ComboFix 11-04-28.01 - PC 2011-04-28  21:04:00.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.2047.1719 [GMT 2:00]
Uruchomiony z: c:\documents and settings\PC\Pulpit\ComboFix.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-03-28 do 2011-04-28  )))))))))))))))))))))))))))))))
.
.
2011-05-06 18:32 . 2001-08-17 19:56	7552	-c--a-w-	c:\windows\system32\dllcache\sonypvu1.sys
2011-05-06 18:32 . 2001-08-17 19:56	7552	----a-w-	c:\windows\system32\drivers\SONYPVU1.SYS
2011-04-28 14:00 . 2011-04-28 14:00	--------	d--h--w-	c:\windows\system32\GroupPolicy
2011-04-28 13:52 . 2011-04-28 13:55	--------	d-----w-	c:\program files\SPY botek
2011-04-28 12:50 . 2011-04-28 17:55	--------	d-----w-	c:\windows\system32\NtmsData
2011-04-28 12:06 . 2011-04-28 14:01	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2011-04-28 12:06 . 2011-04-28 12:47	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-04-19 17:17 . 2011-04-19 17:17	--------	d-----w-	c:\documents and settings\PC\Dane aplikacji\OpenOffice.org
2011-04-19 17:16 . 2011-04-19 17:16	--------	d-----w-	c:\program files\OpenOffice.org 3
2011-04-14 15:33 . 2011-04-14 15:33	--------	d-----r-	C:\AHCache
2011-04-14 15:32 . 2011-04-15 08:18	--------	d-----w-	c:\documents and settings\PC\Ustawienia lokalne\Dane aplikacji\OpenCandy
2011-04-14 15:32 . 2011-04-14 15:32	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Canneverbe Limited
2011-04-14 15:32 . 2011-04-14 15:32	--------	d-----w-	c:\documents and settings\PC\Dane aplikacji\Canneverbe Limited
2011-04-14 15:32 . 2009-11-12 11:48	7168	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2011-04-14 15:32 . 2011-04-14 15:32	--------	d-----w-	c:\program files\CDBurnerXP
2011-04-14 15:32 . 2011-04-14 15:32	--------	d-----w-	c:\documents and settings\PC\Dane aplikacji\OpenCandy
2011-04-07 18:28 . 2011-04-07 18:28	--------	d-----w-	c:\windows\Sun
2011-04-01 13:51 . 2011-04-28 19:00	--------	d-----w-	c:\program files\Common Files\Akamai
2011-03-31 15:59 . 2011-03-31 15:59	--------	d-----w-	c:\documents and settings\PC\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-28 22:15 . 2011-03-28 22:15	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-03-28 22:15 . 2011-03-28 22:15	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-03-19 16:09 . 2004-07-17 09:36	29392	----a-w-	c:\windows\system32\drivers\secdrv.sys
2011-03-18 14:05 . 2011-03-18 14:05	21275	----a-w-	c:\windows\system32\drivers\AegisP.sys
2011-03-13 14:48 . 2011-03-13 14:48	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-28_12.40.55   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-28 19:00 . 2011-04-28 19:00	16384              c:\windows\Temp\Perflib_Perfdata_538.dat
+ 2011-04-28 19:00 . 2011-04-28 19:00	16384              c:\windows\Temp\Perflib_Perfdata_508.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Start^Programy^Autostart^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\PC\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 20:02	932288	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 22:44	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]
2004-08-03 22:44	1033728	----a-w-	c:\windows\explorer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 16:07	61952	------w-	c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-11 13:43	7630848	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-08-11 13:43	86016	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-11 13:43	1519616	----a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07	2260480	--sha-r-	c:\program files\SPY botek\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\GRY\\Counter-Strike\\hl.exe"=
"d:\\GRY\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Razer\\Diamondback 3G\\razerhid.exe"=
"d:\\instalki\\j2re-1_4_2_05-windows-i586-p.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-03-13 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2011-03-18 13225]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PC\Dane aplikacji\Mozilla\Firefox\Profiles\rm6iea1x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- Skojarzenia plików -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-28 21:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(340)
c:\windows\system32\msi.dll
.
Czas ukończenia: 2011-04-28  21:07:30
ComboFix-quarantined-files.txt  2011-04-28 19:07
ComboFix2.txt  2011-04-28 18:07
ComboFix3.txt  2011-04-28 17:45
ComboFix4.txt  2011-04-28 12:43
.
Przed: 283 817 816 064 bajtów wolnych
Po: 283 809 280 000 bajtów wolnych
.
- - End Of File - - 37FAF9AC628392484D3DD72BBB6EB94C