ComboFix 12-07-25.04 - Administrator 2012-07-25 5:21.1.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1643 [GMT 2:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\TEMP c:\windows\Help\nvcpar.hlp-nv28062 c:\windows\Help\nvcpcs.hlp-nv28062 c:\windows\Help\nvcpda.hlp-nv28062 c:\windows\Help\nvcpde.hlp-nv28062 c:\windows\Help\nvcpel.hlp-nv28062 c:\windows\Help\nvcpeng.hlp-nv28062 c:\windows\Help\nvcpes.hlp-nv28062 c:\windows\Help\nvcpesm.hlp-nv28062 c:\windows\Help\nvcpfi.hlp-nv28062 c:\windows\Help\nvcpfr.hlp-nv28062 c:\windows\Help\nvcphe.hlp-nv28062 c:\windows\Help\nvcphu.hlp-nv28062 c:\windows\Help\nvcpit.hlp-nv28062 c:\windows\Help\nvcpja.hlp-nv28065 c:\windows\Help\nvcpko.hlp-nv28065 c:\windows\Help\nvcpl.hlp-nv28065 c:\windows\Help\nvcpnl.hlp-nv28065 c:\windows\Help\nvcpno.hlp-nv28065 c:\windows\Help\nvcppl.hlp-nv28065 c:\windows\Help\nvcppt.hlp-nv28065 c:\windows\Help\nvcpptb.hlp-nv28065 c:\windows\Help\nvcpru.hlp-nv28065 c:\windows\Help\nvcpsk.hlp-nv28065 c:\windows\Help\nvcpsl.hlp-nv28065 c:\windows\Help\nvcpsv.hlp-nv28065 c:\windows\Help\nvcpth.hlp-nv28065 c:\windows\Help\nvcptr.hlp-nv28065 c:\windows\Help\nvcpzhc.hlp-nv28065 c:\windows\Help\nvcpzht.hlp-nv28065 c:\windows\system32\Updater c:\windows\system32\Updater\config.txt c:\windows\system32\Updater\Config\Advanced\masters.txt c:\windows\system32\Updater\Config\Bans\ipranges.txt c:\windows\system32\Updater\Config\Bans\ips.txt c:\windows\system32\Updater\Config\Bans\nicknames.txt c:\windows\system32\Updater\Config\Bans\packets.txt c:\windows\system32\Updater\Config\clcmds.txt c:\windows\system32\Updater\Config\ctext.txt c:\windows\system32\Updater\Config\gamenames.txt c:\windows\system32\Updater\Config\hostnames.txt c:\windows\system32\Updater\Config\mappings.txt c:\windows\system32\Updater\Config\maps.txt c:\windows\system32\Updater\Config\packets.txt c:\windows\system32\Updater\Config\players.txt c:\windows\system32\Updater\Config\redirect.txt c:\windows\system32\Updater\Config\rules.txt c:\windows\system32\Updater\Config\slist.txt c:\windows\system32\Updater\msg.bat c:\windows\system32\Updater\start.cmd . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-25 do 2012-07-25 ))))))))))))))))))))))))))))))) . . 2012-07-25 00:49 . 2012-07-25 00:50 -------- d-----w- c:\documents and settings\Administrator 2012-06-30 12:00 . 2012-06-30 12:23 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2012-06-30 11:59 . 2012-06-30 18:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Blizzard Entertainment 2012-06-26 14:44 . 2012-06-26 14:44 -------- d-----w- c:\program files\Common Files\Steam 2012-06-26 14:44 . 2012-06-28 12:51 -------- d-----w- c:\program files\Steam . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-14 09:37 . 2009-03-18 15:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2012-06-23 17:28 . 2012-06-23 17:21 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\system32\xfcodec.dll 2012-04-28 10:51 . 2012-04-28 10:51 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-28 10:51 . 2012-04-28 10:51 476960 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-04-28 10:51 . 2011-08-12 11:28 472864 ----a-w- c:\windows\system32\deployJava1.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-02-10 . EE9B7EB693ADF064547F88E3D8563302 . 6219776 . . [8.00.6001.22967] . . c:\windows\system32\mshtml.dll [-] 2010-02-10 . EE9B7EB693ADF064547F88E3D8563302 . 6219776 . . [8.00.6001.22967] . . c:\windows\system32\dllcache\mshtml.dll . [-] 2010-02-10 . FFAE47E9B8F6A551B90637115D860CA9 . 907264 . . [8.00.6001.22967] . . c:\windows\system32\wininet.dll [-] 2010-02-10 . FFAE47E9B8F6A551B90637115D860CA9 . 907264 . . [8.00.6001.22967] . . c:\windows\system32\dllcache\wininet.dll . [-] 2008-04-15 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-15 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe . [-] 2008-04-15 . AA16572097E544B985D6B5CBD4CB164C . 227328 . . [5.1.2600.5512] . . c:\windows\regedit.exe [-] 2008-04-15 . AA16572097E544B985D6B5CBD4CB164C . 227328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe . [-] 2010-02-10 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}] 2011-05-20 05:36 243200 ----a-w- c:\program files\RegTweaker\key.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "mylbx"="c:\program files\My Lockbox\mylbx.exe" [2012-02-13 2138432] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464] "NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "LogMeIn Hamachi Ui"="e:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200] "Syncreg"="c:\documents and settings\komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4968\Syncreg.exe" [2012-07-24 48640] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "e:\\Program files\\GSC Game World\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "e:\\Program files\\GSC Game World\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "e:\\Program files\\Codemasters\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE"= "e:\\Program files\\Flatout\\flatout.exe"= "e:\\Program files\\Hegemonia\\Hgm.exe"= "e:\\Program files\\UBISOFT\\Ghost Recon Advanced Warfighter 2 Demo SP\\graw2.exe"= "e:\\Program files\\Valve\\hl.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\komputer\\Pulpit\\HL\\hl.exe"= "e:\\Program files\\Counter-Strike\\cstrike.exe"= "e:\\Program files\\Counter-Strike\\hl.exe"= "e:\\Program files\\Counter-Strike\\valve_sp.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\1ClickDownload\\1ClickDownloader.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "e:\\Program files\\World of Warcraft\\Launcher.exe"= "e:\\Program files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "e:\\Program files\\Bioware\\Baldur's Gate\\BGMain2.exe"= "e:\\Program files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "27015:UDP"= 27015:UDP:Dedicated Server . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-04-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-03-16 31952] R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2012-03-13 41912] R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2010-02-10 69248] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2010-02-10 212520] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-04-05 301248] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-02-12 242240] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-01-07 235216] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 1385896] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-05-13 654408] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-04-02 2348352] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856] S2 SysInfo;Drivers update checker; [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-05-13 22344] . Zawartość folderu 'Zaplanowane zadania' . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1972579041-1177238915-1003Core.job - c:\documents and settings\komputer\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-08-26 09:16] . 2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1972579041-1177238915-1003UA.job - c:\documents and settings\komputer\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-08-26 09:16] . . ------- Skan uzupełniający ------- . mStart Page = hxxp://www.msn.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.100 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-25 05:25 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'lsass.exe'(772) c:\windows\system32\scecli.dll . Czas ukończenia: 2012-07-25 05:26:38 ComboFix-quarantined-files.txt 2012-07-25 03:26 . Przed: 59 406 061 568 bajtów wolnych Po: 59 373 506 560 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 3D52242BE56377C1E718716AAA9B3780