ComboFix 11-07-28.04 - Marcin 2011-07-28 19:59:27.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3069.2570 [GMT 2:00] Uruchomiony z: e:\documents and settings\Marcin\Pulpit\ComboFix.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2011-06-28 do 2011-07-28 ))))))))))))))))))))))))))))))) . . 2011-07-28 08:15 . 2011-07-28 08:16 -------- d-----w- e:\program files\Sprill Wodne Przygody 2011-07-27 18:48 . 2008-04-14 20:50 26624 ----a-w- e:\documents and settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2011-07-25 12:09 . 2011-07-25 16:18 -------- d-----w- e:\program files\Batch Creator 3.0 2011-07-25 12:08 . 2011-07-25 12:08 764416 ----a-w- e:\windows\GPInstall.exe 2011-07-24 08:47 . 2011-07-24 08:47 -------- d-----w- e:\program files\XP Smoker 2011-07-23 23:20 . 2011-07-23 23:20 -------- d-----w- e:\program files\EA GAMES 2011-07-23 23:17 . 2004-10-22 00:18 749568 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2011-07-23 23:17 . 2004-10-22 00:17 69715 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2011-07-23 23:17 . 2004-10-22 00:17 274432 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2011-07-23 23:17 . 2004-10-22 00:16 180224 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2011-07-23 23:17 . 2004-10-22 00:16 5632 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2011-07-23 23:17 . 2011-07-23 23:17 192644 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2011-07-23 23:17 . 2011-07-23 23:17 323716 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2011-07-18 09:25 . 2001-07-01 15:30 112640 ----a-w- e:\windows\lsb_un20.exe 2011-07-18 09:25 . 2011-07-18 09:27 -------- d-----w- e:\program files\Lalka Klara - Stylistka 2011-07-17 09:00 . 2011-07-18 09:13 -------- d-----w- e:\program files\Play 2011-07-15 20:32 . 2011-07-15 20:32 -------- d-----w- e:\documents and settings\Marcin\Dane aplikacji\Auslogics 2011-07-15 20:32 . 2011-07-15 20:32 -------- d-----w- e:\program files\Auslogics 2011-07-08 08:41 . 2011-07-08 08:41 -------- d-----w- e:\program files\Disney Interactive Studios 2011-06-28 21:08 . 2011-06-28 21:08 -------- d-----w- e:\documents and settings\Marcin\Dane aplikacji\WinAVI 2011-06-28 21:08 . 2011-06-28 21:08 -------- d-----w- e:\program files\WinAVI Video Converter . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-28 17:38 . 2011-06-11 18:57 17488 ----a-w- e:\windows\gdrv.sys 2011-07-28 13:44 . 2011-06-11 19:15 140024 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys 2011-07-28 13:44 . 2011-06-11 22:15 280768 ----a-w- e:\windows\system32\PnkBstrB.xtr 2011-07-28 13:44 . 2011-06-11 19:15 280768 ----a-w- e:\windows\system32\PnkBstrB.exe 2011-07-28 00:00 . 2011-06-11 19:15 280768 ----a-w- e:\windows\system32\PnkBstrB.ex0 2011-06-18 21:19 . 2011-06-19 20:35 242688 ----a-w- E:\net-log.exe 2011-06-11 23:15 . 2011-06-11 19:15 139152 ----a-w- e:\documents and settings\Marcin\Dane aplikacji\PnkBstrK.sys 2011-06-11 23:14 . 2011-06-11 23:14 794408 ----a-w- e:\windows\system32\pbsvc.exe 2011-06-11 22:15 . 2011-06-11 19:15 75136 ----a-w- e:\windows\system32\PnkBstrA.exe 2011-06-11 19:15 . 2011-06-11 19:15 2434856 ----a-w- e:\windows\system32\pbsvc_bc2.exe 2011-05-02 15:32 . 2011-06-11 18:14 692736 ----a-w- e:\windows\system32\inetcomm.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . e:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . e:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . e:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . e:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . e:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . e:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . e:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . e:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . e:\windows\ServicePackFiles\i386\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . e:\windows\$NtUninstallKB951748_0$\tcpip.sys . [-] 2009-02-09 . C9E5AC78D9A00B1DE8CE2AD1BDDE7E42 . 401408 . . [5.1.2600.5755] . . e:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . A37311D9D628C1042A2836731787F0F3 . 401408 . . [5.1.2600.5755] . . e:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll [-] 2009-02-09 . A37311D9D628C1042A2836731787F0F3 . 401408 . . [5.1.2600.5755] . . e:\windows\system32\rpcss.dll [-] 2009-02-09 . A37311D9D628C1042A2836731787F0F3 . 401408 . . [5.1.2600.5755] . . e:\windows\system32\dllcache\rpcss.dll [-] 2009-02-09 . B5D78596EFFBEB82F3B86D9A002538E1 . 399360 . . [5.1.2600.3520] . . e:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2009-02-09 . 3256C32654CC35DFCFEF42B0C5E4AB89 . 401408 . . [5.1.2600.3520] . . e:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll [7] 2008-04-14 . 02396DAB9DD407B06539981F477F3FEC . 399360 . . [5.1.2600.5512] . . e:\windows\$NtUninstallKB956572$\rpcss.dll [7] 2008-04-14 . 02396DAB9DD407B06539981F477F3FEC . 399360 . . [5.1.2600.5512] . . e:\windows\ServicePackFiles\i386\rpcss.dll [7] 2004-08-03 . 346E5B19FC986FE7185A0C2C43593722 . 395776 . . [5.1.2600.2180] . . e:\windows\$NtUninstallKB956572_0$\rpcss.dll . [-] 2009-02-09 . 02A467E27AF55F7064C5B251E587315F . 111104 . . [5.1.2600.5755] . . e:\windows\$hf_mig$\KB956572\SP3GDR\services.exe [-] 2009-02-09 . 02A467E27AF55F7064C5B251E587315F . 111104 . . [5.1.2600.5755] . . e:\windows\system32\services.exe [-] 2009-02-09 . 02A467E27AF55F7064C5B251E587315F . 111104 . . [5.1.2600.5755] . . e:\windows\system32\dllcache\services.exe [-] 2009-02-09 . 8816E60BF654353E8E0D35ED98875445 . 111104 . . [5.1.2600.5755] . . e:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2009-02-09 . ED4E5391100287B9EABF8F2CF4B42235 . 111104 . . [5.1.2600.3520] . . e:\windows\$NtServicePackUninstall$\services.exe [-] 2009-02-09 . 245A46964D7F534E1D20563ACF215E80 . 111104 . . [5.1.2600.3520] . . e:\windows\$hf_mig$\KB956572\SP2QFE\services.exe [7] 2008-04-14 . 3E3AE424E27C4CEFE4CAB368C7B570EA . 109056 . . [5.1.2600.5512] . . e:\windows\$NtUninstallKB956572$\services.exe [7] 2008-04-14 . 3E3AE424E27C4CEFE4CAB368C7B570EA . 109056 . . [5.1.2600.5512] . . e:\windows\ServicePackFiles\i386\services.exe [7] 2004-08-03 . 3DA8D964D2CC12EF8E8C342471A37917 . 108544 . . [5.1.2600.2180] . . e:\windows\$NtUninstallKB956572_0$\services.exe . [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . e:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . e:\windows\system32\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . e:\windows\system32\dllcache\spoolsv.exe [7] 2008-04-14 . DD69EC597AB942C39B950D9C3CE1375D . 57856 . . [5.1.2600.5512] . . e:\windows\$NtUninstallKB2347290$\spoolsv.exe [7] 2008-04-14 . DD69EC597AB942C39B950D9C3CE1375D . 57856 . . [5.1.2600.5512] . . e:\windows\ServicePackFiles\i386\spoolsv.exe [7] 2004-08-03 . BEBE8A85954FF460374FD5A0CD21E19B . 57856 . . [5.1.2600.2180] . . e:\windows\$NtServicePackUninstall$\spoolsv.exe . [-] 2010-08-23 . 8B9ED4A686777261B9AFADD2A6D981A0 . 617472 . . [5.82] . . e:\windows\system32\comctl32.dll [-] 2010-08-23 . 8B9ED4A686777261B9AFADD2A6D981A0 . 617472 . . [5.82] . . e:\windows\system32\dllcache\comctl32.dll [-] 2010-08-23 . C29639BA7410BCEF8898CBCB07A59CB1 . 1054208 . . [6.0] . . e:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [7] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . e:\windows\$NtUninstallKB2296011$\comctl32.dll [7] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . e:\windows\ServicePackFiles\i386\comctl32.dll [7] 2008-04-14 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . e:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [7] 2004-08-03 . D38C710AAC3A0D16AF7DF6770C9F6CBB . 611328 . . [5.82] . . e:\windows\$NtServicePackUninstall$\comctl32.dll [7] 2004-08-03 . 492C2DB83085130A993EE3E12D0FD0E1 . 1050624 . . [6.0] . . e:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [7] 2002-09-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . e:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2002-09-28 . B51906C9D0E79E01D18FEA13651AC18B . 921600 . . [6.0] . . e:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll . [-] 2008-07-07 20:33 . 878FA7B8FFBCFFDAEB05F0484A99562D . 253952 . . [2001.12.4414.320] . . e:\windows\$NtServicePackUninstall$\es.dll [-] 2008-07-07 20:29 . 6AFF804839C85859E0247164FBE5F5BB . 253952 . . [2001.12.4414.706] . . e:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:29 . 6AFF804839C85859E0247164FBE5F5BB . 253952 . . [2001.12.4414.706] . . e:\windows\system32\es.dll [-] 2008-07-07 20:29 . 6AFF804839C85859E0247164FBE5F5BB . 253952 . . [2001.12.4414.706] . . e:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:25 . 5BB3E442E43C7BB0F38203F23C920D3C . 253952 . . [2001.12.4414.706] . . e:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:19 . 266EE073842AFF70B1A1460EE0CBBD49 . 253952 . . [2001.12.4414.320] . . e:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [7] 2008-04-14 20:50 . BE1B1412A3D488C50B8F67F792196108 . 246272 . . [2001.12.4414.701] . . e:\windows\$NtUninstallKB950974$\es.dll [7] 2008-04-14 20:50 . BE1B1412A3D488C50B8F67F792196108 . 246272 . . [2001.12.4414.701] . . e:\windows\ServicePackFiles\i386\es.dll [7] 2004-08-03 22:43 . DC54CC79E1FAEFA480A8117C9BF105E1 . 243200 . . [2001.12.4414.258] . . e:\windows\$NtUninstallKB950974_0$\es.dll . [-] 2009-03-21 . C57B35FBBB25E8314E022F8D13BE5A57 . 1014784 . . [5.1.2600.3541] . . e:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2009-03-21 . 77C951B64413E80EEC0359426DCA938B . 1018368 . . [5.1.2600.5781] . . e:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll [-] 2009-03-21 . 77C951B64413E80EEC0359426DCA938B . 1018368 . . [5.1.2600.5781] . . e:\windows\system32\kernel32.dll [-] 2009-03-21 . 77C951B64413E80EEC0359426DCA938B . 1018368 . . [5.1.2600.5781] . . e:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . 6CFFFD4A53F08D1BE0222D859BF93B29 . 1020416 . . [5.1.2600.5781] . . e:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2009-03-21 . 6B29B8F00F7CDE46C69BDED5253B96B9 . 1017856 . . [5.1.2600.3541] . . e:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll [7] 2008-04-14 . FCE4ECC34A36EDACF03DBE8DE5E28910 . 1018368 . . [5.1.2600.5512] . . e:\windows\$NtUninstallKB959426$\kernel32.dll [7] 2008-04-14 . FCE4ECC34A36EDACF03DBE8DE5E28910 . 1018368 . . [5.1.2600.5512] . . e:\windows\ServicePackFiles\i386\kernel32.dll [7] 2004-08-03 . 578BB2F44597CB53451DED99013573F3 . 1012224 . . [5.1.2600.2180] . . e:\windows\$NtUninstallKB959426_0$\kernel32.dll . [-] 2011-04-25 . 6F8B30CACFBC75DF2D185AF3E7557FD6 . 3100672 . . [6.00.2900.6104] . . e:\windows\system32\mshtml.dll [-] 2011-04-25 . 6F8B30CACFBC75DF2D185AF3E7557FD6 . 3100672 . . [6.00.2900.6104] . . e:\windows\system32\dllcache\mshtml.dll [-] 2011-04-25 . B80C6DBEF3D953D4009B56CC3798DBD4 . 3101184 . . [6.00.2900.6104] . . e:\windows\$hf_mig$\KB2530548\SP3QFE\mshtml.dll [-] 2010-04-16 . AA274C97E5392CE1488B718FD59F1312 . 3094528 . . [6.00.2900.5969] . . e:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll [-] 2010-04-16 . 3F843D5628DC4EFB4EB763ED52026F88 . 3094016 . . [6.00.2900.5969] . . e:\windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll [-] 2010-04-16 . 3F843D5628DC4EFB4EB763ED52026F88 . 3094016 . . [6.00.2900.5969] . . e:\windows\$NtUninstallKB2530548$\mshtml.dll [-] 2010-04-16 . DD937C859A3314074E4DE28CC2609EBA . 3086336 . . [6.00.2900.3698] . . e:\windows\$NtServicePackUninstall$\mshtml.dll [-] 2010-04-16 . 53073B6837489ADEB2C6B01D4DEE5B01 . 3094016 . . [6.00.2900.3698] . . e:\windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll [7] 2008-04-14 . EBEF7EDB0DF1B4BF195FDA7CCFB7AC30 . 3066880 . . [6.00.2900.5512] . . e:\windows\$NtUninstallKB982381$\mshtml.dll [7] 2008-04-14 . EBEF7EDB0DF1B4BF195FDA7CCFB7AC30 . 3066880 . . [6.00.2900.5512] . . e:\windows\ServicePackFiles\i386\mshtml.dll [7] 2004-08-03 . 687FF56421840ACD46B7A3939ED581E7 . 3003392 . . [6.00.2900.2180] . . e:\windows\$NtUninstallKB982381_0$\mshtml.dll . [-] 2008-06-20 . 300BCC512DE4038F1494230941DB2C2A . 246784 . . [5.1.2600.5625] . . e:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . 300BCC512DE4038F1494230941DB2C2A . 246784 . . [5.1.2600.5625] . . e:\windows\$NtUninstallKB2509553$\mswsock.dll [-] 2008-06-20 . BF80D884E1C60DED1C7CEA3EC6F9DC28 . 246784 . . [5.1.2600.5625] . . e:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll [-] 2008-06-20 . BF80D884E1C60DED1C7CEA3EC6F9DC28 . 246784 . . [5.1.2600.5625] . . e:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . D4ABFCD86AF9533EF94F291A1BB3E9A2 . 246784 . . [5.1.2600.3394] . . e:\windows\$NtServicePackUninstall$\mswsock.dll [-] 2008-06-20 . F1590C9B2294DB9ACE3B081ABD596174 . 246784 . . [5.1.2600.3394] . . e:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2008-06-20 . 9D1F13706FB5F02D0E8795FB2D03971D . 246784 . . [5.1.2600.5625] . . e:\windows\system32\mswsock.dll [-] 2008-06-20 . 9D1F13706FB5F02D0E8795FB2D03971D . 246784 . . [5.1.2600.5625] . . e:\windows\system32\dllcache\mswsock.dll [7] 2008-04-14 . 612E31FCAC1040EDD78ECAC81C9F859F . 246784 . . [5.1.2600.5512] . . e:\windows\$NtUninstallKB951748$\mswsock.dll [7] 2008-04-14 . 612E31FCAC1040EDD78ECAC81C9F859F . 246784 . . [5.1.2600.5512] . . e:\windows\ServicePackFiles\i386\mswsock.dll [7] 2004-08-03 . 83387067B25E000E64B178A62E5DCD24 . 246784 . . [5.1.2600.2180] . . e:\windows\$NtUninstallKB951748_0$\mswsock.dll . [-] 2011-04-25 . 03242B9B8DFEDD24AFDDEB9057BDC9A4 . 669696 . . [6.00.2900.6104] . . e:\windows\system32\wininet.dll [-] 2011-04-25 . 03242B9B8DFEDD24AFDDEB9057BDC9A4 . 669696 . . [6.00.2900.6104] . . e:\windows\system32\dllcache\wininet.dll [-] 2011-04-25 . F6F6CFDDCC62BE8932D01B574724E198 . 671232 . . [6.00.2900.6104] . . e:\windows\$hf_mig$\KB2530548\SP3QFE\wininet.dll [-] 2010-04-16 . CDF8EE59CDE786A17009CD041A97A7FE . 669696 . . [6.00.2900.5969] . . e:\windows\$hf_mig$\KB982381\SP3GDR\wininet.dll [-] 2010-04-16 . CDF8EE59CDE786A17009CD041A97A7FE . 669696 . . [6.00.2900.5969] . . e:\windows\$NtUninstallKB2530548$\wininet.dll [-] 2010-04-16 . 13A3490DEBED50E9D03262B6DC2589FA . 671232 . . [6.00.2900.5969] . . e:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll [-] 2010-04-16 . DF5CF20C5A764F5A14D1073EF2DF9120 . 664576 . . [6.00.2900.3698] . . e:\windows\$NtServicePackUninstall$\wininet.dll [-] 2010-04-16 . FCCD804FB456B68DF4E5E5904F07122E . 671232 . . [6.00.2900.3698] . . e:\windows\$hf_mig$\KB982381\SP2QFE\wininet.dll [7] 2008-04-14 . 0457F0AFD6EE10445D8CF721FB5FA4EB . 668672 . . [6.00.2900.5512] . . e:\windows\$NtUninstallKB982381$\wininet.dll [7] 2008-04-14 . 0457F0AFD6EE10445D8CF721FB5FA4EB . 668672 . . [6.00.2900.5512] . . e:\windows\ServicePackFiles\i386\wininet.dll [7] 2004-08-03 . D37DAFB534AC8343D59A1B501ABE852C . 658944 . . [6.00.2900.2180] . . e:\windows\$NtUninstallKB982381_0$\wininet.dll . [-] 2010-07-16 . C10BDDDBA990C49BD195A60715DD6BEF . 1287680 . . [5.1.2600.6010] . . e:\windows\system32\ole32.dll [-] 2010-07-16 . C10BDDDBA990C49BD195A60715DD6BEF . 1287680 . . [5.1.2600.6010] . . e:\windows\system32\dllcache\ole32.dll [-] 2010-07-16 . BBA690E74E139B3E0357164A1F065C24 . 1288704 . . [5.1.2600.6010] . . e:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll [7] 2008-04-14 . 7A50662D3E47A0D855CE2960ED6CA523 . 1287168 . . [5.1.2600.5512] . . e:\windows\$NtUninstallKB979687$\ole32.dll [7] 2008-04-14 . 7A50662D3E47A0D855CE2960ED6CA523 . 1287168 . . [5.1.2600.5512] . . e:\windows\ServicePackFiles\i386\ole32.dll [7] 2004-08-03 . 0EB888B72FBF4ABE80AAD96B93256FBB . 1281024 . . [5.1.2600.2180] . . e:\windows\$NtServicePackUninstall$\ole32.dll . [-] 2010-04-16 . 514F80DF6DCF9BBA1D67CA16BC667787 . 406016 . . [1.0420.2600.5969] . . e:\windows\system32\usp10.dll [-] 2010-04-16 . 514F80DF6DCF9BBA1D67CA16BC667787 . 406016 . . [1.0420.2600.5969] . . e:\windows\system32\dllcache\usp10.dll [-] 2010-04-16 . 9B5F828F0D6A7AEA167F7D85CF693BD0 . 406016 . . [1.0420.2600.5969] . . e:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll [7] 2008-04-14 . CD7F574A9ABDECAB9561DB0B2F7F2143 . 406016 . . [1.0420.2600.5512] . . e:\windows\$NtUninstallKB981322$\usp10.dll [7] 2008-04-14 . CD7F574A9ABDECAB9561DB0B2F7F2143 . 406016 . . [1.0420.2600.5512] . . e:\windows\ServicePackFiles\i386\usp10.dll [7] 2004-08-03 . 8E607A6F159621A8737DF29F46EDA1EF . 406528 . . [1.0420.2600.2180] . . e:\windows\$NtServicePackUninstall$\usp10.dll . [-] 2009-07-27 . 55AAE86C7C2CADF6972ACD1D76C24A98 . 135680 . . [6.00.2900.5853] . . e:\windows\system32\shsvcs.dll [-] 2009-07-27 . 55AAE86C7C2CADF6972ACD1D76C24A98 . 135680 . . [6.00.2900.5853] . . e:\windows\system32\dllcache\shsvcs.dll [-] 2009-07-27 . 232D5719F86E05B7FE34F038D4FC84B2 . 135680 . . [6.00.2900.5853] . . e:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll [7] 2008-04-14 . 8AD90ED829B8404D962545ED3EFB1129 . 135680 . . [6.00.2900.5512] . . e:\windows\$NtUninstallKB971029$\shsvcs.dll [7] 2008-04-14 . 8AD90ED829B8404D962545ED3EFB1129 . 135680 . . [6.00.2900.5512] . . e:\windows\ServicePackFiles\i386\shsvcs.dll [7] 2004-08-03 . 7C8E934687C496EDC69FDBBD2C277E63 . 135168 . . [6.00.2900.2180] . . e:\windows\$NtServicePackUninstall$\shsvcs.dll . [-] 2010-09-18 07:18 . 576D37910F472BB5E62EF14D4B274599 . 953856 . . [4.1.6151] . . e:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll [-] 2010-09-18 06:53 . E7A93F4C5154D34F61328D34DE02CD61 . 953856 . . [4.1.6151] . . e:\windows\system32\mfc40u.dll [-] 2010-09-18 06:53 . E7A93F4C5154D34F61328D34DE02CD61 . 953856 . . [4.1.6151] . . e:\windows\system32\dllcache\mfc40u.dll [7] 2008-04-14 20:50 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . e:\windows\$NtUninstallKB2387149$\mfc40u.dll [7] 2008-04-14 20:50 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . e:\windows\ServicePackFiles\i386\mfc40u.dll [-] 2002-09-28 22:00 . CFA664EFA06EEE2B02721C1384F51123 . 924432 . . [4.1.6140] . . e:\windows\$NtServicePackUninstall$\mfc40u.dll . [-] 2010-12-09 . 7E8979CD5018A9927A8A2C859914ED16 . 2070656 . . [5.1.2600.6055] . . e:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe [-] 2010-12-09 . 720FA9D2F96501ABE8786B24DC48C7B7 . 2028544 . . [5.1.2600.6055] . . e:\windows\system32\ntkrnlpa.exe [-] 2010-12-09 . FBAA6966A914147FE3CE95982D001F4F . 2070656 . . [5.1.2600.6055] . . e:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2010-12-09 . FBAA6966A914147FE3CE95982D001F4F . 2070656 . . [5.1.2600.6055] . . e:\windows\system32\dllcache\ntkrnlpa.exe [-] 2010-02-17 . 1D338CB5FEE6077219965E2BA30E0A14 . 2065024 . . [5.1.2600.3670] . . e:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe [-] 2010-02-16 . 6BC9DD36EA5D02A9AB398D1EF01D776D . 2018304 . . [5.1.2600.3670] . . e:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [-] 2010-02-16 . 0438A0A4C1EDA0B57EA1777B74FB99E6 . 2068096 . . [5.1.2600.5938] . . e:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe [-] 2010-02-16 . 7BC42FA8C8C58F415805473B614F51F0 . 2025984 . . [5.1.2600.5938] . . e:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe [-] 2010-02-16 . 3BAC4F629D4CA55898A74E987384BD7F . 2068224 . . [5.1.2600.5938] . . e:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe [-] 2009-02-10 . AE8D75A5457D995EACE1B160FCF3D5E4 . 2067328 . . [5.1.2600.5755] . . e:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe [-] 2009-02-09 . 8945CE300E466FDAEFD32A5B1E85DFA8 . 2017280 . . [5.1.2600.3520] . . e:\windows\$NtUninstallKB979683_0$\ntkrnlpa.exe [-] 2009-02-09 . 2DDE205ED520F438FB5FB4004A8702D3 . 2064256 . . [5.1.2600.3520] . . e:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe [-] 2009-02-09 . E794826D0E77E72F4828A77D064481DE . 2025472 . . [5.1.2600.5755] . . e:\windows\$NtUninstallKB979683$\ntkrnlpa.exe [-] 2009-02-09 . DBB713C90996F42BA3D4725B438D8332 . 2067456 . . [5.1.2600.5755] . . e:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [7] 2008-04-14 . 280CD53BA94A32BCA61B5EA01753AED8 . 2025472 . . [5.1.2600.5512] . . e:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [7] 2008-04-14 . 4BBA965664FAA56B187C27F4CAD7E7C5 . 2067200 . . [5.1.2600.5512] . . e:\windows\ServicePackFiles\i386\ntkrnlpa.exe [7] 2004-08-03 . 33FDAD88EEC315EE4CFB147FB19FD2B6 . 2016768 . . [5.1.2600.2180] . . e:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe . [-] 2010-12-09 . 8A302601BE409E59260BB8ADE7CC6BC2 . 2194048 . . [5.1.2600.6055] . . e:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe [-] 2010-12-09 . EEB63BA2A4399E34E96A69088F680FF0 . 2194048 . . [5.1.2600.6055] . . e:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2010-12-09 . EEB63BA2A4399E34E96A69088F680FF0 . 2194048 . . [5.1.2600.6055] . . e:\windows\system32\dllcache\ntoskrnl.exe [-] 2010-12-09 . 68098C0FA5F262547549F773ABBA9EC1 . 2150400 . . [5.1.2600.6055] . . e:\windows\system32\ntoskrnl.exe [-] 2010-02-17 . 5EBED7B39C87EAE96BBE61F8B9BCAE83 . 2191232 . . [5.1.2600.5938] . . e:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe [-] 2010-02-16 . E5DE7A6AB1372B7A491204B8C1F2C894 . 2138624 . . [5.1.2600.3670] . . e:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2010-02-16 . 5DF3B89453ACA9833B70184DFCE62EA8 . 2188160 . . [5.1.2600.3670] . . e:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe [-] 2010-02-16 . 34AEC75A373B3833F949B80DD52DAF08 . 2147840 . . [5.1.2600.5938] . . e:\windows\$NtUninstallKB2393802$\ntoskrnl.exe [-] 2010-02-16 . 5949F76D27C270BFA32717D8BFC0F51F . 2191360 . . [5.1.2600.5938] . . e:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe [-] 2009-02-10 . 67DD50DFE7736999AE3C59699F9698B4 . 2190464 . . [5.1.2600.5755] . . e:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2009-02-09 . A464E6F3C1278754F29F605DB5E0CFFD . 2137600 . . [5.1.2600.3520] . . e:\windows\$NtUninstallKB979683_0$\ntoskrnl.exe [-] 2009-02-09 . 9437BE2B30F80F6F4CAD8BEA8D3EF0CD . 2187392 . . [5.1.2600.3520] . . e:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe [-] 2009-02-09 . F9489C6615A62A5EB3A19FA684AD4415 . 2190336 . . [5.1.2600.5755] . . e:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe [-] 2009-02-09 . AC25F59B244B9199797739004290DEB6 . 2146816 . . [5.1.2600.5755] . . e:\windows\$NtUninstallKB979683$\ntoskrnl.exe [7] 2008-04-14 . 8CA14ECF04594EABBE93C9FF2E3CBFB1 . 2190336 . . [5.1.2600.5512] . . e:\windows\ServicePackFiles\i386\ntoskrnl.exe [7] 2008-04-14 . 1B4B41AC8CDAA66DED8999A7DE212D3E . 2146816 . . [5.1.2600.5512] . . e:\windows\$NtUninstallKB956572$\ntoskrnl.exe [7] 2004-08-03 . A1B8225D45EF88FA294FE1E371BB594A . 2149888 . . [5.1.2600.2180] . . e:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCU"="e:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320] "RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920] "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496] "StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304] "GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R2 BCUService;Browser Configuration Utility Service;e:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2011-06-11 219360] R2 ES lite Service;ES lite Service for program management.;e:\program files\Gigabyte\EasySaver\essvr.exe [2011-06-11 68136] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;e:\windows\system32\drivers\nusb3hub.sys [2009-11-20 58880] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;e:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 137728] S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2011-06-11 1691480] . Zawartość folderu 'Zaplanowane zadania' . 2011-07-27 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1123561945-839522115-1003Core.job - e:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-06-11 18:58] . 2011-07-28 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1123561945-839522115-1003UA.job - e:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-06-11 18:58] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 194.204.152.34 194.204.159.1 DPF: DirectAnimation Java Classes - file://e:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-28 20:01 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1708537768-1123561945-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:64,75,09,c3,25,5a,d0,8f,78,de,c9,77,07,a6,ba,16,99,8c,74,34,fd, b8,1b,32,71,4a,8f,62,82,9a,81,c1,6a,d8,91,8d,57,18,16,d7,55,31,64,1e,1d,dd,\ "rkeysecu"=hex:7d,03,d5,61,27,49,72,76,5d,82,7a,89,e4,e9,86,dc . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(616) e:\windows\system32\Ati2evxx.dll e:\windows\system32\atiadlxx.dll . Czas ukończenia: 2011-07-28 20:02:07 ComboFix-quarantined-files.txt 2011-07-28 18:02 . Przed: 152 868 745 216 bajtów wolnych Po: 152 965 586 944 bajtów wolnych . - - End Of File - - A04E3666B15F9F1629DACFE87E2EA74F