ComboFix 12-02-02.01 - Zendalor 2012-02-02  15:46:20.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1535.953 [GMT 1:00]
Uruchomiony z: c:\docume~1\Zendalor\USTAWI~1\Temp\7ZipSfx.000\ComboFix_www.INSTALKI.pl_.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: NVIDIA Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\Zendalor\WINDOWS
c:\windows\alcrmv.exe
c:\windows\EventSystem.log
c:\windows\IsUn0415.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
Zainfekowana kopia c:\windows\system32\userinit.exe została znaleziona. Problem naprawiono 
Plik odzyskano z - c:\system volume information\_restore{3EBD05F8-D150-4500-B980-D5D3C2FEE882}\RP195\A0095837.exe 
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-01-02 do 2012-02-02  )))))))))))))))))))))))))))))))
.
.
2012-02-01 17:13 . 2012-02-01 17:13	--------	d-----w-	c:\program files\Unlocker
2012-01-30 19:42 . 2012-01-30 19:42	--------	d-----w-	c:\documents and settings\Zendalor\VirtualBox VMs
2012-01-30 19:42 . 2012-01-30 22:05	--------	d-----w-	c:\documents and settings\Zendalor\.VirtualBox
2012-01-30 19:40 . 2011-12-19 13:11	158512	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2012-01-30 19:40 . 2011-12-19 13:11	91440	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2012-01-30 19:40 . 2012-01-30 19:40	--------	d-----w-	c:\program files\Oracle
2012-01-30 00:40 . 2012-01-30 01:00	--------	d-----w-	c:\documents and settings\Zendalor\workspace5
2012-01-29 20:40 . 2012-01-30 11:55	--------	d-----w-	c:\program files\PowerStrip
2012-01-29 19:37 . 1999-03-22 23:00	401484	----a-w-	c:\windows\system32\Msvcrtd.dll
2012-01-25 15:26 . 2012-01-25 15:26	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2012-01-25 15:26 . 2012-01-25 15:26	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2012-01-25 15:26 . 2012-01-25 15:26	--------	d-----w-	c:\program files\OpenAL
2012-01-25 15:25 . 2012-01-25 15:25	--------	d-----w-	c:\program files\Common Files\Futuremark Shared
2012-01-23 21:40 . 2012-01-25 00:43	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\TrackMania
2012-01-21 20:26 . 2012-01-21 20:26	--------	d--h--w-	c:\windows\system32\GroupPolicy
2012-01-19 11:14 . 2012-01-19 11:14	--------	d-----w-	c:\documents and settings\Zendalor\Ustawienia lokalne\Dane aplikacji\Lunar_Giant_Studios
2012-01-19 11:05 . 2012-01-19 11:05	--------	d-----w-	c:\program files\XBCD
2012-01-19 10:55 . 2012-01-19 10:55	--------	d-----w-	c:\documents and settings\Zendalor\Ustawienia lokalne\Dane aplikacji\LunarGiantStudios
2012-01-15 21:15 . 2012-01-15 21:15	--------	d-----w-	c:\documents and settings\Zendalor\Dane aplikacji\Zoner
2012-01-15 15:25 . 2012-01-31 16:54	45016	----a-w-	c:\program files\Mozilla Firefox\mozutils.dll
2012-01-15 15:25 . 2012-01-15 15:25	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-15 15:25 . 2012-01-15 15:25	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-15 15:25 . 2012-01-15 15:25	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-15 00:21 . 2012-01-18 23:28	--------	d-----w-	c:\program files\Traffic Travis v4
2012-01-11 12:05 . 2012-01-11 12:05	--------	d-----w-	c:\documents and settings\UpdatusUser
2012-01-11 12:04 . 2011-07-07 23:21	26216	----a-w-	c:\windows\system32\nvhdap32.dll
2012-01-11 12:04 . 2011-07-07 23:21	119656	----a-w-	c:\windows\system32\drivers\nvhda32.sys
2012-01-11 12:04 . 2011-07-07 23:21	876136	----a-w-	c:\windows\system32\nvhdagenco3220102.dll
2012-01-11 11:57 . 2011-10-08 04:50	919872	----a-w-	c:\windows\system32\nvdispco32.dll
2012-01-11 11:57 . 2011-10-08 04:50	877376	----a-w-	c:\windows\system32\nvgenco32.dll
2012-01-10 23:57 . 2012-01-10 23:57	--------	d-----w-	c:\program files\Support Tools
2012-01-10 11:25 . 2012-01-10 11:25	--------	d-----w-	c:\program files\elsawin
2012-01-09 17:30 . 2012-01-09 17:30	--------	d-----w-	c:\program files\RivChat2
2012-01-09 15:30 . 2012-01-22 14:10	239168	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-09 15:30 . 2012-01-09 15:30	--------	d-----w-	c:\program files\DAEMON Tools Lite
2012-01-09 15:30 . 2012-01-09 16:28	--------	d-----w-	c:\documents and settings\Zendalor\Dane aplikacji\DAEMON Tools Lite
2012-01-09 15:29 . 2012-01-09 15:30	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2012-01-07 21:07 . 2012-01-07 21:07	--------	d-----w-	c:\documents and settings\Zendalor\Dane aplikacji\Media Player Classic
2012-01-07 21:06 . 2012-01-07 21:06	--------	d-----w-	c:\program files\Real Alternative
2012-01-05 22:02 . 2012-01-05 22:02	--------	d-----w-	c:\documents and settings\Zendalor\Ustawienia lokalne\Dane aplikacji\2DBoy
2012-01-05 22:02 . 2012-01-05 22:02	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\2DBoy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 18:35 . 2011-09-16 13:04	40136	----a-w-	c:\windows\system32\drivers\ET5Drv.sys
2011-12-19 13:12 . 2011-12-19 13:12	104752	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 13:11 . 2011-12-19 13:11	116016	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-19 13:11 . 2011-12-19 13:11	135472	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
2011-11-25 21:57 . 2008-04-15 12:00	293888	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-15 12:00	1859840	----a-w-	c:\windows\system32\win32k.sys
2011-11-20 16:46 . 2011-05-14 18:06	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12 . 2008-04-15 12:00	61440	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-15 12:00	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-15 12:00	152064	----a-w-	c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2008-04-15 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-15 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-15 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-01-31 16:54 . 2011-03-23 21:28	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AshSnap"="c:\program files\Ashampoo\Ashampoo Snap 4\ashsnap.exe" [2011-12-12 1531272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-08 203072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
c:\documents and settings\Zendalor\Menu Start\Programy\Autostart\
Skrót do RivChat.lnk - c:\program files\RivChat2\RivChat.exe [2012-1-9 471040]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^Zendalor^Menu Start^Programy^Autostart^GM_DevUpdate.lnk]
path=c:\documents and settings\Zendalor\Menu Start\Programy\Autostart\GM_DevUpdate.lnk
backup=c:\windows\pss\GM_DevUpdate.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2011-02-07 23:44	1362944	----a-w-	c:\program files\ALLPlayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-15 12:00	110592	----a-w-	c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
2012-01-26 18:36	207680	----a-w-	c:\program files\Gigabyte\ET5\GUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
2005-04-29 17:22	266240	----a-w-	c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50	203072	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-10-08 04:50	1632360	----a-w-	c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2011-04-27 12:53	742944	----a-w-	c:\program files\PowerStrip\PStrip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07	2260480	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 15:10	153672	----a-w-	c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
2011-07-04 07:05	2535808	----a-w-	c:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\heretic shadow of the serpent riders\\heretic.bat"=
"e:\\doomsday\\Bin\\Doomsday.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hexen\\hexen.bat"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jdk1.6.0\\bin\\rmiregistry.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\back to the future ep 1\\BackToTheFuture101.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\back to the future ep 2\\BackToTheFuture102.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\back to the future 103\\BackToTheFuture103.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\back to the future 104\\BackToTheFuture104.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\back to the future 105\\BackToTheFuture105.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trine 2 demo\\trine2_launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\delve deeper\\DelveDeeper.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-01-09 239168]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-03-04 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2012-01-30 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2012-01-30 91440]
R2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [2011-08-17 406016]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-01-11 2253120]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2011-03-20 5010288]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-03-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-02 19472]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-12-19 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2011-12-19 116016]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-04-08 436792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 136176]
S3 cpuz126;cpuz126;\??\c:\docume~1\Zendalor\USTAWI~1\Temp\cpuz.sys --> c:\docume~1\Zendalor\USTAWI~1\Temp\cpuz.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Zendalor\USTAWI~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Zendalor\USTAWI~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GMFilter;GMFilter HID Filter Driver;c:\windows\system32\drivers\GMFilter.sys [2011-11-01 19840]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 136176]
S3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5\MARKFUN.W32 [2011-09-16 17912]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-01-11 119656]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-03-20 16168]
S3 WO_LiveService;Ashampoo LiveTuner Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe --> c:\program files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-07-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-03-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 13:27]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 13:27]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 184.170.245.165:3128
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 194.204.159.1 194.204.152.34
TCP: Interfaces\{11D9B757-BE17-440B-A736-39ACBA780953}: NameServer = 208.0.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Zendalor\Dane aplikacji\Mozilla\Firefox\Profiles\giqpvf4b.default\
FF - prefs.js: network.proxy.ftp - 64.6.43.63
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 64.6.43.63
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 64.6.43.63
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 64.6.43.63
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
MSConfigStartUp-FaxCenterServer - c:\program files\Lexmark Fax Solutions\fm3032.exe
MSConfigStartUp-lxccmon - c:\program files\Lexmark 3300 Series\lxccmon.exe
AddRemove-SAGA - c:\windows\IsUn0415.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 15:57
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(1432)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1488)
c:\windows\system32\nvappfilter.dll
.
- - - - - - - > 'explorer.exe'(5920)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub32.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN32.dll
c:\program files\TortoiseSVN\bin\libsvn_tsvn32.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn32.dll
c:\program files\TortoiseSVN\bin\libsasl32.dll
c:\program files\RivChat2\rchook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
.
**************************************************************************
.
Czas ukończenia: 2012-02-02  16:02:20 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-02-02 15:02
.
Przed: 60 644 028 416 bajtów wolnych
Po: 61 189 832 704 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E6AC64BCC2BCB989101F1608D55F4557