ComboFix 11-03-21.02 - dom 2011-03-24 16:03:13.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.639.191 [GMT 1:00] Uruchomiony z: D:\Documents and Settings\dom\Moje dokumenty\Downloads\ComboFix.exe Użyto następujących komend :: D:\Documents and Settings\dom\Pulpit\CFScript.txt.txt AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FILE :: "d:\windows\system32\jhcmxp.dll" ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) d:\windows\system32\jhcmxp.dll D:\WINDOWS\regedit.exe . . . jest zainfekowany!! D:\WINDOWS\system32\midimap.dll . . . jest zainfekowany!! ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_QQHYHPZUX -------\Service_qqhyhpzux ((((((((((((((((((((((((( Pliki utworzone od 2011-02-24 do 2011-03-24 ))))))))))))))))))))))))))))))) 2011-03-23 21:43:34 . 2011-03-23 21:46:10 -------- d-----w- D:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Adobe 2011-03-23 13:56:02 . 2011-03-23 13:56:02 -------- d-----w- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2011-03-23 13:51:54 . 2011-03-23 13:51:54 -------- d-----w- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2011-03-23 13:51:38 . 2011-03-23 13:54:32 -------- d-----w- D:\Program Files\Google 2011-03-21 17:09:59 . 2011-03-21 17:09:59 -------- d-----w- D:\WINDOWS\system32\wbem\snmp 2011-03-21 17:09:52 . 2011-03-21 17:09:52 -------- d-----w- D:\WINDOWS\system32\oobe 2011-03-21 17:09:49 . 2011-03-21 17:09:49 -------- d-----w- D:\WINDOWS\srchasst 2011-03-21 17:09:33 . 2011-03-21 17:09:33 -------- d-----w- D:\WINDOWS\system32\xircom 2011-03-21 17:09:23 . 2011-03-21 17:09:23 -------- d-----w- D:\WINDOWS\msagent 2011-03-21 17:09:18 . 2011-03-21 17:09:18 -------- d-----w- D:\Program Files\microsoft frontpage 2011-03-21 12:56:24 . 2011-03-21 12:56:24 -------- d-----w- D:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems 2011-03-21 08:39:26 . 2011-03-21 09:12:17 -------- d-----w- D:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2011-03-21 08:39:26 . 2011-03-21 08:39:44 -------- d-----w- D:\Program Files\Spybot - Search & Destroy 2011-03-21 07:41:44 . 2011-03-21 07:41:44 -------- d-----w- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\PCHealth 2011-03-20 14:56:31 . 2011-03-20 14:56:33 -------- d-----w- D:\Program Files\ATI Stream 2011-03-20 14:56:14 . 2011-03-20 14:56:14 -------- d-----w- D:\Program Files\ATI 2011-03-20 14:55:15 . 2011-03-20 14:55:15 -------- d-----w- D:\Program Files\ATI Technologies 2011-03-20 14:53:26 . 2011-03-20 14:53:26 -------- d-----w- D:\ATI 2011-03-20 14:41:00 . 2011-03-20 14:41:49 -------- d-----w- D:\Program Files\Microsoft Security Client 2011-03-20 14:29:07 . 2011-03-20 14:29:07 -------- d-----w- D:\Documents and Settings\dom\Dane aplikacji\Uniblue 2011-03-20 14:28:27 . 2011-03-20 14:28:27 -------- d-----w- D:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\PackageAware 2011-03-19 23:15:22 . 2011-03-19 23:15:27 -------- d-----w- D:\Program Files\Veetle 2011-03-19 22:30:38 . 2011-03-19 22:30:41 -------- d-----w- D:\Documents and Settings\dom\Dane aplikacji\vShare 2011-03-19 22:30:37 . 2011-03-19 22:30:38 -------- d-----w- D:\Program Files\vShare 2011-03-19 14:47:30 . 2011-03-19 14:47:30 -------- d-----w- D:\Program Files\Common Files\DigiDesign 2011-03-19 14:47:27 . 2011-03-19 14:47:27 -------- d-----w- D:\Program Files\IK Multimedia 2011-03-19 14:47:18 . 2002-12-05 13:10:32 155648 ----a-w- D:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2011-03-19 14:47:18 . 2002-12-02 12:33:04 32768 ----a-w- D:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2011-03-19 14:47:17 . 2002-12-02 14:22:44 5632 ----a-w- D:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2011-03-19 14:47:17 . 2002-12-02 12:33:04 57344 ----a-w- D:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2011-03-19 14:47:17 . 2002-12-02 12:33:04 237568 ----a-w- D:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2011-03-19 14:47:14 . 2011-03-19 14:47:14 163972 ----a-w- D:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2011-03-19 14:47:14 . 2003-02-27 15:12:48 696320 ----a-w- D:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2011-03-19 14:47:13 . 2011-03-19 14:47:13 282756 ----a-w- D:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2011-03-19 14:45:03 . 2011-03-19 14:45:03 -------- d-----w- D:\Program Files\Common Files\Adobe Systems Shared 2011-03-19 14:44:31 . 2011-03-23 22:33:34 -------- d-----w- D:\Program Files\Common Files\Adobe 2011-03-19 14:04:43 . 2011-03-19 14:05:48 -------- d-----w- D:\Program Files\Pro-53 2011-03-19 14:02:15 . 2011-03-19 14:02:15 -------- d-----w- D:\Program Files\Native Instruments 2011-03-19 13:04:53 . 2011-03-19 13:04:58 -------- d-----w- D:\Program Files\kX Audio Driver 2011-03-19 12:32:58 . 2011-03-19 12:32:58 -------- d-----w- D:\Documents and Settings\dom\Dane aplikacji\TeamViewer 2011-03-19 12:32:47 . 2011-03-19 12:32:47 -------- d-----w- D:\Program Files\TeamViewer 2011-02-27 14:01:02 . 2011-02-27 14:01:02 -------- d-----w- D:\Program Files\Common Files\Borland Shared 2011-02-27 14:01:01 . 2011-02-27 14:01:01 -------- d-----w- D:\Program Files\Hetoss 2011-02-27 14:00:50 . 1999-03-23 08:12:34 299520 ----a-w- D:\WINDOWS\uninst.exe 2011-02-27 14:00:47 . 2011-02-27 14:00:47 -------- d-----w- D:\Documents and Settings\dom\WINDOWS (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) ------- Sigcheck ------- [-] 2009-07-24 08:48:22 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . D:\WINDOWS\system32\drivers\tcpip.sys [-] 2009-03-05 10:06:30 . 4678172D19476FA7D539682FCA42C942 . 1420800 . . [2001.12.4414.700] . . D:\WINDOWS\system32\comres.dll [-] 2009-03-05 10:09:55 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512 (xpsp.080413-2113)] . . D:\WINDOWS\system32\winlogon.exe [-] 2009-03-05 10:06:26 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82 (xpsp.080413-2105)] . . D:\WINDOWS\system32\comctl32.dll [7] 2008-04-14 18:29:10 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0 (xpsp.080413-2105)] . . D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [7] 2001-08-18 05:37:18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0 (xpclient.010817-1148)] . . D:\WINDOWS\WinSxS\InstallTemp\19629\comctl32.dll [7] 2001-08-18 05:37:18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0 (xpclient.010817-1148)] . . D:\WINDOWS\WinSxS\InstallTemp\21318\comctl32.dll [7] 2001-08-18 05:37:18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0 (xpclient.010817-1148)] . . D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2009-06-26 06:30:35 . 946665FA0CC98F57E1023CD21F149D8B . 642560 . . [5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)] . . D:\WINDOWS\system32\user32.dll [-] 2009-12-09 13:40:54 . A9BD5F368966EA709A4BFF992F583F07 . 1705984 . . [6.00.2900.5512 (xpsp.080413-2105)] . . D:\WINDOWS\explorer.exe [-] 2009-03-05 10:07:50 . EB3B4771498DD3FFD97E123643A26D91 . 1312256 . . [5.1.2600.5512 (xpsp.080413-2108)] . . D:\WINDOWS\system32\ole32.dll [-] 2009-04-02 15:33:40 . D9792BC366FDD8D3DABA7EB20BE114BB . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . D:\WINDOWS\system32\sfcfiles.dll [-] 2009-03-05 10:06:57 . 572B0A653990AFE6B71D38D7DD2F202D . 370688 . . [5.1.2600.5512 (xpsp.080413-0852)] . . D:\WINDOWS\system32\hnetcfg.dll [-] 2009-09-12 18:15:13 . 86B4670A6A03CFB1C6FFE1EE66ADF123 . 2207232 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . D:\WINDOWS\system32\ntkrnlpa.exe [-] 2009-09-12 18:14:57 . 27910B589CE6BFDDD3A6796923E3746B . 2330240 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . D:\WINDOWS\system32\ntoskrnl.exe D:\WINDOWS\System32\ctfmon.exe ... - brak elementu !! D:\WINDOWS\System32\regsvc.dll ... - brak elementu !! ((((((((((((((((((((((((((((( SnapShot@2011-03-21_11.40.35 ))))))))))))))))))))))))))))))))))))))))) + 2011-03-23 13:51:52 . 2011-03-23 13:51:52 21504 D:\WINDOWS\Installer\eb134.msi + 2011-03-23 13:54:45 . 2011-03-23 13:54:45 25214 D:\WINDOWS\Installer\{FB4F9000-04FC-11E0-85D2-001AA037B01E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2011-03-23 13:54:45 . 2011-03-23 13:54:45 25214 D:\WINDOWS\Installer\{FB4F9000-04FC-11E0-85D2-001AA037B01E}\ARPPRODUCTICON.exe + 2006-06-05 13:14:28 . 2006-06-05 13:14:28 626688 D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll + 2006-06-05 13:14:28 . 2006-06-05 13:14:28 548864 D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll + 2006-06-05 13:14:28 . 2006-06-05 13:14:28 479232 D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll + 2011-03-23 13:54:44 . 2011-03-23 13:54:44 840192 D:\WINDOWS\Installer\eb13a.msi + 2011-03-23 22:34:10 . 2011-03-23 22:34:10 295606 D:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}\SC_Reader.exe + 2011-03-23 22:34:08 . 2011-03-23 22:34:09 4272128 D:\WINDOWS\Installer\730671.msi ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="D:\Program Files\UberIcon\UberIcon.exe" [2006-05-21 07:43:08 180224] "Google Update"="D:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2002-11-14 05:25:07 136176] "SetDefaultMIDI"="MIDIDef.exe" [2002-01-14 12:42:34 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="D:\WINDOWS\READREG" [X] "DrvIcon"="D:\Program Files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 12:39:20 49152] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 15:56:00 24576] "UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-10 23:00:00 90112] "Jet Detection"="D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 23:00:00 28672] "kX Mixer"="D:\WINDOWS\system32\kxmixer.exe" [2007-08-24 13:28:22 500224] "MSC"="D:\Program Files\Microsoft Security Client\msseces.exe" [2010-11-30 12:20:36 997408] "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 07:58:00 40368] "Adobe ARM"="D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 14:57:56 948672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 00:01:00 437160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "_nltide_3"="advpack.dll" [2009-03-08 03:32:48 128512] D:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Autostart\ Styler.lnk - D:\Documents and Settings\dom\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2002-11-14 15086] D:\Documents and Settings\Default User\Menu Start\Programy\Autostart\ Styler.lnk - D:\Documents and Settings\dom\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2002-11-14 15086] D:\Documents and Settings\dom\Menu Start\Programy\Autostart\ Styler.lnk - D:\Documents and Settings\dom\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2002-11-14 15086] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9132:TCP"= 9132:TCP:Liga typerów R3 kxwdmdrv;kX WDM Driver Service;D:\WINDOWS\system32\drivers\kx.sys [2007-08-24 14:28:22 564864] S1 atitray;atitray;\??\D:\Program Files\Radeon Omega Drivers\v3.8.221\ATI Tray Tools\atitray.sys --> D:\Program Files\Radeon Omega Drivers\v3.8.221\ATI Tray Tools\atitray.sys [?] S2 gupdate;Google Update Service (gupdate);D:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-23 14:51:47 136176] Zawartość folderu 'Zaplanowane zadania' 2011-03-24 D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job - D:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-23 13:51:47 . 2010-10-23 09:30:06] 2011-03-24 D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job - D:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-23 13:51:47 . 2010-10-23 09:30:06] 2011-03-23 D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-920026266-839522115-1001Core.job - D:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2002-11-14 05:25:08 . 2002-11-14 05:25:07] 2011-03-24 D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-920026266-839522115-1001UA.job - D:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2002-11-14 05:25:08 . 2002-11-14 05:25:07] 2011-03-24 D:\WINDOWS\Tasks\MP Scheduled Scan.job - D:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26:42 . 2010-11-11 11:26:42] ------- Skan uzupełniający ------- uStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/keyword/%s