ComboFix 12-03-28.02 - Tomek 2012-03-28  23:42:51.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1023.667 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Tomek\Pulpit\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-02-28 do 2012-03-28  )))))))))))))))))))))))))))))))
.
.
2012-03-28 20:58 . 2012-03-28 20:58	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\Nero
2012-03-28 20:53 . 2012-03-28 20:53	--------	d-----w-	c:\program files\Common Files\Nero
2012-03-28 20:53 . 2012-03-28 20:55	--------	d-----w-	c:\program files\Nero
2012-03-28 20:53 . 2012-03-28 20:55	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Nero
2012-03-28 20:44 . 2010-05-26 10:41	2106216	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2012-03-28 20:44 . 2010-05-26 10:41	470880	----a-w-	c:\windows\system32\d3dx10_43.dll
2012-03-28 20:44 . 2010-05-26 10:41	248672	----a-w-	c:\windows\system32\d3dx11_43.dll
2012-03-28 20:44 . 2010-05-26 10:41	1868128	----a-w-	c:\windows\system32\d3dcsx_43.dll
2012-03-28 20:44 . 2010-05-26 10:41	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
2012-03-28 20:44 . 2009-09-04 16:29	1974616	----a-w-	c:\windows\system32\D3DCompiler_42.dll
2012-03-28 20:43 . 2009-09-04 16:29	1892184	----a-w-	c:\windows\system32\D3DX9_42.dll
2012-03-28 20:43 . 2008-10-15 05:22	4379984	----a-w-	c:\windows\system32\D3DX9_40.dll
2012-03-28 20:43 . 2007-07-19 17:14	3727720	----a-w-	c:\windows\system32\d3dx9_35.dll
2012-03-28 20:43 . 2007-05-16 15:45	3497832	----a-w-	c:\windows\system32\d3dx9_34.dll
2012-03-28 20:43 . 2012-03-28 20:43	--------	d-----w-	c:\windows\Logs
2012-03-28 10:17 . 2012-03-28 10:17	97961	----a-w-	c:\windows\system32\drivers\klick.dat
2012-03-28 10:17 . 2012-03-28 10:17	115369	----a-w-	c:\windows\system32\drivers\klin.dat
2012-03-28 10:16 . 2012-03-28 20:50	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2012-03-28 10:16 . 2012-03-28 10:16	--------	d-----w-	c:\program files\Kaspersky Lab
2012-03-28 10:03 . 2012-03-28 10:03	--------	d--h--w-	c:\windows\system32\GroupPolicy
2012-03-28 09:57 . 2012-03-28 09:57	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-03-27 23:57 . 2012-03-28 09:56	--------	d-----w-	c:\program files\mks_vir_2007
2012-03-23 20:10 . 2012-03-23 20:10	--------	d-----w-	c:\program files\Resolume 2.3
2012-03-15 23:13 . 2008-09-24 18:41	839680	----a-w-	c:\windows\system32\lameACM.acm
2012-03-15 23:13 . 2011-07-16 14:17	151552	----a-w-	c:\windows\system32\ac3acm.acm
2012-03-15 23:13 . 2011-06-24 14:44	243200	----a-w-	c:\windows\system32\xvidvfw.dll
2012-03-15 23:13 . 2011-06-24 14:28	650752	----a-w-	c:\windows\system32\xvidcore.dll
2012-03-15 23:13 . 2011-10-28 08:00	74752	----a-w-	c:\windows\system32\ff_vfw.dll
2012-03-12 15:31 . 2012-03-12 15:31	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\OpenOffice.org
2012-03-12 15:27 . 2012-03-12 15:28	--------	d-----w-	c:\program files\OpenOffice.org 3
2012-03-12 15:23 . 2012-03-12 15:23	--------	d-----w-	c:\program files\redist
2012-03-12 15:23 . 2012-03-12 15:23	--------	d-----w-	c:\program files\readmes
2012-03-12 15:23 . 2012-03-12 15:23	--------	d-----w-	c:\program files\licenses
2012-03-05 18:37 . 2012-03-05 18:37	--------	d-----w-	c:\windows\Sun
2012-03-05 18:32 . 2012-03-05 18:32	--------	d-----w-	c:\program files\Common Files\Java
2012-03-05 18:31 . 2012-03-24 00:23	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-03-05 18:31 . 2012-03-24 00:23	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-05 18:31 . 2012-03-24 00:23	--------	d-----w-	c:\program files\Java
2012-03-02 12:13 . 2012-03-02 12:13	--------	d-----w-	c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Identities
2012-03-01 22:28 . 2012-03-01 22:28	--------	d-----w-	c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Adobe
2012-03-01 22:28 . 2012-03-01 22:28	--------	d-----w-	c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Temp
2012-02-28 23:07 . 2012-02-28 23:10	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2012-02-28 17:03 . 2012-02-28 17:03	--------	d-----w-	c:\program files\CCleaner
2012-02-28 16:43 . 2009-08-06 18:23	274288	----a-w-	c:\windows\system32\mucltui.dll
2012-02-28 16:43 . 2009-08-06 18:23	215920	----a-w-	c:\windows\system32\muweb.dll
2012-02-28 16:24 . 2012-02-28 16:24	--------	d-----w-	c:\program files\Common Files\Adobe
2012-02-28 16:20 . 2012-03-18 02:20	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-27 23:46 . 2012-01-31 12:44	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-27 23:34 . 2011-08-16 10:45	6144	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2012-02-27 23:10 . 2012-02-27 23:10	--------	d-----w-	c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Chromium
2012-02-27 23:09 . 2012-02-27 23:13	--------	d-----w-	c:\program files\SRWare Iron
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:57 . 2004-08-04 12:00	1860352	----a-w-	c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-26 19:54	3072	------w-	c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2012-02-26 16:56	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-22 7561216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomek^Menu Start^Programy^Autostart^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Tomek\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2006-03-22 22:32	73728	----a-w-	c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-03-22 22:32	86016	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-22 22:32	1519616	----a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLANKEEPER"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"EvtEng"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Resolume 2.3\\resolume.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-03-04 11352]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-11-25 687400]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-03-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-02 19472]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - NAUPDATE
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-03-28 c:\windows\Tasks\User_Feed_Synchronization-{98C63368-29DC-40D2-8BC8-4E9FA82D8E7A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Skan uzupełniający -------
.
IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.24.2 89.101.160.4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 23:47
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2012-03-28  23:49:37
ComboFix-quarantined-files.txt  2012-03-28 22:49
.
Przed: 10 784 788 480 bajtów wolnych
Po: 11 252 572 160 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DE6A18C5DB6B8F8E3EDB9582A38D1585