ComboFix 11-04-21.06 - PaniWladca 2011-04-22  17:33:43.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2046.1606 [GMT 2:00]
Uruchomiony z: c:\documents and settings\PaniWladca\Pulpit\ComboFix.exe
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\HDD Regenerator\HDD Regenerator.exe
c:\windows\copyfstq.exe
c:\windows\dropcpyr.dll
c:\windows\Fonts\ArnoldBoeD.ttf
c:\windows\system32\Device.dll
c:\windows\system32\drivers\etc\host
c:\windows\system32\Install.bat
c:\windows\system32\msconfig.exe
c:\windows\system32\paqbonus.exe
c:\windows\system32\winping.exe
c:\windows\system32\y.cmd
c:\windows\Uninstall.ini
.
c:\windows\regedit.exe . . . jest zainfekowany!!
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-03-22 do 2011-04-22  )))))))))))))))))))))))))))))))
.
.
2011-04-21 19:55 . 2011-04-21 19:55	--------	d-----w-	c:\documents and settings\PaniWladca\DoctorWeb
2011-04-21 04:19 . 2011-04-21 04:20	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\MFAData
2011-04-15 20:26 . 2011-04-15 20:26	--------	d-----w-	c:\program files\Passware
2011-04-10 13:19 . 2011-04-10 13:19	--------	d-----w-	c:\docume~1\PANIWL~1\4CD9~1
2011-04-08 07:36 . 2011-04-08 07:36	--------	d-----w-	c:\docume~1\Rodzina\4CD9~1
2011-04-07 17:58 . 2011-04-07 17:58	--------	d-----w-	c:\windows\system32\4CD9~1
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 15:23 . 2010-05-06 19:50	16608	----a-w-	c:\windows\gdrv.sys
2011-02-28 08:00 . 2011-03-19 10:47	80896	----a-w-	c:\windows\system32\ff_vfw.dll
2011-02-19 10:38 . 2010-05-08 13:24	348256	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2011-02-19 10:37 . 2010-05-08 13:23	348256	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2011-01-22 17:36 . 2011-01-22 17:36	25992	----a-w-	c:\windows\system32\pgdfgsvc.exe
.
.
------- Sigcheck -------
.
[-] 2009-11-27 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2009-11-19 . 07CFE293CE37D0E558E3D4AC2FB70CED . 629760 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-15 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-15 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2009-11-19 . 3902506156DC2F68D85CFA797F12EBEE . 678400 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2009-11-19 . E88010D761E8C3C54B6FD30E742F8C53 . 1592832 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
.
.
[-] 2009-11-19 . 2E4BDA4E5393B4DBD52E1741A8AA8D2B . 2033664 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2009-11-19 . 1821FF40E4E05B4B694AEEB848113C8E . 2155008 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
.
c:\windows\System32\ctfmon.exe ...  - brak elementu !!
c:\windows\System32\regsvc.dll ...  - brak elementu !!
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawidłowe wpisy nie sš pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-23 19:09	67168	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"Konnekt"="c:\program files\KonnektPlus\konnekt.exe" [2005-05-24 565248]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-01-19 3274136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-22 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-22 13666408]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-11-27 128512]
.
c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
del.exe [2009-10-22 618289]
run.lnk - c:\program files\WindowZ\Kreator post-instalacyjny\run.bat [2010-5-6 966]
Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-5-6 211333]
.
c:\documents and settings\Default User\Menu Start\Programy\Autostart\
Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-5-6 211333]
z.cmd [2009-11-20 611]
.
c:\documents and settings\Go˜†\Menu Start\Programy\Autostart\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-5-6 211333]
.
c:\documents and settings\Rodzina\Menu Start\Programy\Autostart\
JDownloader.lnk - c:\program files\JDownloader\JDownloader.exe [2010-12-15 214528]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 116736]
Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-5-6 211333]
.
c:\documents and settings\PaniWladca\Menu Start\Programy\Autostart\
PNotes.lnk - c:\program files\PNotes\PNotes.exe [2010-5-6 699392]
Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-5-6 211333]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-12-24 479232]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 116736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuEjectPC"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="%windir%\\system32\\LogonuiZ.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44	500208	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57	406992	----a-w-	c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2005-03-08 04:42	176128	----a-w-	c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-04-11 16:52	1409024	----a-w-	c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37	517096	----a-w-	c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 pe3alucb;Wildlife Park 2 AddOn3 Marine Park Environment Driver (pe3alucb);c:\windows\system32\drivers\pe3alucb.sys [2007-11-05 65192]
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-11-28 76208]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-05-22 691696]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-12-23 96600]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [2010-05-06 68136]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-05-09 27632]
S2 pr2alucb;Wildlife Park 2 AddOn3 Marine Park Drivers Auto Removal (pr2alucb);c:\windows\system32\pr2alucb.exe svc --> c:\windows\system32\pr2alucb.exe svc [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-01-02 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-01-02 3072]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-05-09 13224]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2010-08-24 32377]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 .1273175079;1273175079; [x]
S4 FlashFolder;FlashFolder;c:\program files\FlashFolder\FlashFolder.exe [2008-03-21 71680]
S4 prio_svc;Prio Service;c:\program files\Prio\prio_svc.exe [2009-01-12 5120]
.
Zawartoœć folderu 'Zaplanowane zadania'
.
2011-01-22 c:\windows\Tasks\AdobeAAMUpdater-1.0-WINDOWZ-PaniWladca.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-27 02:44]
.
2011-01-22 c:\windows\Tasks\AdobeAAMUpdater-1.0-WINDOWZ-Rodzina.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-27 02:44]
.
2011-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-287218729-1801674531-1002Core.job
- c:\documents and settings\PaniWladca\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-07-27 12:20]
.
2011-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-287218729-1801674531-1002UA.job
- c:\documents and settings\PaniWladca\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-07-27 12:20]
.
2011-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-287218729-1801674531-1003Core.job
- c:\documents and settings\Rodzina\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-01-16 15:12]
.
2011-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-287218729-1801674531-1003UA.job
- c:\documents and settings\Rodzina\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-01-16 15:12]
.
.
------- Skan uzupełniajšcy -------
.
uStart Page = hxxp://www.google.com/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Œcišgnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Œcišgnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Œcišgnij zawartoœć wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\PaniWladca\Dane aplikacji\Mozilla\Firefox\Profiles\fwqdpv57.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\PaniWladca\Dane aplikacji\IDM\idmmzcc3
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
ShellIconOverlayIdentifiers-{dd230880-495a-11d1-b064-008048ec2fc5} - c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
HKLM-Run-Resume copy - copyfstq.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-HDD Regenerator - c:\program files\HDD Regenerator\HDD Regenerator.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-22 17:39
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyœlnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2d99c544-f06e-4d52-a7fb-8ed1fc9b8fd2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000004c
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):df,dc,65,d6,e3,a6,84,df,76,ec,f0,5b,98,a2,05,c7,d9,4a,a5,71,43,
   85,a1,0c,4c,49,fa,05,33,52,ac,5b,c4,6e,54,a0,b6,c3,4a,c7,00,00,00,00,00,00,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\program files\Prio\prio.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(640)
c:\program files\Prio\prio.dll
c:\windows\system32\scecli.dll
.
Czas ukończenia: 2011-04-22  17:40:34
ComboFix-quarantined-files.txt  2011-04-22 15:40
.
Przed: 3 151 261 696 bajtów wolnych
Po: 3 450 793 984 bajtów wolnych
.
- - End Of File - - 58F1E007B37E1C31089EECD0AEC9C628