ComboFix 11-10-17.01 - xp 2011-10-18   7:44.4.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1015.700 [GMT 2:00]
Uruchomiony z: c:\documents and settings\xp\Pulpit\ComboFix.exe
Użyto następujšcych komend :: c:\documents and settings\xp\Pulpit\CFSCript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\749563319"
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\b76dad2c
c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\b76dad2c\@
c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\b76dad2c\U\80000000.@
c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\b76dad2c\U\800000cb.@
c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\b76dad2c\X
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\749563319
.
Zainfekowana kopia c:\windows\system32\drivers\i8042prt.sys została znaleziona. Problem naprawiono 
Plik odzyskano z - The cat found it :) 
Zainfekowana kopia c:\windows\system32\Ati2evxx.exe została znaleziona. Problem naprawiono 
Plik odzyskano z - c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2evxx.exe 
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.i8042prt
-------\Service_b76dad2c
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-09-18 do 2011-10-18  )))))))))))))))))))))))))))))))
.
.
2011-10-18 05:35 . 2008-04-14 19:41	53248	----a-w-	c:\windows\system32\drivers\i8042prt.sys
2011-10-18 05:30 . 2011-10-18 05:30	48016	--sha-w-	c:\windows\system32\c_59836.nl_
2011-10-18 05:26 . 2011-10-18 05:26	1692968	----a-w-	C:\avg_remover_stf_x86_2012_1796.exe
2011-10-17 14:38 . 2011-10-17 14:38	--------	d-----w-	c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\Sun
2011-10-17 14:38 . 2011-10-17 14:38	--------	d-----w-	c:\program files\Common Files\Java
2011-10-17 14:37 . 2011-10-17 14:37	128000	----a-w-	c:\windows\system32\javacpl.cpl
2011-10-17 12:44 . 2011-10-17 12:44	--------	d-----w-	c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\ATI
2011-10-17 12:44 . 2011-10-17 12:44	--------	d-----w-	c:\documents and settings\xp\Dane aplikacji\ATI
2011-10-17 12:44 . 2011-10-18 06:00	--------	d-----w-	c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\ApplicationHistory
2011-10-17 12:41 . 2011-10-17 12:41	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2011-10-17 12:39 . 2011-10-17 12:40	--------	d-----w-	c:\program files\ATI Technologies
2011-10-17 12:38 . 2011-10-17 12:38	--------	d-----w-	c:\windows\system32\URTTEMP
2011-10-17 12:36 . 2006-05-15 06:18	12416	----a-r-	c:\windows\system32\drivers\EIO.sys
2011-10-17 12:36 . 2006-05-03 04:54	307200	----a-r-	c:\windows\system32\atiiiexx.dll
2011-10-17 11:11 . 2011-10-17 11:11	--------	d-----w-	C:\Nowy folder
2011-10-17 09:30 . 2008-04-14 20:51	5632	----a-w-	c:\windows\system32\dllcache\cisvc.exe
2011-10-17 09:30 . 2008-04-14 20:51	5632	----a-w-	c:\windows\system32\cisvc.exe
2011-10-13 10:40 . 2011-10-13 10:54	--------	d-----w-	C:\Cameo Collection 1977 - 2002 FLAC
2011-10-12 05:59 . 2011-10-13 05:18	--------	d-----w-	C:\boys - lody
2011-10-07 15:36 . 2011-10-07 15:37	--------	d-----w-	C:\Jan Hammer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 14:37 . 2010-06-29 10:20	544656	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-02 05:43 . 2011-05-02 16:05	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2007-10-15 . 0FB6743E937C7BB248B2530A5A77ABC6 . 360576 . . [5.1.2600.2892] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((   SnapShot_2011-10-17_14.54.15   )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-10-26 20:15 . 2011-10-18 05:44	88478              c:\windows\system32\perfc015.dat
- 2001-10-26 20:15 . 2011-10-17 14:38	88478              c:\windows\system32\perfc015.dat
+ 2001-08-18 01:30 . 2011-10-18 05:44	70576              c:\windows\system32\perfc009.dat
- 2001-08-18 01:30 . 2011-10-17 14:38	70576              c:\windows\system32\perfc009.dat
+ 2001-10-26 20:15 . 2011-10-18 05:44	500010              c:\windows\system32\perfh015.dat
- 2001-10-26 20:15 . 2011-10-17 14:38	500010              c:\windows\system32\perfh015.dat
+ 2001-08-18 01:30 . 2011-10-18 05:44	441078              c:\windows\system32\perfh009.dat
- 2001-08-18 01:30 . 2011-10-17 14:38	441078              c:\windows\system32\perfh009.dat
+ 2011-10-17 15:24 . 2011-10-17 15:24	2185216              c:\windows\Installer\18d721.msi
+ 2011-10-17 15:21 . 2011-10-17 15:21	4664832              c:\windows\Installer\18d718.msi
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawidłowe wpisy nie sš pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-17 16844800]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-04 198160]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/pl.special-uninstallation-feedback-appf?lic=NFVORUYtUEI2M0YtWDlaQVMtQU8zVEItSEk5Sk8tM0xQMkM&inst=NzctNzkwMDQxMDEyLVhMKzEtVDQtRkwrOS1YTzM2KzEtRjlNNCsxLUREVCsxNDQwMC1GTDEwKzEtREQxMEYrMS1TVDEwRkFQUCsxLUVVTEErMS1TVDEyRkFQUCsx&prod=90&ver=2012.0.1831&mid=d8173dfd7da53e15deeb9fd4cadc3809-06ce4fc639803a2e3563922518183d8e94088cb9" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
RaConfig.lnk - c:\windows\system32\RaConfig.exe [2009-6-19 380928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^My applications^Tibia Client.exe]
backup=c:\windows\pss\Tibia Client.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Menu Start^Programy^Autostart^VMLoad.lnk]
backup=c:\windows\pss\VMLoad.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40	687560	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-01-24 10:42	427008	----a-w-	c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\VMLoad.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\K2T\\WTW\\wtw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Documents and Settings\\xp\\Pulpit\\tdsskiller.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\avg_remover_stf_x86_2012_1796.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24337:TCP"= 24337:TCP:BitComet 24337 TCP
"24337:UDP"= 24337:UDP:BitComet 24337 UDP
"25374:TCP"= 25374:TCP:BitComet 25374 TCP
"25374:UDP"= 25374:UDP:BitComet 25374 UDP
"24390:TCP"= 24390:TCP:BitComet 24390 TCP
"24390:UDP"= 24390:UDP:BitComet 24390 UDP
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-07-08 218688]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-03-06 27632]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 136176]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-03-04 13224]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 136176]
S3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2009-06-19 51712]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-03-04 155344]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-17 717296]
.
Zawartoœć folderu 'Zaplanowane zadania'
.
2011-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 16:00]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 16:00]
.
.
------- Skan uzupełniajšcy -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Pobierz wszystkie VIdeo za pomocš BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocš BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocš BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Pobierz za pomocš Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Œcišgnij przy pomocy FlashGet'a - c:\program files\FlashGet\jc_link.htm
IE: Œcišgnij wszystko przy pomocy FlashGet'a - c:\program files\FlashGet\jc_all.htm
IE: ????3?? - c:\documents and settings\xp\Dane aplikacji\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\xp\Dane aplikacji\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\xp\Dane aplikacji\Mozilla\Firefox\Profiles\bcgy9kmy.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-18 08:02
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyœlnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]
@="c:\\Documents and Settings\\xp\\Dane aplikacji\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQčţ”Ľc]
@="c:\\Documents and Settings\\xp\\Dane aplikacji\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{21852CCB-77AA-C9F5-DB58-7AE8C903D781}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nahcfegdjemgcpkgkbplllmglhem"=hex:6b,61,6c,65,61,68,64,6d,70,68,67,6f,66,6c,
   62,69,64,6a,69,69,69,67,00,00
"mabchcbdglnfcnjknaoaipccmb"=hex:6b,61,6d,65,64,69,65,6c,6b,63,6a,70,61,69,62,
   6e,62,69,61,69,64,61,00,00
"iahcfegdjemgcpkgkb"=hex:6b,61,6c,65,62,68,61,63,6a,6d,6e,66,6b,6e,6d,67,68,6b,
   6c,6c,6f,6c,00,00
"habchcbdglnfcnjk"=hex:6b,61,6c,65,62,68,61,63,6a,6d,6e,66,6b,6e,6d,67,68,6b,
   6c,6c,6f,6c,00,00
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(992)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\DragnDropCopyHook.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATKKBService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2011-10-18  08:03:49 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-10-18 06:03
ComboFix2.txt  2011-10-17 14:58
ComboFix3.txt  2011-10-17 11:39
ComboFix4.txt  2011-10-17 10:11
.
Przed: 17 365 843 968 bajtów wolnych
Po: 17 363 984 384 bajtów wolnych
.
- - End Of File - - 8D0C8EB91724B66F0A09FEA23D4F0A88