ComboFix 12-07-08.01 - Matii 2012-07-08  22:22:19.7.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1613 [GMT 2:00]
Uruchomiony z: D:\ComboFix.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-08 do 2012-07-08  )))))))))))))))))))))))))))))))
.
.
2012-07-08 12:12 . 2012-07-08 12:12	--------	d-----w-	c:\documents and settings\Matii\Dane aplikacji\hellomoto
2012-07-05 20:45 . 2012-07-05 20:45	670816	----a-w-	c:\windows\system32\xsherlock.xem
2012-07-05 20:39 . 2012-03-27 17:13	230920	----a-w-	c:\windows\system32\EPWZCmnCtrl.dll
2012-07-05 20:39 . 2012-07-05 20:39	--------	d-----w-	c:\program files\WEBZEN
2012-07-05 20:36 . 2012-07-05 20:39	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\WEBZEN
2012-07-05 20:01 . 2012-07-05 20:01	--------	d-----w-	c:\program files\Common Files\Overwolf
2012-07-05 20:01 . 2012-07-05 20:01	--------	d-----w-	c:\program files\Overwolf
2012-07-05 19:59 . 2012-07-08 19:13	--------	d-----w-	c:\documents and settings\Matii\Ustawienia lokalne\Dane aplikacji\Overwolf
2012-06-28 10:55 . 2003-02-27 14:12	696320	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-06-28 10:55 . 2002-12-05 12:10	155648	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-06-28 10:55 . 2002-12-02 13:22	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-06-28 10:55 . 2002-12-02 11:33	57344	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-06-28 10:55 . 2002-12-02 11:33	237568	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-06-28 10:55 . 2012-06-28 10:55	282756	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-06-28 10:55 . 2012-06-28 10:55	163972	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-06-23 17:40 . 2012-04-18 17:42	4598592	----a-w-	c:\windows\system32\GameMon.des
2012-06-23 17:40 . 2005-01-04 09:43	4682	----a-w-	c:\windows\system32\npptNT2.sys
2012-06-23 17:40 . 2003-07-20 18:17	5174	----a-w-	c:\windows\system32\nppt9x.vxd
2012-06-23 17:39 . 2012-06-23 17:39	--------	d-----w-	c:\program files\Common Files\INCA Shared
2012-06-21 16:08 . 2012-06-21 16:21	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-21 15:40 . 2012-06-21 15:40	768848	----a-w-	c:\windows\system32\msvcr100.dll
2012-06-21 15:40 . 2012-06-21 15:40	421200	----a-w-	c:\windows\system32\msvcp100.dll
2012-06-20 17:09 . 2012-06-20 17:09	--------	d-----w-	c:\documents and settings\Matii\Ustawienia lokalne\Dane aplikacji\Chromium
2012-06-20 17:00 . 2012-06-20 17:00	--------	d-----w-	c:\program files\DIFX
2012-06-20 17:00 . 2006-07-01 21:32	43520	----a-w-	c:\windows\system32\drivers\AmdK8.sys
2012-06-20 14:37 . 2012-06-20 14:37	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Hi-Rez Studios
2012-06-15 11:58 . 2012-06-15 11:58	--------	d-----w-	c:\documents and settings\Matii\Ustawienia lokalne\Dane aplikacji\PCHealth
2012-06-11 15:15 . 2008-04-14 17:20	21504	----a-w-	c:\windows\system32\hidserv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 16:21 . 2011-07-30 22:54	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 05:54 . 2011-12-25 00:30	302	----a-w-	c:\program files\Common Files\userInit.dll
2012-06-02 13:19 . 2011-07-30 21:24	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-07-30 21:24	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-07-30 21:24	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 17:24	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24	24088	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-07-30 21:24	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-07-30 21:24	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-03 22:43	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24	16408	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-07-30 21:24	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-07-30 21:24	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-08-06 17:23	18968	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18 . 2012-04-10 11:07	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2012-04-10 11:07	214256	----a-w-	c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2012-04-10 11:07	18160	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-03 22:43	602624	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 07:59 . 2004-08-03 22:44	669696	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2004-08-03 22:37	1863424	----a-w-	c:\windows\system32\win32k.sys
2012-05-05 03:15 . 2004-08-04 00:38	2070400	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:15 . 2004-08-03 22:39	2193920	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-02 13:47 . 2011-07-30 21:23	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-05-01 07:36 . 2012-05-01 07:36	477240	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-04-20 19:30 . 2004-08-03 20:59	61952	----a-w-	c:\windows\system32\tdc.ocx
2012-04-20 19:30 . 2004-08-03 22:44	81920	----a-w-	c:\windows\system32\ieencode.dll
2012-04-20 19:29 . 2004-08-03 22:36	370688	----a-w-	c:\windows\system32\html.iec
2012-04-11 18:07 . 2011-10-23 10:39	60416	----a-w-	c:\windows\ALCFDRTM.VER
2012-02-12 16:56 . 2012-02-12 16:56	27958	----a-w-	c:\program files\Common Files\logonInit.dll
2011-11-11 00:39 . 2011-07-30 22:40	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d1fce654-5fd1-48ad-b13c-5064736120b7}"= "c:\program files\Soft32\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Soft32\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d1fce654-5fd1-48ad-b13c-5064736120b7}"= "c:\program files\Soft32\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D1FCE654-5FD1-48AD-B13C-5064736120B7}"= "c:\program files\Soft32\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="c:\documents and settings\Matii\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe" [2012-05-26 4327744]
"ALLUpdate"="d:\program files\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"Overwolf"="c:\program files\Overwolf\Overwolf.exe" [2012-06-21 35256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-08 203072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"verclsid"="c:\documents and settings\Matii\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4843\verclsid.exe" [2012-07-08 50176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
X-Mouse Button Control.lnk - d:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [2011-11-18 766976]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"d:\\Program Files\\Winamp\\winamp.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Program Files\\Valve\\Steam\\SteamApps\\19aki94\\condition zero\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Matii\\Ustawienia lokalne\\Dane aplikacji\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office2\\Office.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"d:\\Program Files\\Valve\\Steam\\Steam.exe"=
"d:\\Program Files\\Valve\\Steam\\SteamApps\\19aki94\\counter-strike\\hl.exe"=
"d:\\Program Files\\Valve\\Steam\\SteamApps\\19aki94\\team fortress 2\\hl2.exe"=
"d:\\Program Files\\WEBZEN\\C9\\C9.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57495:TCP"= 57495:TCP:Pando Media Booster
"57495:UDP"= 57495:UDP:Pando Media Booster
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2011-07-30 45056]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-08-24 232512]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 1385896]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2011-07-30 28672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-07-31 2253120]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 257696]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-11-25 14336]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-11-25 20864]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-11-25 19968]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-11-25 24960]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2011-11-25 25728]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [2012-07-05 18360]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-07-05 670816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 16:22]
.
2012-07-05 c:\windows\Tasks\RunOW.job
- c:\program files\Overwolf\OverwolfLauncher.exe [2012-06-21 15:40]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2508618
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Matii\Dane aplikacji\Mozilla\Firefox\Profiles\9s0kvisp.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Notify-LogonInit - logonInit.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-08 22:25
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(1312)
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\windows\system32\MSVCP71.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
.
Czas ukończenia: 2012-07-08  22:27:46
ComboFix-quarantined-files.txt  2012-07-08 20:27
.
Przed: 1 603 792 896 bajtów wolnych
Po: 1 591 332 864 bajtów wolnych
.
- - End Of File - - AC713219088285987F6F7AED3861E7F4