ComboFix 11-04-27.03 - PC 2011-04-28  14:37:03.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.2047.1535 [GMT 2:00]
Uruchomiony z: c:\downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\windows\system32\arking.exe
c:\windows\system32\arking0.dll
c:\windows\system32\arking1.dll
c:\windows\system32\explorer.exe
D:\autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-03-28 do 2011-04-28  )))))))))))))))))))))))))))))))
.
.
2011-05-06 18:32 . 2001-08-17 19:56	7552	-c--a-w-	c:\windows\system32\dllcache\sonypvu1.sys
2011-05-06 18:32 . 2001-08-17 19:56	7552	----a-w-	c:\windows\system32\drivers\SONYPVU1.SYS
2011-04-28 12:32 . 2011-04-28 12:32	--------	d-----w-	c:\documents and settings\PC\Dane aplikacji\Avira
2011-04-28 12:24 . 2011-04-28 12:24	--------	d-----w-	c:\program files\Avira
2011-04-28 12:24 . 2011-04-28 12:24	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Avira
2011-04-28 12:24 . 2011-04-01 15:07	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-04-28 12:24 . 2011-04-01 15:07	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-04-28 12:24 . 2010-06-17 13:27	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2011-04-28 12:24 . 2010-06-17 13:27	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2011-04-28 12:06 . 2011-04-28 12:12	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2011-04-28 12:06 . 2011-04-28 12:09	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-04-19 17:17 . 2011-04-19 17:17	--------	d-----w-	c:\documents and settings\PC\Dane aplikacji\OpenOffice.org
2011-04-19 17:16 . 2011-04-19 17:16	--------	d-----w-	c:\program files\OpenOffice.org 3
2011-04-14 15:33 . 2011-04-14 15:33	--------	d-----r-	C:\AHCache
2011-04-14 15:32 . 2011-04-15 08:18	--------	d-----w-	c:\documents and settings\PC\Ustawienia lokalne\Dane aplikacji\OpenCandy
2011-04-14 15:32 . 2011-04-14 15:32	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Canneverbe Limited
2011-04-14 15:32 . 2011-04-14 15:32	--------	d-----w-	c:\documents and settings\PC\Dane aplikacji\Canneverbe Limited
2011-04-14 15:32 . 2009-11-12 11:48	7168	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2011-04-14 15:32 . 2011-04-14 15:32	--------	d-----w-	c:\program files\CDBurnerXP
2011-04-14 15:32 . 2011-04-14 15:32	--------	d-----w-	c:\documents and settings\PC\Dane aplikacji\OpenCandy
2011-04-07 18:28 . 2011-04-07 18:28	--------	d-----w-	c:\windows\Sun
2011-04-01 13:51 . 2011-04-28 12:40	--------	d-----w-	c:\program files\Common Files\Akamai
2011-03-31 15:59 . 2011-03-31 15:59	--------	d-----w-	c:\documents and settings\PC\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
2011-03-29 16:14 . 2011-03-29 16:14	--------	d-----w-	c:\documents and settings\PC\Dane aplikacji\vlc
2011-03-29 15:25 . 2001-10-26 15:29	5632	----a-w-	c:\windows\system32\ptpusb.dll
2011-03-29 15:25 . 2004-08-03 22:44	159232	----a-w-	c:\windows\system32\ptpusd.dll
2011-03-29 15:25 . 2004-08-03 20:58	15104	-c--a-w-	c:\windows\system32\dllcache\usbscan.sys
2011-03-29 15:25 . 2004-08-03 20:58	15104	----a-w-	c:\windows\system32\drivers\usbscan.sys
2011-03-29 15:20 . 2011-03-29 15:20	143360	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-03-29 15:20 . 2011-03-29 15:20	143360	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-03-29 15:20 . 2011-03-29 15:20	143360	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-03-29 15:20 . 2011-03-29 15:20	143360	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-03-29 15:20 . 2011-03-29 15:20	143360	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-03-29 15:19 . 2011-03-29 15:20	143360	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-03-29 15:19 . 2011-03-29 15:20	143360	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-03-29 15:19 . 2011-03-29 15:20	143360	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-03-29 15:19 . 2011-03-29 15:20	143360	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-03-29 15:19 . 2011-03-29 15:20	143360	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-03-29 15:19 . 2011-03-29 15:19	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2011-03-29 15:19 . 2009-05-26 15:18	90112	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-03-29 15:19 . 2009-05-26 15:18	57344	----a-w-	c:\windows\system32\QuickTime.qts
2011-03-29 15:19 . 2011-03-29 15:19	--------	d-----w-	c:\program files\QuickTime Alternative
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-28 22:15 . 2011-03-28 22:15	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-03-28 22:15 . 2011-03-28 22:15	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-03-19 16:09 . 2004-07-17 09:36	29392	----a-w-	c:\windows\system32\drivers\secdrv.sys
2011-03-18 14:05 . 2011-03-18 14:05	21275	----a-w-	c:\windows\system32\drivers\AegisP.sys
2011-03-13 14:48 . 2011-03-13 14:48	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Start^Programy^Autostart^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\PC\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 20:02	932288	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45	117656	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 22:44	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	427328	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]
2004-08-03 22:44	1033728	----a-w-	c:\windows\explorer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
2006-09-13 09:16	2228224	----a-w-	c:\program files\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 16:07	61952	------w-	c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:55	1741312	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-11 13:43	7630848	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-08-11 13:43	86016	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-11 13:43	1519616	----a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49	318696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
2006-03-29 15:12	434176	----a-w-	c:\program files\TP-LINK\TWCU\TWCU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\GRY\\Counter-Strike\\hl.exe"=
"d:\\GRY\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1031:TCP"= 1031:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-03-13 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2011-03-18 13225]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - ABP470N5
*NewlyCreated* - SSMDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PC\Dane aplikacji\Mozilla\Firefox\Profiles\rm6iea1x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- Skojarzenia plików -------
.
.scr=AutoCADScriptFile
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-wsctf.exe - wsctf.exe
MSConfigStartUp-cdoosoft - c:\docume~1\PC\USTAWI~1\Temp\herss.exe
MSConfigStartUp-King_ar - c:\windows\system32\arking.exe
MSConfigStartUp-wsctf - wsctf.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-28 14:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(2376)
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Razer\Diamondback 3G\razertra.exe
c:\program files\Razer\Diamondback 3G\razerofa.exe
.
**************************************************************************
.
Czas ukończenia: 2011-04-28  14:43:55 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-04-28 12:43
.
Przed: 283 563 130 880 bajtów wolnych
Po: 283 822 170 112 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D6973858DACAFC5416811F0230B0AF0C