ComboFix 12-07-06.02 - user 2012-02-06 21:31:43.1.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1279.881 [GMT 1:00] Uruchomiony z: c:\documents and settings\user\Moje dokumenty\Pobieranie\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} FW: G Data Personal Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082} . [i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i] . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\TEMP c:\documents and settings\All Users\SPL16.tmp c:\documents and settings\All Users\SPL162.tmp c:\documents and settings\All Users\SPL168.tmp c:\documents and settings\All Users\SPL272.tmp c:\documents and settings\All Users\SPL4A.tmp c:\documents and settings\All Users\SPL5.tmp c:\documents and settings\All Users\SPL81.tmp c:\documents and settings\All Users\SPL8E.tmp c:\documents and settings\All Users\SPL91.tmp c:\documents and settings\All Users\SPL9B.tmp c:\documents and settings\All Users\SPLA9.tmp c:\documents and settings\All Users\SPLB2.tmp c:\documents and settings\All Users\SPLC2.tmp c:\documents and settings\All Users\SPLCF.tmp c:\documents and settings\All Users\SPLD7.tmp c:\documents and settings\All Users\SPLE.tmp c:\documents and settings\All Users\SPLF5.tmp c:\documents and settings\user\Dane aplikacji\PriceGong c:\documents and settings\user\Dane aplikacji\PriceGong\Data\1.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\a.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\b.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\c.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\d.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\e.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\f.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\g.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\h.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\i.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\J.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\k.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\l.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\m.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\mru.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\n.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\o.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\p.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\q.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\r.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\s.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\t.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\u.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\v.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\w.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\x.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\y.xml c:\documents and settings\user\Dane aplikacji\PriceGong\Data\z.xml c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\promo.exe c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\setup.exe c:\documents and settings\user\WINDOWS c:\windows\system32\embedded c:\windows\system32\embedded\CompiledCode.bin c:\windows\system32\embedded\License.txt c:\windows\system32\embedded\uninstall.exe c:\windows\system32\embedded\WizardImage.bmp c:\windows\system32\embedded\WizardSmallImage.bmp c:\windows\system32\SETCF.tmp c:\windows\system32\SETDB.tmp d:\58b56db5e93cf01417\amd64\filterpipelineprintproc.dll d:\58b56db5e93cf01417\amd64\mxdwdrv.dll d:\58b56db5e93cf01417\amd64\xpssvcs.dll d:\58b56db5e93cf01417\i386\filterpipelineprintproc.dll d:\58b56db5e93cf01417\i386\mxdwdrv.dll d:\58b56db5e93cf01417\i386\xpssvcs.dll d:\a5cf867a868f51053d20f995039e\1025\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1028\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1029\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1030\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1031\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1032\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1033\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1035\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1036\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1037\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1038\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1040\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1041\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1042\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1043\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1044\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1045\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1046\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1049\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1053\SetupResources.dll d:\a5cf867a868f51053d20f995039e\1055\SetupResources.dll d:\a5cf867a868f51053d20f995039e\2052\SetupResources.dll d:\a5cf867a868f51053d20f995039e\2070\SetupResources.dll d:\a5cf867a868f51053d20f995039e\3076\SetupResources.dll d:\a5cf867a868f51053d20f995039e\3082\SetupResources.dll d:\ab8b5c2aa239c161e4280fb0\amd64\filterpipelineprintproc.dll d:\ab8b5c2aa239c161e4280fb0\amd64\mxdwdrv.dll d:\ab8b5c2aa239c161e4280fb0\amd64\xpssvcs.dll d:\ab8b5c2aa239c161e4280fb0\i386\filterpipelineprintproc.dll d:\ab8b5c2aa239c161e4280fb0\i386\mxdwdrv.dll d:\ab8b5c2aa239c161e4280fb0\i386\xpssvcs.dll D:\hl.exe D:\main.exe D:\RealPlayer.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-01-06 do 2012-02-06 ))))))))))))))))))))))))))))))) . . 2012-06-21 16:40 . 2012-06-21 16:40 768848 ----a-w- c:\windows\system32\msvcr100.dll 2012-06-21 16:40 . 2012-06-21 16:40 421200 ----a-w- c:\windows\system32\msvcp100.dll 2012-05-07 12:29 . 2012-05-07 12:29 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-07 12:29 . 2012-05-07 12:29 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-05-07 12:29 . 2012-05-07 12:29 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-02-17 19:51 . 2012-02-17 19:51 -------- d-----w- c:\program files\Common Files\Java 2012-02-15 11:18 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-15 11:18 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll 2012-02-11 13:40 . 2012-02-11 13:40 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-02-06 20:00 . 2012-02-06 20:02 -------- d-----w- c:\windows\LastGood 2012-02-06 19:05 . 2012-02-06 19:05 -------- d-----w- c:\documents and settings\Administrator.USER-232AA19A39.000 2012-02-06 18:14 . 2012-02-06 18:14 -------- d-----w- c:\documents and settings\user\Dane aplikacji\hellomoto 2012-02-05 09:41 . 2012-04-18 17:42 4598592 ----a-w- c:\windows\system32\GameMon.des 2012-02-05 09:40 . 2005-01-04 09:43 4682 ----a-w- c:\windows\system32\npptNT2.sys 2012-02-05 09:40 . 2003-07-20 18:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd 2012-02-05 09:40 . 2012-02-05 09:40 -------- d-----w- c:\program files\Common Files\INCA Shared 2012-02-04 21:00 . 2012-02-04 21:00 -------- d-----w- c:\program files\Common Files\Skype 2012-02-04 21:00 . 2012-02-04 21:00 -------- d-----w- c:\program files\Common Files\Overwolf 2012-02-04 21:00 . 2012-02-04 21:01 -------- d-----w- c:\program files\Overwolf 2012-02-04 20:58 . 2012-02-06 18:19 -------- d-----w- c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Overwolf 2012-01-31 17:38 . 2012-06-19 16:03 -------- d-----w- c:\program files\SlySoft 2012-01-29 15:02 . 2012-01-29 15:02 0 ----a-w- c:\windows\system32\REN125.tmp 2012-01-29 15:02 . 2012-01-29 15:02 0 ----a-w- c:\windows\system32\REN124.tmp 2012-01-29 15:02 . 2012-01-29 15:02 0 ----a-w- c:\windows\system32\REN123.tmp 2012-01-29 11:51 . 2012-01-29 11:51 -------- d-----w- c:\program files\abgx360 2012-01-25 18:56 . 2012-01-25 19:14 -------- d-----w- c:\documents and settings\user\Dane aplikacji\ImgBurn 2012-01-25 18:09 . 2012-01-25 18:09 -------- d-----w- c:\program files\ImgBurn 2012-01-24 11:13 . 2012-01-24 11:30 -------- d-----w- c:\program files\SpeedLord . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-02 14:19 . 2009-08-06 17:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 14:19 . 2009-08-06 17:24 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 14:19 . 2004-08-17 13:06 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 14:19 . 2004-08-17 13:06 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 14:19 . 2004-08-17 13:06 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 14:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 14:19 . 2008-04-15 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 14:19 . 2004-08-17 13:06 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 14:19 . 2004-08-17 13:06 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 14:19 . 2009-08-06 17:24 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 14:19 . 2004-08-17 13:06 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 14:19 . 2009-08-06 17:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 14:19 . 2004-08-17 13:06 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 14:18 . 2010-12-27 07:37 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 14:18 . 2010-12-27 07:37 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 14:18 . 2010-12-27 07:37 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:55 . 2008-04-14 21:59 2070400 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:54 . 2008-04-15 12:00 1862528 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:54 . 2008-04-15 12:00 2193920 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-01 01:15 . 2008-04-15 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 01:15 . 2008-04-15 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2012-03-01 01:15 . 2008-04-15 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-03-01 01:15 . 2008-04-15 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2012-02-29 14:10 . 2008-04-15 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2008-04-15 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-17 19:50 . 2010-10-14 18:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-02-17 19:50 . 2010-10-14 18:59 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-11 13:40 . 2011-12-31 17:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-09 16:20 . 2004-08-17 13:04 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-01-03 07:28 . 2012-01-03 07:28 2570286 ----a-w- c:\windows\system32\abgx360.exe 2012-01-01 20:28 . 2012-01-01 20:28 61440 ----a-r- c:\documents and settings\user\Dane aplikacji\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe 2012-01-01 20:28 . 2012-01-01 20:28 61440 ----a-r- c:\documents and settings\user\Dane aplikacji\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe 2012-01-01 20:28 . 2012-01-01 20:28 65536 ----a-r- c:\documents and settings\user\Dane aplikacji\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe 2012-01-01 20:28 . 2012-01-01 20:28 57344 ----a-r- c:\documents and settings\user\Dane aplikacji\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe 2011-12-20 17:50 . 2011-12-27 12:08 79360 ----a-w- c:\windows\system32\ff_vfw.dll 2011-12-20 17:49 . 2011-12-27 12:09 48128 ----a-w- c:\windows\system32\ff_acm.acm 2011-11-28 18:01 . 2011-07-20 10:54 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2011-07-20 10:54 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-07-20 10:55 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2011-07-20 10:55 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2011-07-20 10:55 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2011-07-20 10:55 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2011-07-20 10:55 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2011-07-20 10:55 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2011-07-20 10:55 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2011-07-20 10:55 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-25 21:57 . 2008-04-15 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-20 06:12 . 2008-04-15 12:00 61440 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:21 . 2008-04-15 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2008-04-15 12:00 152064 ----a-w- c:\windows\system32\schannel.dll 2012-05-07 12:29 . 2011-10-01 19:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}] 2011-05-09 08:49 176936 ----a-w- c:\program files\WinZipBar\prxtbWinZ.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IPLA!"="c:\program files\ipla\ipla.exe" [2012-05-11 19858432] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424] "Overwolf"="c:\program files\Overwolf\Overwolf.exe" [2012-06-21 35256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "nwiz"="nwiz.exe" [2008-05-03 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 110592] "EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304] "lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2010-05-05 770728] "EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-05-05 148280] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-08-15 273544] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "sqlncli"="c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\2575\sqlncli.exe" [2012-02-06 49664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/pl.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw&inst=NzctOTM4NzE4Njk1LUNJUCsyLVNUMTBGQVBQKzEtRkwxMCsxLUREVCswLUYxME0xMkVUKzEtVEJOKzEtVTEwKzEtU1QxMkZPSSsxLUYxMFVFKzItU1RGMTBVR" [?] "AvgRemover"="c:\documents and settings\user\Moje dokumenty\Pobieranie\avgremover.exe" [2012-02-06 718104] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY] 2012-01-24 16:24 2416480 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avgwd"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"= "c:\\WINDOWS\\system32\\lxeacoms.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58793:TCP"= 58793:TCP:Pando Media Booster "58793:UDP"= 58793:UDP:Pando Media Booster . R0 sfdrv02;FrontLine Environment Driver (v2);c:\windows\system32\drivers\sfdrv02.sys [2006-09-11 67960] R0 sfsync05;FrontLine Synchronization Driver (v5);c:\windows\system32\drivers\sfsync05.sys [2006-12-21 61312] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-10-17 232512] R3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [2011-09-17 45568] S0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-07-20 435032] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-07-20 314456] S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2011-01-22 110304] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-07-20 20568] S2 FileServe Toolbar Helper;FileServe Toolbar Helper;c:\program files\FileServe Toolbar\FileServeSvc.exe --> c:\program files\FileServe Toolbar\FileServeSvc.exe [?] S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?] S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-03-12 193192] S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-11 253600] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-04-03 18120] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [?] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-04-03 42112] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 129976] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [2012-02-04 18360] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-04-03 98560] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-04-03 14848] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-04-03 123648] S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] . Zawartość folderu 'Zaplanowane zadania' . 2012-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-11 13:40] . 2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-308236825-1417001333-1004Core.job - c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-02-28 19:25] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-308236825-1417001333-1004UA.job - c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-02-28 19:25] . 2012-02-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-308236825-1417001333-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . 2012-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-308236825-1417001333-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=131 mStart Page = hxxp://startsear.ch/?aff=1&cf=09fda31c-33e6-11e1-aa51-14d64d18f495 IE: Download with FileServe Manager - d:\program files\FileServe Manager\GetUrl.htm TCP: DhcpNameServer = 10.0.0.1 88.199.83.2 82.160.1.1 FF - ProfilePath - c:\documents and settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\z7fz9l5m.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627 FF - prefs.js: browser.search.selectedEngine - Web Search... FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html?p=131 FF - prefs.js: network.proxy.ftp - 204.236.215.236:80 FF - prefs.js: network.proxy.gopher - 204.236.215.236:80 FF - prefs.js: network.proxy.http - 204.236.215.236:80 FF - prefs.js: network.proxy.socks - 204.236.215.236:80 FF - prefs.js: network.proxy.ssl - 204.236.215.236:80 FF - prefs.js: network.proxy.type - 2 . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - d:\program files\AVAST Software\Avast\ashShell.dll HKCU-Run-Rubin - d:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Rubin\rubin.exe HKCU-Run-ALLUpdate - d:\program files\ALLPlayer\ALLUpdate.exe HKCU-Run-Vidalia - d:\documents and settings\user\Moje dokumenty\Pobieranie\Tor Browser\App\vidalia.exe HKCU-Run-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe HKCU-Run-KiesHelper - d:\kies\KiesHelper.exe HKCU-Run-KiesTrayAgent - d:\kies\KiesTrayAgent.exe HKLM-Run-Cmaudio - cmicnfg.cpl HKLM-Run-BearShare - d:\program files\BearShare\BearShare.exe HKLM-Run-PWRISOVM.EXE - d:\program files\PowerISO\PWRISOVM.EXE HKLM-Run-FileServe Manager Task - d:\program files\FileServe Manager\FSStarter.exe MSConfigStartUp-avast - d:\program files\AVAST Software\Avast\avastUI.exe AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - c:\program files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe AddRemove-AC3Filter_is1 - d:\program files\AC3Filter\unins000.exe AddRemove-ALLPlayer_is1 - d:\program files\ALLPlayer\unins000.exe AddRemove-Ashampoo Burning Studio 2010 Advanced_is1 - d:\program files\Ashampoo\Ashampoo Burning Studio 2010 Advanced\unins000.exe AddRemove-avast - d:\program files\AVAST Software\Avast\aswRunDll.exe AddRemove-CABAL Online (Europe)_is1 - d:\program files\Games-Masters.com\CABAL Online (Europe)\unins000.exe AddRemove-Cheat Engine 6.2_is1 - d:\program files\Cheat Engine 6.2\unins000.exe AddRemove-Creation Master 08_is1 - d:\program files\Fifa Master\Creation Master 08\unins000.exe AddRemove-Cycling Manager 3 - d:\program files\Cyanide\Cycling Manager 3\Uninstall.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe AddRemove-Deluxe Ski Jump 3_is1 - d:\program files\Deluxe Ski Jump 3\Uninstall\unins000.exe AddRemove-Deluxe Ski Jump 4_is1 - d:\program files\Deluxe Ski Jump 4\Uninstall\unins000.exe AddRemove-DScaler 4 Test Version_is1 - d:\program files\DScaler\unins000.exe AddRemove-EVEREST Home Edition_is1 - d:\program files\Lavalys\EVEREST Home Edition\unins000.exe AddRemove-FileServe Toolbar - c:\program files\FileServe Toolbar\uninstall.exe AddRemove-Football Manager 2008 - d:\program files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe AddRemove-FreeArc - d:\program files\FreeArc\uninst.exe AddRemove-Gadu-Gadu 10 - d:\program files\Gadu-Gadu 10\Uninstall.exe AddRemove-GameCenter - d:\program files\Cyanide\GameCenter\uninstall.exe AddRemove-GameSpy Arcade - d:\progra~1\GAMESP~1\UNWISE.EXE AddRemove-Testy gimnazjalne 2012 CD 1 - d:\program files\Spell Software\Testy gimnazjalne 2012 CD 1\Uninst.exe AddRemove-Hamachi - d:\program files\Hamachi\uninstall.exe AddRemove-Magic ISO Maker v5.5 (build 0281) - d:\progra~1\MagicISO\UNWISE.EXE AddRemove-Metin2_is1 - d:\program files\Metin2\unins000.exe AddRemove-MPPL 08 - d:\ea sports\FIFA 08\Usuń MPPL08.exe AddRemove-Opera 11.60.1185 - c:\program files\Opera\Opera.exe AddRemove-pcsx2-r4600 - d:\program files\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe AddRemove-PowerISO - d:\program files\PowerISO\uninstall.exe AddRemove-Pro Cycling Manager 2007 - d:\program files\Cyanide\Pro Cycling Manager 2007\unins000.exe AddRemove-Pro Cycling Manager 2007_is1 - d:\program files\Cyanide\Pro Cycling Manager 2007\unins000.exe AddRemove-RealAlt_is1 - c:\program files\Real Alternative\unins000.exe AddRemove-Sacred Underworld_is1 - d:\program files\Kolekcja Klasyki\Sacred - Złota Edycja\unins000.exe AddRemove-SAMSUNG CDMA Modem - d:\\SSCDUninstall.exe AddRemove-SAMSUNG Mobile Composite Device - c:\windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe AddRemove-SopCast - d:\program files\SopCast\uninst.exe AddRemove-SpeedFan - d:\program files\SpeedFan\uninstall.exe AddRemove-SubEdit-Player_is1 - d:\program files\SubEdit-Player\unins000.exe AddRemove-Super Kulki_is1 - c:\program files\Super Kulki\unins000.exe AddRemove-uTorrent - d:\program files\uTorrent\uTorrent.exe AddRemove-VobSub - d:\program files\Gabest\VobSub\uninstall.exe AddRemove-WEOL 2010 v4.0 - d:\weol'10 4.0\Uninstall WEOL'10 4.0.exe AddRemove-WinAce 2.5 PL_is1 - d:\program files\WinAce\unins000.exe AddRemove-WinRAR archiver - d:\program files\WinRAR\uninstall.exe AddRemove-ZBOT para Cs1.6_is1 - d:\arquivos de programas\Valve\cstrike\unins000.exe AddRemove-{5A07D8BC-C982-43B3-B24F-6FD8D6E89F02}_is1 - d:\program files\FileServe Manager\unins000.exe AddRemove-{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1 - d:\perfect world entertainment\Battle of the Immortals\unins000.exe AddRemove-{A2F166A0-F031-4E27-A057-C69733219434}_is1 - d:\program files\Runes of Magic\unins000.exe AddRemove-{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1 - c:\program files\Panda Security\Panda Secure Vault\unins000.exe AddRemove-{D0795B21-0CDA-4a92-AB9E-6E92D8111E44} - d:\usb drivers\Uninstall.exe AddRemove-01_Simmental - d:\usb drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - d:\usb drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - d:\usb drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - d:\usb drivers\04_semseyite\Uninstall.exe AddRemove-07_Schorl - d:\usb drivers\07_Schorl\Uninstall.exe AddRemove-09_Hsp - d:\usb drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - d:\usb drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - d:\usb drivers\16_Shrewsbury\Uninstall.exe AddRemove-21_Searsburg - d:\usb drivers\21_Searsburg\Uninstall.exe AddRemove-24_flashusbdriver - d:\usb drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - d:\usb drivers\25_escape\Uninstall.exe AddRemove-2920371180.www.pcspeedup.com - c:\program files\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe AddRemove-Counter-Strike 1.6: New Era - D:\uninst.exe AddRemove-Total Club Patch Beta 0.9 - d:\pro evolution soccer 2008\Uninstal.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-06 21:45 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . Czas ukończenia: 2012-02-06 21:47:53 ComboFix-quarantined-files.txt 2012-02-06 20:47 . Przed: 1 718 927 360 bajtów wolnych Po: 2 335 846 400 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - F0A098526192580A8ED95A9961379488