ComboFix 11-11-15.06 - Administrator 2011-11-16  11:33:45.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3326.2765 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TNod User & Password Finder\TNODUP.exe
c:\windows\system32\haqtyfy.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_afbbkdctm
-------\Service_afbbkdctm
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-10-16 do 2011-11-16  )))))))))))))))))))))))))))))))
.
.
2011-11-08 15:35 . 2010-01-25 05:11	19968	----a-w-	c:\windows\system32\drivers\lgandgps.sys
2011-11-08 15:35 . 2010-01-25 05:11	24960	----a-w-	c:\windows\system32\drivers\lgandmodem.sys
2011-11-08 15:35 . 2011-11-08 15:35	--------	d-----w-	c:\program files\LG Electronics
2011-11-08 15:35 . 2010-01-25 05:11	20864	----a-w-	c:\windows\system32\drivers\lganddiag.sys
2011-11-08 15:35 . 2010-01-25 05:11	14336	----a-w-	c:\windows\system32\drivers\lgandbus.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 19:53 . 2011-08-11 17:13	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8f3c1d75-d467-43c2-9a36-655366b76f5f}"= "c:\program files\Softonic-Polska_\prxtbSoft.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8f3c1d75-d467-43c2-9a36-655366b76f5f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22	176936	----a-w-	c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8f3c1d75-d467-43c2-9a36-655366b76f5f}]
2011-03-28 16:22	176936	----a-w-	c:\program files\Softonic-Polska_\prxtbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8f3c1d75-d467-43c2-9a36-655366b76f5f}"= "c:\program files\Softonic-Polska_\prxtbSoft.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8f3c1d75-d467-43c2-9a36-655366b76f5f}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8F3C1D75-D467-43C2-9A36-655366B76F5F}"= "c:\program files\Softonic-Polska_\prxtbSoft.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8f3c1d75-d467-43c2-9a36-655366b76f5f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-11 3077528]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2009-01-17 5853672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-03 13684736]
"nwiz"="nwiz.exe" [2009-04-03 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-03 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SigmatelSysTrayApp"="sttray.exe" [2006-07-27 282624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-15 12:00	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2009-04-03 14:13	2158592	----a-w-	c:\program files\Vtune\TBPANEL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
.
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2009-10-25 16384]
S2 afbbkdctm;Shell Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-04-15 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-11-08 14336]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-11-08 20864]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-11-08 19968]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-11-08 24960]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
afbbkdctm
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3031818
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F5A2FD00-BB50-474F-BF7B-169E6A0D5246}: NameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\unin6lbp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: network.proxy.type - 0
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-TNOD UP - c:\program files\TNod User & Password Finder\TNODUP.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-16 11:38
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\afbbkdctm]
"ServiceDll"="c:\windows\system32\haqtyfy.dll"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-299502267-1682526488-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,b6,70,58,21,19,bf,41,87,6b,bc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,b6,70,58,21,19,bf,41,87,6b,bc,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):06,5d,95,d7,6b,bc,14,6a,23,3c,9b,ea,39,f7,95,9b,c8,1a,01,6a,83,
   9e,cd,c9,14,44,b9,5b,76,de,58,35,01,c6,67,f8,e2,2b,2e,af,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{68a8bc11-1dba-4323-b62f-26275517ea0a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fb
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,e1,24,76,17,62,9f,c7,01,bc,9a,f2,a2,6a,1d,d5,44,83,e0,8b,c5,07,bb,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(2484)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Tlen.pl\hook.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\sttray.exe
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2011-11-16  11:40:30 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-11-16 10:40
.
Przed: 39 768 797 184 bajtów wolnych
Po: 39 809 507 328 bajtów wolnych
.
- - End Of File - - D7B3BE9DE2133384EF2246A80E220D98