ComboFix 11-10-15.02 - Kysiaczek 2011-10-16  15:59:45.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2046.1421 [GMT 4,5:30]
Uruchomiony z: c:\documents and settings\Kysiaczek\Pulpit\ComboFix.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-09-16 do 2011-10-16  )))))))))))))))))))))))))))))))
.
.
2011-10-16 10:45 . 2011-10-16 10:45	--------	d-----w-	c:\windows\LastGood
2011-10-16 05:33 . 2011-10-16 05:33	--------	d-----w-	c:\windows\system32\xircom
2011-10-16 05:33 . 2011-10-16 05:33	--------	d-----w-	c:\windows\system32\wbem\snmp
2011-10-16 05:33 . 2011-10-16 05:33	--------	d-----w-	c:\program files\microsoft frontpage
2011-10-10 08:40 . 2011-10-10 08:40	--------	d-----w-	c:\windows\system32\LogFiles
2011-09-30 16:06 . 2011-09-30 16:06	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Trymedia
2011-09-30 16:01 . 2011-09-30 16:01	--------	d-----w-	c:\program files\RealArcade
2011-09-30 12:57 . 2011-09-30 12:57	--------	d-----w-	c:\documents and settings\Administrator
2011-09-30 11:50 . 2011-09-30 11:50	--------	d-----w-	c:\documents and settings\Kysiaczek\Dane aplikacji\OpenOffice.org
2011-09-30 11:49 . 2011-09-30 11:49	--------	d-----w-	c:\program files\Common Files\Java
2011-09-30 11:49 . 2011-09-30 11:49	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-09-30 11:49 . 2011-09-30 11:49	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-09-30 11:49 . 2011-09-30 11:49	--------	d-----w-	c:\program files\Java
2011-09-29 16:44 . 2011-09-29 16:44	--------	d-----w-	c:\documents and settings\Kysiaczek\Dane aplikacji\runic games
2011-09-29 16:40 . 2011-09-29 16:40	--------	d-----w-	c:\program files\JoWooD
2011-09-18 18:24 . 2001-09-04 23:48	225280	----a-w-	c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-09-18 18:24 . 2002-07-25 08:07	614532	----a-w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-14 07:59 . 2011-08-14 07:59	141312	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-06-30 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2009-06-30 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
.
[-] 2009-06-30 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((   SnapShot@2011-10-16_05.33.59   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-16 05:51 . 2011-10-16 05:51	16384              c:\windows\Temp\Perflib_Perfdata_214.dat
+ 2009-08-06 14:54 . 2009-08-06 14:54	44768              c:\windows\system32\wups2.dll
+ 2011-05-09 10:08 . 2009-08-06 14:54	53472              c:\windows\system32\wuauclt.exe
+ 2011-10-16 10:45 . 2009-08-06 14:54	35552              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2011-05-09 10:08 . 2009-08-06 14:54	53472              c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-15 12:00 . 2009-08-06 14:54	96480              c:\windows\system32\dllcache\cdm.dll
+ 2008-04-15 12:00 . 2009-08-06 14:54	96480              c:\windows\system32\cdm.dll
+ 2011-10-16 10:45 . 2008-04-15 12:00	32256              c:\windows\LastGood\system32\wups.dll
+ 2011-10-16 10:45 . 2008-04-15 12:00	66560              c:\windows\LastGood\system32\cdm.dll
+ 2011-05-09 10:08 . 2009-08-06 14:54	209632              c:\windows\system32\wuweb.dll
+ 2011-05-09 10:08 . 2009-08-06 14:54	327896              c:\windows\system32\wucltui.dll
+ 2011-05-09 10:08 . 2009-08-06 14:53	575704              c:\windows\system32\wuapi.dll
+ 2011-05-09 10:08 . 2009-08-06 14:54	209632              c:\windows\system32\dllcache\wuweb.dll
+ 2011-05-09 10:08 . 2009-08-06 14:54	327896              c:\windows\system32\dllcache\wucltui.dll
+ 2011-05-09 10:08 . 2009-08-06 14:53	575704              c:\windows\system32\dllcache\wuapi.dll
+ 2011-10-16 10:45 . 2008-04-15 12:00	120320              c:\windows\LastGood\system32\wuweb.dll
+ 2011-10-16 10:45 . 2008-04-15 12:00	113664              c:\windows\LastGood\system32\wucltui.dll
+ 2011-10-16 10:45 . 2008-04-15 12:00	112128              c:\windows\LastGood\system32\wuauclt.exe
+ 2011-10-16 10:45 . 2008-04-15 12:00	431616              c:\windows\LastGood\system32\wuapi.dll
+ 2011-05-09 10:08 . 2009-08-06 14:53	1929952              c:\windows\system32\wuaueng.dll
+ 2011-05-09 10:08 . 2009-08-06 14:53	1929952              c:\windows\system32\dllcache\wuaueng.dll
+ 2011-10-16 10:45 . 2008-04-15 12:00	1135616              c:\windows\LastGood\system32\wuaueng.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-23 1753192]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="d:\programy\adobe\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2011-9-18 483328]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ZDWLan Utility.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\ZDWLan Utility.lnk
backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Kysiaczek^Menu Start^Programy^Autostart^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Kysiaczek\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2011-08-04 15:15	19775488	----a-w-	c:\program files\ipla\ipla.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu]
2008-06-27 08:28	8798816	----a-w-	d:\programy\Nowe Gadu-Gadu\gg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 10:32	15141768	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2011-08-14 07:59	1783808	----a-w-	d:\programy\Spyware Terminator\SpywareTerminatorShield.Exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"e:\\gry\\pop\\Prince of Persia.exe"=
"e:\\gry\\pop\\PrinceOfPersia_Launcher.exe"=
"d:\\programy\\bit torrent\\BitTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\programy\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2892:TCP"= 2892:TCP:jtjnk
"58350:TCP"= 58350:TCP:Pando Media Booster
"58350:UDP"= 58350:UDP:Pando Media Booster
.
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-08-14 141312]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-09 2218600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-05-09 1691480]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-06-05 436792]
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-484763869-725345543-1003Core.job
- c:\documents and settings\Kysiaczek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-06-02 12:08]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-484763869-725345543-1003UA.job
- c:\documents and settings\Kysiaczek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-06-02 12:08]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 16:02
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(3460)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Czas ukończenia: 2011-10-16  16:03:26
ComboFix-quarantined-files.txt  2011-10-16 11:33
ComboFix2.txt  2011-10-16 05:37
.
Przed: 22 048 374 784 bajtów wolnych
Po: 22 038 065 152 bajtów wolnych
.
- - End Of File - - AD04F8C4A64E365E01D9AE3F33985CD2