ComboFix 11-11-09.01 - Marysia 2011-11-09  18:37:00.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3071.2655 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Marysia\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 * Rezydentny antywirus jest aktywny
.
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\Marysia\Recent\Thumbs.db
c:\documents and settings\Marysia\Ustawienia lokalne\Dane aplikacji\e9766fe7\U
c:\documents and settings\Marysia\Ustawienia lokalne\Dane aplikacji\e9766fe7\U\80000000.@
c:\documents and settings\Marysia\Ustawienia lokalne\Dane aplikacji\e9766fe7\U\800000cb.@
c:\windows\$NtUninstallKB31086$
c:\windows\$NtUninstallKB31086$\3916853223\@
c:\windows\$NtUninstallKB31086$\3916853223\L\xijbqszk
c:\windows\$NtUninstallKB31086$\3916853223\loader.tlb
c:\windows\$NtUninstallKB31086$\3916853223\U\@00000001
c:\windows\$NtUninstallKB31086$\3916853223\U\@000000c0
c:\windows\$NtUninstallKB31086$\3916853223\U\@000000cb
c:\windows\$NtUninstallKB31086$\3916853223\U\@000000cf
c:\windows\$NtUninstallKB31086$\3916853223\U\@80000000
c:\windows\$NtUninstallKB31086$\3916853223\U\@800000c0
c:\windows\$NtUninstallKB31086$\3916853223\U\@800000cb
c:\windows\$NtUninstallKB31086$\3916853223\U\@800000cf
c:\windows\$NtUninstallKB31086$\933069045
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ 
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-10-09 do 2011-11-09  )))))))))))))))))))))))))))))))
.
.
2011-11-09 08:03 . 2011-11-09 08:05	--------	d-----w-	C:\6d40a102043f8a3e5187d0287980
2011-11-08 09:39 . 2011-11-08 09:40	--------	d-----w-	c:\windows\system32\NtmsData
2011-11-08 09:09 . 2011-11-09 17:45	--------	d-sh--w-	c:\documents and settings\Marysia\Ustawienia lokalne\Dane aplikacji\e9766fe7
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 17:21 . 2003-04-16 12:00	75264	----a-w-	c:\windows\system32\drivers\ipsec.sys
2011-10-10 14:22 . 2009-05-20 12:04	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-10-04 08:20 . 2011-10-04 08:20	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 18:59	614400	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2003-04-16 12:00	23040	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2003-04-16 12:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2003-04-16 12:00	602624	----a-w-	c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2003-04-16 12:00	1859200	----a-w-	c:\windows\system32\win32k.sys
2011-08-22 23:40 . 2003-04-16 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2011-08-22 23:40 . 2003-04-16 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-08-22 23:40 . 2003-04-16 12:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-08-22 11:58 . 2009-05-20 13:26	385024	----a-w-	c:\windows\system32\html.iec
2011-08-17 13:49 . 2003-04-16 12:00	138496	----a-w-	c:\windows\system32\drivers\afd.sys
2011-09-29 07:30 . 2011-10-04 08:02	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-10-22 221247]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Marysia^Menu Start^Programy^Autostart^Samsung Auto Backup Guage.lnk]
path=c:\documents and settings\Marysia\Menu Start\Programy\Autostart\Samsung Auto Backup Guage.lnk
backup=c:\windows\pss\Samsung Auto Backup Guage.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Marysia^Menu Start^Programy^Autostart^Samsung Auto Backup Real-Time Daemon.lnk]
path=c:\documents and settings\Marysia\Menu Start\Programy\Autostart\Samsung Auto Backup Real-Time Daemon.lnk
backup=c:\windows\pss\Samsung Auto Backup Real-Time Daemon.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Marysia^Menu Start^Programy^Autostart^Samsung Auto Backup Scheduler.lnk]
path=c:\documents and settings\Marysia\Menu Start\Programy\Autostart\Samsung Auto Backup Scheduler.lnk
backup=c:\windows\pss\Samsung Auto Backup Scheduler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-14 14:44	136176	----atw-	c:\documents and settings\Marysia\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-11-26 13:54	1057064	----a-w-	c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17	52256	-c--a-w-	c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57	153136	-c--a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 22:16	741376	----a-r-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 20:01	71216	-c----w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-11-26 13:54	1629480	-c--a-w-	c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49	249064	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Marysia\\Ustawienia lokalne\\Dane aplikacji\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Marysia\\Moje dokumenty\\Downloads\\tdsskiller.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3670:TCP"= 3670:TCP:RNP9BB089
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-04-09 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-04-09 94360]
R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [2010-10-28 12800]
R1 mvd20;mvd20;c:\program files\Clarus\Samsung SecretZone\mvd20.sys [2010-10-28 64000]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-04-09 731840]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [2010-10-28 114688]
S2 gupdate;Usługa Google Update (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 DL2X;D-Link Gigabit (DL2X) Adapter NT Driver;c:\windows\system32\drivers\dl2xd50.sys [2009-06-24 33152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1770027372-725345543-1003Core.job
- c:\documents and settings\Marysia\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-01-14 14:44]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1770027372-725345543-1003UA.job
- c:\documents and settings\Marysia\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-01-14 14:44]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gorilla.pl/admin
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/PL/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\documents and settings\Marysia\Dane aplikacji\Mozilla\Firefox\Profiles\wtrku52w.default\
FF - prefs.js: browser.startup.homepage - www.teatr-polski.pl
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
SafeBoot-54815464.sys
MSConfigStartUp-Google Quick Search Box - c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-09 18:48
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msiexec.exe
c:\windows\System32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2011-11-09  18:53:36 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-11-09 17:53
.
Przed: 6 912 868 352 bajtów wolnych
Po: 7 286 509 568 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - FB824CDB86F2815923273CFBD0B51924