ComboFix 11-08-07.03 - Slawek 2011-08-08 13:32:14.17.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.959.625 [GMT 2:00] Uruchomiony z: j:\pawel\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((( Pliki utworzone od 2011-07-08 do 2011-08-08 ))))))))))))))))))))))))))))))) . . 2011-08-02 14:56 . 2011-08-08 10:22 -------- d-----w- C:\ArcaVirMicroScan 2011-08-02 14:52 . 2011-08-02 14:52 258640 ----a-w- C:\arcavirmicroscan.exe 2011-08-01 13:53 . 2011-08-01 13:53 -------- d-----w- c:\documents and settings\Slawek\Dane aplikacji\ArcaBit 2011-08-01 12:39 . 2011-08-02 15:33 -------- d-----w- c:\documents and settings\Slawek\Dane aplikacji\ArcaVirMicroScan 2011-07-30 13:51 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2011-07-30 13:51 . 2011-07-30 13:51 -------- d-----w- c:\program files\PC Connectivity Solution 2011-07-30 13:50 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2011-07-30 13:50 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2011-07-30 13:50 . 2011-05-18 08:12 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2011-07-30 13:50 . 2011-05-18 08:12 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-06 17:52 . 2010-04-28 19:39 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2010-04-28 19:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-26 14:30 . 2010-04-18 16:12 73216 ----a-w- c:\windows\system32\ff_vfw.dll 2011-05-26 14:24 . 2010-12-18 15:08 44032 ----a-w- c:\windows\system32\ff_acm.acm 2011-05-18 08:13 . 2011-01-22 12:29 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll 2011-05-18 08:13 . 2011-01-22 12:29 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll 2011-05-18 08:13 . 2010-07-06 17:04 75264 ----a-w- c:\windows\system32\nmwcdcls.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-03-21 . C57B35FBBB25E8314E022F8D13BE5A57 . 1014784 . . [5.1.2600.3541] . . c:\windows\ERDNT\cache\kernel32.dll [-] 2009-03-21 . A74820A5953B7AC3AC19F5FDFBFF5F87 . 1014784 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll [7] 2009-03-21 . C57B35FBBB25E8314E022F8D13BE5A57 . 1014784 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll [7] 2009-03-21 . 77C951B64413E80EEC0359426DCA938B . 1018368 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll [7] 2009-03-21 . 6CFFFD4A53F08D1BE0222D859BF93B29 . 1020416 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [7] 2009-03-21 . 6B29B8F00F7CDE46C69BDED5253B96B9 . 1017856 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll [7] 2004-08-03 . 578BB2F44597CB53451DED99013573F3 . 1012224 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426$\kernel32.dll . [7] 2010-05-06 . 0B3B306F2DB4744C1BDDB13F1677FD1D . 5950976 . . [8.00.6001.18928] . . c:\windows\SoftwareDistribution\Download\a023776d286e1ee08bd4cbd247454683\SP3GDR\mshtml.dll [7] 2010-05-06 . E8193FA2DE3B651D7CB3503063EDF977 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll [7] 2010-05-06 . E8193FA2DE3B651D7CB3503063EDF977 . 5953024 . . [8.00.6001.23019] . . c:\windows\SoftwareDistribution\Download\a023776d286e1ee08bd4cbd247454683\SP3QFE\mshtml.dll [7] 2010-05-04 . 67522C420C3D91954EFAFD058D5C8BF7 . 3600384 . . [7.00.6000.17063] . . c:\windows\ERDNT\cache\mshtml.dll [-] 2010-05-04 . D4C0FB6F3C9E901FA48DC4E5E2459125 . 3600384 . . [7.00.6000.17063] . . c:\windows\system32\mshtml.dll [7] 2010-05-04 . 67522C420C3D91954EFAFD058D5C8BF7 . 3600384 . . [7.00.6000.17063] . . c:\windows\system32\dllcache\mshtml.dll [7] 2010-05-04 . CD5C143FFF789FF3052D769591BD9087 . 3603456 . . [7.00.6000.21264] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll [7] 2010-03-11 . 037CFCD751D4493D66D961EC2615E11B . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll [7] 2010-03-11 . C2A8C8E082C66A82E12983131C331C0B . 3599872 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll [-] 2010-02-26 . 02B1243AE12168E5E9CC0D0674C9F683 . 3094016 . . [6.00.2900.3676] . . c:\windows\$hf_mig$\KB980182\SP2QFE\mshtml.dll [-] 2010-02-26 . C376E9D25D29683C10DD8EB5D5AE4014 . 3094016 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3GDR\mshtml.dll [-] 2010-02-26 . C74BC53E7B7C2065664D64ECB02F3089 . 3094528 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll [7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll [7] 2004-08-03 . 687FF56421840ACD46B7A3939ED581E7 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie7\mshtml.dll . ((((((((((((((((((((((((((((( SnapShot_2011-05-31_16.56.50 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-08 11:30 . 2011-08-08 11:30 16384 c:\windows\temp\Perflib_Perfdata_b4.dat - 2011-05-31 12:22 . 2008-08-26 08:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys + 2011-07-30 13:51 . 2008-08-26 08:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys + 2011-07-30 13:50 . 2011-05-18 08:13 75264 c:\windows\system32\DRVSTORE\nmwcdnsuc_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll + 2011-07-30 13:50 . 2011-05-18 08:13 75264 c:\windows\system32\DRVSTORE\nmwcdnsu_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll + 2011-07-30 13:50 . 2011-05-18 08:13 75264 c:\windows\system32\DRVSTORE\ccdcmbo_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll + 2011-07-30 13:50 . 2011-05-18 08:12 23168 c:\windows\system32\DRVSTORE\ccdcmbo_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\ccdcmbo.sys + 2011-07-30 13:50 . 2011-05-18 08:13 75264 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll + 2011-07-30 13:50 . 2011-05-18 08:12 18176 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\ccdcmb.sys + 2011-07-30 13:51 . 2011-07-30 13:51 10134 c:\windows\Installer\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}\ARPPRODUCTICON.exe + 2011-07-30 13:52 . 2011-07-30 13:52 24255 c:\windows\Installer\{2CC53A53-44F4-4667-8584-2FFC9ACB2242}\ARPPRODUCTICON.exe + 2011-07-30 13:52 . 2011-07-30 13:52 10134 c:\windows\Installer\{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}\ARPPRODUCTICON.exe + 2011-07-30 13:50 . 2011-05-18 08:09 8576 c:\windows\system32\DRVSTORE\nmwcdnsuc_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdnsuc.sys + 2011-07-30 13:50 . 2011-05-18 08:12 8192 c:\windows\system32\DRVSTORE\ccdcmbm_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\usbser_lowerflt.sys + 2011-07-30 13:50 . 2011-05-18 08:12 8192 c:\windows\system32\DRVSTORE\ccdcmbj_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\usbser_lowerfltj.sys + 2011-07-30 13:50 . 2011-07-30 13:50 3262 c:\windows\Installer\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}\ARPPRODUCTICON.exe + 2011-07-30 13:51 . 2011-01-03 12:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll - 2011-05-31 12:22 . 2011-01-03 12:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll + 2011-07-30 13:50 . 2011-05-18 08:09 137600 c:\windows\system32\DRVSTORE\nmwcdnsu_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdnsu.sys + 2011-07-30 13:50 . 2011-05-18 08:13 605696 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcocls.dll + 2011-07-30 13:50 . 2011-05-18 08:13 123904 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\ccdcmbwu.dll + 2011-07-30 13:55 . 2011-07-30 13:55 689152 c:\windows\Installer\6b47a9.msi + 2011-07-30 13:52 . 2011-07-30 13:52 689664 c:\windows\Installer\6b454b.msi + 2011-07-30 13:51 . 2011-07-30 13:51 496128 c:\windows\Installer\6b44f9.msi + 2011-07-30 13:50 . 2011-07-30 13:50 337408 c:\windows\Installer\6b44b9.msi + 2011-07-30 13:55 . 2011-07-30 13:55 287934 c:\windows\Installer\{07D77970-B205-460C-84E4-263F30455597}\ARPPRODUCTICON.exe - 2011-05-31 12:22 . 2011-01-03 11:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll + 2011-07-30 13:51 . 2011-01-03 11:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll + 2011-07-30 13:50 . 2011-05-18 08:09 1461992 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\wdfcoinstaller01009.dll + 2011-07-30 13:52 . 2011-07-30 13:52 3891712 c:\windows\Installer\6b4589.msi + 2010-04-18 15:31 . 2011-07-13 15:02 49089992 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-18 202256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= . R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [2010-11-21 4256] . Zawartość folderu 'Zaplanowane zadania' . 2011-08-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-796845957-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . 2011-08-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-796845957-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . . ------- Skan uzupełniający ------- . IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: Interfaces\{EBFCE052-A2A5-4A59-BF58-1FCFDFF2533F}: NameServer = 178.216.136.34 8.8.8.8 FF - ProfilePath - c:\documents and settings\Slawek\Dane aplikacji\Mozilla\Firefox\Profiles\3gzuq7eo.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-08 13:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(3868) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Czas ukończenia: 2011-08-08 13:40:56 ComboFix-quarantined-files.txt 2011-08-08 11:40 ComboFix2.txt 2011-08-02 14:45 ComboFix3.txt 2011-07-09 18:00 ComboFix4.txt 2011-06-11 16:19 ComboFix5.txt 2011-08-08 11:10 . Przed: 3 058 737 152 bajtów wolnych Po: 3 047 677 952 bajtów wolnych . - - End Of File - - 5632C91643FCA093D7D9737EA569DD8F ComboFix 11-09-18.01 - slawek 11-09-18 21:07:00.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.959.576 [GMT 2:00] Uruchomiony z: j:\pawel\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\LocalService\prf1.tmp c:\documents and settings\slawek\WINDOWS c:\windows\$MSI31Uninstall_KB893803v2$ c:\windows\$MSI31Uninstall_KB893803v2$\msi.dll c:\windows\$MSI31Uninstall_KB893803v2$\msiexec.exe c:\windows\$MSI31Uninstall_KB893803v2$\msihnd.dll c:\windows\$MSI31Uninstall_KB893803v2$\msimsg.dll c:\windows\$MSI31Uninstall_KB893803v2$\msisip.dll c:\windows\$MSI31Uninstall_KB893803v2$\reg00013 c:\windows\$MSI31Uninstall_KB893803v2$\reg00014 c:\windows\$MSI31Uninstall_KB893803v2$\reg00015 c:\windows\$MSI31Uninstall_KB893803v2$\reg00016 c:\windows\$MSI31Uninstall_KB893803v2$\reg00017 c:\windows\$MSI31Uninstall_KB893803v2$\reg00018 c:\windows\$MSI31Uninstall_KB893803v2$\reg00019 c:\windows\$MSI31Uninstall_KB893803v2$\reg00020 c:\windows\$MSI31Uninstall_KB893803v2$\reg00021 c:\windows\$MSI31Uninstall_KB893803v2$\reg00022 c:\windows\$MSI31Uninstall_KB893803v2$\reg00023 c:\windows\$MSI31Uninstall_KB893803v2$\reg00024 c:\windows\$MSI31Uninstall_KB893803v2$\reg00025 c:\windows\$MSI31Uninstall_KB893803v2$\reg00026 c:\windows\$MSI31Uninstall_KB893803v2$\reg00027 c:\windows\$MSI31Uninstall_KB893803v2$\reg00028 c:\windows\$MSI31Uninstall_KB893803v2$\reg00029 c:\windows\$MSI31Uninstall_KB893803v2$\reg00030 c:\windows\$MSI31Uninstall_KB893803v2$\reg00031 c:\windows\$MSI31Uninstall_KB893803v2$\reg00032 c:\windows\$MSI31Uninstall_KB893803v2$\reg00033 c:\windows\$MSI31Uninstall_KB893803v2$\reg00034 c:\windows\$MSI31Uninstall_KB893803v2$\reg00035 c:\windows\$MSI31Uninstall_KB893803v2$\reg00036 c:\windows\$MSI31Uninstall_KB893803v2$\reg00037 c:\windows\$MSI31Uninstall_KB893803v2$\reg00038 c:\windows\$MSI31Uninstall_KB893803v2$\reg00039 c:\windows\$MSI31Uninstall_KB893803v2$\reg00040 c:\windows\$MSI31Uninstall_KB893803v2$\reg00041 c:\windows\$MSI31Uninstall_KB893803v2$\reg00042 c:\windows\$MSI31Uninstall_KB893803v2$\reg00043 c:\windows\$MSI31Uninstall_KB893803v2$\reg00044 c:\windows\$MSI31Uninstall_KB893803v2$\reg00045 c:\windows\$MSI31Uninstall_KB893803v2$\reg00046 c:\windows\$MSI31Uninstall_KB893803v2$\reg00047 c:\windows\$MSI31Uninstall_KB893803v2$\reg00048 c:\windows\$MSI31Uninstall_KB893803v2$\reg00051 c:\windows\$MSI31Uninstall_KB893803v2$\reg00052 c:\windows\$MSI31Uninstall_KB893803v2$\reg00053 c:\windows\$MSI31Uninstall_KB893803v2$\reg00054 c:\windows\$MSI31Uninstall_KB893803v2$\reg00055 c:\windows\$MSI31Uninstall_KB893803v2$\reg00056 c:\windows\$MSI31Uninstall_KB893803v2$\reg00057 c:\windows\$MSI31Uninstall_KB893803v2$\reg00058 c:\windows\$MSI31Uninstall_KB893803v2$\reg00059 c:\windows\$MSI31Uninstall_KB893803v2$\reg00060 c:\windows\$MSI31Uninstall_KB893803v2$\reg00061 c:\windows\$MSI31Uninstall_KB893803v2$\reg00062 c:\windows\$MSI31Uninstall_KB893803v2$\reg00063 c:\windows\$MSI31Uninstall_KB893803v2$\reg00064 c:\windows\$MSI31Uninstall_KB893803v2$\reg00065 c:\windows\$MSI31Uninstall_KB893803v2$\reg00066 c:\windows\$MSI31Uninstall_KB893803v2$\reg00067 c:\windows\$MSI31Uninstall_KB893803v2$\reg00068 c:\windows\$MSI31Uninstall_KB893803v2$\reg00069 c:\windows\$MSI31Uninstall_KB893803v2$\reg00070 c:\windows\$MSI31Uninstall_KB893803v2$\reg00071 c:\windows\$MSI31Uninstall_KB893803v2$\reg00072 c:\windows\$MSI31Uninstall_KB893803v2$\reg00073 c:\windows\$MSI31Uninstall_KB893803v2$\reg00074 c:\windows\$MSI31Uninstall_KB893803v2$\reg00075 c:\windows\$MSI31Uninstall_KB893803v2$\reg00076 c:\windows\$MSI31Uninstall_KB893803v2$\reg00077 c:\windows\$MSI31Uninstall_KB893803v2$\reg00078 c:\windows\$MSI31Uninstall_KB893803v2$\reg00079 c:\windows\$MSI31Uninstall_KB893803v2$\reg00080 c:\windows\$MSI31Uninstall_KB893803v2$\reg00081 c:\windows\$MSI31Uninstall_KB893803v2$\reg00082 c:\windows\$MSI31Uninstall_KB893803v2$\reg00083 c:\windows\$MSI31Uninstall_KB893803v2$\reg00084 c:\windows\$MSI31Uninstall_KB893803v2$\reg00085 c:\windows\$MSI31Uninstall_KB893803v2$\reg00086 c:\windows\$MSI31Uninstall_KB893803v2$\reg00087 c:\windows\$MSI31Uninstall_KB893803v2$\reg00088 c:\windows\$MSI31Uninstall_KB893803v2$\reg00089 c:\windows\$MSI31Uninstall_KB893803v2$\reg00090 c:\windows\$MSI31Uninstall_KB893803v2$\reg00091 c:\windows\$MSI31Uninstall_KB893803v2$\reg00092 c:\windows\$MSI31Uninstall_KB893803v2$\reg00093 c:\windows\$MSI31Uninstall_KB893803v2$\reg00094 c:\windows\$MSI31Uninstall_KB893803v2$\reg00095 c:\windows\$MSI31Uninstall_KB893803v2$\reg00096 c:\windows\$MSI31Uninstall_KB893803v2$\reg00097 c:\windows\$MSI31Uninstall_KB893803v2$\reg00098 c:\windows\$MSI31Uninstall_KB893803v2$\reg00099 c:\windows\$MSI31Uninstall_KB893803v2$\reg00100 c:\windows\$MSI31Uninstall_KB893803v2$\reg00101 c:\windows\$MSI31Uninstall_KB893803v2$\reg00102 c:\windows\$MSI31Uninstall_KB893803v2$\reg00103 c:\windows\$MSI31Uninstall_KB893803v2$\reg00104 c:\windows\$MSI31Uninstall_KB893803v2$\reg00105 c:\windows\$MSI31Uninstall_KB893803v2$\reg00106 c:\windows\$MSI31Uninstall_KB893803v2$\reg00107 c:\windows\$MSI31Uninstall_KB893803v2$\reg00108 c:\windows\$MSI31Uninstall_KB893803v2$\reg00109 c:\windows\$MSI31Uninstall_KB893803v2$\reg00110 c:\windows\$MSI31Uninstall_KB893803v2$\reg00111 c:\windows\$MSI31Uninstall_KB893803v2$\reg00112 c:\windows\$MSI31Uninstall_KB893803v2$\reg00113 c:\windows\$MSI31Uninstall_KB893803v2$\reg00114 c:\windows\$MSI31Uninstall_KB893803v2$\reg00115 c:\windows\$MSI31Uninstall_KB893803v2$\reg00116 c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.inf c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.txt c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll c:\windows\DPINST.LOG c:\windows\msmqinst.log c:\windows\system\PHONETIC.FON . . ((((((((((((((((((((((((( Pliki utworzone od 2011-08-18 do 2011-09-18 ))))))))))))))))))))))))))))))) . . 2011-09-04 14:38 . 2004-08-03 21:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2011-09-04 14:38 . 2004-08-03 21:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys 2011-09-04 14:37 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2011-09-03 17:42 . 2011-09-03 17:42 -------- d-----w- c:\windows\system32\wbem\Repository 2011-08-27 09:21 . 2011-08-27 09:21 -------- d-----w- c:\windows\Sun 2011-08-27 09:21 . 2011-08-27 09:21 -------- d-----w- c:\program files\Common Files\Java 2011-08-27 09:20 . 2011-08-27 09:20 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-08-27 09:20 . 2011-08-27 09:20 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-08-27 09:20 . 2011-08-27 09:20 -------- d-----w- c:\program files\Java . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-31 15:00 . 2011-08-08 21:27 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-14 14:37 . 2011-08-14 14:37 861450 ----a-w- C:\cpu-z_1.58-32bits-en.zip 2011-08-12 17:07 . 2011-08-08 19:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-08 21:38 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-08-08 20:58 . 2011-08-08 20:18 21052 ----atw- c:\windows\system32\SIntfNT.dll 2011-08-08 20:58 . 2011-08-08 20:18 15144 ----atw- c:\windows\system32\SIntf32.dll 2011-08-08 20:58 . 2011-08-08 20:18 12067 ----atw- c:\windows\system32\SIntf16.dll 2011-08-08 16:40 . 2011-08-08 16:32 90112 ----a-w- c:\windows\DUMP4fd5.tmp 2011-08-08 16:32 . 2011-08-08 16:32 90112 ----a-w- c:\windows\DUMP50d0.tmp 2011-08-08 16:31 . 2011-08-08 16:32 90112 ----a-w- c:\windows\DUMP50cf.tmp 2011-08-08 16:30 . 2011-08-08 16:32 90112 ----a-w- c:\windows\DUMP5092.tmp 2011-08-08 16:27 . 2011-08-08 16:32 90112 ----a-w- c:\windows\DUMP50bf.tmp 2011-08-08 16:27 . 2011-08-08 16:32 90112 ----a-w- c:\windows\DUMP5091.tmp 2011-08-08 16:26 . 2011-08-08 16:32 90112 ----a-w- c:\windows\DUMP4f39.tmp 2011-08-08 16:23 . 2011-08-08 16:32 90112 ----a-w- c:\windows\DUMP50a0.tmp 2011-08-08 16:23 . 2011-08-08 16:32 90112 ----a-w- c:\windows\DUMP55e0.tmp 2011-08-08 16:22 . 2011-08-08 16:32 90112 ----a-w- c:\windows\DUMP5738.tmp 2011-08-02 14:52 . 2011-08-08 14:05 258640 ----a-w- C:\arcavirmicroscan.exe 2011-07-19 18:08 . 2011-08-08 21:19 74752 ----a-w- c:\windows\system32\ff_vfw.dll 2011-07-19 18:06 . 2011-08-08 21:19 48128 ----a-w- c:\windows\system32\ff_acm.acm 2011-09-17 15:12 . 2011-08-08 21:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504] "RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608] "DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-08-08 273544] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11-08-08 21:45 1691480] S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [11-08-08 21:59 36152] S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [11-08-08 21:59 55296] . Zawartość folderu 'Zaplanowane zadania' . 2011-09-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . 2011-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://msn.gazeta.pl/msn/0,0.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: Interfaces\{4E3180E9-4D67-4185-B14E-75017B21FD7E}: NameServer = 178.216.136.34 8.8.8.8 FF - ProfilePath - c:\documents and settings\slawek\Dane aplikacji\Mozilla\Firefox\Profiles\5b0811yk.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-nwiz - nwiz.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-18 21:11 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2011-09-18 21:14:12 ComboFix-quarantined-files.txt 2011-09-18 19:14 ComboFix2.txt 2011-08-08 11:40 . Przed: 4 121 006 080 bajtów wolnych Po: 4 282 847 232 bajtów wolnych . - - End Of File - - CE44A611B4E2919A83B5B0E80CDAA4A8 ComboFix 11-10-09.01 - slawek 11-10-09 18:51:01.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.959.686 [GMT 2:00] Uruchomiony z: j:\pawel\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\$NtUninstallKB43884$ c:\windows\$NtUninstallKB43884$\1208753311\@ c:\windows\$NtUninstallKB43884$\1208753311\click.tlb c:\windows\$NtUninstallKB43884$\1208753311\L\dgoamere c:\windows\$NtUninstallKB43884$\1208753311\loader.tlb c:\windows\$NtUninstallKB43884$\1208753311\U\@00000001 c:\windows\$NtUninstallKB43884$\1208753311\U\@000000c0 c:\windows\$NtUninstallKB43884$\1208753311\U\@000000cb c:\windows\$NtUninstallKB43884$\1208753311\U\@000000cf c:\windows\$NtUninstallKB43884$\1208753311\U\@80000000 c:\windows\$NtUninstallKB43884$\1208753311\U\@800000c0 c:\windows\$NtUninstallKB43884$\1208753311\U\@800000cb c:\windows\$NtUninstallKB43884$\1208753311\U\@800000cf c:\windows\$NtUninstallKB43884$\936360613 c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735} c:\windows\2669415496 c:\windows\system32\ c:\windows\system32\c_87860.nls . Zainfekowana kopia c:\windows\system32\drivers\afd.sys została znaleziona. Problem naprawiono Plik odzyskano z - The cat found it :) Zainfekowana kopia c:\program files\NVIDIA Corporation\NetworkAccessManager\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{4965273B-1D4A-4C67-BCFB-3FD229D02B14}\RP76\A0007051.exe . Zainfekowana kopia c:\program files\Java\jre6\bin\jqs.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{4965273B-1D4A-4C67-BCFB-3FD229D02B14}\RP76\A0007050.exe . Zainfekowana kopia c:\program files\NVIDIA Corporation\NetworkAccessManager\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{4965273B-1D4A-4C67-BCFB-3FD229D02B14}\RP76\A0007068.exe . Zainfekowana kopia c:\windows\system32\nvsvc32.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{4965273B-1D4A-4C67-BCFB-3FD229D02B14}\RP76\A0007049.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_480c1c9f . . ((((((((((((((((((((((((( Pliki utworzone od 2011-09-09 do 2011-10-09 ))))))))))))))))))))))))))))))) . . 2011-10-09 16:47 . 2008-08-14 10:34 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys 2011-10-09 16:47 . 2008-08-14 10:34 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-10-09 16:06 . 2011-10-09 16:06 -------- d-----w- c:\program files\Trend Micro 2011-10-09 15:32 . 2011-10-09 15:32 -------- d-----w- c:\documents and settings\slawek\.idgloader 2011-10-09 15:21 . 2011-09-18 19:01 4215538 ----a-r- C:\Comb.exe 2011-10-09 14:18 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-09 14:13 . 2011-10-09 14:13 -------- d-sh--w- c:\documents and settings\slawek\Ustawienia lokalne\Dane aplikacji\480c1c9f 2011-10-08 17:49 . 2011-10-08 17:49 -------- d-----w- c:\documents and settings\slawek\Dane aplikacji\Rovio 2011-10-08 17:44 . 2011-10-08 17:44 -------- d-----w- c:\documents and settings\slawek\Ustawienia lokalne\Dane aplikacji\PackageAware . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-27 09:20 . 2011-08-27 09:20 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-08-27 09:20 . 2011-08-27 09:20 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-08-14 14:37 . 2011-08-14 14:37 861450 ----a-w- C:\cpu-z_1.58-32bits-en.zip 2011-08-12 17:07 . 2011-08-08 19:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-08 21:38 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-08-08 20:58 . 2011-08-08 20:18 21052 ----atw- c:\windows\system32\SIntfNT.dll 2011-08-08 20:58 . 2011-08-08 20:18 15144 ----atw- c:\windows\system32\SIntf32.dll 2011-08-08 20:58 . 2011-08-08 20:18 12067 ----atw- c:\windows\system32\SIntf16.dll 2011-08-02 14:52 . 2011-08-08 14:05 258640 ----a-w- C:\arcavirmicroscan.exe 2011-07-19 18:08 . 2011-08-08 21:19 74752 ----a-w- c:\windows\system32\ff_vfw.dll 2011-07-19 18:06 . 2011-08-08 21:19 48128 ----a-w- c:\windows\system32\ff_acm.acm 2011-10-08 17:30 . 2011-08-08 21:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-09-18_19.11.39 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-08 21:27 . 2010-03-29 22:45 20824 c:\windows\system32\drivers\mbam.sys + 2009-01-21 15:11 . 2009-01-21 15:11 473600 c:\windows\system32\SkanerOnline.dll + 2011-02-18 22:40 . 2011-02-18 22:40 773968 c:\windows\system32\msvcr100.dll + 2011-02-19 21:03 . 2011-02-19 21:03 421200 c:\windows\system32\msvcp100.dll + 2011-10-08 17:49 . 2011-10-08 17:49 728576 c:\windows\Installer\22ea1d6.msi + 2011-10-08 17:49 . 2011-10-08 17:49 100061 c:\windows\Installer\{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}\AngryBirds.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504] "RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608] "DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-08-08 273544] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"= . R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480] R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2010-02-08 36152] R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [2009-03-18 55296] . . Zawartość folderu 'Zaplanowane zadania' . 2011-10-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . 2011-10-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://msn.gazeta.pl/msn/0,0.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\slawek\Dane aplikacji\Mozilla\Firefox\Profiles\5b0811yk.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . SafeBoot-Wdf01000.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-09 19:00 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(532) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\browselc.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll c:\progra~1\SPYBOT~1\SDHelper.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\windows\system32\wmvcore.dll c:\windows\system32\WMASF.DLL c:\program files\Malwarebytes' Anti-Malware\mbamext.dll c:\progra~1\ZIPGEN~1\contmenu.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe c:\windows\system32\imapi.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2011-10-09 19:01:42 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-10-09 17:01 ComboFix2.txt 2011-09-18 19:14 ComboFix3.txt 2011-08-08 11:40 . Przed: 4 093 321 216 bajtów wolnych Po: 4 150 042 624 bajtów wolnych . - - End Of File - - 5D913CB4F6103F2E826427C914E22297 ComboFix 11-10-09.01 - slawek 11-10-09 19:46:09.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.959.584 [GMT 2:00] Uruchomiony z: j:\pawel\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((( Pliki utworzone od 2011-09-09 do 2011-10-09 ))))))))))))))))))))))))))))))) . . 2011-10-09 17:15 . 2011-10-09 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-09 17:15 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-09 16:47 . 2008-08-14 10:34 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys 2011-10-09 16:47 . 2008-08-14 10:34 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-10-09 15:32 . 2011-10-09 15:32 -------- d-----w- c:\documents and settings\slawek\.idgloader 2011-10-09 14:13 . 2011-10-09 14:13 -------- d-sh--w- c:\documents and settings\slawek\Ustawienia lokalne\Dane aplikacji\480c1c9f 2011-10-08 17:49 . 2011-10-08 17:49 -------- d-----w- c:\documents and settings\slawek\Dane aplikacji\Rovio 2011-10-08 17:44 . 2011-10-08 17:44 -------- d-----w- c:\documents and settings\slawek\Ustawienia lokalne\Dane aplikacji\PackageAware . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-27 09:20 . 2011-08-27 09:20 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-08-27 09:20 . 2011-08-27 09:20 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-08-14 14:37 . 2011-08-14 14:37 861450 ----a-w- C:\cpu-z_1.58-32bits-en.zip 2011-08-12 17:07 . 2011-08-08 19:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-08 21:38 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-08-08 20:58 . 2011-08-08 20:18 21052 ----atw- c:\windows\system32\SIntfNT.dll 2011-08-08 20:58 . 2011-08-08 20:18 15144 ----atw- c:\windows\system32\SIntf32.dll 2011-08-08 20:58 . 2011-08-08 20:18 12067 ----atw- c:\windows\system32\SIntf16.dll 2011-08-02 14:52 . 2011-08-08 14:05 258640 ----a-w- C:\arcavirmicroscan.exe 2011-07-19 18:08 . 2011-08-08 21:19 74752 ----a-w- c:\windows\system32\ff_vfw.dll 2011-07-19 18:06 . 2011-08-08 21:19 48128 ----a-w- c:\windows\system32\ff_acm.acm 2011-10-08 17:30 . 2011-08-08 21:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-09-18_19.11.39 ))))))))))))))))))))))))))))))))))))))))) . + 2011-10-09 17:38 . 2011-10-09 17:38 16384 c:\windows\Temp\Perflib_Perfdata_330.dat + 2009-01-21 15:11 . 2009-01-21 15:11 473600 c:\windows\system32\SkanerOnline.dll + 2011-02-18 22:40 . 2011-02-18 22:40 773968 c:\windows\system32\msvcr100.dll + 2011-02-19 21:03 . 2011-02-19 21:03 421200 c:\windows\system32\msvcp100.dll + 2011-10-08 17:49 . 2011-10-08 17:49 728576 c:\windows\Installer\22ea1d6.msi + 2011-10-08 17:49 . 2011-10-08 17:49 100061 c:\windows\Installer\{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}\AngryBirds.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504] "RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608] "DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-08-08 273544] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"= . S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11-08-08 21:45 1691480] S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [11-08-08 21:59 36152] S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [11-08-08 21:59 55296] . Zawartość folderu 'Zaplanowane zadania' . 2011-10-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . 2011-10-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://msn.gazeta.pl/msn/0,0.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: Interfaces\{4E3180E9-4D67-4185-B14E-75017B21FD7E}: NameServer = 178.216.136.34 8.8.8.8 FF - ProfilePath - c:\documents and settings\slawek\Dane aplikacji\Mozilla\Firefox\Profiles\5b0811yk.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-09 19:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(3124) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\browselc.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll . Czas ukończenia: 2011-10-09 19:53:36 ComboFix-quarantined-files.txt 2011-10-09 17:53 ComboFix2.txt 2011-10-09 17:01 ComboFix3.txt 2011-09-18 19:14 ComboFix4.txt 2011-08-08 11:40 . Przed: 4 100 329 472 bajtów wolnych Po: 4 109 242 368 bajtów wolnych . - - End Of File - - 35BFB21F03F369649287E800EE074732 ComboFix 11-10-21.05 - slawek 11-10-21 22:09:22.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.959.659 [GMT 2:00] Uruchomiony z: j:\pawel\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\slawek\Ustawienia lokalne\Dane aplikacji\480c1c9f c:\documents and settings\slawek\Ustawienia lokalne\Dane aplikacji\480c1c9f\@ c:\documents and settings\slawek\Ustawienia lokalne\Dane aplikacji\480c1c9f\U\80000000.@ c:\documents and settings\slawek\Ustawienia lokalne\Dane aplikacji\480c1c9f\X c:\windows\help\tours\htmltour\unlock_playing.htm . . ((((((((((((((((((((((((( Pliki utworzone od 2011-09-21 do 2011-10-21 ))))))))))))))))))))))))))))))) . . 2011-10-15 18:47 . 2011-10-15 18:47 -------- d-----w- c:\program files\Common Files\xing shared 2011-10-09 17:57 . 2011-10-09 18:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-10-09 17:15 . 2011-10-09 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-09 17:15 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-09 16:47 . 2008-08-14 10:34 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys 2011-10-09 16:47 . 2008-08-14 10:34 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-10-09 15:32 . 2011-10-09 15:32 -------- d-----w- c:\documents and settings\slawek\.idgloader 2011-10-08 17:49 . 2011-10-08 17:49 -------- d-----w- c:\documents and settings\slawek\Dane aplikacji\Rovio 2011-10-08 17:44 . 2011-10-08 17:44 -------- d-----w- c:\documents and settings\slawek\Ustawienia lokalne\Dane aplikacji\PackageAware . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-15 18:47 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-08-27 09:20 . 2011-08-27 09:20 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-08-27 09:20 . 2011-08-27 09:20 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-08-14 14:37 . 2011-08-14 14:37 861450 ----a-w- C:\cpu-z_1.58-32bits-en.zip 2011-08-12 17:07 . 2011-08-08 19:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-08 20:58 . 2011-08-08 20:18 21052 ----atw- c:\windows\system32\SIntfNT.dll 2011-08-08 20:58 . 2011-08-08 20:18 15144 ----atw- c:\windows\system32\SIntf32.dll 2011-08-08 20:58 . 2011-08-08 20:18 12067 ----atw- c:\windows\system32\SIntf16.dll 2011-08-02 14:52 . 2011-08-08 14:05 258640 ----a-w- C:\arcavirmicroscan.exe 2011-10-08 17:30 . 2011-08-08 21:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-09-18_19.11.39 ))))))))))))))))))))))))))))))))))))))))) . + 2011-10-21 15:16 . 2011-10-21 15:16 16384 c:\windows\Temp\Perflib_Perfdata_52c.dat + 2011-10-15 18:47 . 2011-10-15 18:47 18944 c:\windows\Installer\48188.msi + 2011-10-15 18:47 . 2011-10-15 18:47 92672 c:\windows\Installer\48172.msi - 2011-08-08 21:38 . 2011-08-08 21:38 5632 c:\windows\system32\pndx5032.dll + 2011-08-08 21:38 . 2011-10-15 18:47 5632 c:\windows\system32\pndx5032.dll + 2011-08-08 21:38 . 2011-10-15 18:47 6656 c:\windows\system32\pndx5016.dll - 2011-08-08 21:38 . 2011-08-08 21:38 6656 c:\windows\system32\pndx5016.dll + 2009-01-21 15:11 . 2009-01-21 15:11 473600 c:\windows\system32\SkanerOnline.dll + 2011-08-08 21:38 . 2011-10-15 18:47 198832 c:\windows\system32\rmoc3260.dll - 2011-08-08 21:38 . 2011-08-08 21:38 272896 c:\windows\system32\pncrt.dll + 2011-08-08 21:38 . 2011-10-15 18:47 272896 c:\windows\system32\pncrt.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504] "RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608] "DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-10-15 273528] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"= . S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11-08-08 21:45 1691480] S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [11-08-08 21:59 36152] S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [11-08-08 21:59 55296] . Zawartość folderu 'Zaplanowane zadania' . 2011-10-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2011-10-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://msn.gazeta.pl/msn/0,0.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: Interfaces\{4E3180E9-4D67-4185-B14E-75017B21FD7E}: NameServer = 178.216.136.34 8.8.8.8 FF - ProfilePath - c:\documents and settings\slawek\Dane aplikacji\Mozilla\Firefox\Profiles\5b0811yk.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-21 22:14 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2011-10-21 22:16:47 ComboFix-quarantined-files.txt 2011-10-21 20:16 ComboFix2.txt 2011-10-09 17:53 ComboFix3.txt 2011-10-09 17:01 ComboFix4.txt 2011-09-18 19:14 ComboFix5.txt 2011-10-21 20:07 . Przed: 3 682 721 792 bajtów wolnych Po: 3 784 781 824 bajtów wolnych . - - End Of File - - 5938079AAC9775E0434C19852925295E ComboFix 11-11-13.02 - slawek 11-11-13 18:29:53.5.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.959.748 [GMT 1:00] Uruchomiony z: j:\pawel\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((( Pliki utworzone od 2011-10-13 do 2011-11-13 ))))))))))))))))))))))))))))))) . . 2011-11-11 16:47 . 2011-11-11 16:47 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nokia 2011-11-11 16:44 . 2011-11-11 16:44 -------- d-----w- c:\program files\PC Connectivity Solution 2011-11-11 16:44 . 2011-08-17 11:56 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2011-11-11 16:44 . 2011-08-17 11:56 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2011-11-11 16:44 . 2011-08-17 11:56 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2011-11-11 16:44 . 2011-08-17 11:56 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys 2011-10-15 18:47 . 2011-10-15 18:47 -------- d-----w- c:\program files\Common Files\xing shared . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-15 18:47 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-08-31 15:00 . 2011-10-09 17:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-27 09:20 . 2011-08-27 09:20 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-08-27 09:20 . 2011-08-27 09:20 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-08-17 11:57 . 2011-08-08 21:57 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll 2011-08-17 11:57 . 2011-08-08 21:57 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll 2011-08-17 11:57 . 2011-08-08 21:57 75264 ----a-w- c:\windows\system32\nmwcdcls.dll 2011-10-08 17:30 . 2011-08-08 21:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-09-18_19.11.39 ))))))))))))))))))))))))))))))))))))))))) . + 2001-10-26 16:15 . 2011-11-11 16:34 49492 c:\windows\system32\perfc015.dat - 2001-10-26 16:15 . 2011-09-04 14:39 49492 c:\windows\system32\perfc015.dat + 2001-08-17 21:30 . 2011-11-11 16:34 39992 c:\windows\system32\perfc009.dat - 2001-08-17 21:30 . 2011-09-04 14:39 39992 c:\windows\system32\perfc009.dat + 2011-11-11 16:44 . 2008-08-26 09:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys - 2011-08-08 21:57 . 2008-08-26 08:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys + 2011-11-11 16:44 . 2011-08-17 11:57 75264 c:\windows\system32\DRVSTORE\nmwcdnsuc_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcls.dll + 2011-11-11 16:44 . 2011-08-17 11:57 75264 c:\windows\system32\DRVSTORE\nmwcdnsu_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcls.dll + 2011-11-11 16:44 . 2011-08-17 11:57 75264 c:\windows\system32\DRVSTORE\ccdcmbo_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcls.dll + 2011-11-11 16:44 . 2011-08-17 11:56 23168 c:\windows\system32\DRVSTORE\ccdcmbo_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\ccdcmbo.sys + 2011-11-11 16:44 . 2011-08-17 11:57 75264 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcls.dll + 2011-11-11 16:44 . 2011-08-17 11:56 18176 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\ccdcmb.sys + 2011-08-08 21:57 . 2008-08-26 09:26 18816 c:\windows\system32\drivers\pccsmcfd.sys - 2011-08-08 21:57 . 2008-08-26 08:26 18816 c:\windows\system32\drivers\pccsmcfd.sys + 2011-10-15 18:47 . 2011-10-15 18:47 18944 c:\windows\Installer\48188.msi + 2011-10-15 18:47 . 2011-10-15 18:47 92672 c:\windows\Installer\48172.msi + 2011-11-11 16:43 . 2011-11-11 16:43 29184 c:\windows\Installer\1c540ff.msi + 2011-11-11 16:48 . 2011-11-11 16:48 54489 c:\windows\Installer\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\ARPPRODUCTICON.exe + 2011-11-11 16:44 . 2011-11-11 16:44 10134 c:\windows\Installer\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}\ARPPRODUCTICON.exe + 2011-08-08 21:38 . 2011-10-15 18:47 5632 c:\windows\system32\pndx5032.dll - 2011-08-08 21:38 . 2011-08-08 21:38 5632 c:\windows\system32\pndx5032.dll + 2011-08-08 21:38 . 2011-10-15 18:47 6656 c:\windows\system32\pndx5016.dll - 2011-08-08 21:38 . 2011-08-08 21:38 6656 c:\windows\system32\pndx5016.dll + 2011-11-11 16:44 . 2011-08-17 12:03 8576 c:\windows\system32\DRVSTORE\nmwcdnsuc_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdnsuc.sys + 2011-11-11 16:44 . 2011-08-17 11:56 8192 c:\windows\system32\DRVSTORE\ccdcmbm_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\usbser_lowerflt.sys + 2011-11-11 16:44 . 2011-08-17 11:56 8192 c:\windows\system32\DRVSTORE\ccdcmbj_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\usbser_lowerfltj.sys + 2011-11-11 16:44 . 2011-11-11 16:44 3262 c:\windows\Installer\{AF88496B-4BBA-4922-97E9-2582D3A28358}\ARPPRODUCTICON.exe + 2009-01-21 15:11 . 2009-01-21 15:11 473600 c:\windows\system32\SkanerOnline.dll + 2011-08-08 21:38 . 2011-10-15 18:47 198832 c:\windows\system32\rmoc3260.dll + 2011-08-08 21:38 . 2011-10-15 18:47 272896 c:\windows\system32\pncrt.dll - 2011-08-08 21:38 . 2011-08-08 21:38 272896 c:\windows\system32\pncrt.dll + 2001-10-26 16:15 . 2011-11-11 16:34 355486 c:\windows\system32\perfh015.dat - 2001-10-26 16:15 . 2011-09-04 14:39 355486 c:\windows\system32\perfh015.dat - 2001-08-17 21:30 . 2011-09-04 14:39 311604 c:\windows\system32\perfh009.dat + 2001-08-17 21:30 . 2011-11-11 16:34 311604 c:\windows\system32\perfh009.dat + 2011-02-18 23:40 . 2011-02-18 23:40 773968 c:\windows\system32\msvcr100.dll + 2011-02-19 22:03 . 2011-02-19 22:03 421200 c:\windows\system32\msvcp100.dll - 2011-08-08 21:57 . 2011-01-03 12:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll + 2011-11-11 16:44 . 2011-01-03 13:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll + 2011-11-11 16:44 . 2011-08-17 12:03 137472 c:\windows\system32\DRVSTORE\nmwcdnsu_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdnsu.sys + 2011-11-11 16:44 . 2011-08-17 11:57 605696 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcocls.dll + 2011-11-11 16:44 . 2011-08-17 11:57 123904 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\ccdcmbwu.dll + 2011-10-09 16:47 . 2008-08-14 10:34 138496 c:\windows\system32\drivers\afd.sys + 2011-10-09 16:47 . 2008-08-14 10:34 138496 c:\windows\system32\dllcache\afd.sys + 2011-02-19 22:03 . 2011-02-19 22:03 138056 c:\windows\system32\atl100.dll + 2011-11-11 16:44 . 2011-11-11 16:44 496128 c:\windows\Installer\1c5416c.msi + 2011-11-11 16:44 . 2011-11-11 16:44 337408 c:\windows\Installer\1c54126.msi - 2011-08-08 21:57 . 2011-01-03 11:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll + 2011-11-11 16:44 . 2011-01-03 12:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll + 2011-11-11 16:44 . 2011-05-18 09:09 1461992 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\wdfcoinstaller01009.dll + 2011-11-11 16:48 . 2011-11-11 16:48 1298432 c:\windows\Installer\1c544a3.msi . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504] "RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608] "DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-10-15 273528] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"= . S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11-08-08 20:45 1691480] S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [11-08-08 20:59 36152] S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [11-08-08 20:59 55296] . Zawartość folderu 'Zaplanowane zadania' . 2011-11-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2011-11-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://msn.gazeta.pl/msn/0,0.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: Interfaces\{4E3180E9-4D67-4185-B14E-75017B21FD7E}: NameServer = 178.216.136.34 8.8.8.8 FF - ProfilePath - c:\documents and settings\slawek\Dane aplikacji\Mozilla\Firefox\Profiles\5b0811yk.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-13 18:34 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(436) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll . Czas ukończenia: 2011-11-13 18:36:43 ComboFix-quarantined-files.txt 2011-11-13 17:36 ComboFix2.txt 2011-10-21 20:16 ComboFix3.txt 2011-10-09 17:53 ComboFix4.txt 2011-10-09 17:01 ComboFix5.txt 2011-11-13 17:28 . Przed: 3 729 498 112 bajtów wolnych Po: 3 841 155 072 bajtów wolnych . - - End Of File - - 7992B8C8F348C4B5BBBAC33B57C2B260 ComboFix 12-01-05.04 - slawek 12-01-06 15:39:04.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.959.664 [GMT 1:00] Uruchomiony z: j:\pawel\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\NEW3B.tmp c:\windows\system32\NEW43.tmp c:\windows\system32\NEW44.tmp c:\windows\system32\SET3A.tmp c:\windows\system32\SET3E.tmp c:\windows\system32\SET46.tmp c:\windows\system32\SET8D.tmp . . ((((((((((((((((((((((((( Pliki utworzone od 2011-12-06 do 2012-01-06 ))))))))))))))))))))))))))))))) . . 2011-12-24 16:34 . 2011-12-24 16:34 -------- d-----w- c:\documents and settings\slawek\Ustawienia lokalne\Dane aplikacji\NokiaAccount 2011-12-24 13:54 . 2011-12-31 18:33 -------- d-----w- c:\documents and settings\slawek\Dane aplikacji\gtk-2.0 2011-12-24 13:47 . 2011-12-24 13:47 -------- d-----w- c:\documents and settings\slawek\.thumbnails 2011-12-19 17:37 . 2011-12-19 17:37 -------- d-----w- c:\documents and settings\slawek\Ustawienia lokalne\Dane aplikacji\Thinstall 2011-12-07 20:32 . 2011-12-07 20:32 -------- d-----w- c:\documents and settings\slawek\Ustawienia lokalne\Dane aplikacji\Identities . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 14:24 . 2011-10-09 17:15 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-15 18:47 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-11-30 20:56 . 2011-08-08 21:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-11-13_17.34.28 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-06 09:23 . 2012-01-06 09:23 16384 c:\windows\temp\Perflib_Perfdata_294.dat + 2011-11-11 16:44 . 2011-08-17 12:03 8576 c:\windows\system32\drivers\nmwcdnsuc.sys + 2011-02-22 19:39 . 2011-02-22 19:39 240640 c:\windows\system32\xvidvfw.dll + 2011-02-22 19:37 . 2011-02-22 19:37 650752 c:\windows\system32\xvidcore.dll + 2009-01-28 18:50 . 2009-01-28 18:50 368640 c:\windows\system32\vobsub.dll + 2009-01-28 18:50 . 2009-01-28 18:50 153088 c:\windows\system32\unrar.dll + 2011-11-11 16:44 . 2011-08-17 12:03 137472 c:\windows\system32\drivers\nmwcdnsu.sys + 2004-02-22 08:11 . 2004-02-22 08:11 719872 c:\windows\system32\devil.dll + 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\system32\avisynth.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504] "RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608] "DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-15 273528] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"= . S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11-08-08 20:45 1691480] S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [11-08-08 20:59 36152] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11-11-11 17:44 137472] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11-11-11 17:44 8576] S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [11-08-08 20:59 55296] . Zawartość folderu 'Zaplanowane zadania' . 2012-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2012-01-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://msn.gazeta.pl/msn/0,0.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: Interfaces\{4E3180E9-4D67-4185-B14E-75017B21FD7E}: NameServer = 178.216.136.34 8.8.8.8 FF - ProfilePath - c:\documents and settings\slawek\Dane aplikacji\Mozilla\Firefox\Profiles\5b0811yk.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-ALLUpdate - c:\program files\ALLPlayer\ALLUpdate.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-06 15:44 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-01-06 15:47:29 ComboFix-quarantined-files.txt 2012-01-06 14:47 ComboFix2.txt 2011-11-13 17:36 ComboFix3.txt 2011-10-21 20:16 ComboFix4.txt 2011-10-09 17:53 ComboFix5.txt 2012-01-06 14:37 . Przed: 4 170 944 512 bajtów wolnych Po: 4 886 044 672 bajtów wolnych . - - End Of File - - DCC683E908B2D49EF1EF8975032AD0CD ComboFix 12-02-25.01 - slawek 12-02-25 18:52:31.7.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.959.633 [GMT 1:00] Uruchomiony z: j:\pawel\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((( Pliki utworzone od 2012-01-25 do 2012-02-25 ))))))))))))))))))))))))))))))) . . 2012-02-21 20:04 . 2001-10-26 16:29 5632 ----a-w- c:\windows\system32\ptpusb.dll 2012-02-21 20:04 . 2004-08-03 23:44 159232 ----a-w- c:\windows\system32\ptpusd.dll 2012-02-21 20:04 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2012-02-21 20:04 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2012-02-11 15:18 . 2012-02-11 15:18 -------- d-----w- c:\documents and settings\slawek\Dane aplikacji\Nokia 2012-02-11 15:08 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2012-02-11 15:08 . 2012-02-11 15:08 -------- d-----w- c:\program files\PC Connectivity Solution 2012-02-11 15:06 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2012-02-11 15:06 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2012-02-11 15:06 . 2011-11-01 09:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2012-02-11 15:06 . 2011-11-01 09:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-20 17:50 . 2012-01-22 21:34 79360 ----a-w- c:\windows\system32\ff_vfw.dll 2011-12-20 17:49 . 2012-01-22 21:34 48128 ----a-w- c:\windows\system32\ff_acm.acm 2011-12-10 14:24 . 2011-10-09 17:15 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-18 10:07 . 2011-08-08 21:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-11-13_17.34.28 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-11 15:16 . 2012-02-11 15:16 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll + 2012-02-25 09:28 . 2012-02-25 09:28 16384 c:\windows\temp\Perflib_Perfdata_238.dat - 2006-11-02 09:52 . 2006-11-02 09:52 42496 c:\windows\system32\wpdshextres.dll + 2006-11-02 09:52 . 2006-11-02 10:52 42496 c:\windows\system32\wpdshextres.dll - 2011-08-08 21:57 . 2011-08-17 11:57 75264 c:\windows\system32\nmwcdcls.dll + 2011-08-08 21:57 . 2011-11-01 09:07 75264 c:\windows\system32\nmwcdcls.dll + 2012-02-11 15:08 . 2008-08-26 08:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys - 2011-11-11 16:44 . 2008-08-26 09:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys + 2012-02-11 15:06 . 2011-11-01 09:07 75264 c:\windows\system32\DRVSTORE\nmwcdnsuc_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdcls.dll + 2012-02-11 15:06 . 2011-11-01 09:07 75264 c:\windows\system32\DRVSTORE\nmwcdnsu_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdcls.dll + 2012-02-11 15:06 . 2011-11-01 09:07 75264 c:\windows\system32\DRVSTORE\ccdcmbo_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdcls.dll + 2012-02-11 15:06 . 2011-11-01 09:07 23168 c:\windows\system32\DRVSTORE\ccdcmbo_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\ccdcmbo.sys + 2012-02-11 15:06 . 2011-11-01 09:07 75264 c:\windows\system32\DRVSTORE\ccdcmb_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdcls.dll + 2012-02-11 15:06 . 2011-11-01 09:07 18176 c:\windows\system32\DRVSTORE\ccdcmb_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\ccdcmb.sys + 2012-02-11 15:08 . 2012-02-11 15:08 10134 c:\windows\Installer\{A2AA4204-C05A-4013-888A-AD153139297F}\ARPPRODUCTICON.exe + 2012-02-11 15:17 . 2012-02-11 15:17 54489 c:\windows\Installer\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\ARPPRODUCTICON.exe + 2012-02-11 15:06 . 2011-11-01 09:07 8576 c:\windows\system32\DRVSTORE\nmwcdnsuc_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdnsuc.sys + 2012-02-11 15:06 . 2011-11-01 09:07 8192 c:\windows\system32\DRVSTORE\ccdcmbm_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\usbser_lowerflt.sys + 2012-02-11 15:06 . 2011-11-01 09:07 8192 c:\windows\system32\DRVSTORE\ccdcmbj_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\usbser_lowerfltj.sys + 2012-02-11 15:06 . 2012-02-11 15:06 3262 c:\windows\Installer\{4AA68A73-DB9C-439D-9481-981C82BD008B}\ARPPRODUCTICON.exe + 2011-02-22 19:39 . 2011-02-22 19:39 240640 c:\windows\system32\xvidvfw.dll + 2011-02-22 19:37 . 2011-02-22 19:37 650752 c:\windows\system32\xvidcore.dll + 2009-01-28 18:50 . 2009-01-28 18:50 368640 c:\windows\system32\vobsub.dll + 2009-01-28 18:50 . 2009-01-28 18:50 153088 c:\windows\system32\unrar.dll - 2011-08-08 21:57 . 2011-08-17 11:57 605696 c:\windows\system32\nmwcdcocls.dll + 2011-08-08 21:57 . 2011-11-01 09:07 605696 c:\windows\system32\nmwcdcocls.dll + 2012-02-11 15:08 . 2011-01-03 12:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll - 2011-11-11 16:44 . 2011-01-03 13:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll + 2012-02-11 15:06 . 2011-11-01 09:07 137600 c:\windows\system32\DRVSTORE\nmwcdnsu_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdnsu.sys + 2012-02-11 15:06 . 2011-11-01 09:07 605696 c:\windows\system32\DRVSTORE\ccdcmb_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdcocls.dll + 2012-02-11 15:06 . 2011-11-01 09:07 123904 c:\windows\system32\DRVSTORE\ccdcmb_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\ccdcmbwu.dll + 2004-02-22 08:11 . 2004-02-22 08:11 719872 c:\windows\system32\devil.dll + 2011-08-08 21:57 . 2011-11-01 09:07 123904 c:\windows\system32\ccdcmbwu.dll - 2011-08-08 21:57 . 2011-08-17 11:57 123904 c:\windows\system32\ccdcmbwu.dll + 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\system32\avisynth.dll + 2012-02-11 15:08 . 2012-02-11 15:08 496128 c:\windows\Installer\12a2b65.msi + 2012-02-11 15:06 . 2012-02-11 15:06 337920 c:\windows\Installer\12a2b25.msi + 2012-02-11 15:16 . 2012-02-11 15:16 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll + 2012-02-11 15:08 . 2011-01-03 11:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll - 2011-11-11 16:44 . 2011-01-03 12:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll + 2012-02-11 15:06 . 2011-11-01 09:07 1461992 c:\windows\system32\DRVSTORE\ccdcmb_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\wdfcoinstaller01009.dll + 2012-02-11 15:17 . 2012-02-11 15:17 1305600 c:\windows\Installer\12a2d6a.msi . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504] "RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608] "DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-15 273528] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"= . S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11-08-08 20:45 1691480] S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [11-08-08 20:59 36152] S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [11-08-08 20:59 55296] . Zawartość folderu 'Zaplanowane zadania' . 2012-02-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2012-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://msn.gazeta.pl/msn/0,0.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: Interfaces\{4E3180E9-4D67-4185-B14E-75017B21FD7E}: NameServer = 178.216.136.34 8.8.8.8 FF - ProfilePath - c:\documents and settings\slawek\Dane aplikacji\Mozilla\Firefox\Profiles\5b0811yk.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-25 18:59 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(5416) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Czas ukończenia: 2012-02-25 19:02:28 ComboFix-quarantined-files.txt 2012-02-25 18:02 ComboFix2.txt 2012-01-06 14:47 ComboFix3.txt 2011-11-13 17:36 ComboFix4.txt 2011-10-21 20:16 ComboFix5.txt 2012-02-25 17:50 . Przed: 3 942 035 456 bajtów wolnych Po: 4 316 286 976 bajtów wolnych . - - End Of File - - E7500C89E465BB1A66E8E16C29F50289 ComboFix 12-03-21.02 - slawek 12-03-22 0:38.8.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.959.630 [GMT 1:00] Uruchomiony z: j:\pawel\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((( Pliki utworzone od 2012-02-21 do 2012-03-21 ))))))))))))))))))))))))))))))) . . 2012-03-18 10:09 . 2012-03-18 10:09 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-18 10:09 . 2012-03-18 10:09 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-03-09 17:41 . 2012-03-09 17:41 -------- d-----w- c:\documents and settings\slawek\Dane aplikacji\Nokia Suite 2012-02-21 20:04 . 2001-10-26 16:29 5632 ----a-w- c:\windows\system32\ptpusb.dll 2012-02-21 20:04 . 2004-08-03 23:44 159232 ----a-w- c:\windows\system32\ptpusd.dll 2012-02-21 20:04 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2012-02-21 20:04 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-18 10:09 . 2011-08-08 21:25 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-11-13_17.34.28 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-11 15:16 . 2012-02-11 15:16 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll + 2012-03-21 23:26 . 2012-03-21 23:26 16384 c:\windows\temp\Perflib_Perfdata_10c.dat - 2006-11-02 09:52 . 2006-11-02 09:52 42496 c:\windows\system32\wpdshextres.dll + 2006-11-02 09:52 . 2006-11-02 10:52 42496 c:\windows\system32\wpdshextres.dll - 2011-08-08 21:57 . 2011-08-17 11:57 75264 c:\windows\system32\nmwcdcls.dll + 2011-08-08 21:57 . 2011-11-01 09:07 75264 c:\windows\system32\nmwcdcls.dll + 2012-01-22 21:34 . 2011-12-20 17:50 79360 c:\windows\system32\ff_vfw.dll - 2011-11-11 16:44 . 2008-08-26 09:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys + 2012-02-11 15:08 . 2008-08-26 08:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys + 2012-02-11 15:06 . 2011-11-01 09:07 75264 c:\windows\system32\DRVSTORE\nmwcdnsuc_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdcls.dll + 2012-02-11 15:06 . 2011-11-01 09:07 75264 c:\windows\system32\DRVSTORE\nmwcdnsu_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdcls.dll + 2012-02-11 15:06 . 2011-11-01 09:07 75264 c:\windows\system32\DRVSTORE\ccdcmbo_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdcls.dll + 2012-02-11 15:06 . 2011-11-01 09:07 23168 c:\windows\system32\DRVSTORE\ccdcmbo_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\ccdcmbo.sys + 2012-02-11 15:06 . 2011-11-01 09:07 75264 c:\windows\system32\DRVSTORE\ccdcmb_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdcls.dll + 2012-02-11 15:06 . 2011-11-01 09:07 18176 c:\windows\system32\DRVSTORE\ccdcmb_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\ccdcmb.sys + 2012-02-11 15:08 . 2008-08-26 08:26 18816 c:\windows\system32\drivers\pccsmcfd.sys - 2011-08-08 21:57 . 2008-08-26 09:26 18816 c:\windows\system32\drivers\pccsmcfd.sys + 2011-10-09 17:15 . 2011-12-10 14:24 20464 c:\windows\system32\drivers\mbam.sys - 2011-11-11 16:44 . 2011-08-17 11:56 23168 c:\windows\system32\drivers\ccdcmbo.sys + 2012-02-11 15:06 . 2011-11-01 09:07 23168 c:\windows\system32\drivers\ccdcmbo.sys - 2011-11-11 16:44 . 2011-08-17 11:56 18176 c:\windows\system32\drivers\ccdcmb.sys + 2012-02-11 15:06 . 2011-11-01 09:07 18176 c:\windows\system32\drivers\ccdcmb.sys + 2012-02-11 15:08 . 2012-02-11 15:08 10134 c:\windows\Installer\{A2AA4204-C05A-4013-888A-AD153139297F}\ARPPRODUCTICON.exe + 2012-02-11 15:17 . 2012-02-11 15:17 54489 c:\windows\Installer\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\ARPPRODUCTICON.exe + 2012-02-11 15:06 . 2011-11-01 09:07 8576 c:\windows\system32\DRVSTORE\nmwcdnsuc_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdnsuc.sys + 2012-02-11 15:06 . 2011-11-01 09:07 8192 c:\windows\system32\DRVSTORE\ccdcmbm_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\usbser_lowerflt.sys + 2012-02-11 15:06 . 2011-11-01 09:07 8192 c:\windows\system32\DRVSTORE\ccdcmbj_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\usbser_lowerfltj.sys - 2011-11-11 16:44 . 2011-08-17 11:56 8192 c:\windows\system32\drivers\usbser_lowerfltj.sys + 2012-02-11 15:06 . 2011-11-01 09:07 8192 c:\windows\system32\drivers\usbser_lowerfltj.sys + 2012-02-11 15:06 . 2011-11-01 09:07 8192 c:\windows\system32\drivers\usbser_lowerflt.sys - 2011-11-11 16:44 . 2011-08-17 11:56 8192 c:\windows\system32\drivers\usbser_lowerflt.sys + 2012-02-11 15:06 . 2011-11-01 09:07 8576 c:\windows\system32\drivers\nmwcdnsuc.sys + 2012-02-11 15:06 . 2012-02-11 15:06 3262 c:\windows\Installer\{4AA68A73-DB9C-439D-9481-981C82BD008B}\ARPPRODUCTICON.exe + 2011-02-22 19:39 . 2011-02-22 19:39 240640 c:\windows\system32\xvidvfw.dll + 2011-02-22 19:37 . 2011-02-22 19:37 650752 c:\windows\system32\xvidcore.dll + 2009-01-28 18:50 . 2009-01-28 18:50 368640 c:\windows\system32\vobsub.dll + 2009-01-28 18:50 . 2009-01-28 18:50 153088 c:\windows\system32\unrar.dll - 2011-08-08 21:57 . 2011-08-17 11:57 605696 c:\windows\system32\nmwcdcocls.dll + 2011-08-08 21:57 . 2011-11-01 09:07 605696 c:\windows\system32\nmwcdcocls.dll - 2011-11-11 16:44 . 2011-01-03 13:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll + 2012-02-11 15:08 . 2011-01-03 12:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll + 2012-02-11 15:06 . 2011-11-01 09:07 137600 c:\windows\system32\DRVSTORE\nmwcdnsu_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdnsu.sys + 2012-02-11 15:06 . 2011-11-01 09:07 605696 c:\windows\system32\DRVSTORE\ccdcmb_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\nmwcdcocls.dll + 2012-02-11 15:06 . 2011-11-01 09:07 123904 c:\windows\system32\DRVSTORE\ccdcmb_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\ccdcmbwu.dll + 2012-02-11 15:06 . 2011-11-01 09:07 137600 c:\windows\system32\drivers\nmwcdnsu.sys + 2004-02-22 08:11 . 2004-02-22 08:11 719872 c:\windows\system32\devil.dll - 2011-08-08 21:57 . 2011-08-17 11:57 123904 c:\windows\system32\ccdcmbwu.dll + 2011-08-08 21:57 . 2011-11-01 09:07 123904 c:\windows\system32\ccdcmbwu.dll + 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\system32\avisynth.dll + 2012-02-11 15:08 . 2012-02-11 15:08 496128 c:\windows\Installer\12a2b65.msi + 2012-02-11 15:06 . 2012-02-11 15:06 337920 c:\windows\Installer\12a2b25.msi + 2012-02-11 15:16 . 2012-02-11 15:16 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll + 2012-02-11 15:08 . 2011-01-03 11:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll - 2011-11-11 16:44 . 2011-01-03 12:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll + 2012-02-11 15:06 . 2011-11-01 09:07 1461992 c:\windows\system32\DRVSTORE\ccdcmb_AF4CD2FF92C3F79F0A73B4A56E92643F0512E892\wdfcoinstaller01009.dll + 2012-02-11 15:17 . 2012-02-11 15:17 1305600 c:\windows\Installer\12a2d6a.msi . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504] "RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608] "DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-15 273528] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"= . S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11-08-08 20:45 1691480] S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [11-08-08 20:59 36152] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12-02-11 16:06 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12-02-11 16:06 8576] S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [11-08-08 20:59 55296] . Zawartość folderu 'Zaplanowane zadania' . 2012-03-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2012-03-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1482476501-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://msn.gazeta.pl/msn/0,0.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: Interfaces\{4E3180E9-4D67-4185-B14E-75017B21FD7E}: NameServer = 178.216.136.34 8.8.8.8 FF - ProfilePath - c:\documents and settings\slawek\Dane aplikacji\Mozilla\Firefox\Profiles\5b0811yk.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-22 00:46 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(2700) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Czas ukończenia: 2012-03-22 00:49:31 ComboFix-quarantined-files.txt 2012-03-21 23:49 ComboFix2.txt 2012-02-25 18:02 ComboFix3.txt 2012-01-06 14:47 ComboFix4.txt 2011-11-13 17:36 ComboFix5.txt 2012-03-21 23:36 . Przed: 4 051 914 752 bajtów wolnych Po: 4 419 629 056 bajtów wolnych . - - End Of File - - 85CBBDADF03C52D4726D5DB79384D582