ComboFix 11-05-11.01 - BBB 2011-05-12   0:45.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.255.67 [GMT 4,5:30]
Uruchomiony z: C:\ComboFix.exe
Użyto następujących komend :: C:\CFScript.txt
.
FILE ::
"c:\documents and settings\BBB\Menu Start\Programy\Autostart\ctfmon.exe"
"c:\windows\system32\EXPLORER.EXE"
"c:\windows\system32\uxjoved.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\recycled\Recycled
D:\autorun.inf
E:\autorun.inf
F:\autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DPTI930
-------\Legacy_WBFRUMHKB
-------\Service_dpti930
-------\Service_nnbktndg
-------\Service_wbfrumhkb
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-04-11 do 2011-05-11  )))))))))))))))))))))))))))))))
.
.
2011-05-11 14:12 . 2011-05-11 14:12	359424	----a-w-	C:\gjjvvv27.exe
2011-05-11 13:49 . 2011-05-11 13:49	607288	----a-w-	C:\SPTDinst-v178-x86.exe
2011-05-11 13:24 . 2011-05-11 13:24	637952	----a-w-	C:\OTL.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-01 14:48 . 2011-03-23 22:33	151552	--sh--r-	c:\windows\system32\EXPLORER.EXE
2011-02-20 06:00 . 2011-02-14 21:07	21840	----atw-	c:\windows\system32\SIntfNT.dll
2011-02-20 06:00 . 2011-02-14 21:07	17212	----atw-	c:\windows\system32\SIntf32.dll
2011-02-20 06:00 . 2011-02-14 21:07	12067	----atw-	c:\windows\system32\SIntf16.dll
.
.
------- Sigcheck -------
.
[-] 2009-06-09 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files\Softonic-Polska\tbSoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 17:28	3913000	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
2010-11-13 17:28	3913000	----a-w-	c:\program files\Softonic-Polska\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files\Softonic-Polska\tbSoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF}"= "c:\program files\Softonic-Polska\tbSoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 95232]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-04-25 150448]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 1046976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-06-09 15360]
.
c:\documents and settings\BBB\Menu Start\Programy\Autostart\
ctfmon.exe [2011-3-23 364544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2011-01-29 31424]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2011-03-27 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2011-03-27 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2011-03-27 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2011-03-27 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2011-03-27 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2011-03-27 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2011-03-27 110120]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - DPTI930
.
.
------- Skan uzupełniający -------
.
uStart Page = my.daemon-search.com
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {E3FEEC13-AA3A-49C9-883A-418CAB41BDEE} = 8.8.8.8 109.196.112.20
Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files\Spik\url_wpmsg.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-12 00:56
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(2504)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\documents and settings\BBB\Menu Start\Programy\Autostart\ctfmon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2011-05-12  01:02:29 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-05-11 20:32
ComboFix2.txt  2011-05-11 10:05
.
Przed: 2 336 464 896 bajtów wolnych
Po: 2 277 400 576 bajtów wolnych
.
- - End Of File - - 20C0188F4D21D5185B9F4DAEDF3C6872