ComboFix 12-02-25.02 - Administrator 2012-02-27   8:08.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.3070.2579 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0415.exe
c:\windows\system32\tmp1E3.tmp
c:\windows\system32\tmp1E4.tmp
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-01-27 do 2012-02-27  )))))))))))))))))))))))))))))))
.
.
2012-02-26 22:04 . 2012-02-26 22:04	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-26 22:04 . 2012-02-26 22:04	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2012-02-26 22:04 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-26 19:40 . 2012-02-26 19:40	--------	d-----w-	c:\documents and settings\Administrator
2012-02-26 19:21 . 2012-02-26 19:21	--------	d-----w-	c:\documents and settings\Kabanosy\Dane aplikacji\Avira
2012-02-26 18:58 . 2012-02-26 22:37	--------	d-----w-	c:\windows\system32\NtmsData
2012-02-26 18:54 . 2011-09-18 07:39	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-26 18:54 . 2011-09-15 22:55	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-02-26 18:54 . 2011-09-15 22:55	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-02-26 18:54 . 2012-02-26 18:54	--------	d-----w-	c:\program files\Avira
2012-02-26 18:54 . 2012-02-26 18:54	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Avira
2012-02-26 16:13 . 2012-02-26 16:13	--------	d-----w-	c:\documents and settings\Kabanosy\Dane aplikacji\Search Settings
2012-02-16 06:01 . 2012-01-11 19:07	3072	-c----w-	c:\windows\system32\dllcache\iacenc.dll
2012-02-16 06:01 . 2012-01-11 19:07	3072	------w-	c:\windows\system32\iacenc.dll
2012-02-09 16:28 . 2012-02-09 16:28	--------	d-----w-	c:\program files\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2006-03-02 12:00	1860224	----a-w-	c:\windows\system32\win32k.sys
2011-12-19 08:53 . 2006-03-02 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2011-12-19 08:53 . 2006-03-02 12:00	669696	----a-w-	c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2006-03-02 12:00	61952	----a-w-	c:\windows\system32\tdc.ocx
2011-12-19 08:52 . 2006-03-02 12:00	370688	----a-w-	c:\windows\system32\html.iec
2011-12-16 19:52 . 2011-12-16 19:52	3333808	----a-w-	c:\windows\system32\drivers\appdrv01.sys
2011-12-16 19:52 . 2011-12-16 19:52	316888	----a-w-	c:\windows\system32\appdrvrem01.exe
2011-12-14 20:44 . 2011-11-19 20:52	139080	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2011-12-14 20:44 . 2011-12-08 08:36	270240	----a-w-	c:\windows\system32\PnkBstrB.xtr
2011-12-14 20:44 . 2011-11-19 20:52	270240	----a-w-	c:\windows\system32\PnkBstrB.exe
2011-12-13 21:59 . 2011-11-19 20:52	270240	----a-w-	c:\windows\system32\PnkBstrB.ex0
2011-12-08 08:23 . 2011-11-19 20:52	75136	----a-w-	c:\windows\system32\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46	86696	----a-w-	c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45	288584	----a-w-	c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45	288584	----a-w-	c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-07 273544]
"Panda Security URL Filtering"="c:\documents and settings\All Users\Dane aplikacji\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2011-06-29 217256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AlarmMe"="c:\program files\Alarm Me\AlarmMe.exe" [2009-02-26 2102272]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-10-01 08:41	1242448	----a-w-	c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Michał\\Moje dokumenty\\Downloads\\AOE 1\\Age of Empires I\\Age of Empires\\Empires.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Kalypso\\Tropico 3\\tropico3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mountblade warband\\mb_warband.exe"=
"c:\\Program Files\\Steam\\steamapps\\blacksid26\\counter-strike\\hl.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-10-25 691696]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 1373576]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2010-10-27 31744]
S1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2011-12-16 3333808]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-02-26 36000]
S1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-04-28 129992]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-02-26 86224]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-10-24 20328]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-02-26 652360]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-08-01 143752]
S2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-04-28 97096]
S2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-04-28 111688]
S2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-04-28 112456]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-10-30 25832]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-02-26 20464]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-02-27 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-14 22:47]
.
2012-02-26 c:\windows\Tasks\Norton Security Scan for Michał.job
- c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-14 22:47]
.
2012-02-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-1482476501-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-02-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-1482476501-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
.
------- Skan uzupełniający -------
.
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 87.99.33.4 87.99.33.159
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-27 08:11
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2012-02-27  08:12:48
ComboFix-quarantined-files.txt  2012-02-27 07:12
.
Przed: 29 502 578 688 bajtów wolnych
Po: 29 958 541 312 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 040BEB238363F31C3D34B91E0EEA7A69