ComboFix 10-10-30.09 - yovita 2010-11-02  23:23:09.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3071.2713 [GMT 1:00]
Uruchomiony z: e:\documents and settings\yovita\Pulpit\ComboFix.exe
Użyto następujących komend :: E:\CFScript.txt
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 * Rezydentny antywirus jest aktywny


FILE ::
"e:\program files\Ask.com\GenericAskToolbar.dll"
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\program files\Ask.com
e:\program files\Ask.com\cobrand.ico
e:\program files\Ask.com\config.xml
e:\program files\Ask.com\favicon.ico
e:\program files\Ask.com\GenericAskToolbar.dll
e:\program files\Ask.com\mupcfg.xml
e:\program files\Ask.com\SaUpdate.exe
e:\program files\Ask.com\UpdateTask.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2010-10-02 do 2010-11-02  )))))))))))))))))))))))))))))))
.

2010-10-30 12:22 . 2010-10-30 12:22	--------	d-----r-	E:\MSOCache
2010-10-29 21:24 . 2010-10-30 10:49	--------	d-----w-	E:\totalcmd

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2004-08-03 22:44	974848	----a-w-	e:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-03 22:44	974848	----a-w-	e:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-26 17:29	954368	----a-w-	e:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-26 17:29	953856	----a-w-	e:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2004-08-03 22:44	916480	----a-w-	e:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-03 22:44	43520	----a-w-	e:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2004-08-03 22:44	1469440	------w-	e:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2004-08-03 22:42	285824	----a-w-	e:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2004-08-03 22:37	1853056	----a-w-	e:\windows\system32\win32k.sys
2010-08-27 08:03 . 2004-08-03 22:44	119808	----a-w-	e:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2004-08-03 22:44	99840	----a-w-	e:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25	5632	----a-w-	e:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-03 21:14	357248	----a-w-	e:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-03 22:43	617472	----a-w-	e:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-03 22:44	58880	----a-w-	e:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-03 22:44	590848	----a-w-	e:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DelReg"="e:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-12-03 13672448]
"nwiz"="nwiz.exe" [2008-12-03 1630208]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-12-03 86016]
"egui"="e:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"BCSSync"="e:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ISUSPM"="e:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DualCoreCenter.lnk]
path=e:\documents and settings\All Users\Menu Start\Programy\Autostart\DualCoreCenter.lnk
backup=e:\windows\pss\DualCoreCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2008-12-03 12:51	2181672	------w-	e:\program files\EXPERTool\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-29 20:48	136176	-----tw-	e:\documents and settings\yovita\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:21	1695232	------w-	e:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-04-02 23:27	1234216	----a-w-	e:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 13:57	282624	----a-w-	e:\program files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Program Files\\Tlen7\\tlen7.exe"=
"e:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

R1 appdrv01;Application Driver (01);e:\windows\system32\drivers\appdrv01.sys [2010-10-30 3332784]
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [2010-07-29 115008]
R2 ekrn;ESET Service;e:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 NAUpdate;@e:\program files\Nero\Update\NASvc.exe,-200;e:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 appdrvrem01;Application Driver Auto Removal Service (01);e:\windows\System32\appdrvrem01.exe svc --> e:\windows\System32\appdrvrem01.exe svc [?]
S3 DualCoreCenter;DualCoreCenter;e:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2010-10-29 28672]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 osppsvc;Office Software Protection Platform;e:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RushTopDevice2;RushTopDevice2;e:\program files\MSI\DualCoreCenter\RushTop.sys [2010-10-29 55296]
.
Zawartość folderu 'Zaplanowane zadania'

2010-10-31 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]

2010-11-02 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1580818891-839522115-1003Core.job
- e:\documents and settings\yovita\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-10-29 20:48]

2010-11-02 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1580818891-839522115-1003UA.job
- e:\documents and settings\yovita\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-10-29 20:48]

2010-11-02 e:\windows\Tasks\WGASetup.job
- e:\windows\system32\KB905474\wgasetup.exe [2010-10-29 20:18]

2010-10-30 e:\windows\Tasks\yovita NBAgent 5 4.job
- e:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-04-02 23:27]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksportuj do programu Microsoft Excel - e:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - e:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - e:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 23:26
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Czas ukończenia: 2010-11-02  23:27:32
ComboFix-quarantined-files.txt  2010-11-02 22:27
ComboFix2.txt  2010-11-02 20:56

Przed: 86 299 054 080 bajtów wolnych
Po: 86 291 722 240 bajtów wolnych

- - End Of File - - 7F3864ECBD5B86E45DD828A7424A4335