ComboFix 14-01-04.03 - User 2014-01-07  11:24:02.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1315 [GMT 1:00]
Uruchomiony z: c:\documents and settings\User\Pulpit\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: G Data AntiVirus 2012 *Enabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-12-07 do 2014-01-07  )))))))))))))))))))))))))))))))
.
.
2014-01-07 10:17 . 2014-01-07 10:17	--------	d-----w-	C:\AdwCleaner
2014-01-06 14:06 . 2014-01-06 14:19	--------	d-----w-	c:\program files\Mobogenie
2014-01-06 14:05 . 2014-01-06 14:05	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\RegClean
2014-01-06 14:05 . 2014-01-06 16:14	--------	d-----w-	c:\program files\SmartTweak
2014-01-04 08:33 . 2014-01-04 08:33	--------	d-----w-	c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Cool_Mirage
2014-01-03 14:51 . 2014-01-03 14:51	--------	d-----w-	C:\VritualRoot
2014-01-02 19:29 . 2014-01-03 08:48	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\CPA_VA
2014-01-02 19:27 . 2014-01-07 10:38	700592	----a-w-	c:\windows\system32\drivers\sfi.dat
2014-01-02 19:23 . 2014-01-02 19:28	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo
2014-01-02 19:22 . 2014-01-02 19:23	--------	d-----w-	c:\program files\Comodo
2014-01-02 13:22 . 2014-01-02 13:22	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2014-01-01 17:55 . 2014-01-02 19:27	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AVAST Software
2014-01-01 17:22 . 2014-01-01 17:22	--------	dc-h--w-	c:\documents and settings\All Users\Dane aplikacji\{492EBBD4-E9BF-4990-93B7-BA313CF7EB4B}
2014-01-01 17:19 . 2014-01-01 17:22	80104	----a-w-	c:\windows\system32\drivers\AntiLog32.sys
2014-01-01 16:34 . 2014-01-01 16:34	--------	d-----w-	c:\program files\VS Revo Group
2014-01-01 15:10 . 2014-01-01 15:11	--------	d-----w-	c:\documents and settings\MasterAdmin
2014-01-01 13:22 . 2014-01-01 17:22	--------	d-----w-	c:\program files\AntiLogger
2014-01-01 13:22 . 2014-01-01 13:23	--------	d-----w-	c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Zemana
2013-12-31 13:25 . 2013-12-31 13:25	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\SwvUpdater
2013-12-31 13:23 . 2013-12-31 13:23	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\GoforFiles
2013-12-27 22:50 . 2013-12-27 22:51	--------	d-----w-	C:\EEK
2013-12-27 22:22 . 2014-01-01 18:06	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2013-12-27 22:22 . 2014-01-01 17:27	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2013-12-27 22:09 . 2013-12-27 22:09	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\GFI Software
2013-12-27 22:04 . 2013-12-27 22:08	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\Ad-Aware Antivirus
2013-12-27 22:04 . 2013-12-27 22:04	--------	d-----w-	c:\documents and settings\LocalService\Dane aplikacji\Ad-Aware Antivirus
2013-12-27 22:01 . 2013-12-27 22:01	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2013-12-27 21:47 . 2013-12-27 21:47	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\QFX Software
2013-12-27 21:47 . 2013-12-27 21:47	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\QFX Software
2013-12-27 21:44 . 2013-05-31 14:53	209016	----a-w-	c:\windows\system32\drivers\keyscrambler.sys
2013-12-27 21:44 . 2013-12-27 21:44	--------	d-----w-	c:\program files\KeyScrambler
2013-12-27 20:46 . 2011-07-01 08:46	26624	----a-w-	c:\windows\system32\drivers\tap0901.sys
2013-12-27 20:46 . 2013-12-29 09:08	--------	d-----w-	c:\program files\SecurityKISS Tunnel
2013-12-23 12:06 . 2013-12-31 13:25	--------	d-----w-	c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\genienext
2013-12-20 08:03 . 2014-01-06 17:54	--------	d-sh--w-	c:\windows\system32\dtmcfg
2013-12-20 08:03 . 2013-12-20 08:16	--------	d-sh--w-	c:\documents and settings\All Users\Dane aplikacji\dtmcfg
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-29 14:49 . 2013-10-29 14:49	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-10-29 14:49 . 2012-04-24 12:51	145408	----a-w-	c:\windows\system32\javacpl.cpl
2010-01-26 10:11 . 2012-12-06 10:22	444283	----a-w-	c:\program files\Common Files\WinPcapNmap.exe
1998-06-23 22:00 . 2012-01-27 14:31	203576	----a-w-	c:\program files\RICHTX32.OCX
2006-10-03 13:40	50176	--sha-w-	c:\windows\system32\dtmcfg\dtmcfg.dll
2010-05-31 11:18	1304576	--sha-w-	c:\windows\system32\dtmcfg\dtmcfg.exe
2007-12-02 22:13	437760	--sha-w-	c:\windows\system32\dtmcfg\sysinfo.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IPLA!"="c:\program files\ipla\ipla.exe" [2013-12-05 21321312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RevoTaskbarApp"="c:\windows\system32\RevoTask.exe" [2004-06-14 221184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-27 61440]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-12-30 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-16 13881960]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2013-11-14 508144]
"dtmcfg"="c:\windows\system32\dtmcfg\dtmcfg.exe" [2010-05-31 1304576]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2013-12-23 18708392]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-05-10 124928]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W [2012-2-15 962661]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, UdfadbaHbiht.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\User\Menu Start\Programy\Autostart\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42	36272	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43	69632	----a-r-	c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2011-08-16 18:30	1379840	----a-w-	c:\program files\ALLPlayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO]
2011-11-23 10:27	208184	----a-w-	c:\program files\Comodo\COMODO GeekBuddy\CLPSLA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA]
2011-11-23 10:27	182584	----a-w-	c:\program files\Comodo\COMODO GeekBuddy\VALA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2008-09-10 10:24	320168	----a-w-	c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2002-08-14 13:21	94208	----a-w-	c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdramon]
2008-09-10 10:24	16040	----a-w-	c:\program files\Lexmark 4900 Series\lxdramon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdrmon.exe]
2008-09-10 10:24	676520	----a-w-	c:\program files\Lexmark 4900 Series\lxdrmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-16 15:33	13881960	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-16 15:33	111208	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-02-26 07:03	16125440	----a-r-	c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04	2879488	----a-r-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-03-14 11:23	1103768	----a-w-	c:\documents and settings\User\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SxgTkBar]
2001-07-11 07:29	53248	----a-w-	c:\windows\system32\Sxgtkbar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
2006-03-29 15:12	364544	----a-w-	c:\program files\TP-LINK\TWCU\TWCU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
2007-09-12 11:17	340136	----a-w-	c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
2003-10-16 18:07	20480	------w-	c:\progra~1\NEOSTR~1\Watch.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Documents and Settings\\User\\Dane aplikacji\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1061:TCP"= 1061:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"10578:TCP"= 10578:TCP:BitComet 10578 TCP
"10578:UDP"= 10578:UDP:BitComet 10578 UDP
"6271:TCP"= 6271:TCP:felksivj
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-05-30 45912]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2014-01-01 80104]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-09-04 33112]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-03-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-03-11 31704]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-05-30 96344]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [2002-08-14 5632]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-05-30 70032]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-01-25 47832]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2013-03-22 1957840]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\Comodo\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2010-05-30 53976]
R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]
R3 GDScan;G Data Scanner;c:\program files\Common Files\G DATA\GDScan\GDScan.exe [2013-02-25 696808]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2013-12-27 209016]
R3 pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [2010-04-21 47360]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys [2010-03-30 966784]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 AVKService;G Data Scheduler;"c:\program files\G Data\AntiVirus\AVK\AVKService.exe" --> c:\program files\G Data\AntiVirus\AVK\AVKService.exe [?]
S2 AVKWCtl;G Data Strażnik systemu plików;"c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe" --> c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe [?]
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdrserv.exe [2010-03-21 98984]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys --> c:\windows\system32\DRIVERS\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys --> c:\windows\system32\Drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-04-06 25864]
S3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-12-27 50200]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys --> c:\program files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys [?]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
cqoujr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 18:57	1210320	----a-w-	c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.myhoome.com/
mStart Page = hxxp://www.myhoome.com/
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &P&obierz &za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9B89DE19-3E18-4257-A4AC-CCDC2A05C90E}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=876&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&apn_uid=2313075238934124&o=APN10641&q=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
MSConfigStartUp-ChomikBox - c:\program files\ChomikBox\ChomikBox.exe
MSConfigStartUp-G Data AntiVirus Tray Application - c:\program files\G Data\AntiVirus\AVKTray\AVKTray.exe
AddRemove-Facebook Plug-In - c:\documents and settings\User\Dane aplikacji\Facebook\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-07 11:39
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe????????????????????????????????????????????????????????????????????????????????????? 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|é•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1244)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2240)
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiamplk.dll
.
- - - - - - - > 'csrss.exe'(1016)
c:\windows\system32\cmdcsr.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\acs.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\lxdrcoms.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Czas ukończenia: 2014-01-07  11:46:14 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2014-01-07 10:46
ComboFix2.txt  2013-12-29 08:06
.
Przed: 233 749 540 864 bajtów wolnych
Po: 233 769 385 984 bajtów wolnych
.
- - End Of File - - A2A30729EBD581207A9D0DE3D56BF0BA
671B81004FDD1588FA9ED1331C9CECA9