ComboFix 11-07-12.07 - Pawel 2011-07-12  21:43:40.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1535.922 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Pawel\Moje dokumenty\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0415.exe
c:\windows\system32\sstray.exe
c:\windows\usgwmt
D:\install.exe
D:\RealPlayer.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-06-12 do 2011-07-12  )))))))))))))))))))))))))))))))
.
.
2011-07-08 23:02 . 2011-07-08 23:02	--------	d-----w-	C:\VritualRoot
2011-07-07 19:30 . 2011-07-07 19:30	--------	d-----w-	c:\documents and settings\Pawel\Dane aplikacji\Xfire
2011-07-07 19:30 . 2011-07-07 19:30	--------	d-s---w-	c:\program files\Xfire
2011-07-07 14:50 . 2011-07-07 14:50	--------	d-----w-	c:\documents and settings\Pawel\DoctorWeb
2011-07-06 15:09 . 2011-07-06 15:09	--------	d-sh--w-	c:\windows\system32\config\systemprofile\IETldCache
2011-07-06 13:16 . 2011-07-09 16:39	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo
2011-07-06 13:16 . 2011-07-06 15:04	--------	d-----w-	c:\program files\COMODO
2011-07-06 13:15 . 2011-07-06 15:01	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader
2011-07-06 09:15 . 2011-07-06 09:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-07-06 09:07 . 2011-07-06 09:07	--------	d-----w-	c:\documents and settings\Pawel\Dane aplikacji\Malwarebytes
2011-07-06 09:07 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 09:06 . 2011-07-06 09:06	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2011-07-06 09:06 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-03 17:10 . 2011-07-03 17:10	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2011-07-03 14:53 . 2011-07-03 17:10	--------	d-----w-	c:\program files\Common Files\Agnitum Shared
2011-07-01 07:44 . 2011-07-01 07:44	--------	d-----w-	c:\documents and settings\LocalService\Menu Start
2011-06-30 16:47 . 2004-07-09 02:26	47104	-c--a-w-	c:\windows\system32\dllcache\wstdecod.dll
2011-06-30 16:47 . 2004-07-09 02:26	354816	-c--a-w-	c:\windows\system32\dllcache\psisdecd.dll
2011-06-30 16:47 . 2004-07-09 02:26	354816	----a-w-	c:\windows\system32\psisdecd.dll
2011-06-30 16:47 . 2004-07-09 02:26	30208	----a-w-	c:\windows\system32\psisrndr.ax
2011-06-30 16:47 . 2004-07-09 02:26	52224	----a-w-	c:\windows\system32\msdvbnp.ax
2011-06-30 16:47 . 2004-07-09 02:26	52096	-c--a-w-	c:\windows\system32\dllcache\msdv.sys
2011-06-30 16:47 . 2004-07-09 02:26	52096	----a-w-	c:\windows\system32\drivers\msdv.sys
2011-06-30 16:47 . 2004-07-09 02:26	1230336	-c--a-w-	c:\windows\system32\dllcache\msvidctl.dll
2011-06-30 07:38 . 2011-06-30 07:38	97504	----a-w-	c:\windows\system32\drivers\inspect.sys
2011-06-30 07:38 . 2011-06-30 07:38	29400	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 07:38 . 2011-06-30 07:38	242600	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 07:38 . 2011-06-30 07:38	17416	----a-w-	c:\windows\system32\drivers\cmderd.sys
2011-06-30 07:37 . 2011-06-30 07:37	285256	----a-w-	c:\windows\system32\guard32.dll
2011-06-28 11:26 . 2011-06-28 11:26	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Divinity 2 Demo
2011-06-28 11:26 . 2011-06-28 11:27	--------	d-----w-	c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\Divinity 2 Demo
2011-06-27 10:21 . 2011-06-06 16:36	4005936	----a-w-	c:\windows\system32\GameMon.des
2011-06-27 10:20 . 2005-01-02 03:43	4682	----a-w-	c:\windows\system32\npptNT2.sys
2011-06-27 10:20 . 2003-07-18 12:17	5174	----a-w-	c:\windows\system32\nppt9x.vxd
2011-06-27 10:20 . 2011-06-27 10:20	--------	d-----w-	c:\program files\Common Files\INCA Shared
2011-06-27 07:17 . 2007-06-29 12:47	34304	----a-w-	c:\windows\system32\drivers\AmdLLD.sys
2011-06-27 07:17 . 2011-06-27 07:17	--------	d-----w-	c:\program files\AMD
2011-06-20 15:42 . 2011-06-20 15:42	--------	d-----r-	c:\documents and settings\LocalService\Ulubione
2011-06-20 15:15 . 2011-06-20 15:15	--------	d-----w-	c:\documents and settings\Pawel\Dane aplikacji\Avira
2011-06-20 15:14 . 2011-06-21 07:22	--------	d-----w-	c:\windows\system32\NtmsData
2011-06-20 15:09 . 2011-07-01 07:43	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-20 15:09 . 2011-07-01 07:43	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-20 15:09 . 2010-06-17 13:27	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2011-06-20 15:09 . 2010-06-17 13:27	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2011-06-20 15:09 . 2011-06-20 15:09	--------	d-----w-	c:\program files\Avira
2011-06-20 15:09 . 2011-06-20 15:09	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Avira
2011-06-19 19:45 . 2011-06-19 19:45	--------	d-----w-	c:\documents and settings\Pawel\Dane aplikacji\Tific
2011-06-17 08:40 . 2011-06-17 08:40	--------	d-----w-	c:\program files\Windows Sidebar
2011-06-17 08:40 . 2011-06-20 20:39	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Norton
2011-06-17 08:00 . 1998-01-24 02:39	196880	----a-w-	c:\windows\system32\richtx32.ocx
2011-06-17 08:00 . 1997-01-16 09:11	75536	----a-w-	c:\windows\system32\picclp32.ocx
2011-06-17 08:00 . 1995-07-26 00:00	200704	----a-w-	c:\windows\system32\threed32.ocx
2011-06-17 08:00 . 1995-07-26 00:00	78848	----a-w-	c:\windows\system32\msoutl32.ocx
2011-06-17 08:00 . 1995-07-26 00:00	89600	----a-w-	c:\windows\system32\grid32.ocx
2011-06-17 05:55 . 2011-06-17 06:20	--------	d-----w-	c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\Google
2011-06-13 12:30 . 2011-06-13 12:30	--------	d-----w-	c:\windows\PixArt
2011-06-13 12:30 . 2008-04-14 20:51	91648	----a-w-	c:\windows\system32\kswdmcap.ax
2011-06-13 12:30 . 2008-04-14 20:51	61952	----a-w-	c:\windows\system32\kstvtune.ax
2011-06-13 12:30 . 2008-04-14 20:50	54784	-c--a-w-	c:\windows\system32\dllcache\vfwwdm32.dll
2011-06-13 12:30 . 2008-04-14 20:50	54784	----a-w-	c:\windows\system32\vfwwdm32.dll
2011-06-13 12:30 . 2008-04-14 20:51	43008	----a-w-	c:\windows\system32\ksxbar.ax
2011-06-13 12:28 . 2011-06-13 12:28	--------	d-----w-	c:\windows\PAC207
2011-06-13 12:28 . 2011-06-13 12:28	--------	d-----w-	c:\program files\Common Files\RemoveC
2011-06-13 12:28 . 2011-06-13 12:28	--------	d-----w-	c:\program files\Common Files\Remove64C
2011-06-13 12:28 . 2011-06-13 12:28	--------	d-----w-	c:\program files\Common Files\PAC207
2011-06-13 12:28 . 2011-06-13 12:28	--------	d-----w-	c:\program files\PC Camer@
2011-06-13 12:28 . 2011-06-13 12:28	--------	d-----w-	c:\windows\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 21:42 . 2006-07-11 16:35	348160	----a-w-	c:\windows\system32\msvcr71.dll
2011-06-05 14:44 . 2010-09-25 10:42	436792	----a-w-	c:\windows\system32\drivers\sptd.sys
2011-06-05 14:38 . 2011-06-05 14:38	98304	----a-r-	c:\documents and settings\Pawel\Dane aplikacji\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2011-05-28 12:56 . 2011-05-28 12:56	65536	----a-w-	c:\windows\system32\frapsvid.dll
2011-04-22 11:24 . 2003-12-23 16:34	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2011-04-19 15:11 . 2011-04-19 15:11	281760	----a-w-	c:\windows\system32\drivers\atksgt.sys
2011-04-19 15:11 . 2011-04-19 15:11	25888	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2011-04-19 14:10 . 2011-03-22 17:52	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2011-04-19 13:58 . 2011-04-19 13:58	1	----a-w-	c:\documents and settings\Pawel\SI.bin
2011-04-18 15:16 . 2011-04-18 15:16	445016	----a-w-	c:\windows\system32\wrap_oal.dll
2011-04-16 09:06 . 2011-04-16 09:06	139128	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2011-04-16 09:06 . 2011-04-16 09:06	215128	----a-w-	c:\windows\system32\PnkBstrB.exe
2011-04-16 09:06 . 2011-04-16 09:06	215128	----a-w-	c:\windows\system32\PnkBstrB.xtr
2011-04-16 09:06 . 2011-04-16 09:06	75064	----a-w-	c:\windows\system32\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	357696	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu]
2010-11-10 16:42	11539048	----a-w-	c:\program files\Nowe Gadu-Gadu\gg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Unreal Antologia\\UnrealTournament\\System\\UnrealTournament.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\ava\\REACTOR.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\fear2\\FEAR2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27015:TCP"= 27015:TCP:css
"27015:UDP"= 27015:UDP:css2
"7212:TCP"= 7212:TCP:*:Disabled:gsijq
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-09-25 436792]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-06-30 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-06-30 29400]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-06-20 136360]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 154424]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
gxxktec
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.systemrequirementslab.com/CYRI/
TCP: DhcpNameServer = 195.114.173.153 8.8.8.8 195.114.181.130 195.114.161.55 195.114.161.61
TCP: Interfaces\{371766CF-CAEE-457B-8AA6-25157381E0B0}: NameServer = 195.114.173.153,8.8.8.8
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-nForce Tray Options - sstray.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 21:52
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-152049171-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:06,b9,95,69,46,89,2c,6e,f5,73,d5,c1,4b,2f,20,7f,4f,27,46,0c,ef,93,4e,
   c4,5c,f2,14,f6,3a,c1,33,92,86,58,41,60,01,1f,87,90,43,cc,26,6d,4f,1a,0c,c1,\
"??"=hex:21,90,c1,e3,ce,c5,aa,cd,60,60,22,c7,8c,d4,21,f9
.
[HKEY_USERS\S-1-5-21-2000478354-152049171-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:f2,dc,d3,2a,f4,8f,4e,b1,10,ee,58,81,3b,12,b2,48,41,6a,bb,16,4c,
   3e,26,57,b7,da,b7,70,e3,cc,a4,7c,3a,1e,4f,4e,39,43,13,b2,f6,31,9a,e9,e1,2a,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\=*‘|Đ˙v]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="????¨"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\=???\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"\0c\00"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\guard32.dll
.
Czas ukończenia: 2011-07-12  21:56:24
ComboFix-quarantined-files.txt  2011-07-12 19:56
.
Przed: 22 444 474 368 bajtów wolnych
Po: 22 390 755 328 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 3F648B9675507E8B4F7B6C4A1262E9DC