ComboFix 12-03-16.03 - Administrator 2012-03-16  17:37:19.2.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.1535.1251 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: PC Tools AntiVirus 6.1.0.25 *Disabled/Updated* {832E7172-E406-4bb2-8B19-6D29F2C93A98}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Dane aplikacji\ntuser.dat
c:\documents and settings\Administrator\Menu Start\Internet Explorer.lnk
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\arking.exe
c:\windows\system32\mgking0.dll
.
 c:\windows\system32\drivers\afd.sys . . . brak pliku!!
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-02-16 do 2012-03-16  )))))))))))))))))))))))))))))))
.
.
2012-03-16 15:36 . 2012-03-16 15:36	--------	d-----w-	c:\windows\system32\xircom
2012-03-16 15:36 . 2012-03-16 15:36	--------	d-----w-	c:\windows\system32\wbem\snmp
2012-03-16 15:36 . 2012-03-16 15:36	--------	d-----w-	c:\windows\system32\oobe
2012-03-16 15:36 . 2012-03-16 15:36	--------	d-----w-	c:\windows\srchasst
2012-03-16 15:36 . 2012-03-16 15:36	--------	d-----w-	c:\program files\microsoft frontpage
2012-03-13 17:32 . 2012-03-16 05:43	0	--sha-w-	c:\windows\system32\dds_log_ad13.cmd
2012-03-13 17:32 . 2012-03-16 15:34	--------	d-sh--w-	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\7ecacb86
2012-03-03 15:46 . 2012-03-03 15:46	--------	d--h--w-	c:\documents and settings\All Users\Dane aplikacji\CanonIJScan
2012-03-03 15:46 . 2012-03-03 15:46	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\Canon
2012-03-02 17:04 . 2012-03-02 17:04	--------	d--h--w-	c:\documents and settings\All Users\Dane aplikacji\CanonIJEPPEX2
2012-03-02 17:04 . 2012-03-02 17:04	--------	d--h--w-	c:\documents and settings\All Users\Dane aplikacji\CanonEPP
2012-03-02 17:02 . 2010-03-18 16:12	1335296	----a-w-	c:\windows\system32\CNC495C.dll
2012-03-02 17:02 . 2010-03-18 16:12	114688	----a-w-	c:\windows\system32\CNC495I.dll
2012-03-02 17:02 . 2010-03-18 18:25	307200	----a-w-	c:\windows\system32\CNC495L.dll
2012-03-02 17:02 . 2010-03-18 16:11	106496	----a-w-	c:\windows\system32\CNC495U.dll
2012-03-02 17:02 . 2008-08-25 17:02	15872	----a-w-	c:\windows\system32\CNHMCA.dll
2012-03-02 17:02 . 2012-03-02 17:02	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\CanonIJMSetup
2012-03-02 17:00 . 2012-03-02 17:00	--------	d-----w-	c:\program files\Common Files\CANON
2012-03-02 17:00 . 2012-03-02 17:00	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\CanonIJWSpt
2012-03-02 16:57 . 2012-03-02 16:57	--------	d--h--w-	c:\documents and settings\All Users\Dane aplikacji\CanonBJ
2012-03-02 16:55 . 2010-08-25 04:00	73216	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA9.DLL
2012-03-02 16:55 . 2010-08-25 04:00	27648	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA9.DLL
2012-03-02 16:55 . 2012-03-02 16:55	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2012-03-02 16:55 . 2010-06-03 15:12	94208	----a-w-	c:\windows\system32\CNC495O.dll
2012-03-02 16:55 . 2010-03-11 08:56	180224	----a-w-	c:\windows\system32\CNMIUA9.DLL
2012-03-02 16:55 . 2012-03-02 16:55	--------	d-----w-	c:\windows\system32\STRING
2012-03-02 16:55 . 2010-02-05 10:37	34816	----a-w-	c:\windows\system32\CNMNPUI.DLL
2012-03-02 16:55 . 2010-02-05 10:37	340992	----a-w-	c:\windows\system32\CNMNPPM.DLL
2012-03-02 16:53 . 2012-03-14 18:36	--------	d-----w-	c:\program files\Canon
2012-03-02 16:53 . 2010-08-25 04:00	290816	----a-w-	c:\windows\system32\CNMLMA9.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2007-07-28 . 0FB6743E937C7BB248B2530A5A77ABC6 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2007-07-13 . A29DE506E89C131C0AACC86047CB1373 . 3856896 . . [7.00.6000.20591] . . c:\windows\system32\mshtml.dll
.
[-] 2007-07-10 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
.
[-] 2007-07-13 . CE7193C5F7C01B19768E066087C1C919 . 814592 . . [7.00.6000.20583] . . c:\windows\system32\wininet.dll
.
[-] 2007-07-13 . 32F67215C57DF2C401BF93B7EE65987F . 974848 . . [6.00.2900.2649] . . c:\windows\explorer.exe
.
[-] 2004-08-04 . 818274281CE2CF653BF132F394528D0C . 227328 . . [5.1.2600.2180] . . c:\windows\regedit.exe
.
[-] 2007-07-27 . 89878732D5EB0C845AD2356081142F2A . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
[-] 2007-07-26 . 5362D54A6925AFDCBBBA53B43EE65774 . 2067584 . . [5.1.2600.3051] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2007-07-26 . 9899BB89856E3BD4EF13E11CCEE49B71 . 2190464 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ares"="d:\program files\Ares\Ares.exe" [2010-02-08 1015808]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2010-11-02 1432064]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824]
"PCTAVApp"="d:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="d:\program files\Adbe\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-07-27 124928]
.
c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
OpenOffice.ux.pl 3.2.lnk - d:\program files\OpenOffice\OpenOffice.ux.pl 3\program\quickstart.exe [2010-2-28 384000]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST – pasek zadań.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-6 61440]
Client Web Browser.lnk - d:\program files\Client Web Browser\clweb.exe [2010-2-23 61440]
Microsoft Office.lnk - d:\program files\Office10\OSA.EXE [2001-2-13 83360]
RaConfig.lnk - c:\windows\system32\RaConfig.exe [2010-2-4 397312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Ares\\Ares.exe"=
"d:\\Program Files\\Ares\\chatServer.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Registry Mechanic\\Update.exe"=
"d:\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2010-02-04 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2010-02-04 5248]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-05-03 206256]
R3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2010-02-04 62848]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-02-16 583640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-12-20 102656]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
videoacceleratorengine
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://flvpx-ares.asksearch.com/?cfg=2-113-0-34u0i
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksport do programu Microsoft Excel - d:\progra~1\Office10\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: Interfaces\{65644CFD-82A1-4781-84A3-216D16B1658E}: NameServer = 194.204.159.1,194.204.152.34
TCP: Interfaces\{7070FFD5-D69C-4444-AB3F-50890B000369}: NameServer = 194.204.159.1,194.204.152.34
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\q55v8efj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - prefs.js: keyword.URL - hxxp://www.questbrowser.com/?tmp=nemo_results_removelink&prt=QstbrsrNN&keywords=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-16 17:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
.
Czas ukończenia: 2012-03-16  17:43:11
ComboFix-quarantined-files.txt  2012-03-16 16:43
ComboFix2.txt  2012-03-16 15:40
.
Przed: 4 769 341 440 bajtów wolnych
Po: 4 760 829 952 bajtów wolnych
.
- - End Of File - - D044F6BBD8F3A5E03B53E6FC92B44E4E