ComboFix 11-04-20.04 - Fre4ky 2011-04-21 13:25:11.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3070.2565 [GMT 2:00] Uruchomiony z: c:\documents and settings\Fre4ky\Moje dokumenty\Pobieranie\ComboFix.exe FW: COMODO Firewall Pro *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Fre4ky\WINDOWS c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe c:\windows\system32\game.dll . . ((((((((((((((((((((((((( Pliki utworzone od 2011-03-21 do 2011-04-21 ))))))))))))))))))))))))))))))) . . 2011-04-21 11:16 . 2011-04-21 11:16 -------- d-----w- c:\program files\ToniArts 2011-04-21 11:16 . 2004-07-15 22:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll 2011-04-21 11:16 . 2004-07-15 22:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll 2011-04-21 11:16 . 2004-07-15 22:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll 2011-04-21 11:16 . 2004-07-15 22:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll 2011-04-21 11:16 . 2004-07-15 22:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe 2011-04-21 11:16 . 2011-04-21 11:16 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll 2011-04-21 11:16 . 2011-04-21 11:16 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll 2011-04-21 11:10 . 2011-04-21 11:10 -------- d-----w- c:\windows\system32\wbem\Repository 2011-04-21 10:40 . 2011-04-21 11:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AVAST Software(2) 2011-04-21 10:26 . 2011-04-21 10:26 -------- d-----w- c:\program files\AVAST Software 2011-04-21 09:52 . 2011-04-21 11:06 -------- d-----w- c:\windows\system32\GroupPolicy 2011-04-14 14:58 . 2011-04-21 11:07 -------- d-----w- c:\windows\system32\XPSViewer 2011-04-14 14:58 . 2011-04-14 14:58 -------- d-----w- c:\program files\MSBuild 2011-04-14 14:58 . 2011-04-14 14:58 -------- d-----w- c:\program files\Reference Assemblies 2011-04-11 18:41 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys 2011-04-11 18:41 . 2011-04-11 18:41 -------- d-----w- c:\program files\AMD 2011-04-11 18:41 . 2011-04-11 18:41 -------- d-----w- c:\documents and settings\Fre4ky\Ustawienia lokalne\Dane aplikacji\Downloaded Installations 2011-04-11 18:13 . 2011-04-11 18:13 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\SecuROM 2011-04-11 18:13 . 2011-04-11 18:13 376320 ----a-r- c:\documents and settings\Fre4ky\Dane aplikacji\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe 2011-04-11 17:39 . 2011-04-11 17:39 -------- d-----w- c:\program files\2K Games 2011-04-11 17:39 . 2011-04-11 17:39 -------- d-----w- c:\program files\DIFX 2011-04-11 17:39 . 2006-07-01 21:32 43520 ----a-w- c:\windows\system32\drivers\AmdK8.sys 2011-04-11 17:39 . 2011-04-11 17:39 -------- d-----w- c:\program files\AGEIA Technologies 2011-04-11 17:39 . 2011-04-11 17:39 -------- d-----w- c:\windows\system32\AGEIA 2011-04-09 10:51 . 2011-04-09 10:51 -------- d-----w- c:\documents and settings\Fre4ky\Dane aplikacji\Nowy folder 2011-04-09 10:35 . 2011-04-09 10:57 -------- d-----w- c:\documents and settings\Fre4ky\Dane aplikacji\.minecraft 2011-04-07 15:56 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2011-04-07 15:56 . 2011-04-21 11:10 -------- d-----w- c:\documents and settings\Kal 2011-04-07 15:53 . 2011-04-21 11:10 -------- d-----w- c:\documents and settings\Gość 2011-04-07 15:12 . 2011-04-07 15:12 -------- d-----w- C:\InixSoft 2011-04-02 09:01 . 2011-04-02 09:01 -------- d-----w- c:\program files\LogMeIn Hamachi . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-27 16:57 . 2011-02-27 16:57 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-02-15 17:14 . 2011-02-15 17:14 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-15 17:14 . 2011-02-15 17:14 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-15 16:32 . 2011-02-15 16:32 279552 ----a-w- c:\windows\Leatrix Latency Fix.exe 2011-01-21 14:44 . 2008-04-15 12:00 440832 ----a-w- c:\windows\system32\shimgvw.dll . . ------- Sigcheck ------- . [-] 2010-06-18 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys . [-] 2010-06-18 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304] "RTHDCPL"="RTHDCPL.EXE" [2010-02-22 18791456] "Diamondback"="c:\program files\Razer\Diamondback\razerhid.exe" [2007-02-14 147456] "Leatrix Latency Fix.exe"="c:\windows\Leatrix Latency Fix.exe" [2011-02-15 279552] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2010-06-18 128512] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Documents and Settings\\Fre4ky\\Ustawienia lokalne\\Dane aplikacji\\TeamSpeak 3 Client\\ts3client_win32.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Razer\\Diamondback\\razercfg.exe"= "c:\\Program Files\\BitLord 1.2\\Bitlord files\\bitlord.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Riot Games\\League of Legends\\air\\LolClient.exe"= "c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57872:TCP"= 57872:TCP:Pando Media Booster "57872:UDP"= 57872:UDP:Pando Media Booster "8381:TCP"= 8381:TCP:League of Legends Launcher "8381:UDP"= 8381:UDP:League of Legends Launcher "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "6990:TCP"= 6990:TCP:League of Legends Launcher "6990:UDP"= 6990:UDP:League of Legends Launcher "6953:TCP"= 6953:TCP:League of Legends Launcher "6953:UDP"= 6953:UDP:League of Legends Launcher "6886:TCP"= 6886:TCP:League of Legends Launcher "6886:UDP"= 6886:UDP:League of Legends Launcher "6996:TCP"= 6996:TCP:League of Legends Launcher "6996:UDP"= 6996:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher . R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2010-06-18 69248] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2010-06-18 210736] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-02-27 218688] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504] R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2011-02-15 13225] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Fre4ky\USTAWI~1\Temp\NWY26.tmp --> c:\docume~1\Fre4ky\USTAWI~1\Temp\NWY26.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?] . . ------- Skan uzupełniający ------- . FF - ProfilePath - c:\documents and settings\Fre4ky\Dane aplikacji\Mozilla\Firefox\Profiles\rwfsl07r.default\ FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-AP Guitar Tuner 1.02 - c:\program files\Audio Phonics . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-21 13:27 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Fre4ky\USTAWI~1\Temp\NWY26.tmp" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(796) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Czas ukończenia: 2011-04-21 13:28:27 ComboFix-quarantined-files.txt 2011-04-21 11:28 . Przed: 43 285 413 888 bajtów wolnych Po: 43 251 945 472 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - 6016262DA4EAD56BEC11598288401603