ComboFix 11-05-31.01 - Ziomal 2001-12-31  22:05:38.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1711 [GMT 1:00]
Uruchomiony z: d:\pobrane\ComboFix.exe
AV: System antywirusowy NOD32 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 * Rezydentny antywirus jest aktywny
.
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system\WINSPOOL.DRV
.
c:\windows\system32\msgsvc.dll . . . jest zainfekowany!!
.
c:\windows\system32\accwiz.exe . . . jest zainfekowany!!
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2001-11-28 do 2001-12-31  )))))))))))))))))))))))))))))))
.
.
2011-05-31 17:43 . 2011-05-31 17:43	--------	d-----r-	C:\MSOCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 06:53 . 2001-10-26 17:29	954368	----a-w-	c:\windows\system32\mfc40.dll
2010-06-15 16:18 . 2001-10-26 17:30	143422	----a-w-	c:\windows\system32\l3codecx.ax
2010-06-14 14:31 . 2011-05-29 18:56	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-11-27 16:09 . 2001-10-26 17:29	8704	----a-w-	c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2001-10-26 17:29	28672	----a-w-	c:\windows\system32\msvidc32.dll
2009-11-21 16:03 . 2008-04-14 20:49	471552	----a-w-	c:\windows\apppatch\aclayers.dll
2009-02-06 10:39 . 2001-10-26 17:30	35328	----a-w-	c:\windows\system32\sc.exe
2008-04-14 20:51 . 2011-05-29 18:56	151040	----a-w-	c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2008-04-14 20:51 . 2011-05-29 18:56	171520	----a-w-	c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-04-14 20:51 . 2011-05-29 18:56	18432	----a-w-	c:\windows\pchealth\helpctr\binaries\HscUpd.exe
2008-04-14 20:51 . 2011-05-29 18:56	769024	----a-w-	c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2008-04-14 20:50 . 2011-05-29 18:57	726590	----a-w-	c:\windows\srchasst\srchui.dll
2008-04-14 20:50 . 2008-04-14 20:50	33280	----a-w-	c:\windows\help\sstub.dll
2008-04-14 20:50 . 2008-04-14 20:50	279040	----a-w-	c:\windows\help\TSHOOT.dll
2008-04-14 20:50 . 2011-05-29 18:57	58434	----a-w-	c:\windows\srchasst\srchctls.dll
2008-04-14 20:50 . 2008-04-14 20:50	34816	----a-w-	c:\windows\help\sniffpol.dll
2008-04-14 20:50 . 2011-05-29 18:56	38400	----a-w-	c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2008-04-14 20:50 . 2011-05-29 18:56	102912	----a-w-	c:\windows\pchealth\helpctr\binaries\pchshell.dll
2008-04-14 20:50 . 2011-05-29 18:57	3166208	----a-w-	c:\windows\srchasst\msgr3en.dll
2008-04-14 20:50 . 2011-05-29 18:56	380416	----a-w-	c:\windows\pchealth\helpctr\binaries\msinfo.dll
2008-04-14 20:49 . 2008-04-14 20:49	245248	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2008-04-14 20:49 . 2008-04-14 20:49	1852928	----a-w-	c:\windows\apppatch\AcGenral.dll
2008-04-14 20:49 . 2008-04-14 20:49	141312	----a-w-	c:\windows\apppatch\AcLua.dll
2008-04-14 20:49 . 2008-04-14 20:49	116224	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2008-04-14 20:49 . 2008-04-14 20:49	39424	----a-w-	c:\windows\apppatch\AcAdProc.dll
2001-10-26 18:03 . 2001-10-26 17:30	77891	----a-w-	c:\windows\system32\usrmlnka.exe
2001-10-26 18:03 . 2001-10-26 17:30	69700	----a-w-	c:\windows\system32\usrshuta.exe
2001-10-26 18:03 . 2001-10-26 17:29	57856	----a-w-	c:\windows\system32\dvdplay.exe
2001-10-26 18:03 . 2001-10-26 17:29	13824	----a-w-	c:\windows\system32\wowfaxui.dll
2001-10-26 18:03 . 2001-10-26 17:29	86073	----a-w-	c:\windows\system32\usrfaxa.dll
2001-10-26 18:03 . 2001-10-26 17:29	8192	----a-w-	c:\windows\system32\streamci.dll
2001-10-26 18:03 . 2001-10-26 17:29	77890	----a-w-	c:\windows\system32\usrdpa.dll
2001-10-26 18:03 . 2001-10-26 17:29	77883	----a-w-	c:\windows\system32\usrrtosa.dll
2001-10-26 18:03 . 2001-10-26 17:29	69699	----a-w-	c:\windows\system32\usrcoina.dll
2001-10-26 18:03 . 2001-10-26 17:29	61500	----a-w-	c:\windows\system32\usrcntra.dll
2001-10-26 18:03 . 2001-10-26 17:29	53305	----a-w-	c:\windows\system32\usrlbva.dll
2001-10-26 18:03 . 2001-10-26 17:29	49211	----a-w-	c:\windows\system32\usrvpa.dll
2001-10-26 18:03 . 2001-10-26 17:29	49211	----a-w-	c:\windows\system32\usrsdpia.dll
2001-10-26 18:03 . 2001-10-26 17:29	49209	----a-w-	c:\windows\system32\usrv80a.dll
2001-10-26 18:03 . 2001-10-26 17:29	45116	----a-w-	c:\windows\system32\usrvoica.dll
2001-10-26 18:03 . 2001-10-26 17:29	41019	----a-w-	c:\windows\system32\usrsvpia.dll
2001-10-26 18:03 . 2001-10-26 17:29	323641	----a-w-	c:\windows\system32\usrdtea.dll
2001-10-26 18:03 . 2001-10-26 17:29	102457	----a-w-	c:\windows\system32\usrv42a.dll
2001-10-26 18:03 . 2001-10-26 17:29	72192	----a-w-	c:\windows\system32\sprio800.dll
2001-10-26 18:03 . 2001-10-26 17:29	70656	----a-w-	c:\windows\system32\sprio600.dll
2001-10-26 18:03 . 2001-10-26 17:29	69632	----a-w-	c:\windows\system32\spnike.dll
2001-10-26 18:03 . 2001-10-26 17:29	157696	----a-w-	c:\windows\system32\paqsp.dll
2001-10-26 18:03 . 2001-10-26 17:29	147968	----a-w-	c:\windows\system32\mdwmdmsp.dll
2001-10-26 18:03 . 2001-10-26 17:29	3200	----a-w-	c:\windows\system32\wowfax.dll
2001-10-26 18:03 . 2001-10-26 16:59	12288	----a-w-	c:\windows\system32\drivers\fsvga.sys
2001-10-26 18:03 . 2001-10-26 16:57	12160	----a-w-	c:\windows\system32\drivers\mouhid.sys
2001-10-26 18:03 . 2001-10-26 16:57	262528	----a-w-	c:\windows\system32\drivers\cinemst2.sys
2001-10-26 18:03 . 2001-08-18 06:37	61508	----a-w-	c:\windows\system32\usrprbda.exe
2001-10-26 18:03 . 2001-08-17 22:06	21376	----a-w-	c:\windows\system32\drivers\tsbvcap.sys
2001-10-26 18:03 . 2001-08-17 22:02	58112	----a-w-	c:\windows\system32\drivers\vdmindvd.sys
2001-10-26 18:03 . 2001-08-17 22:01	51712	----a-w-	c:\windows\system32\drivers\tosdvd.sys
2001-10-26 18:03 . 2001-08-17 21:52	18688	----a-w-	c:\windows\system32\drivers\cdaudio.sys
2001-10-26 18:03 . 2001-08-17 21:24	12032	----a-w-	c:\windows\system32\drivers\riodrv.sys
2001-10-26 18:03 . 2001-08-17 21:24	12032	----a-w-	c:\windows\system32\drivers\rio8drv.sys
2001-10-26 18:03 . 2001-08-17 21:24	12032	----a-w-	c:\windows\system32\drivers\nikedrv.sys
2001-10-26 18:03 . 2001-08-17 21:24	11776	----a-w-	c:\windows\system32\drivers\cpqdap01.sys
2001-10-26 17:30 . 2001-10-26 17:30	20992	----a-w-	c:\windows\system32\msacm32.drv
2001-10-26 17:30 . 2001-10-26 17:30	9216	----a-w-	c:\windows\system32\diskcomp.com
2001-10-26 17:30 . 2001-10-26 17:30	8192	----a-w-	c:\windows\system32\winhlp32.exe
2001-10-26 17:30 . 2001-10-26 17:30	7680	----a-w-	c:\windows\system32\chcp.com
2001-10-26 17:30 . 2001-10-26 17:30	7168	----a-w-	c:\windows\system32\diskcopy.com
2001-10-26 17:30 . 2001-10-26 17:30	61952	----a-w-	c:\windows\system32\acelpdec.ax
2001-10-26 17:30 . 2001-10-26 17:30	51200	----a-w-	c:\windows\system32\w32tm.exe
2001-10-26 17:30 . 2001-10-26 17:30	41472	----a-w-	c:\windows\system32\g711codc.ax
2001-10-26 17:30 . 2001-10-26 17:30	40448	----a-w-	c:\windows\system32\wiasf.ax
2001-10-26 17:30 . 2001-10-26 17:30	37376	----a-w-	c:\windows\system32\nwc.cpl
2001-10-26 17:30 . 2001-10-26 17:30	35840	----a-w-	c:\windows\system32\ncpa.cpl
2001-10-26 17:30 . 2001-10-26 17:30	32256	----a-w-	c:\windows\system32\wupdmgr.exe
2001-10-26 17:30 . 2001-10-26 17:30	28160	----a-w-	c:\windows\system32\telephon.cpl
2001-10-26 17:30 . 2001-10-26 17:30	26112	----a-w-	c:\windows\system32\graftabl.com
2001-10-26 17:30 . 2001-10-26 17:30	19456	----a-w-	c:\windows\system32\mode.com
2001-10-26 17:30 . 2001-10-26 17:30	188928	----a-w-	c:\windows\system32\main.cpl
2001-10-26 17:30 . 2001-10-26 17:30	11776	----a-w-	c:\windows\system32\winmsd.exe
2001-10-26 17:30 . 2001-10-26 17:30	4096	----a-w-	c:\windows\system32\unlodctr.exe
2001-10-26 17:30 . 2001-10-26 17:30	36864	----a-w-	c:\windows\system32\typeperf.exe
2001-10-26 17:30 . 2001-10-26 17:30	33792	----a-w-	c:\windows\system32\vssadmin.exe
2001-10-26 17:30 . 2001-10-26 17:30	3374640	----a-w-	c:\windows\help\Tours\mmTour\tour.exe
2001-10-26 17:30 . 2001-10-26 17:30	32256	----a-w-	c:\windows\system32\tracert6.exe
2001-10-26 17:30 . 2001-10-26 17:30	25600	----a-w-	c:\windows\twunk_32.exe
2001-10-26 17:30 . 2001-10-26 17:30	102400	----a-w-	c:\windows\system32\verifier.exe
2001-10-26 17:30 . 2001-10-26 17:30	9728	----a-w-	c:\windows\system32\sfc.exe
2001-10-26 17:30 . 2001-10-26 17:30	9216	----a-w-	c:\windows\system32\subst.exe
2001-10-26 17:30 . 2001-10-26 17:30	62976	----a-w-	c:\windows\system32\rsopprov.exe
2001-10-26 17:30 . 2001-10-26 17:30	54272	----a-w-	c:\windows\system32\rsm.exe
2001-10-26 17:30 . 2001-10-26 17:30	51200	----a-w-	c:\windows\system32\syncapp.exe
2001-10-26 17:30 . 2001-10-26 17:30	49152	----a-w-	c:\windows\system32\rsmui.exe
2001-10-26 17:30 . 2001-10-26 17:30	37376	----a-w-	c:\windows\system32\syskey.exe
2001-10-26 17:30 . 2001-10-26 17:30	3072	----a-w-	c:\windows\system32\systray.exe
2001-10-26 17:30 . 2001-10-26 17:30	24576	----a-w-	c:\windows\system32\rsmsink.exe
2001-10-26 17:30 . 2001-10-26 17:30	19456	----a-w-	c:\windows\system32\tcpsvcs.exe
2001-10-26 17:30 . 2001-10-26 17:30	16896	----a-w-	c:\windows\system32\tftp.exe
2001-10-26 17:30 . 2001-10-26 17:30	16896	----a-w-	c:\windows\system32\runas.exe
2001-10-26 17:30 . 2001-10-26 17:30	15360	----a-w-	c:\windows\system32\taskman.exe
2001-10-26 17:30 . 2001-10-26 17:30	13312	----a-w-	c:\windows\system32\tcmsetup.exe
2001-10-26 17:30 . 2001-10-26 17:30	132608	----a-w-	c:\windows\system32\rsvp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2011-05-30 949376]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-05-30 434176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2011-05-30 15424]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-06-15 1051976]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Ziomal\Dane aplikacji\Mozilla\Firefox\Profiles\nsgula5e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig?hl=#t_0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-Ad-Aware SE Personal - c:\progra~1\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2001-12-31 22:11
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(3848)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Eset\nod32krn.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2001-12-31  22:12:52 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2001-12-31 21:12
.
Przed: 170 091 618 304 bajtów wolnych
Po: 172 910 649 344 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9B0B96C3B62795D21B2D9CFE85BB1578