ComboFix 12-02-25.02 - Pc 2012-02-26  23:04:06.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.2023.1528 [GMT 1:00]
Uruchomiony z: c:\p logi\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\3728_Konwerter_NowyDwor_Setup.exe
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\Pc\WINDOWS
C:\System
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\$NtUninstallKB29167$
c:\windows\$NtUninstallKB29167$\1856541435
c:\windows\ST6UNST.000
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET1442.tmp
c:\windows\system32\SET1447.tmp
c:\windows\system32\SET144E.tmp
D:\Install.exe
.
c:\windows\system32\drivers\afd.sys - brakowało pliku 
Plik odzyskano z - c:\windows\system32\dllcache\afd.sys
.
c:\windows\system32\drivers\netbt.sys - brakowało pliku 
Plik odzyskano z - c:\windows\ServicePackFiles\i386\netbt.sys
.
c:\windows\system32\drivers\ipsec.sys - brakowało pliku 
Plik odzyskano z - c:\windows\ServicePackFiles\i386\ipsec.sys
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-01-26 do 2012-02-26  )))))))))))))))))))))))))))))))
.
.
2012-02-26 22:09 . 2012-02-26 22:09	29904	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{B9991F16-220B-4CB6-97DB-0FE7901B8F96}\MpKsl34410d3d.sys
2012-02-26 22:08 . 2008-04-13 19:19	75264	-c--a-w-	c:\windows\system32\dllcache\ipsec.sys
2012-02-26 22:08 . 2008-04-13 19:19	75264	----a-w-	c:\windows\system32\drivers\ipsec.sys
2012-02-26 22:08 . 2011-08-17 13:49	138496	-c--a-w-	c:\windows\system32\dllcache\afd.sys
2012-02-26 22:08 . 2011-08-17 13:49	138496	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-26 22:08 . 2008-04-13 19:21	162816	-c--a-w-	c:\windows\system32\dllcache\netbt.sys
2012-02-26 22:08 . 2008-04-13 19:21	162816	----a-w-	c:\windows\system32\drivers\netbt.sys
2012-02-26 21:32 . 2012-02-26 21:32	29904	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{B9991F16-220B-4CB6-97DB-0FE7901B8F96}\MpKsl5beceafe.sys
2012-02-26 20:24 . 2012-02-26 20:25	--------	d-----w-	c:\documents and settings\Administrator
2012-02-24 22:34 . 2012-02-24 22:34	--------	d-----w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\PCHealth
2012-02-24 20:00 . 2012-02-26 21:50	--------	d-----w-	C:\P LOGI
2012-02-23 12:21 . 2008-04-14 17:11	53248	-c--a-w-	c:\windows\system32\dllcache\i8042prt.sys
2012-02-23 12:21 . 2008-04-14 17:11	53248	----a-w-	c:\windows\system32\drivers\i8042prt.sys
2012-02-23 12:21 . 2008-04-14 17:11	65280	-c--a-w-	c:\windows\system32\dllcache\serial.sys
2012-02-23 12:21 . 2008-04-14 17:11	65280	----a-w-	c:\windows\system32\drivers\serial.sys
2012-02-23 12:21 . 2008-04-14 17:05	58880	-c--a-w-	c:\windows\system32\dllcache\redbook.sys
2012-02-23 12:21 . 2008-04-14 17:05	58880	----a-w-	c:\windows\system32\drivers\redbook.sys
2012-02-23 12:21 . 2008-04-13 19:40	62976	-c--a-w-	c:\windows\system32\dllcache\cdrom.sys
2012-02-23 12:21 . 2008-04-13 19:40	62976	----a-w-	c:\windows\system32\drivers\cdrom.sys
2012-02-23 12:15 . 2012-01-06 04:19	6557240	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{B9991F16-220B-4CB6-97DB-0FE7901B8F96}\mpengine.dll
2012-02-23 12:14 . 2012-02-23 12:14	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-02-21 17:59 . 2012-02-21 17:59	41680	----a-w-	c:\windows\system32\drivers\invxnfkj.sys
2012-02-21 17:43 . 2012-02-21 17:43	41680	----a-w-	c:\windows\system32\drivers\oddlmtuu.sys
2012-02-21 17:38 . 2012-02-21 17:38	--------	d-----w-	c:\documents and settings\Pc\Dane aplikacji\SUPERAntiSpyware.com
2012-02-21 17:38 . 2012-02-21 17:38	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2012-02-21 17:37 . 2012-02-21 17:37	41680	----a-w-	c:\windows\system32\drivers\xrlstkpx.sys
2012-02-21 17:11 . 2012-02-21 17:11	41680	----a-w-	c:\windows\system32\drivers\tdhjzjyk.sys
2012-02-21 16:54 . 2012-02-21 16:54	41680	----a-w-	c:\windows\system32\drivers\skqoashd.sys
2012-02-21 16:48 . 2012-02-21 16:48	41680	----a-w-	c:\windows\system32\drivers\svbzgmmt.sys
2012-02-21 16:34 . 2012-02-21 16:34	41680	----a-w-	c:\windows\system32\drivers\fcffiqfk.sys
2012-02-21 16:28 . 2012-02-21 16:28	--------	d-----w-	c:\documents and settings\Pc\Ustawienia lokalne\Dane aplikacji\Norman Malware Cleaner
2012-02-21 16:24 . 2012-02-21 18:43	--------	d-----w-	C:\p
2012-02-21 13:46 . 2012-02-21 15:15	0	--sha-w-	c:\windows\system32\dds_trash_log.cmd
2012-02-16 08:28 . 2012-01-11 19:07	3072	-c----w-	c:\windows\system32\dllcache\iacenc.dll
2012-02-16 08:28 . 2012-01-11 19:07	3072	------w-	c:\windows\system32\iacenc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-12-13 10:41	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-13 18:20 . 2012-01-13 18:20	1409	----a-w-	c:\windows\QTFont.for
2012-01-12 17:20 . 2006-03-02 12:00	1860224	----a-w-	c:\windows\system32\win32k.sys
2012-01-06 04:19 . 2011-12-14 13:29	6557240	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-30 10:25 . 2011-06-06 13:56	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:41 . 2006-03-02 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2011-12-17 19:41 . 2006-03-02 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-12-17 19:41 . 2006-03-02 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2006-03-02 12:00	385024	----a-w-	c:\windows\system32\html.iec
2010-09-07 09:52 . 2010-09-07 09:52	3738642	----a-w-	c:\program files\operat32.exe
2010-09-07 09:48 . 2010-09-07 09:48	2482304	----a-w-	c:\program files\winkalk32.exe
2010-09-07 09:44 . 2010-09-07 09:43	5179663	----a-w-	c:\program files\mikromap32.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemExplorerAutoStart"="c:\systemexplorerportable_302\SystemExplorer.exe" [2011-07-01 3230536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Action Manager 32.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Action Manager 32.lnk
backup=c:\windows\pss\Action Manager 32.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:21	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-23 10:02	163840	----a-r-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWS myPrintMileage Agent]
2004-10-31 04:47	102400	----a-w-	c:\program files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-23 10:02	131072	----a-r-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-23 10:01	135168	----a-r-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 13:57	282624	----a-w-	c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
2005-07-03 07:20	372736	------w-	c:\windows\Samsung\ComSMMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"NMSAccessU"=2 (0x2)
"idsvc"=3 (0x3)
"C-DillaCdaC11BA"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\klient\\klient.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Deskjet 1280\\Toolbox\\HPWSTBX.exe"=
.
R1 MpKsl34410d3d;MpKsl34410d3d;c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{B9991F16-220B-4CB6-97DB-0FE7901B8F96}\MpKsl34410d3d.sys [2012-02-26 29904]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [2010-07-19 93440]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-07-16 23456]
S3 GT680xNT;715 USB Scanner Driver;c:\windows\system32\drivers\Gt680x.sys [2008-03-19 17376]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-08-18 716272]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - MPKSL34410D3D
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroCheck - c:\windows\system32\\NeroCheck.exe
AddRemove-ActiveScan 2.0 - c:\program files\Panda Security\ActiveScan 2.0\as2uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-26 23:09
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\ACTIVEDS.dll
.
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Czas ukończenia: 2012-02-26  23:13:04 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-02-26 22:13
.
Przed: 40 656 744 448 bajtów wolnych
Po: 41 526 112 256 bajtów wolnych
.
- - End Of File - - 8DF5B1AD58ED8F1A3E8E6E206C3BC6CF