ComboFix 12-07-08.01 - Matii 2012-07-08 22:22:19.7.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1613 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe ((((((((((((((((((((((((( Pliki utworzone od 2012-06-08 do 2012-07-08 ))))))))))))))))))))))))))))))) 2012-07-08 12:12:29 . 2012-07-08 12:12:37 -------- d-----w- C:\Documents and Settings\Matii\Dane aplikacji\hellomoto 2012-07-05 20:45:14 . 2012-07-05 20:45:14 670816 ----a-w- C:\WINDOWS\system32\xsherlock.xem 2012-07-05 20:39:42 . 2012-03-27 17:13:02 230920 ----a-w- C:\WINDOWS\system32\EPWZCmnCtrl.dll 2012-07-05 20:39:41 . 2012-07-05 20:39:41 -------- d-----w- C:\Program Files\WEBZEN 2012-07-05 20:36:34 . 2012-07-05 20:39:42 -------- d-----w- C:\Documents and Settings\All Users\Dane aplikacji\WEBZEN 2012-07-05 20:01:07 . 2012-07-05 20:01:13 -------- d-----w- C:\Program Files\Common Files\Overwolf 2012-07-05 20:01:06 . 2012-07-05 20:01:26 -------- d-----w- C:\Program Files\Overwolf 2012-07-05 19:59:43 . 2012-07-08 19:13:55 -------- d-----w- C:\Documents and Settings\Matii\Ustawienia lokalne\Dane aplikacji\Overwolf 2012-06-28 10:55:56 . 2003-02-27 14:12:48 696320 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2012-06-28 10:55:56 . 2002-12-05 12:10:32 155648 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2012-06-28 10:55:56 . 2002-12-02 13:22:44 5632 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2012-06-28 10:55:56 . 2002-12-02 11:33:04 57344 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2012-06-28 10:55:56 . 2002-12-02 11:33:04 237568 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2012-06-28 10:55:55 . 2012-06-28 10:55:55 282756 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2012-06-28 10:55:55 . 2012-06-28 10:55:55 163972 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2012-06-23 17:40:37 . 2012-04-18 17:42:00 4598592 ----a-w- C:\WINDOWS\system32\GameMon.des 2012-06-23 17:40:07 . 2005-01-04 09:43:08 4682 ----a-w- C:\WINDOWS\system32\npptNT2.sys 2012-06-23 17:40:07 . 2003-07-20 18:17:16 5174 ----a-w- C:\WINDOWS\system32\nppt9x.vxd 2012-06-23 17:39:55 . 2012-06-23 17:39:55 -------- d-----w- C:\Program Files\Common Files\INCA Shared 2012-06-21 16:08:38 . 2012-06-21 16:21:57 419488 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe 2012-06-21 15:40:42 . 2012-06-21 15:40:42 768848 ----a-w- C:\WINDOWS\system32\msvcr100.dll 2012-06-21 15:40:34 . 2012-06-21 15:40:34 421200 ----a-w- C:\WINDOWS\system32\msvcp100.dll 2012-06-20 17:09:53 . 2012-06-20 17:09:53 -------- d-----w- C:\Documents and Settings\Matii\Ustawienia lokalne\Dane aplikacji\Chromium 2012-06-20 17:00:23 . 2012-06-20 17:00:23 -------- d-----w- C:\Program Files\DIFX 2012-06-20 17:00:20 . 2006-07-01 21:32:26 43520 ----a-w- C:\WINDOWS\system32\drivers\AmdK8.sys 2012-06-20 14:37:27 . 2012-06-20 14:37:27 -------- d-----w- C:\Documents and Settings\All Users\Dane aplikacji\Hi-Rez Studios 2012-06-15 11:58:55 . 2012-06-15 11:58:55 -------- d-----w- C:\Documents and Settings\Matii\Ustawienia lokalne\Dane aplikacji\PCHealth 2012-06-11 15:15:57 . 2008-04-14 17:20:32 21504 ----a-w- C:\WINDOWS\system32\hidserv.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-06-21 16:21:57 . 2011-07-30 22:54:48 70304 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2012-06-05 05:54:18 . 2011-12-25 00:30:16 302 ----a-w- C:\Program Files\Common Files\userInit.dll 2012-06-02 13:19:38 . 2011-07-30 21:24:58 329240 ----a-w- C:\WINDOWS\system32\wucltui.dll 2012-06-02 13:19:38 . 2011-07-30 21:24:58 219160 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl 2012-06-02 13:19:38 . 2011-07-30 21:24:58 210968 ----a-w- C:\WINDOWS\system32\wuweb.dll 2012-06-02 13:19:38 . 2009-08-06 17:24:12 15896 ----a-w- C:\WINDOWS\system32\wuapi.dll.mui 2012-06-02 13:19:38 . 2009-08-06 17:24:10 24088 ----a-w- C:\WINDOWS\system32\wucltui.dll.mui 2012-06-02 13:19:34 . 2011-07-30 21:24:58 53784 ----a-w- C:\WINDOWS\system32\wuauclt.exe 2012-06-02 13:19:34 . 2011-07-30 21:24:58 35864 ----a-w- C:\WINDOWS\system32\wups.dll 2012-06-02 13:19:34 . 2009-08-06 17:24:10 45080 ----a-w- C:\WINDOWS\system32\wups2.dll 2012-06-02 13:19:34 . 2004-08-03 22:43:54 97304 ----a-w- C:\WINDOWS\system32\cdm.dll 2012-06-02 13:19:30 . 2009-08-06 17:24:00 16408 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl.mui 2012-06-02 13:19:24 . 2011-07-30 21:24:58 577048 ----a-w- C:\WINDOWS\system32\wuapi.dll 2012-06-02 13:19:18 . 2011-07-30 21:24:58 1933848 ----a-w- C:\WINDOWS\system32\wuaueng.dll 2012-06-02 13:19:18 . 2009-08-06 17:23:46 18968 ----a-w- C:\WINDOWS\system32\wuaueng.dll.mui 2012-06-02 13:18:58 . 2012-04-10 11:07:54 275696 ----a-w- C:\WINDOWS\system32\mucltui.dll 2012-06-02 13:18:58 . 2012-04-10 11:07:54 214256 ----a-w- C:\WINDOWS\system32\muweb.dll 2012-06-02 13:18:58 . 2012-04-10 11:07:54 18160 ----a-w- C:\WINDOWS\system32\mucltui.dll.mui 2012-05-31 13:22:04 . 2004-08-03 22:43:56 602624 ----a-w- C:\WINDOWS\system32\crypt32.dll 2012-05-16 07:59:08 . 2004-08-03 22:44:16 669696 ----a-w- C:\WINDOWS\system32\wininet.dll 2012-05-15 13:55:52 . 2004-08-03 22:37:28 1863424 ----a-w- C:\WINDOWS\system32\win32k.sys 2012-05-05 03:15:02 . 2004-08-04 00:38:58 2070400 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe 2012-05-05 03:15:01 . 2004-08-03 22:39:10 2193920 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe 2012-05-02 13:47:12 . 2011-07-30 21:23:17 139656 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys 2012-05-01 07:36:14 . 2012-05-01 07:36:13 477240 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys 2012-04-20 19:30:26 . 2004-08-03 20:59:30 61952 ----a-w- C:\WINDOWS\system32\tdc.ocx 2012-04-20 19:30:25 . 2004-08-03 22:44:00 81920 ----a-w- C:\WINDOWS\system32\ieencode.dll 2012-04-20 19:29:02 . 2004-08-03 22:36:10 370688 ----a-w- C:\WINDOWS\system32\html.iec 2012-04-11 18:07:03 . 2011-10-23 10:39:25 60416 ----a-w- C:\WINDOWS\ALCFDRTM.VER 2012-02-12 16:56:53 . 2012-02-12 16:56:53 27958 ----a-w- C:\Program Files\Common Files\logonInit.dll 2011-11-11 00:39:14 . 2011-07-30 22:40:52 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{d1fce654-5fd1-48ad-b13c-5064736120b7}"= "C:\Program Files\Soft32\prxtbSof2.dll" [2011-05-09 09:49:38 176936] [HKEY_CLASSES_ROOT\clsid\{d1fce654-5fd1-48ad-b13c-5064736120b7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1fce654-5fd1-48ad-b13c-5064736120b7}] 2011-05-09 09:49:38 176936 ----a-w- C:\Program Files\Soft32\prxtbSof2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{d1fce654-5fd1-48ad-b13c-5064736120b7}"= "C:\Program Files\Soft32\prxtbSof2.dll" [2011-05-09 09:49:38 176936] [HKEY_CLASSES_ROOT\clsid\{d1fce654-5fd1-48ad-b13c-5064736120b7}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D1FCE654-5FD1-48AD-B13C-5064736120B7}"= "C:\Program Files\Soft32\prxtbSof2.dll" [2011-05-09 09:49:38 176936] [HKEY_CLASSES_ROOT\clsid\{d1fce654-5fd1-48ad-b13c-5064736120b7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 07:33:30 4910912] "Akamai NetSession Interface"="C:\Documents and Settings\Matii\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe" [2012-05-26 04:32:24 4327744] "ALLUpdate"="D:\Program Files\ALLPlayer\ALLUpdate.exe" [2011-08-16 18:30:40 1379840] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 15:42:34 75624] "Overwolf"="C:\Program Files\Overwolf\Overwolf.exe" [2012-06-21 15:40:34 35256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 13:28:22 577536] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 07:03:38 210472] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 19:12:14 30248] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 19:10:12 46632] "PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 11:46:58 255528] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 12:51:26 663552] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 13:58:28 65536] "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 23:08:12 1259376] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-10-08 04:50:00 16744256] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2011-10-08 04:50:00 203072] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 12:02:04 254696] "LogMeIn Hamachi Ui"="D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 10:29:26 1996200] "verclsid"="C:\Documents and Settings\Matii\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4843\verclsid.exe" [2012-07-08 12:12:13 50176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 13:56:38 462408] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 17:21:10 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ X-Mouse Button Control.lnk - D:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [2011-11-18 766976] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "D:\\Program Files\\Winamp\\winamp.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "D:\\Program Files\\Valve\\Steam\\SteamApps\\19aki94\\condition zero\\hl.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Documents and Settings\\Matii\\Ustawienia lokalne\\Dane aplikacji\\Akamai\\netsession_win.exe"= "C:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "C:\\Program Files\\Microsoft Office\\Office2\\Office.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "D:\\Program Files\\Valve\\Steam\\Steam.exe"= "D:\\Program Files\\Valve\\Steam\\SteamApps\\19aki94\\counter-strike\\hl.exe"= "D:\\Program Files\\Valve\\Steam\\SteamApps\\19aki94\\team fortress 2\\hl2.exe"= "D:\\Program Files\\WEBZEN\\C9\\C9.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57495:TCP"= 57495:TCP:Pando Media Booster "57495:UDP"= 57495:UDP:Pando Media Booster "1057:TCP"= 1057:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\drivers\AGPKX.SYS [2011-07-30 23:51:48 45056] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [2011-08-24 15:56:48 232512] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;D:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 12:29:22 1385896] R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\drivers\ULILAN51.SYS [2011-07-30 23:51:57 28672] S2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe -k Akamai [2004-08-04 00:44:28 14336] S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 17:42:34 75624] S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-07-31 14:24:11 2253120] S2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 08:50:48 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 18:08:39 257696] S3 Andbus;LGE Android Composite USB Device;C:\WINDOWS\system32\drivers\lgandbus.sys [2011-11-25 13:09:17 14336] S3 AndDiag;LGE Android USB Serial Port;C:\WINDOWS\system32\drivers\lganddiag.sys [2011-11-25 13:09:17 20864] S3 AndGps;LGE Android USB GPS NMEA Port;C:\WINDOWS\system32\drivers\lgandgps.sys [2011-11-25 13:09:17 19968] S3 ANDModem;LGE Android USB Modem;C:\WINDOWS\system32\drivers\lgandmodem.sys [2011-11-25 13:09:17 24960] S3 androidusb;ADB Interface Driver;C:\WINDOWS\system32\drivers\lgandadb.sys [2011-11-25 13:09:17 25728] S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des -service --> C:\WINDOWS\system32\GameMon.des -service [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 21:37:50 4640000] S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files\Overwolf\OverwolfUpdater.exe [2012-07-05 22:01:23 18360] S3 vtany;vtany;\??\C:\WINDOWS\vtany.sys --> C:\WINDOWS\vtany.sys [?] S3 xhunter1;xhunter1;\??\C:\WINDOWS\xhunter1.sys --> C:\WINDOWS\xhunter1.sys [?] S3 xsherlock;xsherlock;C:\WINDOWS\system32\xsherlock.xem [2012-07-05 22:45:14 670816] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai Zawartość folderu 'Zaplanowane zadania' 2012-07-08 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 16:08:39 . 2012-06-21 16:22:05] 2012-07-05 C:\WINDOWS\Tasks\RunOW.job - C:\Program Files\Overwolf\OverwolfLauncher.exe [2012-06-21 15:40:42 . 2012-06-21 15:40:42] ------- Skan uzupełniający ------- uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2508618 uInternet Settings,ProxyOverride = 127.0.0.1:9421; IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - C:\Documents and Settings\Matii\Dane aplikacji\Mozilla\Firefox\Profiles\9s0kvisp.default\ FF - prefs.js: browser.startup.homepage - www.google.pl - - - - USUNIĘTO PUSTE WPISY - - - - Notify-LogonInit - logonInit.dll