ComboFix 11-11-28.02 - Zbyszek 2011-11-29   0:43.18.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.1015.512 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Zbyszek\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Zbyszek\Pulpit\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
SP: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7094}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-10-28 do 2011-11-28  )))))))))))))))))))))))))))))))
.
.
2011-11-28 09:36 . 2011-11-28 09:36	28752	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{D9EA9B78-47A4-4D25-97FA-2BDDAAFA3D62}\MpKsl81564f9d.sys
2011-11-28 09:36 . 2011-11-28 09:36	56200	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{D9EA9B78-47A4-4D25-97FA-2BDDAAFA3D62}\offreg.dll
2011-11-27 18:27 . 2011-10-06 19:48	6668624	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{D9EA9B78-47A4-4D25-97FA-2BDDAAFA3D62}\mpengine.dll
2011-11-13 10:15 . 2011-10-06 19:48	6668624	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-12 07:37 . 2011-11-12 07:38	--------	d-----w-	c:\program files\Microsoft Security Client
2011-11-05 14:47 . 2011-11-05 16:39	--------	d-----w-	c:\documents and settings\Zbyszek\Dane aplikacji\Otug
2011-11-05 14:47 . 2011-11-05 15:28	--------	d-----w-	c:\documents and settings\Zbyszek\Dane aplikacji\Gugy
2011-11-03 22:20 . 2011-11-03 22:20	--------	d-----w-	c:\documents and settings\Zbyszek\Dane aplikacji\Bitstream
2011-11-03 15:52 . 2011-11-03 19:54	88	--sh--r-	c:\windows\system32\6E9CC4DAEC.sys
2011-11-03 15:51 . 2011-11-03 15:51	65536	----a-r-	c:\documents and settings\Zbyszek\Dane aplikacji\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2011-11-03 15:49 . 2011-11-03 15:49	--------	d-----w-	c:\program files\Common Files\Protexis
2011-11-03 15:46 . 2011-11-03 19:54	2516	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2011-11-03 15:44 . 2005-04-03 22:02	753664	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-11-03 15:44 . 2005-04-03 22:02	69714	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-11-03 15:44 . 2005-04-03 22:01	274432	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-11-03 15:44 . 2005-04-03 22:00	184320	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-11-03 15:44 . 2005-04-03 21:59	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-11-03 15:44 . 2011-11-03 15:44	331908	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-11-03 15:44 . 2011-11-03 15:44	200836	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-11-02 17:16 . 2011-11-02 17:17	--------	d-----w-	c:\documents and settings\Zbyszek\Ustawienia lokalne\Dane aplikacji\Nero
2011-11-02 17:15 . 2011-11-02 17:15	--------	d-----w-	c:\documents and settings\Zbyszek\Dane aplikacji\Nero
2011-11-02 16:57 . 2011-11-02 16:58	--------	d-----w-	c:\program files\Common Files\Nero
2011-11-02 16:57 . 2011-11-02 17:03	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Nero
2011-11-02 16:52 . 2009-09-04 16:29	1974616	----a-w-	c:\windows\system32\D3DCompiler_42.dll
2011-11-02 16:52 . 2009-09-04 16:29	1892184	----a-w-	c:\windows\system32\D3DX9_42.dll
2011-11-02 16:51 . 2008-10-15 05:22	4379984	----a-w-	c:\windows\system32\D3DX9_40.dll
2011-11-02 16:51 . 2007-05-16 15:45	3497832	----a-w-	c:\windows\system32\d3dx9_34.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 13:01 . 2011-05-17 14:25	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2010-06-02 16:08	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-03-02 12:00	602624	----a-w-	c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59	614400	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00	23040	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-06 14:10 . 2006-03-02 12:00	1859200	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-17_18.57.29   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-28 09:36 . 2011-11-28 09:36	16384              c:\windows\temp\Perflib_Perfdata_7a8.dat
- 2006-03-02 12:00 . 2011-10-30 19:59	84316              c:\windows\system32\perfc015.dat
+ 2006-03-02 12:00 . 2011-11-20 15:00	84316              c:\windows\system32\perfc015.dat
- 2006-03-02 12:00 . 2011-10-30 19:59	67884              c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2011-11-20 15:00	67884              c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2011-11-20 15:00	491064              c:\windows\system32\perfh015.dat
- 2006-03-02 12:00 . 2011-10-30 19:59	491064              c:\windows\system32\perfh015.dat
- 2006-03-02 12:00 . 2011-10-30 19:59	432928              c:\windows\system32\perfh009.dat
+ 2006-03-02 12:00 . 2011-11-20 15:00	432928              c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"= "c:\program files\LG Mobile PC Sync\mybarnskD.tmp\tbcore3.dll" [2010-06-18 2604032]
.
[HKEY_CLASSES_ROOT\clsid\{c86ff9fa-aeed-451b-a9cc-39a53173ae2e}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"= "c:\program files\LG Mobile PC Sync\mybarnskD.tmp\tbcore3.dll" [2010-06-18 2604032]
.
[HKEY_CLASSES_ROOT\clsid\{c86ff9fa-aeed-451b-a9cc-39a53173ae2e}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LG LinkAir"="c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe" [2010-09-16 2440552]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"CTCheck"="e:\zen media explorer\CTCheck.exe" [2007-11-06 397312]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2009-05-27 315392]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"B2C_AGENT"="c:\documents and settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-27 404568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Default User\Menu Start\Programy\Autostart\
rekut.exe [2011-11-5 262656]
.
c:\documents and settings\Zbyszek\Menu Start\Programy\Autostart\
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Gadu-Gadu 10\\gg.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"e:\\Winamp\\winamp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16385:UDP"= 16385:UDP:UDP 16385
"13171:TCP"= 13171:TCP:TCP 13171
"28341:UDP"= 28341:UDP:UDP 28341
"27501:TCP"= 27501:TCP:TCP 27501
.
R1 MpKsl81564f9d;MpKsl81564f9d;c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{D9EA9B78-47A4-4D25-97FA-2BDDAAFA3D62}\MpKsl81564f9d.sys [2011-11-28 28752]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-09-29 12928]
S1 MpKsl10168608;MpKsl10168608;\??\c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{8A50871A-865C-4D49-9135-525A5BF0DC76}\MpKsl10168608.sys --> c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{8A50871A-865C-4D49-9135-525A5BF0DC76}\MpKsl10168608.sys [?]
S1 MpKsl6eb9036c;MpKsl6eb9036c;\??\c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{97D11A59-B354-4090-BF1E-371D09FFC3C5}\MpKsl6eb9036c.sys --> c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{97D11A59-B354-4090-BF1E-371D09FFC3C5}\MpKsl6eb9036c.sys [?]
S1 MpKsl721986ac;MpKsl721986ac;\??\c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{DDFA0538-251B-4815-8D02-81B47C70FE36}\MpKsl721986ac.sys --> c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{DDFA0538-251B-4815-8D02-81B47C70FE36}\MpKsl721986ac.sys [?]
S1 MpKslaf7bb238;MpKslaf7bb238;\??\c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{DDFA0538-251B-4815-8D02-81B47C70FE36}\MpKslaf7bb238.sys --> c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{DDFA0538-251B-4815-8D02-81B47C70FE36}\MpKslaf7bb238.sys [?]
S1 MpKslfcc0bc62;MpKslfcc0bc62;\??\c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{DDFA0538-251B-4815-8D02-81B47C70FE36}\MpKslfcc0bc62.sys --> c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{DDFA0538-251B-4815-8D02-81B47C70FE36}\MpKslfcc0bc62.sys [?]
S2 AMService;AMService;c:\windows\TEMP\njdjho\setup.exe run --> c:\windows\TEMP\njdjho\setup.exe run [?]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-06-02 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-01-07 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-01-07 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-01-07 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-01-07 25088]
S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys --> c:\windows\system32\Drivers\lgandadb.sys [?]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - MPKSL81564F9D
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 19:17]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 19:17]
.
2011-11-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
mStart Page = hxxp://gooofullsearch.com/bar
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
IE: {{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - c:\program files\LG Mobile PC Sync\mybarnskD.tmp\tbcore3.dll
TCP: DhcpNameServer = 62.179.1.62 62.179.1.63
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-29 00:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD5000AADS-00S9B0 rev.01.00A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 
.
device: opened successfully
user: MBR read successfully
error: Read  Urządzenie podłączone do komputera nie działa.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86F3031B
user & kernel MBR OK 
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2011-11-29  01:01:01
ComboFix-quarantined-files.txt  2011-11-29 00:00
ComboFix2.txt  2011-11-28 23:32
ComboFix3.txt  2011-11-17 19:03
ComboFix4.txt  2011-11-12 01:04
.
Przed: 23 891 275 776 bajtów wolnych
Po: 23 895 601 152 bajtów wolnych
.
- - End Of File - - 0911F248EB764B6D8633EC86AAA616FC