ComboFix 12-08-07.02 - Krzysiek 2012-08-07 13:40:11.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1033.18.3063.2504 [GMT 2:00] Uruchomiony z: c:\documents and settings\Krzysiek\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Krzysiek\nigzss.txt c:\documents and settings\Krzysiek\WINDOWS c:\windows\driver\i386 c:\windows\driver\i386\aivfg.state c:\windows\driver\i386\aivfg.state~ c:\windows\driver\i386\cygcrypt-0.dll c:\windows\driver\i386\cyggcrypt-11.dll c:\windows\driver\i386\cygGeoIP-1.dll c:\windows\driver\i386\cyggnutls-26.dll c:\windows\driver\i386\cyggnutls-openssl-26.dll c:\windows\driver\i386\cyggpg-error-0.dll c:\windows\driver\i386\cygiconv-2.dll c:\windows\driver\i386\cygintl-8.dll c:\windows\driver\i386\cygruby18.dll c:\windows\driver\i386\cygtasn1-3.dll c:\windows\driver\i386\cygwin1.dll c:\windows\driver\i386\cygz.dll c:\windows\driver\i386\ez.bat c:\windows\driver\i386\ez.config c:\windows\driver\i386\hide.bat c:\windows\driver\i386\name.bat c:\windows\driver\i386\services.ini c:\windows\driver\i386\services.log c:\windows\EventSystem.log c:\windows\geoiplist c:\windows\Installer\{3644cdc6-4a1d-18b4-a15a-1cce3f077559}\@ c:\windows\Installer\{3644cdc6-4a1d-18b4-a15a-1cce3f077559}\U\00000001.@ c:\windows\nigzss.txt c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\proc_list1.log c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\drivers\etc\HSTS~1 c:\windows\system32\MUI\041b\tourstart.exe c:\windows\system32\MUI\0424\tourstart.exe c:\windows\system32\muzapp.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\winsetupapi.log . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_General-Services -------\Service_General-Services . . ((((((((((((((((((((((((( Pliki utworzone od 2012-07-07 do 2012-08-07 ))))))))))))))))))))))))))))))) . . 2012-08-07 10:38 . 2012-08-07 10:38 2752 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2012-08-06 22:56 . 2012-08-06 22:56 -------- d-----w- c:\documents and settings\Krzysiek\Local Settings\Application Data\Western_Digital 2012-08-06 05:25 . 2012-08-06 05:25 -------- d-----w- C:\_OTL 2012-08-05 19:09 . 2012-08-05 19:09 -------- d-----w- c:\documents and settings\Krzysiek\Application Data\Malwarebytes 2012-08-05 19:09 . 2012-08-05 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-08-05 19:09 . 2012-08-05 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-05 19:09 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-02 08:09 . 2012-08-02 08:09 -------- d-----w- c:\program files\ESET 2012-08-02 08:09 . 2012-08-02 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2012-08-02 07:03 . 2012-08-03 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\036DFF61E54634B43AB6F1327B07D287 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-05 20:26 . 2008-09-16 23:04 477240 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-05 15:50 . 2005-09-07 23:03 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2007-07-30 17:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2008-08-25 22:03 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2008-08-25 22:03 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2008-08-25 22:03 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2008-08-25 22:03 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2008-08-25 22:03 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2007-07-30 17:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2008-08-25 22:03 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2008-08-25 22:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:18 . 2009-10-23 23:10 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2009-10-23 23:10 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18 . 2009-10-23 23:10 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-15 15:39 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2012-07-18 11:45 . 2011-12-12 21:36 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [7] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-15 677408] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-12-20 37376] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\APSHook.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbHpNp scecli . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitSpirit\\BitSpirit.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-04-22 100095] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-09 44720] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-03-29 13696] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-09-17 477240] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 120152] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-04-07 104160] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-01-23 39080] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-04-22 5808] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-03-07 913144] R2 Harmonogram automatycznej uslugi LiveUpdate;Harmonogram automatycznej uslugi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-12-14 198336] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 221184] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-08-26 36608] S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2008-08-26 33024] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-01-08 11520] S3 zlportio;zlportio;\??\c:\program files\UltraStar\zlportio.sys --> c:\program files\UltraStar\zlportio.sys [?] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Zawartość folderu 'Zaplanowane zadania' . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.bearshare.com/pl/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Pobierz z &BitSpirit - c:\program files\BitSpirit\bsurl.htm IE: ÓA±EIO3«ÁéIÂÔO(&B) TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Krzysiek\Application Data\Mozilla\Firefox\Profiles\6c866ajz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe AddRemove-"SubEdit-Player" - c:\program files\SubEdit-Player\Odinstaluj.exe AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\uninstall_plugin.exe AddRemove-BearShare - c:\progra~1\BEARSH~1\UNWISE.EXE AddRemove-Call of Duty - c:\progra~1\CALLOF~1\Uninstall\Unwise.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Ahead\nero\uninstall\UNNERO.exe AddRemove-NeroMultiInstaller!UninstallKey - c:\program files\Common Files\Nero\Uninstall\setupx.exe AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe AddRemove-UltraStar - c:\program files\UltraStar\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-07 13:47 Windows 5.1.2600 Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(1012) c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\windows\SbHpNp.DLL . - - - - - - - > 'lsass.exe'(1072) c:\windows\SbHpNp.dll . - - - - - - - > 'explorer.exe'(3580) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\windows\system32\ieframe.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\System32\SCardSvr.exe c:\program files\Hewlett-Packard\IAM\bin\asghost.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\ifxtcs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\IfxPsdSv.exe c:\windows\system32\wdfmgr.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\igfxsrvc.exe c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2012-08-07 13:52:09 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-08-07 11:52 ComboFix2.txt 2009-10-08 18:10 . Przed: 4 976 680 960 bytes free Po: 5 053 296 640 bytes free . - - End Of File - - 4E8240E9559212DAFA6A34A28B8C5198