ComboFix 11-03-19.06 - dom 2011-03-21  12:33:09.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.639.213 [GMT 1:00]
Uruchomiony z: d:\documents and settings\dom\Moje dokumenty\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\program files\Internet Explorer\SET186D.tmp
d:\program files\Internet Explorer\SET1871.tmp
d:\program files\Internet Explorer\SET1872.tmp
d:\windows\system32\config\systemprofile\_inst1.exe
d:\windows\system32\config\systemprofile\_inst2.exe
d:\windows\system32\config\systemprofile\_inst3.exe
d:\windows\system32\config\systemprofile\_inst4.exe
d:\windows\system32\config\systemprofile\_inst5.exe
d:\windows\system32\config\systemprofile\_inst6.exe
d:\windows\system32\config\systemprofile\_inst7.exe
d:\windows\system32\msconfig.exe
d:\windows\system32\Paint.exe
.
d:\windows\regedit.exe . . . jest zainfekowany!!
.
d:\windows\system32\midimap.dll . . . jest zainfekowany!!
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-02-21 do 2011-03-21  )))))))))))))))))))))))))))))))
.
.
2011-03-21 08:39 . 2011-03-21 09:12	--------	d-----w-	d:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2011-03-21 08:39 . 2011-03-21 08:39	--------	d-----w-	d:\program files\Spybot - Search & Destroy
2011-03-21 07:41 . 2011-03-21 07:41	--------	d-----w-	d:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\PCHealth
2011-03-20 14:56 . 2011-03-20 14:56	--------	d-----w-	d:\program files\ATI Stream
2011-03-20 14:56 . 2011-03-20 14:56	--------	d-----w-	d:\program files\ATI
2011-03-20 14:55 . 2011-03-20 14:55	--------	d-----w-	d:\program files\ATI Technologies
2011-03-20 14:53 . 2011-03-20 14:53	--------	d-----w-	D:\ATI
2011-03-20 14:41 . 2011-03-20 14:41	--------	d-----w-	d:\program files\Microsoft Security Client
2011-03-20 14:29 . 2011-03-20 14:29	--------	d-----w-	d:\documents and settings\dom\Dane aplikacji\Uniblue
2011-03-20 14:28 . 2011-03-20 14:28	--------	d-----w-	d:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\PackageAware
2011-03-19 23:15 . 2011-03-19 23:15	--------	d-----w-	d:\program files\Veetle
2011-03-19 22:30 . 2011-03-19 22:30	--------	d-----w-	d:\documents and settings\dom\Dane aplikacji\vShare
2011-03-19 22:30 . 2011-03-19 22:30	--------	d-----w-	d:\program files\vShare
2011-03-19 14:47 . 2011-03-19 14:47	--------	d-----w-	d:\program files\Common Files\DigiDesign
2011-03-19 14:47 . 2011-03-19 14:47	--------	d-----w-	d:\program files\IK Multimedia
2011-03-19 14:47 . 2002-12-05 13:10	155648	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-03-19 14:47 . 2002-12-02 12:33	32768	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-03-19 14:47 . 2002-12-02 14:22	5632	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-03-19 14:47 . 2002-12-02 12:33	57344	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-03-19 14:47 . 2002-12-02 12:33	237568	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-03-19 14:47 . 2011-03-19 14:47	163972	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-03-19 14:47 . 2003-02-27 15:12	696320	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-03-19 14:47 . 2011-03-19 14:47	282756	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-03-19 14:45 . 2011-03-19 14:45	--------	d-----w-	d:\program files\Common Files\Adobe Systems Shared
2011-03-19 14:44 . 2011-03-19 14:44	--------	d-----w-	d:\program files\Common Files\Adobe
2011-03-19 14:04 . 2011-03-19 14:05	--------	d-----w-	d:\program files\Pro-53
2011-03-19 14:02 . 2011-03-19 14:02	--------	d-----w-	d:\program files\Native Instruments
2011-03-19 13:04 . 2011-03-19 13:04	--------	d-----w-	d:\program files\kX Audio Driver
2011-03-19 12:32 . 2011-03-19 12:32	--------	d-----w-	d:\documents and settings\dom\Dane aplikacji\TeamViewer
2011-03-19 12:32 . 2011-03-19 12:32	--------	d-----w-	d:\program files\TeamViewer
2011-02-27 14:01 . 2011-02-27 14:01	--------	d-----w-	d:\program files\Common Files\Borland Shared
2011-02-27 14:01 . 2011-02-27 14:01	--------	d-----w-	d:\program files\Hetoss
2011-02-27 14:00 . 1999-03-23 08:12	299520	----a-w-	d:\windows\uninst.exe
2011-02-27 14:00 . 2011-02-27 14:00	--------	d-----w-	d:\documents and settings\dom\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
.
[-] 2009-07-24 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . d:\windows\system32\drivers\tcpip.sys
.
[-] 2009-03-05 10:06 . 4678172D19476FA7D539682FCA42C942 . 1420800 . . [2001.12.4414.700] . . d:\windows\system32\comres.dll
.
[-] 2009-03-05 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe
.
[-] 2009-03-05 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2008-04-14 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\InstallTemp\19629\comctl32.dll
[7] 2001-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\InstallTemp\21318\comctl32.dll
[7] 2001-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2009-06-26 . 946665FA0CC98F57E1023CD21F149D8B . 642560 . . [5.1.2600.3099] . . d:\windows\system32\user32.dll
.
[-] 2009-12-09 . A9BD5F368966EA709A4BFF992F583F07 . 1705984 . . [6.00.2900.5512] . . d:\windows\explorer.exe
.
[-] 2009-03-05 . EB3B4771498DD3FFD97E123643A26D91 . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll
.
[-] 2009-04-02 . D9792BC366FDD8D3DABA7EB20BE114BB . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
.
.
[-] 2009-03-05 . 572B0A653990AFE6B71D38D7DD2F202D . 370688 . . [5.1.2600.5512] . . d:\windows\system32\hnetcfg.dll
.
[-] 2009-09-12 . 86B4670A6A03CFB1C6FFE1EE66ADF123 . 2207232 . . [5.1.2600.5755] . . d:\windows\system32\ntkrnlpa.exe
.
[-] 2009-09-12 . 27910B589CE6BFDDD3A6796923E3746B . 2330240 . . [5.1.2600.5755] . . d:\windows\system32\ntoskrnl.exe
.
d:\windows\System32\ctfmon.exe ...  - brak elementu !!
d:\windows\System32\regsvc.dll ...  - brak elementu !!
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="d:\program files\UberIcon\UberIcon.exe" [2006-05-21 180224]
"Google Update"="d:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2002-11-14 136176]
"SetDefaultMIDI"="MIDIDef.exe" [2002-01-14 61440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="d:\windows\READREG" [X]
"DrvIcon"="d:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"kX Mixer"="d:\windows\system32\kxmixer.exe" [2007-08-24 500224]
"MSC"="d:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
d:\windows\system32\config\systemprofile\Menu Start\Programy\Autostart\
Styler.lnk - d:\documents and settings\dom\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2002-11-14 15086]
.
d:\documents and settings\Default User\Menu Start\Programy\Autostart\
Styler.lnk - d:\documents and settings\dom\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2002-11-14 15086]
.
d:\documents and settings\dom\Menu Start\Programy\Autostart\
Styler.lnk - d:\documents and settings\dom\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2002-11-14 15086]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8424:TCP"= 8424:TCP:cfyufqa
"9132:TCP"= 9132:TCP:Liga typerów
.
R3 kxwdmdrv;kX WDM Driver Service;d:\windows\system32\drivers\kx.sys [2007-08-24 564864]
S1 atitray;atitray;\??\d:\program files\Radeon Omega Drivers\v3.8.221\ATI Tray Tools\atitray.sys --> d:\program files\Radeon Omega Drivers\v3.8.221\ATI Tray Tools\atitray.sys [?]
S2 qqhyhpzux;Shell Config;d:\windows\system32\svchost.exe -k netsvcs [2008-04-14 14336]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
qqhyhpzux
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-03-20 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-920026266-839522115-1001Core.job
- d:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2002-11-14 05:25]
.
2011-03-21 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-920026266-839522115-1001UA.job
- d:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2002-11-14 05:25]
.
2011-03-21 d:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: {006C8E37-D77B-40BC-B126-81244A8945DD} = 217.30.129.149 217.30.137.200
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-21 12:40
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\qqhyhpzux]
"ServiceDll"="d:\windows\system32\jhcmxp.dll"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|é•6~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(696)
d:\windows\system32\setupapi.dll
d:\windows\system32\scecli.dll
d:\windows\system32\psbase.dll
.
Czas ukończenia: 2011-03-21  12:44:00
ComboFix-quarantined-files.txt  2011-03-21 11:43
.
Przed: 2 310 537 216 bajtów wolnych
Po: 2 482 315 264 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Black Edition v8" /noexecute=optin /fastdetect
.
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 4A1AD2F48BD44CB2630F8C9AF0EE158B