ComboFix 11-11-26.04 - Henryk 2011-11-26 21:46:18.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3327.3019 [GMT 1:00] Uruchomiony z: c:\documents and settings\Henryk\Pulpit\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Henryk\WINDOWS c:\windows\$NtUninstallKB61701$ c:\windows\$NtUninstallKB61701$\2131784170\@ c:\windows\$NtUninstallKB61701$\2131784170\L\gmwwunmh c:\windows\$NtUninstallKB61701$\3763863331 c:\windows\msmqinst.log c:\windows\system32\ . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_7f1071ea . . ((((((((((((((((((((((((( Pliki utworzone od 2011-10-26 do 2011-11-26 ))))))))))))))))))))))))))))))) . . 2011-11-26 20:49 . 2011-11-26 20:49 -------- d-----w- c:\windows\system32\xircom 2011-11-26 20:49 . 2011-11-26 20:49 -------- d-----w- c:\windows\system32\wbem\snmp 2011-11-26 20:49 . 2011-11-26 20:49 -------- d-----w- c:\windows\system32\oobe 2011-11-26 20:49 . 2011-11-26 20:49 -------- d-----w- c:\windows\srchasst 2011-11-26 20:49 . 2011-11-26 20:49 -------- d-----w- c:\windows\msagent 2011-11-23 16:07 . 2011-11-26 18:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AVAST Software 2011-11-23 16:07 . 2011-11-23 16:07 -------- d-----w- c:\program files\AVAST Software 2011-11-23 15:08 . 2011-11-23 15:08 -------- d-----w- c:\program files\Alwil Software 2011-11-23 15:08 . 2011-11-23 15:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software 2011-11-11 10:18 . 2011-11-26 17:41 -------- d-----w- c:\program files\Bonjour 2011-11-11 10:17 . 2011-11-11 10:24 -------- d-----w- c:\program files\Skat 2011-11-10 08:09 . 2011-11-10 08:09 -------- d-s---w- c:\documents and settings\LocalService\Ulubione 2011-11-04 22:05 . 2011-11-04 22:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-11-03 16:45 . 2011-11-26 13:58 -------- d-sh--w- c:\documents and settings\Henryk\Ustawienia lokalne\Dane aplikacji\7f1071ea 2011-11-03 16:45 . 2011-11-03 16:45 -------- d-----w- c:\windows\Sun 2011-11-02 17:05 . 2011-11-02 17:05 -------- d-----w- c:\documents and settings\Henryk\Ustawienia lokalne\Dane aplikacji\Ahead 2011-10-31 11:53 . 2005-09-01 11:03 5888 ------w- c:\windows\system32\drivers\imagedrv.sys 2011-10-31 11:53 . 2005-09-01 11:03 127488 ------w- c:\windows\system32\drivers\imagesrv.sys 2011-10-31 11:53 . 2004-07-09 08:43 364544 ------w- c:\windows\system32\TwnLib4.dll 2011-10-31 11:53 . 2000-06-26 10:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll 2011-10-31 11:53 . 2011-10-31 11:53 -------- d-----w- c:\program files\Ahead 2011-10-31 11:53 . 2011-10-31 11:53 -------- d-----w- c:\program files\Common Files\Ahead 2011-10-31 11:53 . 2006-01-12 15:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe 2011-10-31 11:53 . 2004-07-26 16:16 476320 ------w- c:\windows\system32\ImagXpr7.dll 2011-10-31 11:53 . 2004-07-26 16:16 471040 ------w- c:\windows\system32\ImagXRA7.dll 2011-10-31 11:53 . 2004-07-26 16:16 262144 ------w- c:\windows\system32\ImagXR7.dll 2011-10-31 11:53 . 2004-07-26 16:16 1568768 ------w- c:\windows\system32\ImagX7.dll 2011-10-31 11:51 . 2011-10-31 11:51 -------- d-----w- c:\documents and settings\Henryk\Ustawienia lokalne\Dane aplikacji\The Weather Channel 2011-10-31 11:51 . 2011-11-26 16:48 -------- d-----w- c:\program files\AskTBar . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-15 15:31 . 2011-09-15 15:31 30544 ----a-w- c:\windows\dirdib.drv 2011-09-15 15:31 . 2011-09-15 15:31 30464 ----a-w- c:\windows\macromix.dll 2011-09-12 17:57 . 2011-09-12 17:57 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2011-09-12 17:54 . 2011-09-12 17:54 22328 ----a-w- c:\documents and settings\Henryk\Dane aplikacji\PnkBstrK.sys 2011-09-07 14:46 . 2011-09-07 14:46 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2011-09-07 14:46 . 2011-09-07 14:46 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2011-11-16 13:21 . 2011-08-28 00:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-07-05 . E0593C5746742DFB99A45B9D1234EBFB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys . . [-] 2009-06-08 . 23D57C8E0B5F3A098722C92C44D2ED44 . 7373312 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll . [-] 2009-06-09 . E6E972564384361D4C4DEBFE374FD311 . 631808 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll . [-] 2009-06-08 . 5AF5D548C95CB356F8B2D7F766BE264A . 1349632 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll . [-] 2009-06-27 . 227B04CFB38191D21105985514E5C398 . 3642368 . . [6.00.2900.5512] . . c:\windows\explorer.exe . . . [-] 2009-06-28 . 4D0130AA048A4F398A69493D2D5B41E6 . 2363904 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe . [-] 2009-06-28 . 32DE6ECA68D94772683039ACA57ECF61 . 2485248 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe . c:\windows\System32\wuauclt.exe ... - brak elementu !! c:\windows\System32\ctfmon.exe ... - brak elementu !! c:\windows\System32\wscntfy.exe ... - brak elementu !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TransBar"="c:\windows\TransBar.exe" [2005-06-01 65536] "GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2011-03-11 2265416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-08-11 40983152] "Live Update 5"="c:\program files\MSI\Live Update 5\LU5.exe" [2011-07-15 1752376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-23 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-23 13881448] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TransBar"="c:\windows\TransBar.exe" [2005-06-01 65536] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-07-05 128512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\MSI\\Live Update 5\\LU5.exe"= "c:\\Program Files\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\help.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "d:\\Gry\\AUTO\\Off-Road Drive\\Binaries\\Win32\\ShippingPC-PP3WorkGame.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= . R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-08-28 50176] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [2011-08-28 25912] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [2011-08-28 7680] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-08-28 119272] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-08-28 30392] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-08-28 2127728] S2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe --> c:\windows\system32\KaraokeSer.exe [?] S3 MSICDSetup;MSICDSetup;\??\f:\cdriver.sys --> f:\CDriver.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] 2009-07-05 00:16 128512 ----a-w- c:\windows\system32\advpack.dll . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ TCP: DhcpNameServer = 81.210.63.225 81.210.63.238 81.210.63.229 FF - ProfilePath - c:\documents and settings\Henryk\Dane aplikacji\Mozilla\Firefox\Profiles\awlysy9y.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig FF - prefs.js: network.proxy.type - 0 . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-Privacy Protection - c:\documents and settings\All Users\Dane aplikacji\privacy.exe AddRemove-{FD40E3BC-ED93-410C-AF18-B90BB924EF89} - c:\program files\InstallShield Installation Information\{FD40E3BC-ED93-410C-AF18-B90BB924EF89}\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-26 21:50 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(708) c:\windows\system32\MSGINA.dll . - - - - - - - > 'lsass.exe'(772) c:\windows\system32\scecli.dll . - - - - - - - > 'explorer.exe'(2028) c:\windows\system32\SHDOCVW.dll c:\windows\system32\ntshrui.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\stobject.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\MSVCP60.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\RUNDLL32.EXE c:\windows\system32\imapi.exe . ************************************************************************** . Czas ukończenia: 2011-11-26 21:51:14 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-11-26 20:51 . Przed: 57 728 016 384 bajtów wolnych Po: 57 954 304 000 bajtów wolnych . - - End Of File - - 17412AF731F37C8EC24A2192C784FCBC