ComboFix 12-06-14.01 - Krzysiek 2012-06-14 17:21:56.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.959.659 [GMT 2:00] Uruchomiony z: c:\documents and settings\Krzysiek\Pulpit\ComboFix.exe AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Mozilla Maintenance Service c:\program files\Mozilla Maintenance Service\maintenanceservice.exe c:\program files\Mozilla Maintenance Service\Uninstall.exe c:\program files\Mozilla Maintenance Service\updater.ini c:\winnt\IsUn0415.exe c:\winnt\system32\drivers\etc\hosts.ics c:\winnt\XSxS . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_MozillaMaintenance -------\Service_MozillaMaintenance . . ((((((((((((((((((((((((( Pliki utworzone od 2012-05-14 do 2012-06-14 ))))))))))))))))))))))))))))))) . . 2013-04-10 10:55 . 2013-04-10 10:55 -------- d-----w- c:\documents and settings\Krzysiek\Dane aplikacji\IVONA Player 2012-06-14 14:53 . 2012-06-14 14:53 -------- d-----w- c:\program files\Lavalys 2012-06-13 05:22 . 2012-06-13 05:22 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-13 05:22 . 2012-06-13 05:22 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-11 18:05 . 2012-06-11 18:05 -------- d-----w- c:\program files\Maxis 2012-06-03 17:05 . 2012-06-03 19:53 -------- d-----w- c:\documents and settings\Krzysiek\Dane aplikacji\Media Player Classic 2012-06-03 14:55 . 2012-06-03 14:55 -------- d-----w- c:\program files\uTorrent 2012-06-03 14:54 . 2012-06-14 15:30 -------- d-----w- c:\documents and settings\Krzysiek\Dane aplikacji\uTorrent 2012-06-03 14:47 . 2012-06-03 14:51 -------- d-----w- c:\documents and settings\Krzysiek\Dane aplikacji\.Tribler 2012-06-03 14:45 . 2012-06-03 14:55 -------- d-----w- c:\program files\Tribler 2012-06-01 19:24 . 2012-06-01 19:24 -------- d-----w- c:\winnt\ShellNew 2012-06-01 19:20 . 2012-06-01 20:33 -------- d-----w- c:\winnt\SxsCaPendDel 2012-05-28 17:29 . 2012-04-22 11:51 18816 ----a-w- c:\winnt\system32\drivers\pccsmcfd.sys 2012-05-28 17:29 . 2012-05-28 17:29 -------- d-----w- c:\program files\PC Connectivity Solution 2012-05-28 16:03 . 2012-05-28 16:03 -------- d-----w- c:\documents and settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Symbian-Toys.com 2012-05-28 16:00 . 2004-08-03 21:10 38016 ----a-w- c:\winnt\system32\drivers\bthmodem.sys 2012-05-28 16:00 . 2004-08-03 21:10 38016 ----a-w- c:\winnt\system32\dllcache\bthmodem.sys 2012-05-28 15:16 . 2012-05-28 15:16 -------- d-----w- c:\program files\Common Files\PCSuite 2012-05-28 15:05 . 2012-05-28 15:05 -------- d-----w- c:\documents and settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\NokiaCooker.exe_Url_wjgwfxokk31m0wppjeezup5tmvdar4un 2012-05-25 16:15 . 2012-05-25 16:15 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer 2012-05-25 10:53 . 2011-09-16 10:57 189088 ----a-w- c:\program files\Mozilla Firefox\plugins\npVividasPlayer.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-13 14:47 . 2012-04-05 11:15 419488 ----a-w- c:\winnt\system32\FlashPlayerApp.exe 2012-05-13 14:47 . 2012-01-31 19:26 70304 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl 2012-05-12 19:25 . 2012-02-19 17:01 143872 ----a-w- c:\winnt\system32\javacpl.cpl 2012-04-22 11:51 . 2012-04-22 11:51 592896 ----a-w- c:\winnt\system32\drivers\UMDF\PCCSWpdDriver.dll 2012-04-22 11:51 . 2012-04-22 11:51 1837296 ----a-w- c:\winnt\system32\WUDFUpdate_01009.dll 2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\winnt\system32\QuickTimeVR.qtx 2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\winnt\system32\QuickTime.qts 2012-04-11 05:15 . 2012-04-11 05:15 2248192 ----a-w- c:\winnt\system32\python32.dll 2012-04-04 16:47 . 2012-05-12 19:26 772504 ----a-w- c:\winnt\system32\npDeployJava1.dll 2012-04-04 16:47 . 2012-02-19 17:01 687504 ----a-w- c:\winnt\system32\deployJava1.dll 2012-03-17 13:09 . 2004-07-17 11:36 163644 ----a-w- c:\winnt\system32\drivers\secdrv.sys 2012-06-13 05:22 . 2012-01-31 19:28 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2012-04-19 11:47 499712 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2012-04-19 11:47 499712 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2012-04-19 11:47 499712 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2012-04-19 11:47 499712 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-05-23 3029344] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-03 880528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 61952] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2010-04-03 13670504] "NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2010-04-03 110696] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2004-08-04 15360] . c:\documents and settings\Krzysiek\Menu Start\Programy\Autostart\ Leon.lnk - [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2012-01-31 20:30 87424 ----a-w- c:\winnt\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\winnt\system32\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= . R1 cmderd;COMODO Internet Security Eradication Driver;c:\winnt\system32\drivers\cmderd.sys [2012-03-11 18056] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\winnt\system32\drivers\cmdGuard.sys [2012-03-11 494968] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\winnt\system32\drivers\cmdhlp.sys [2012-03-11 31704] S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\winnt\system32\DRIVERS\tdx.sys --> c:\winnt\system32\DRIVERS\tdx.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winnt\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\winnt\System32\svchost.exe -k NetSvcs [2004-08-04 14336] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 257696] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\winnt\system32\drivers\nmwcdnsu.sys [2012-03-09 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\winnt\system32\drivers\nmwcdnsuc.sys [2012-03-09 8576] S3 PRODIGY;PRODIGY;c:\winnt\system32\drivers\prodigy.sys [2012-04-08 32377] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S3 WinDefend;Windows Defender;c:\winnt\System32\svchost.exe -k secsvcs [2004-08-04 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - IPHLPSVC . Zawartość folderu 'Zaplanowane zadania' . 2012-06-14 c:\winnt\Tasks\Adobe Flash Player Updater.job - c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:48] . 2013-04-10 c:\winnt\Tasks\User_Feed_Synchronization-{BAB5BF09-6C8C-4CAD-981B-2BD8C3FB987A}.job - c:\winnt\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Skan uzupełniający ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 195.66.73.2 195.66.73.11 TCP: Interfaces\{D7B7C211-10AD-487D-A06B-2070915C1FC1}: NameServer = 8.26.56.26 156.154.70.22 TCP: Interfaces\{EA60ADCF-0863-425E-9C20-2B0931D3AB9B}: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - c:\documents and settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\8xuiislu.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-MozillaMaintenanceService - c:\program files\Mozilla Maintenance Service\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-14 17:30 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . detected NTDLL code modification: ZwClose . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(708) c:\winnt\system32\LMIinit.dll c:\winnt\system32\LMIRfsClientNP.dll . - - - - - - - > 'lsass.exe'(764) c:\winnt\system32\guard32.dll . - - - - - - - > 'explorer.exe'(2696) c:\winnt\system32\WININET.dll c:\winnt\system32\guard32.dll c:\winnt\system32\config\SYSTEM~1\USTAWI~1\Temp\logishrd\LVPrcInj01.dll c:\winnt\system32\webcheck.dll c:\winnt\system32\WPDShServiceObj.dll c:\winnt\system32\PortableDeviceTypes.dll c:\winnt\system32\PortableDeviceApi.dll . - - - - - - - > 'csrss.exe'(680) c:\winnt\system32\cmdcsr.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\winnt\system32\nvsvc32.exe c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Synaptics\SynTP\SynTPEnh.exe c:\winnt\system32\RUNDLL32.EXE c:\winnt\system32\wbem\wmiapsrv.exe c:\winnt\system32\rundll32.exe c:\winnt\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2012-06-14 17:34:32 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-06-14 15:34 . Przed: 36 397 539 328 bajtów wolnych Po: 36 346 281 984 bajtów wolnych . - - End Of File - - BBB80A884723819216A0B5505BB3A9CB