ComboFix 12-09-18.06 - ba 2012-09-19 2:14.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1917.1481 [GMT 2:00] Uruchomiony z: c:\documents and settings\ba\Moje dokumenty\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\TEMP . . ((((((((((((((((((((((((( Pliki utworzone od 2012-08-19 do 2012-09-19 ))))))))))))))))))))))))))))))) . . 2012-09-18 23:49 . 2012-09-18 23:49 -------- d-----w- c:\documents and settings\Administrator 2012-09-18 22:57 . 2012-09-18 23:28 -------- d-----w- c:\documents and settings\ba\Dane aplikacji\hellomoto 2012-09-10 17:45 . 2011-12-07 17:32 216064 ----a-w- c:\windows\system32\lagarith.dll 2012-09-10 17:45 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll 2012-09-10 17:45 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll 2012-09-10 17:45 . 2011-12-21 17:14 151552 ----a-w- c:\windows\system32\ac3acm.acm 2012-09-10 17:45 . 2012-08-17 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll 2012-08-22 14:19 . 2012-08-22 14:19 -------- d-----w- c:\documents and settings\ba\Dane aplikacji\DivX 2012-08-22 14:19 . 2011-11-29 02:28 126448 ------w- c:\windows\system32\pxinsi64.exe 2012-08-22 14:19 . 2011-11-29 02:28 123888 ------w- c:\windows\system32\pxcpyi64.exe 2012-08-22 14:14 . 2012-08-22 15:00 -------- d-----w- c:\program files\DivX 2012-08-22 14:05 . 2012-08-22 15:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DivX . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-27 10:14 . 2012-06-22 13:17 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-27 10:14 . 2012-06-22 13:17 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2010-11-11 14:34 . 2011-12-25 15:12 201728 ----a-w- c:\program files\hjsplit.exe 2012-09-18 22:14 . 2012-08-15 12:44 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-10-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-10-16 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-10-16 69248] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-10-16 212520] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-12-25 436792] S2 PCSUService;PC Speed Up Service;c:\program files\Przyspiesz Komputer\PCSUService.exe [2012-02-12 235232] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-06-07 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 250568] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-01-11 32000] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-02-22 22400] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-15 114144] S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2007-11-10 29728] . Zawartość folderu 'Zaplanowane zadania' . 2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 10:14] . 2012-09-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2052111302-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02] . 2012-09-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2052111302-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 217.113.224.134 217.113.224.35 FF - ProfilePath - c:\documents and settings\ba\Dane aplikacji\Mozilla\Firefox\Profiles\hgb00pde.default\ FF - prefs.js: network.proxy.http - 82.206.129.160 FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.type - 4 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-19 02:16 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(1844) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(1040) c:\windows\system32\WININET.dll . Czas ukończenia: 2012-09-19 02:18:08 ComboFix-quarantined-files.txt 2012-09-19 00:17 . Przed: 3 191 934 976 bajtów wolnych Po: 3 222 179 840 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 191270D0AB326462CA30BDB3BD3A1E95