ComboFix 12-07-08.01 - Maciek 2012-07-09 0:35.2.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3070.2663 [GMT 2:00] Uruchomiony z: c:\documents and settings\Maciek\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-08 do 2012-07-08 ))))))))))))))))))))))))))))))) . . 2012-07-08 13:56 . 2012-07-08 13:56 -------- d-----w- c:\program files\HitmanPro 2012-07-08 13:56 . 2012-07-08 13:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\HitmanPro 2012-07-08 13:51 . 2012-07-08 13:51 -------- d-----w- c:\documents and settings\Maciek\Dane aplikacji\Plus Internet 2012-07-08 13:50 . 2012-07-08 13:50 -------- d-----w- C:\Plus Internet 2012-07-08 13:14 . 2012-07-08 13:15 -------- d-----w- c:\documents and settings\Maciek\Dane aplikacji\hellomoto 2012-07-01 21:28 . 2012-07-01 21:28 -------- d-----w- c:\windows\Logs 2012-07-01 21:04 . 2009-09-22 07:12 171520 ----a-w- c:\windows\dxgi.dll 2012-07-01 21:04 . 2012-01-26 13:49 323072 ----a-w- c:\windows\msvcrt.dll 2012-07-01 21:03 . 2012-01-26 13:49 323072 ----a-w- c:\program files\Windows NT\msvcrt.dll 2012-07-01 20:52 . 2009-09-22 07:12 171520 ----a-w- c:\windows\system32\dxgi.dll 2012-07-01 20:52 . 2012-07-01 20:52 -------- d-----w- c:\documents and settings\Maciek\Dane aplikacji\dll-files.com 2012-06-27 13:40 . 2012-06-27 13:40 -------- d-----w- c:\program files\Tunatic 2012-06-23 17:20 . 2012-06-23 17:23 -------- d-----w- c:\documents and settings\Maciek\Dane aplikacji\Nero 2012-06-23 17:15 . 2012-06-23 17:16 -------- d-----w- c:\program files\Common Files\Nero 2012-06-13 11:35 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-12 22:33 . 2012-06-12 22:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Rockstar Games 2012-06-12 22:20 . 2012-06-12 22:20 -------- d-----w- c:\documents and settings\Maciek\Ustawienia lokalne\Dane aplikacji\Chromium 2012-06-12 22:07 . 2012-06-14 08:49 -------- d-----w- c:\program files\Microsoft 2012-06-10 22:15 . 2012-06-10 22:15 -------- d-----w- C:\found.000 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-28 23:35 . 2011-05-02 12:34 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-06-28 23:35 . 2011-06-25 13:30 271200 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-06-28 23:35 . 2011-05-02 12:33 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-06-22 21:59 . 2011-05-02 12:33 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-06-02 13:19 . 2011-04-30 17:39 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2011-04-30 17:39 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2011-04-30 17:20 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2011-04-30 17:20 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2011-04-30 17:20 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2011-04-30 17:39 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2011-04-30 17:20 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2011-04-30 16:44 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2003-04-16 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2011-04-30 17:39 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2011-04-30 17:20 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2011-04-30 17:39 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2011-04-30 16:44 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:18 . 2011-05-07 13:20 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2011-05-07 13:20 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2009-08-06 17:23 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2003-04-16 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2003-04-16 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55 . 2003-04-16 12:00 1863424 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:44 . 2003-04-16 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2003-04-16 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2011-04-30 17:20 385024 ------w- c:\windows\system32\html.iec 2012-05-05 03:14 . 2003-04-16 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2002-09-20 17:12 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2011-04-30 16:44 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-21 19:13 . 2012-04-21 19:13 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-21 19:13 . 2011-04-30 17:37 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-03-30 09:40 . 2011-03-30 09:40 517976 ----a-w- c:\program files\DXSETUP.exe 2011-03-30 09:40 . 2011-03-30 09:40 95576 ----a-w- c:\program files\DSETUP.dll 2011-03-30 09:40 . 2011-03-30 09:40 1566040 ----a-w- c:\program files\dsetup32.dll 2012-06-16 06:21 . 2011-10-03 04:48 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-08_22.18.12 ))))))))))))))))))))))))))))))))))))))))) . + 2003-04-16 12:00 . 2012-07-08 22:36 89150 c:\windows\system32\perfc009.dat - 2003-04-16 12:00 . 2012-07-08 22:19 89150 c:\windows\system32\perfc009.dat + 2003-04-16 12:00 . 2012-07-08 22:36 591324 c:\windows\system32\perfh015.dat - 2003-04-16 12:00 . 2012-07-08 22:19 591324 c:\windows\system32\perfh015.dat + 2003-04-16 12:00 . 2012-07-08 22:36 505686 c:\windows\system32\perfh009.dat - 2003-04-16 12:00 . 2012-07-08 22:19 505686 c:\windows\system32\perfh009.dat + 2003-04-16 12:00 . 2012-07-08 22:36 120390 c:\windows\system32\perfc015.dat - 2003-04-16 12:00 . 2012-07-08 22:19 120390 c:\windows\system32\perfc015.dat + 2012-07-08 22:30 . 2012-07-08 22:30 262144 c:\windows\system32\config\systemprofile\NtUser.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{d43723ae-1ae1-4a25-a6a4-bf0929273cab}"= "c:\program files\Ashampoo_PO\prxtbAsha.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2012-02-10 09:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}] 2011-05-09 08:49 176936 ----a-w- c:\program files\Ashampoo_PO\prxtbAsha.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{d43723ae-1ae1-4a25-a6a4-bf0929273cab}"= "c:\program files\Ashampoo_PO\prxtbAsha.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}"= "c:\program files\Ashampoo_PO\prxtbAsha.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-12 399736] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032] "RDReminder"="c:\program files\Dll-Files.com Fixer\DLLFixer.exe" [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1036288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-08 203072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "WinSyncMetastore"="c:\documents and settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\824\WinSyncMetastore.exe" [2012-07-08 50176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows "53:UDP"= 53:UDP:Promo . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-05-14 218688] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-12-25 436792] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-03-02 24408] S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-02-10 193816] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-07-08 105832] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2011-05-02 64000] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-16 2253120] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-02-10 240408] S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2011-05-02 116992] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 113120] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-02-11 119272] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' . 2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1500820517-839522115-1004Core.job - c:\documents and settings\Maciek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-01-21 10:55] . 2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1500820517-839522115-1004UA.job - c:\documents and settings\Maciek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-01-21 10:55] . 2012-03-09 c:\windows\Tasks\RegAce Scheduled Scan - Maciek.job - c:\program files\RegAce System Suite\RegAce.exe [2012-03-09 10:50] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481033 mStart Page = hxxp://startsear.ch/?aff=2&cf=a0126040-4219-11e1-9dc0-4d6564696130 uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyServer = http=127.0.0.1:58545 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: { - c:\program files\Messenger\msmsgs.exe FF - ProfilePath - c:\documents and settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\dmfljtvi.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=a0126040-4219-11e1-9dc0-4d6564696130 FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=a0126040-4219-11e1-9dc0-4d6564696130&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 58545 FF - prefs.js: network.proxy.type - 4 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-09 00:42 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):90,28,04,56,d2,76,28,18,c1,27,99,d7,4e,52,2c,74,70,95,15,e5,36, f4,12,af,cc,d0,66,13,fd,8b,e2,f6,8f,23,a1,e2,a7,99,b0,85,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b9225c3e-2368-4330-afb9-9482141e3bef}] @Denied: (Full) (Everyone) "Model"=dword:000000a1 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,15,ef,a1,46,54,19,6c,0d,35,95,e0,f3,7c,6d,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(1264) c:\windows\system32\WININET.dll . Czas ukończenia: 2012-07-09 00:43:57 ComboFix-quarantined-files.txt 2012-07-08 22:43 ComboFix2.txt 2012-07-08 22:21 . Przed: 17 605 836 800 bajtów wolnych Po: 17 586 925 568 bajtów wolnych . - - End Of File - - 7138405AD7DE16F99A32E0376DFD3F01