-06-13 17:50 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 19:13 . 2012-04-14 20:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 19:13 . 2012-02-25 15:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 13:19 . 2009-09-30 20:58 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2009-09-30 20:58 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-09-30 20:58 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2008-10-16 12:08 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2008-10-16 12:08 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2009-09-30 20:58 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2009-09-30 20:58 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2008-10-16 12:08 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2009-09-30 20:58 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-09-30 20:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2008-10-16 12:07 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:18 . 2010-12-14 20:43 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2010-12-14 20:43 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18 . 2010-12-14 20:43 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2004-08-04 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55 . 2004-08-04 12:00 1863424 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:44 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:14 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2004-08-04 00:39 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2009-09-30 20:57 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 19:53 . 2012-04-26 19:53 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-26 19:53 . 2012-04-26 19:53 476960 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-04-26 19:53 . 2012-04-26 19:53 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-06-17 17:47 . 2011-05-06 21:05 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-05-04 11981408] "DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Steam"="e:\program files\Steam\Steam.exe" [2011-12-11 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000] "Gainward"="c:\windows\TBPanel.exe" [2008-01-29 2177576] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-03 13508608] "nwiz"="nwiz.exe" [2008-01-03 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-03 86016] "GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "xwizard"="c:\documents and settings\Elfik\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\3100\xwizard.exe" [2012-07-09 48640] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-10-1 49220] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^Elfik^Menu Start^Programy^Autostart^OpenOffice.org 3.1.lnk] path=c:\documents and settings\Elfik\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] 2009-06-04 20:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-07-18 15:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 17:21 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\Cenega\\Fantasy Wars - Złota Edycja\\fw.exe"= "e:\\Program Files\\NAMCO BANDAI Games\\Warhammer® Mark of Chaos\\Warhammer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"= "e:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"= "e:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "e:\\Program Files\\Steam\\SteamApps\\common\\dawn of war 2\\DOW2.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-04-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-01-19 31952] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-02-10 301248] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-12-12 691696] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-01-07 235216] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 250056] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] S3 DAUpdaterSvc;Dragon Age: Początek - Aktualizator zawartości;e:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 113120] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 19:13] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://plemiona.pl/ IE: E&ksportuj do programu Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 93.159.128.128 194.0.103.166 FF - ProfilePath - c:\documents and settings\Elfik\Dane aplikacji\Mozilla\Firefox\Profiles\q0apzteg.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.interia.pl/ FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-09 17:45 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-07-09 17:46:42 ComboFix-quarantined-files.txt 2012-07-09 15:46 . Przed: 7 044 542 464 bajtów wolnych Po: 7 331 540 992 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 9D0EB64738BEFCD4AF4DDFF21745EC89