ComboFix 12-08-30.05 - RAFAŁ 2012-08-31 20:00:50.3.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1654 [GMT 2:00] Uruchomiony z: G:\ComboFix.exe AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\036DFF98005145A527B87AEB81CB3EF3 c:\documents and settings\All Users\Dane aplikacji\036DFF98005145A527B87AEB81CB3EF3\036DFF98005145A527B87AEB81CB3EF3 c:\documents and settings\All Users\Dane aplikacji\036DFF98005145A527B87AEB81CB3EF3\036DFF98005145A527B87AEB81CB3EF3.exe c:\documents and settings\All Users\Dane aplikacji\036DFF98005145A527B87AEB81CB3EF3\036DFF98005145A527B87AEB81CB3EF3.ico c:\windows\OPTIONS\CABS\_desktop.ini c:\windows\system32\AegisI5Installer.exe c:\windows\system32\dllcache\dlimport.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-07-28 do 2012-08-31 ))))))))))))))))))))))))))))))) . . 2012-08-31 17:52 . 2012-08-31 17:52 8782 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2012-08-31 17:52 . 2012-08-31 17:52 7271 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2012-08-31 17:52 . 2012-08-31 17:52 51852 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2012-08-31 17:52 . 2012-08-31 17:52 23327 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2012-08-31 17:52 . 2012-08-31 17:52 20719 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2012-08-31 16:03 . 2012-08-31 16:03 -------- d-----w- c:\program files\HitmanPro 2012-08-31 15:00 . 2012-08-31 15:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\HitmanPro 2012-08-31 13:43 . 2012-08-31 16:25 -------- d-----w- c:\documents and settings\Administrator 2012-08-30 20:35 . 2012-08-30 20:35 -------- d-----w- c:\program files\Common Files\Steam 2012-08-22 20:31 . 2012-08-22 20:31 -------- d-----w- c:\documents and settings\RAFAŁ\Dane aplikacji\JaiboGames 2012-08-20 06:05 . 2012-08-20 06:07 -------- d-----w- c:\documents and settings\RAFAŁ\Ustawienia lokalne\Dane aplikacji\Darksiders2 2012-08-18 19:01 . 2012-08-18 19:01 -------- d-----w- c:\windows\system32\xlive 2012-08-18 19:01 . 2012-08-18 19:01 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2012-08-18 18:59 . 2012-08-18 18:59 -------- d-----w- c:\program files\Microsoft.NET 2012-08-14 21:10 . 2012-08-14 21:11 -------- d-----w- c:\program files\NAPI-PROJEKT 2012-08-10 13:47 . 2012-08-10 13:47 -------- d-----w- c:\program files\MSBuild 2012-08-10 13:47 . 2012-08-14 14:18 -------- d-----w- c:\windows\system32\XPSViewer 2012-08-10 13:47 . 2012-08-10 13:47 -------- d-----w- c:\program files\Reference Assemblies 2012-08-10 13:47 . 2007-03-22 18:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2012-08-10 13:47 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2012-08-09 13:31 . 2012-08-09 13:31 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin6.dll 2012-08-09 13:31 . 2012-08-09 13:31 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin5.dll 2012-08-09 13:31 . 2012-08-09 13:31 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin4.dll 2012-08-09 13:31 . 2012-08-09 13:31 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin3.dll 2012-08-09 13:31 . 2012-08-09 13:31 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin2.dll 2012-08-09 13:31 . 2012-08-09 13:31 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin.dll 2012-08-07 19:46 . 2012-08-07 20:03 -------- d-----w- c:\documents and settings\RAFAŁ\Dane aplikacji\.minecraft . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-14 18:51 . 2012-04-03 20:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-14 18:51 . 2012-04-03 20:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-28 13:08 . 2012-06-28 13:08 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2012-07-22 11:52 . 2012-04-03 20:40 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DiagAP8169"="c:\program files\MSI\LAN Utility\DiagAP8169" [X] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "QuickTime Task"="c:\program files\QT Lite\qttask.exe" [2012-04-18 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\gry\\call of duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot "53:UDP"= 53:UDP:Realtek AP UDP Prot . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2012-04-03 721904] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-03-31 39424] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 116648] S2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [2012-04-03 8440] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 250056] S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2012-04-03 11266] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 116648] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 113120] . Zawartość folderu 'Zaplanowane zadania' . 2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:51] . 2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-03 22:17] . 2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-03 22:17] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.wp.pl/ mStart Page = hxxp://www.hao123.com/?src=maxpc TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\documents and settings\RAFAŁ\Dane aplikacji\Mozilla\Firefox\Profiles\hpfbqufj.default\ FF - prefs.js: browser.startup.homepage - www.google.pl . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-31 20:06 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1844237615-1965331169-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:4f,84,c0,f5,9b,ea,31,c8,7c,97,75,01,36,3c,0d,40,8e,ff,d8,c4,ba,88,8e, 94,0b,59,a9,5c,e2,f3,be,3b,db,07,bd,84,d0,98,fc,24,62,1c,2f,3d,2f,c0,9f,9d,\ "??"=hex:56,27,29,b2,9a,c7,40,c4,9d,54,16,0c,ac,b8,7f,5b . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(596) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2012-08-31 20:08:00 ComboFix-quarantined-files.txt 2012-08-31 18:07 . Przed: 19 986 104 320 bajtów wolnych Po: 20 116 512 768 bajtów wolnych . - - End Of File - - 6E5C0C3E359AE5FDC1698B850B8CDF4E