ComboFix 12-08-07.05 - Administrator 2012-08-08  13:05:13.2.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3326.2845 [GMT 2:00]
Uruchomiony z: F:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Pulpit\Klimazz & Dj Maximo - Pussy Pussy 2008
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-07-08 do 2012-08-08  )))))))))))))))))))))))))))))))
.
.
2012-08-08 11:00 . 2012-08-08 11:00	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\DivX
2012-08-08 10:55 . 2012-08-08 10:55	--------	d-sh--w-	c:\documents and settings\Administrator\IETldCache
2012-08-02 16:24 . 2012-08-02 16:24	9827016	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2012-08-02 13:56 . 2012-08-07 21:50	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PMB Files
2012-08-02 13:55 . 2012-08-02 13:55	--------	d-----w-	c:\program files\Pando Networks
2012-07-11 19:37 . 2008-04-14 20:51	20992	----a-w-	c:\windows\system32\dshowext.ax
2012-07-11 19:37 . 2008-04-13 22:16	121984	-c--a-w-	c:\windows\system32\dllcache\usbvideo.sys
2012-07-11 19:37 . 2008-04-13 22:16	121984	----a-w-	c:\windows\system32\drivers\usbvideo.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 16:24 . 2012-05-16 16:07	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 16:24 . 2012-05-16 16:07	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-20 19:06 . 2012-06-14 07:38	139448	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-06-20 19:06 . 2012-06-15 21:21	282472	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-06-20 19:06 . 2012-06-14 07:38	282472	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-06-18 12:02 . 2012-06-14 07:38	282472	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-06-15 18:34 . 2012-06-14 07:37	76888	----a-w-	c:\windows\system32\PnkBstrA.exe
2012-06-13 13:55 . 2008-04-14 18:35	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-14 19:50	1372672	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-14 19:50	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 19:50	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 17:24	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24	24088	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-12-27 10:29	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-12-27 10:29	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-12-27 10:29	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-06 17:24	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-12-27 10:29	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-12-27 10:29	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-04-14 19:50	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24	16408	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-12-27 10:29	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-08-06 17:23	18968	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-12-27 10:29	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 19:50	602624	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2008-04-14 19:50	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2008-04-14 19:51	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 14:44 . 2008-04-14 19:50	43520	------w-	c:\windows\system32\licmgr10.dll
2012-05-11 11:39 . 2008-04-14 18:41	385024	------w-	c:\windows\system32\html.iec
2010-11-07 00:19 . 2010-11-07 00:19	123392	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . AA16572097E544B985D6B5CBD4CB164C . 227328 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AA16572097E544B985D6B5CBD4CB164C . 227328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2008-11-14 . 65149DD915494C94C31CB4ECA817B379 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Softonic_English\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-02-01 13:58	1499440	----a-r-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof2.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-09-12 340136]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-11-07 157696]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-06-02 114992]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Battle.net\\Agent\\Agent.998\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
"e:\\Gry\\Diablo3\\Diablo III\\Diablo III.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57717:TCP"= 57717:TCP:Pando Media Booster
"57717:UDP"= 57717:UDP:Pando Media Booster
.
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-03 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 250056]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 16:24]
.
2012-08-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-09-26 20:18]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://interia.pl/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{02C1C5EF-D703-4FDB-A44A-84FE01F9F4C4}
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6m9rsw4f.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-Gadu-Gadu - c:\program files\Gadu-Gadu\gg.exe
HKLM-Run-secproc_ssp - c:\documents and settings\Misiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\3487\secproc_ssp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-08 13:08
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2012-08-08  13:08:53
ComboFix-quarantined-files.txt  2012-08-08 11:08
ComboFix2.txt  2012-08-08 01:22
.
Przed: 39 916 953 600 bajtów wolnych
Po: 40 029 016 064 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2FFA22C4D35209EE4FE14A5131234F2E