ComboFix 13-05-12.01 - Administrator 2013-05-13 14:04:24.1.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1665 [GMT 2:00] Uruchomiony z: G:\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\TEMP c:\documents and settings\All Users\Dane aplikacji\TEMP\90595C34.TMP c:\documents and settings\Ja\WINDOWS c:\program files\BitDownload c:\program files\BitDownload\BitDownload.exe c:\program files\BitDownload\BitDownload.ico c:\program files\BitDownload\EndProg.exe c:\program files\BitDownload\Lang\English.lng c:\program files\BitDownload\Lang\Russian.lng c:\program files\BitDownload\Media\FileComplete.wav c:\program files\BitDownload\player.dll c:\program files\BitDownload\plug-ins\CDBurningPlugin.bpl c:\program files\BitDownload\plug-ins\CDRipper.bpl c:\program files\BitDownload\plug-ins\ClosestSearch.bpl c:\program files\BitDownload\plug-ins\Notification.bpl c:\program files\BitDownload\plug-ins\PeerInfoSearch.bpl c:\program files\BitDownload\plug-ins\rip\akrip32.dll c:\program files\BitDownload\plug-ins\rip\cdcache.dll c:\program files\BitDownload\plug-ins\rip\lame_enc.dll c:\program files\BitDownload\plug-ins\rip\Rip.dll c:\program files\BitDownload\plug-ins\rip\vorb_enc.dll c:\program files\BitDownload\plug-ins\rip\xtenc.dll c:\program files\BitDownload\plug-ins\Search.bpl c:\program files\BitDownload\plug-ins\VirtualTracker.bpl c:\program files\BitDownload\rtl70.bpl c:\program files\BitDownload\Skin\Aqua.skn c:\program files\BitDownload\Skin\Default.skn c:\program files\BitDownload\Skin\Desert.skn c:\program files\BitDownload\Skin\Forest.skn c:\program files\BitDownload\Skin\Sea.skn c:\program files\BitDownload\tcpip_patcher.sys c:\program files\BitDownload\Thumbs.db c:\program files\BitDownload\Uninstall.exe c:\program files\BitDownload\Units.bpl c:\program files\BitDownload\vcl70.bpl c:\program files\BitDownload\vclshlctrls70.bpl c:\program files\BitDownload\vclx70.bpl c:\program files\BitDownload\VersionChecker.exe c:\program files\BitDownload\WinSkinD7R.bpl c:\windows\IsUn0415.exe c:\windows\system32\api.dat c:\windows\system32\raidmg.dll c:\windows\system32\SET8DD.tmp c:\windows\system32\SET8E1.tmp c:\windows\system32\SET8E2.tmp c:\windows\system32\SET8E9.tmp c:\windows\system32\Thumbs.db c:\windows\system32\tmp157.tmp c:\windows\system32\tmp158.tmp c:\windows\system32\tmpD59.tmp c:\windows\system32\tmpD5A.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2013-04-13 do 2013-05-13 ))))))))))))))))))))))))))))))) . . 2013-05-13 11:41 . 2013-05-13 11:41 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera 2013-05-13 08:53 . 2013-05-13 08:53 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Windows Search 2013-05-03 18:09 . 2013-05-03 18:10 -------- d-----w- c:\program files\A Gnome's Home - The Great Crystal Crusade 2013-04-25 18:06 . 2013-04-25 18:06 -------- d-----w- c:\program files\e-Deklaracje 2013-04-25 18:06 . 2013-04-25 18:06 -------- d-----w- c:\program files\Common Files\Adobe AIR 2013-04-17 13:57 . 2013-04-25 18:21 -------- d-----w- c:\program files\Island Tribe 4 2013-04-16 17:06 . 2013-04-16 17:07 -------- d-----w- c:\program files\Green City 2013-04-16 17:01 . 2013-04-16 17:02 -------- d-----w- c:\program files\Sweet Kingdom - Enchanted Princess 2013-04-16 16:58 . 2013-04-16 16:59 -------- d-----w- c:\program files\Outta This Kingdom 2013-04-16 16:57 . 2013-05-03 18:44 -------- d-----w- c:\program files\DoubleGames.pl 2013-04-16 10:25 . 2013-04-17 07:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AlawarEntertainment 2013-04-16 10:19 . 2013-04-16 10:19 -------- d-----w- c:\program files\Ballad of Solar . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 15:48 . 2012-11-06 15:17 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-13 15:48 . 2012-11-06 15:17 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-08 08:36 . 2006-03-02 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 15:56 . 2006-03-02 12:00 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 15:56 . 2004-08-04 00:39 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:08 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-02 02:08 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:58 . 2006-03-02 12:00 1867520 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-02-27 07:58 . 2008-03-08 23:09 2067456 ----a-w- c:\windows\system32\mstscax.dll 2004-10-01 13:00 . 2008-04-27 15:36 40960 ----a-w- c:\program files\Uninstall_CDS.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\MyPlayCity\tbMyP2.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4accc990-3dc7-4456-a734-5cb4b610a7f5}] 2013-01-08 20:23 2087624 ----a-w- c:\program files\Winamp Toolbar\winamppltb.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\Free_Lunch_Design\tbFre0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}] 2007-07-31 14:33 1391640 ----a-w- c:\program files\Absolutist_Games\tbAbso.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}] 2011-05-09 09:49 176936 ----a-w- c:\program files\gry\prxtbgr0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "c:\program files\Absolutist_Games\tbAbso.dll" [2007-07-31 1391640] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP2.dll" [2010-10-18 3908192] "{8532a8b7-c06a-41bb-936a-8ce73e4711ed}"= "c:\program files\gry\prxtbgr0.dll" [2011-05-09 176936] "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2010-10-18 3908192] "{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\AllGamesHome Toolbar\tbcore3.dll" [2011-08-18 2659456] "{a0b1221c-a3ff-4f7c-a393-dc63af5301e9}"= "c:\program files\Winamp Toolbar\winamppltb.dll" [2013-01-08 2087624] . [HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}] . [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] . [HKEY_CLASSES_ROOT\clsid\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}] . [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] . [HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}] [HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB00808.TBSB00808] . [HKEY_CLASSES_ROOT\clsid\{a0b1221c-a3ff-4f7c-a393-dc63af5301e9}] [HKEY_CLASSES_ROOT\WinampplTb.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{15881dc0-be28-4dee-a912-ef684d93a9a4}] [HKEY_CLASSES_ROOT\WinampplTb.AOLToolBand] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776] "nwiz"="nwiz.exe" [2007-11-06 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-11 149280] "V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-06-28 32768] "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="e:\power dvd\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-28 74752] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-10-8 541976] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\LIMEWIRE\\LimeWire.exe"= "e:\\GG\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= . R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-12-28 20624] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944] S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [2008-03-12 146112] S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [2008-03-12 6272] . Zawartość folderu 'Zaplanowane zadania' . 2013-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-06 15:48] . 2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 20:17] . 2013-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 20:17] . . ------- Skan uzupełniający ------- . mStart Page = hxxp://home.myplaycity.com/ IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\AllGamesHome Toolbar\tbcore3.dll TCP: DhcpNameServer = 95.160.170.92 88.156.222.92 . - - - - USUNIĘTO PUSTE WPISY - - - - . ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe MSConfigStartUp-QuickTime Task - f:\csi\qttask.exe AddRemove-5star Free Lines - c:\windows\unvise32.exe AddRemove-AlienFlux - f:\xx\AlienFlux\uninstall.exe AddRemove-Angela Young's Dream Adventure_is1 - f:\angela young's dream adventure\unins000.exe AddRemove-Autumn's Treasures - The Jade Coin_is1 - f:\autumn's treasures - the jade coin\unins000.exe AddRemove-Beach Party Craze_is1 - c:\program files\MyPlayCity.com\Beach Party Craze\unins000.exe AddRemove-Beetle Bomp_is1 - c:\program files\MyPlayCity.com\Beetle Bomp\unins000.exe AddRemove-BitDownload - c:\program files\BitDownload\Uninstall.exe AddRemove-CrossWorlds - The Flying City_is1 - f:\crossworlds - the flying city\unins000.exe AddRemove-Dominic Crane's Dreamscape Mystery_is1 - f:\dominic crane's dreamscape mystery\unins000.exe AddRemove-Dream Cars_is1 - c:\program files\MyPlayCity.com\Dream Cars\unins000.exe AddRemove-eMusic Promotion - c:\docume~1\Ja\USTAWI~1\Temp\nsbA8.tmp\eMusic\Uninst-eMusic-promotion.exe AddRemove-Hotel Mogul_is1 - c:\program files\MyPlayCity.com\Hotel Mogul\unins000.exe AddRemove-Love Ahoy_is1 - f:\love ahoy\unins000.exe AddRemove-Matchmaker - Joining Hearts_is1 - c:\program files\MyPlayCity.com\Matchmaker - Joining Hearts\unins000.exe AddRemove-Megapolis_is1 - c:\program files\MyPlayCity.com\Megapolis\unins000.exe AddRemove-Pageant Princess_is1 - c:\program files\MyPlayCity.com\Pageant Princess\unins000.exe AddRemove-Re-Volt - f:\re-volt\Uninst.isu AddRemove-toolplugin - c:\docume~1\Ja\USTAWI~1\Temp\WZSE0.TMP\setup.exe AddRemove-Townopolis Gold_is1 - c:\program files\MyPlayCity.com\Townopolis Gold\unins000.exe AddRemove-Treasure Pyramid_is1 - f:\treasure pyramid\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-13 14:10 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2013-05-13 14:11:39 ComboFix-quarantined-files.txt 2013-05-13 12:11 . Przed: 32 393 285 632 bajtów wolnych Po: 33 578 848 256 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - A348849E26E160B2FF27B6438F7755EF