ComboFix 14-03-05.01 - Właściciel 2014-03-09 18:07:57.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1535.1179 [GMT 1:00] Uruchomiony z: F:\ComboFix.exe AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((( Pliki utworzone od 2014-02-09 do 2014-03-09 ))))))))))))))))))))))))))))))) . . 2014-02-23 07:50 . 2014-02-23 07:50 -------- d-----w- C:\found.000 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-08 07:50 . 2011-08-11 13:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-08-28 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-02-07 1362944] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 19558024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-10 110592] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824] "Hsfpwcfg.exe"="c:\windows\Hsfpwcfg.exe" [2004-01-28 167936] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-19 737369] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624] "nwiz"="nwiz.exe" [2009-01-30 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-06-20 208184] "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-06-20 182584] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-08-16 2465608] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\K2T\\WTW\\wtw.exe"= "d:\\torr\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Właściciel\\Ustawienia lokalne\\Dane aplikacji\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= . R0 R592;R592;c:\windows\system32\drivers\R592.sys [2011-08-11 57088] R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [2011-08-11 27264] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-08-16 17416] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-08-16 486192] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-08-16 29400] R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-06-20 154424] R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [2011-08-11 193280] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-05-02 73216] S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -/service --> c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -/service [?] S2 Multimedia mobilNET. RunOuc;Multimedia mobilNET. OUC;c:\program files\Multimedia mobilNET\UpdateDog\ouc.exe [2013-05-02 218624] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-05-02 102784] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-05-02 235392] S3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [2011-08-11 702326] S3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [2011-08-11 4790] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-10-01 11520] . Zawartość folderu 'Zaplanowane zadania' . 2013-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://gazeta.pl/0,0.html?sc=1 uInternet Settings,ProxyOverride = ;*.local TCP: DhcpNameServer = 192.168.160.2 149.156.96.9 TCP: Interfaces\{A739737E-82F0-4927-A2A7-21AE05F86CB4}: NameServer = 156.154.70.25,156.154.71.25 FF - ProfilePath - c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\k1gzle2m.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-09 18:12 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(948) c:\windows\system32\guard32.dll . - - - - - - - > 'lsass.exe'(1004) c:\windows\system32\guard32.dll . - - - - - - - > 'explorer.exe'(2640) c:\windows\system32\guard32.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . - - - - - - - > 'csrss.exe'(916) c:\windows\system32\cmdcsr.dll . Czas ukończenia: 2014-03-09 18:13:21 ComboFix-quarantined-files.txt 2014-03-09 17:13 . Przed: 36 182 712 320 bajtów wolnych Po: 36 534 128 640 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 1AFED58D43B712E84C9A589AB3149442 32052574BF9F325AE309ABC7BFD04460