ComboFix 11-03-19.03 - Administrator 2011-03-20 12:24:41.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1022.657 [GMT 1:00] Uruchomiony z: d:\download\ComboFix.exe AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\ntuser.pol . . ((((((((((((((((((((((((( Pliki utworzone od 2011-02-20 do 2011-03-20 ))))))))))))))))))))))))))))))) . . 2011-03-19 16:48 . 2011-03-19 16:48 -------- d-----w- C:\VritualRoot 2011-03-04 20:45 . 2011-03-04 20:45 -------- d-----w- C:\temp . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-06 16:37 . 2011-01-06 16:37 94784 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-01-06 16:37 . 2011-01-06 16:37 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-01-06 16:37 . 2011-01-06 16:37 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-01-06 16:37 . 2011-01-06 16:37 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-12-29 00:42 . 2010-12-29 00:42 285480 ----a-w- c:\windows\system32\guard32.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-03-19_16.43.54 ))))))))))))))))))))))))))))))))))))))))) . + 2011-03-20 11:23 . 2011-03-20 11:23 16384 c:\windows\Temp\Perflib_Perfdata_f0.dat + 2011-03-19 16:48 . 2011-03-20 11:33 247376 c:\windows\system32\drivers\sfi.dat + 2011-03-19 16:47 . 2011-03-19 16:47 3293696 c:\windows\Installer\6c181.msi . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7331840] "nwiz"="nwiz.exe" [2005-12-15 1519616] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-02-03 61952] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-17 2548552] . c:\documents and settings\Administrator\Menu Start\Programy\Autostart\ WinBar.lnk - c:\program files\WinBar\WinBar.exe [2011-3-4 188928] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\K2T\\WTW\\wtw.exe"= "c:\\Program Files\\Utorrent\\uTorrent.exe"= . R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-01-06 15592] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-01-06 239368] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-01-06 27576] S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2011-03-04 17616] S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2011-03-04 69680] . . ------- Skan uzupełniający ------- . uStart Page = about:blank IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-20 12:35 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . detected NTDLL code modification: ZwClose, ZwOpenFile . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1229272821-1326574676-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,6d,86,14,be,ba,05,40,a8,1d,fb,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,6d,86,14,be,ba,05,40,a8,1d,fb,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'lsass.exe'(656) c:\windows\system32\guard32.dll . Czas ukończenia: 2011-03-20 12:41:31 ComboFix-quarantined-files.txt 2011-03-20 11:41 ComboFix2.txt 2011-03-19 16:45 ComboFix3.txt 2011-03-14 15:49 . Przed: 33 575 591 936 bajtów wolnych Po: 33 575 493 632 bajtów wolnych . - - End Of File - - 7E0F5FC58E900FC6C10F79A42B4BC7A8