ComboFix 12-04-01.01 - Radek 2012-04-01  16:56:59.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3327.2554 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Radek\Pulpit\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\Radek\Moje dokumenty\~WRL0003.tmp
c:\documents and settings\Radek\WINDOWS
c:\program files\b011010.exe
c:\program files\MapSource_6156.exe
c:\program files\winamp5541_full_emusic-7plus_pl-pl.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET56.tmp
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-03-01 do 2012-04-01  )))))))))))))))))))))))))))))))
.
.
2012-04-01 14:41 . 2012-04-01 14:42	4453008	------r-	c:\program files\ComboFix.exe
2012-03-31 19:38 . 2012-03-31 19:38	--------	d-----w-	c:\program files\CCleaner
2012-03-31 19:13 . 2012-03-31 19:13	2804712	----a-w-	c:\program files\NPE.exe
2012-03-31 15:08 . 2012-03-31 15:08	--------	d-----w-	c:\program files\Common Files\Java
2012-03-31 15:02 . 2012-03-31 15:01	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-03-31 15:01 . 2012-03-31 15:01	--------	d-----w-	c:\program files\Java
2012-03-31 09:32 . 2012-03-31 09:32	593920	----a-w-	c:\program files\OTL.exe
2012-03-25 18:50 . 2009-06-12 11:18	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-25 18:50 . 2010-08-27 07:38	106928	----a-w-	c:\windows\system32\GEARAspi.dll
2012-03-25 18:50 . 2012-03-25 18:50	--------	d-----w-	c:\windows\system32\drivers\NBRTWizard
2012-03-25 18:50 . 2012-03-25 18:50	--------	d-----w-	c:\program files\Norton Bootable Recovery Tool Wizard
2012-03-23 15:51 . 2012-03-31 19:24	--------	d-----w-	c:\documents and settings\Radek\Ustawienia lokalne\Dane aplikacji\NPE
2012-03-23 13:21 . 2007-11-01 08:56	36864	----a-r-	c:\windows\system32\drivers\l151x86.sys
2012-03-23 07:51 . 2012-03-23 13:01	--------	d-----w-	c:\windows\system32\drivers\NIS\1306020.00A
2012-03-08 09:13 . 2008-03-21 12:57	14640	------w-	c:\windows\system32\spmsgXP_2k3.dll
2012-03-08 09:13 . 2008-03-27 16:49	1112288	----a-w-	c:\windows\system32\wdfcoinstaller01007.dll
2012-03-08 09:12 . 2012-03-08 09:12	--------	d-----w-	c:\program files\Motorola
2012-03-06 20:28 . 2012-03-06 20:41	--------	d-----w-	c:\program files\ethernet sterowniki
2012-03-05 23:29 . 2012-03-25 15:45	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-03-05 11:59 . 2012-03-05 11:12	--------	d-----w-	c:\program files\FREEBSD
2012-03-05 11:58 . 2012-03-05 11:12	--------	d-----w-	c:\program files\LINUX
2012-03-04 20:41 . 2012-03-08 09:07	--------	d-----w-	c:\program files\Avanquest update
2012-03-04 20:41 . 2012-03-04 20:41	--------	d-----w-	c:\windows\system32\Atheros_L1
2012-03-04 20:41 . 2012-03-04 20:41	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Avanquest
2012-03-04 20:41 . 2012-03-04 20:41	--------	d-----w-	c:\documents and settings\Radek\Dane aplikacji\TS3Client
2012-03-04 20:33 . 2012-03-04 20:33	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-03-04 17:32 . 2012-03-04 17:34	--------	dc-h--w-	c:\windows\ie8
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 15:01 . 2010-05-09 10:10	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-23 07:52 . 2012-03-01 10:09	60872	----a-w-	c:\windows\system32\S32EVNT1.DLL
2012-03-23 07:52 . 2012-03-01 10:09	141944	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-01 10:02 . 2012-03-01 10:02	119216008	----a-w-	c:\program files\NIS-ESD-19-5-0-145-EN.exe
2012-02-20 07:54 . 2011-06-03 06:20	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2004-08-04 10:00	1860352	----a-w-	c:\windows\system32\win32k.sys
2012-01-31 08:41 . 2012-01-31 08:41	160919016	----a-w-	c:\program files\kis12.0.0.374pl_pl.exe
2012-01-11 19:07 . 2012-02-15 07:35	3072	------w-	c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-11-25 21:34	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2011-09-23 17:38 . 2011-09-23 17:38	604672	----a-w-	c:\program files\googleupdatesetup.exe
2011-09-22 10:36 . 2011-09-22 10:36	6284664	----a-w-	c:\program files\Silverlight.exe
2011-08-02 16:29 . 2011-08-02 16:29	10187296	----a-w-	c:\program files\Thunderbird Setup 3.1.11.exe
2011-08-02 16:19 . 2011-08-02 16:19	14793840	----a-w-	c:\program files\Thunderbird Setup 5.0.exe
2011-05-30 20:56 . 2011-05-30 20:56	510677	----a-w-	c:\program files\NOL3SetupALIOR.exe
2011-05-05 07:13 . 2011-05-05 07:13	5267187	----a-w-	c:\program files\NOL3Setup.exe
2011-01-10 14:04 . 2011-01-10 14:04	5178688	----a-w-	c:\program files\WebUpdater_242.exe
2010-11-04 08:17 . 2010-11-04 08:17	136171008	----a-w-	c:\program files\OOo_3.2.1_Win_x86_install_pl.exe
2010-06-08 12:00 . 2009-12-15 08:08	8902088	----a-w-	c:\program files\brestatica.exe
2010-01-28 18:53 . 2009-01-03 21:54	386858	----a-w-	c:\program files\kalkulatorodsetek
2010-01-28 18:45 . 2010-01-28 18:45	139679	----a-w-	c:\program files\cpi_linked_calculator
2009-09-01 14:40 . 2009-09-01 14:38	374281	----a-w-	c:\program files\kalkulatorodsetek.exe
2009-08-31 19:04 . 2009-08-31 19:04	1703267	----a-w-	c:\program files\exifersetup.exe
2009-07-28 08:11 . 2009-07-28 08:11	7037304	----a-w-	c:\program files\DjVuBrowserPlugin.exe
2009-07-09 09:15 . 2009-07-09 09:15	1226609	----a-w-	c:\program files\easycall.exe
2009-07-02 10:52 . 2009-07-02 10:52	8036352	----a-w-	c:\program files\irfanview_plugins_425_setup.exe
2009-07-02 10:36 . 2009-07-02 09:42	1359360	----a-w-	c:\program files\iview425_setup.exe
2009-02-25 12:22 . 2009-02-25 12:18	23516968	----a-w-	c:\program files\SkypeSetupFull.exe
2008-12-14 12:59 . 2008-12-14 12:59	7730856	----a-w-	c:\program files\Google_Earth_CZXD.exe
2008-12-09 08:17 . 2008-12-09 08:17	33242281	----a-w-	c:\program files\eGazety2.0.1.exe
2012-03-13 04:38 . 2012-03-18 10:28	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Radek^Menu Start^Programy^Autostart^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Radek\Menu Start\Programy\Autostart\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 08:12	90112	----a-w-	c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-10-09 09:28	139264	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:21	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:21	1695232	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40	155648	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAuto.exe]
2008-08-13 03:49	405504	----a-w-	c:\program files\Creative\Software Update 3\SoftAuto.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2003-09-05 04:59	878080	----a-w-	c:\program files\Thomson\SpeedTouch USB\dragdiag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02	36352	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-12-01 10:46	204288	------w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-06-15 143256]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1306020.00A\symds.sys [2012-03-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1306020.00A\symefa.sys [2012-03-23 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [2012-03-20 820856]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1306020.00A\ccsetx86.sys [2012-03-23 132744]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-07-14 218688]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1306020.00A\ironx86.sys [2012-03-23 149624]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-03-23 138232]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2012-03-23 36864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-01 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120330.002\IDSXpx86.sys [2012-03-31 356280]
S2 gupdate1cc512e844cd4f8;Usługa Google Update (gupdate1cc512e844cd4f8);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-02 136176]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-02 136176]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-02 16:04]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-02 16:04]
.
2012-04-01 c:\windows\Tasks\Iulphpdum.job
- c:\windows\system32\osuninstq.dll [2012-02-02 16:23]
.
.
------- Skan uzupełniający -------
.
Trusted Zone: brebrokers.pl\www
TCP: DhcpNameServer = 192.168.1.100
TCP: Interfaces\{F5B06370-6DC8-4DA2-AA08-4E56FA76F150}: NameServer = 192.168.11.1
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/pi/components/bph/SignActivX.cab
FF - ProfilePath - c:\documents and settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\l6s9a299.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SafeBoot-13313170.sys
SafeBoot-58705500.sys
SafeBoot-96377747.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-DAEMON Tools Lite - e:\nocka\DAEMON Tools Lite\uninst.exe
AddRemove-Easy CD-DA Extractor 2010 - c:\program files\Easy CD-DA Extractor 2010\uninstall.exe
AddRemove-mv61xxDriver - c:\program files\Marvell\61xx\uninst-61xx.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 17:01
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2012-04-01  17:03:03
ComboFix-quarantined-files.txt  2012-04-01 15:03
.
Przed: 22 364 041 216 bajtów wolnych
Po: 22 600 957 952 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut /usepmtimer
.
- - End Of File - - 530CFFCFE337A5E8A30E5CFD181127DE