ComboFix 11-05-31.01 - Drill 2011-05-31  20:58:45.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.767.525 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Drill\Pulpit\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Drill\Dane aplikacji\EurekaLog
c:\documents and settings\Drill\Dane aplikacji\EurekaLog\EurekaLog.ini
c:\documents and settings\JA\WINDOWS
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-04-28 do 2011-05-31  )))))))))))))))))))))))))))))))
.
.
2011-05-28 12:59 . 2011-05-28 12:59	--------	d-----w-	c:\documents and settings\Drill\Dane aplikacji\PCToolsFirewallPlus
2011-05-28 12:59 . 2011-03-02 10:40	160576	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-28 12:59 . 2010-03-29 09:06	218592	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2011-05-28 12:59 . 2011-01-17 07:10	251560	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2011-05-28 12:58 . 2011-05-28 12:59	--------	d-----w-	c:\program files\Common Files\PC Tools
2011-05-28 12:58 . 2011-01-12 08:36	89472	----a-w-	c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-05-28 12:58 . 2010-07-08 06:49	57536	----a-w-	c:\windows\system32\drivers\pctNdis.sys
2011-05-28 12:58 . 2010-02-05 06:26	32808	----a-w-	c:\windows\system32\drivers\pctNdis-DNS.sys
2011-05-28 12:58 . 2011-01-17 06:11	125248	----a-w-	c:\windows\system32\drivers\pctplfw.sys
2011-05-27 18:33 . 2011-05-27 18:33	388096	----a-r-	c:\documents and settings\Drill\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-18 13:41 . 2011-05-18 13:41	--------	d-----w-	c:\documents and settings\Drill\Dane aplikacji\gtk-2.0
2011-05-18 13:16 . 2011-05-18 13:16	--------	d-----w-	c:\documents and settings\Drill\.thumbnails
2011-05-18 13:14 . 2011-05-18 13:46	--------	d-----w-	c:\documents and settings\Drill\.gimp-2.6
2011-05-08 19:16 . 2011-05-08 19:16	781272	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-08 19:16 . 2011-05-08 19:16	1874904	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-05-08 19:16 . 2011-05-08 19:16	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-05-08 19:16 . 2011-05-08 19:16	465880	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-08 19:16 . 2011-05-08 19:16	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-08 19:16 . 2011-05-08 19:16	1892184	----a-w-	c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-08 19:16 . 2011-05-08 19:16	142296	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-08 19:16 . 2011-05-08 19:16	1974616	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_42.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 16:01 . 2010-03-25 15:45	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2009-10-16 15:26	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2002-09-23 12:00	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2002-09-23 12:00	1858176	----a-w-	c:\windows\system32\win32k.sys
2011-05-08 19:16 . 2011-05-08 19:16	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"00PCTFW"="d:\pc tools firewall plus\FirewallGUI.exe" [2011-04-07 2672600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	357696	----a-w-	d:\daemon tools lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 15:31	80896	----a-w-	c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:21	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 10:22	86016	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
2008-06-10 10:14	107248	----a-w-	c:\program files\Livebox\SessionManager\SessionManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21	246504	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Versato]
2002-02-22 13:30	24576	----a-w-	c:\program files\MediaKey\MagicRun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"FTRTSVC"=2 (0x2)
"gupdate"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Livebox\\Connectivity\\ConnectivityManager.exe"=
.
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2009-10-23 11889]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-05-28 251560]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-05-28 160576]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-05-28 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-05-28 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-05-28 125248]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 iteio;iteio;c:\windows\system32\drivers\Iteio.sys [2009-10-23 3680]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-05-28 57536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-05-31 c:\windows\Tasks\GlaryInitialize.job
- d:\glary utilities\initialize.exe [2011-04-13 06:25]
.
.
------- Skan uzupełniający -------
.
uStart Page = wyborcza.pl/0,0.html?p=020
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Drill\Dane aplikacji\Mozilla\Firefox\Profiles\32gpmn7d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-31 21:11
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2011-05-31  21:19:05
ComboFix-quarantined-files.txt  2011-05-31 19:18
.
Przed: 9 444 560 896 bajtów wolnych
Po: 9 403 162 624 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 7088E51BA6ED3A48595310977FBEB866