ComboFix 11-12-29.04 - xp 2012-01-09 21:05:10.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3326.2916 [GMT 1:00] Uruchomiony z: c:\documents and settings\xp\Pulpit\ComboFix.exe AV: ArcaVir *Enabled/Outdated* {430EE792-8EF9-4D8A-B486-78BBF686F0E1} FW: ArcaVir Firewall *Enabled* {B640009B-6FF6-4CA7-9CE8-7DA160B95A5B} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\xp\Dane aplikacji\GrabIt c:\documents and settings\xp\Dane aplikacji\GrabIt\Batch.gba c:\windows\msmqinst.log c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\setup.ini c:\windows\system32\TZLog.log . . ((((((((((((((((((((((((( Pliki utworzone od 2011-12-09 do 2012-01-09 ))))))))))))))))))))))))))))))) . . 2012-01-09 19:26 . 2012-01-09 19:26 -------- d-----w- c:\program files\Ad-Remover 2012-01-02 14:57 . 2012-01-02 14:57 -------- d-----w- c:\documents and settings\xp\Dane aplikacji\SumatraPDF 2012-01-02 14:55 . 2012-01-02 14:55 237 ----a-w- C:\user.js 2012-01-02 14:55 . 2012-01-02 14:55 -------- d-----w- c:\program files\BabylonToolbar 2012-01-02 14:54 . 2012-01-02 14:54 -------- d-----w- c:\program files\PDFReader 2012-01-02 14:54 . 2012-01-02 14:54 -------- d-----w- c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\Babylon 2012-01-02 14:54 . 2012-01-02 14:54 -------- d-----w- c:\documents and settings\xp\Dane aplikacji\Babylon 2012-01-02 14:54 . 2012-01-02 14:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Babylon 2011-12-15 12:12 . 2011-12-15 13:23 -------- d-----w- c:\documents and settings\xp\dwhelper 2011-12-14 19:38 . 2011-12-14 19:42 -------- d-----w- c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\Ubisoft Game Launcher 2011-12-14 15:55 . 2011-12-14 15:55 189248 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-12-14 15:55 . 2011-12-14 15:55 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-12-14 15:55 . 2011-12-14 15:55 -------- d-----w- c:\documents and settings\xp\Dane aplikacji\PunkBuster . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 14:40 . 2004-08-03 22:37 1859840 ----a-w- c:\windows\system32\win32k.sys 2011-11-16 15:55 . 2011-11-16 15:55 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe 2011-11-16 15:55 . 2011-11-16 15:55 235 ----a-w- c:\windows\system32\nxEuUninstall.bat 2011-11-01 20:36 . 2004-08-03 22:44 669696 ----a-w- c:\windows\system32\wininet.dll 2011-11-01 20:36 . 2004-08-03 22:44 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-11-01 20:36 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-11-01 20:34 . 2004-08-03 22:36 370688 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2004-08-03 22:44 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2004-08-03 22:43 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:49 . 2004-08-04 00:39 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-26 10:49 . 2004-08-03 22:38 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-18 11:13 . 2004-08-03 22:43 186880 ----a-w- c:\windows\system32\encdec.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\prxtbfre2.dll" [2011-05-09 176936] "{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files\Softonic-Polska\prxtbSof2.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] 2011-05-09 09:49 176936 ----a-w- c:\program files\Softonic-Polska\prxtbSof2.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2011-05-09 09:49 176936 ----a-w- c:\program files\free-downloads.net\prxtbfre2.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\prxtbfre2.dll" [2011-05-09 176936] "{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files\Softonic-Polska\prxtbSof2.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\prxtbfre2.dll" [2011-05-09 176936] "{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF}"= "c:\program files\Softonic-Polska\prxtbSof2.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-07-10 2177576] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-07-21 12477024] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2010-03-23 1432064] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-04 328568] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120] "Steam"="d:\valve\Steam\Steam.exe" [2011-08-13 1242448] "GameXN (update)"="c:\documents and settings\All Users\Dane aplikacji\GameXN\GameXNGO.exe" [2011-09-12 347008] "GameXN (news)"="c:\documents and settings\All Users\Dane aplikacji\GameXN\GameXNGO.exe" [2011-09-12 347008] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-11-16 438272] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="m‘|\ü" [X] "RTHDCPL"="RTHDCPL.EXE" [2008-05-14 16862720] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13529088] "nwiz"="nwiz.exe" [2008-06-25 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 86016] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-02-21 91432] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "AvMenu"="c:\program files\ArcaBit\ArcaVir\AVMenu.exe" [2010-06-25 453200] "ABRegmon"="c:\program files\ArcaBit\ArcaVir\ABregmon.exe" [2010-01-28 420432] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "AdslTaskBar"="stmctrl.dll" [2006-06-02 151552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Documents and Settings\\xp\\Moje dokumenty\\Downloads\\Warcraft III\\Warcraft III.exe"= "d:\\Program Files\\World of Warcraft\\Launcher.exe"= "d:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"= "d:\\GRY\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Nexon\\NGM\\NGM.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Nexon\\Common\\NMService.exe"= "c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"= "d:\\Soldat\\Soldat.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\ACRSP.exe"= "d:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\ACRMP.exe"= "d:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\AssassinsCreedRevelations.exe"= "d:\\Valve\\Steam\\SteamApps\\penzo444\\counter-strike\\hl.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "50001:TCP"= 50001:TCP:ArcaVir CommunicationPort (S) "50000:TCP"= 50000:TCP:ArcaVir CommunicationPort (A) . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-08-05 436792] R1 ABTDI;ArcaBit Network Driver;c:\program files\ArcaBit\ArcaVir\ABTDI.sys [2008-02-26 51208] R2 AVUpdate;ArcaBit Update Service;c:\program files\ArcaBit\ArcaUpdate\update.exe [2010-01-29 117328] R3 ABFLT;ArcaBit File Monitor Driver;c:\program files\ArcaBit\ArcaVir\ABFLT.sys [2010-01-29 51792] R3 ABndisMP;ABndisMP;c:\windows\system32\drivers\abndis.sys [2010-06-07 34384] R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2010-08-10 60255] R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2010-08-10 683791] S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2001-10-26 3584] S2 ABMainSV;ArcaBit Main Service;c:\program files\ArcaBit\ArcaVir\ArcaMainSV.exe [2010-01-20 122152] S2 ArcaRemoteService;ArcaBit Control;c:\program files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe [2010-02-01 289360] S2 AVBackup;ArcaBit Backup Service;c:\program files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe [2009-09-11 178768] S2 AVTasks2;ArcaBit Tasks Service;c:\program files\ArcaBit\Common\ArcaTasksService.exe [2009-09-11 96848] S3 ABndis;ABndis Service;c:\windows\system32\drivers\abndis.sys [2010-06-07 34384] S3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;c:\program files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2010-02-05 207440] S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;c:\program files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2009-09-11 248400] S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-08-09 11136] S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?] S3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [2010-08-09 5760] . Zawartość folderu 'Zaplanowane zadania' . . ------- Skan uzupełniający ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - c:\program files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll TCP: Interfaces\{323D1EFC-1E27-460D-8297-F91D23982C70}: NameServer = 79.163.127.70 217.116.100.65 FF - ProfilePath - c:\documents and settings\xp\Dane aplikacji\Mozilla\Firefox\Profiles\si5c82g8.default\ FF - user.js: extensions.BabylonToolbar_i.id - 73a7cba9000000000000005345000000 FF - user.js: extensions.BabylonToolbar_i.hardId - 73a7cba9000000000000005345000000 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15341 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:55 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ------- Skojarzenia plików ------- . .scr=AutoCADLTScriptFile . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file) HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe AddRemove-BandiMPEG1 - d:\vindictus eu\en-EU\BandiMPEG1\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-09 21:18 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . Czas ukończenia: 2012-01-09 21:21:48 ComboFix-quarantined-files.txt 2012-01-09 20:21 . Przed: 6 477 324 288 bajtów wolnych Po: 10 484 813 824 bajtów wolnych . - - End Of File - - 053587BD3591EC73EF218C153C64AB5F