ComboFix 11-08-15.07 - ola 2011-08-15  14:57:41.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2038.1371 [GMT 2:00]
Uruchomiony z: d:\hbcd\WinTools\ComboFix1.exe
AV: ArcaVir *Enabled/Updated* {430EE792-8EF9-4D8A-B486-78BBF686F0E1}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ArcaVir Firewall *Disabled* {B640009B-6FF6-4CA7-9CE8-7DA160B95A5B}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ola\Ustawienia lokalne\Dane aplikacji\liw.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-07-15 do 2011-08-15  )))))))))))))))))))))))))))))))
.
.
2011-08-15 10:52 . 2010-07-16 12:59	656320	----a-w-	c:\windows\system32\drivers\pctEFA.sys
2011-08-15 10:52 . 2010-07-16 12:59	338880	----a-w-	c:\windows\system32\drivers\pctDS.sys
2011-08-15 10:52 . 2011-01-17 07:10	251560	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2011-08-15 10:52 . 2010-12-10 14:57	160448	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2011-08-15 10:52 . 2010-12-10 11:24	239168	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2011-08-15 10:52 . 2010-12-16 06:46	70536	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2011-08-15 10:51 . 2011-08-15 12:49	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP
2011-08-15 10:51 . 2011-08-15 12:49	--------	d-----w-	c:\program files\PC Tools Security
2011-08-15 10:51 . 2011-08-15 11:04	--------	d-----w-	c:\program files\Common Files\PC Tools
2011-08-15 10:51 . 2011-08-15 10:51	--------	d-----w-	c:\documents and settings\ola\Dane aplikacji\PC Tools
2011-08-15 10:30 . 2011-08-15 10:52	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PC Tools
2011-08-15 10:10 . 2011-08-15 10:10	--------	d-----w-	c:\documents and settings\ola\Ustawienia lokalne\Dane aplikacji\GHISLER
2011-08-15 09:58 . 2009-09-24 05:50	545	----a-w-	c:\windows\UC.PIF
2011-08-15 09:58 . 2009-09-24 05:50	545	----a-w-	c:\windows\RAR.PIF
2011-08-15 09:58 . 2009-09-24 05:50	545	----a-w-	c:\windows\PKZIP.PIF
2011-08-15 09:58 . 2009-09-24 05:50	545	----a-w-	c:\windows\PKUNZIP.PIF
2011-08-15 09:58 . 2009-09-24 05:50	545	----a-w-	c:\windows\NOCLOSE.PIF
2011-08-15 09:58 . 2009-09-24 05:50	545	----a-w-	c:\windows\LHA.PIF
2011-08-15 09:58 . 2009-09-24 05:50	545	----a-w-	c:\windows\ARJ.PIF
2011-08-15 09:58 . 2011-08-15 09:58	--------	d-----w-	C:\totalcmd
2011-08-12 18:03 . 2011-08-12 18:03	--------	d-----w-	c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2010-09-27 18:26	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2010-09-27 18:26	10496	----a-w-	c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2010-09-27 18:36	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:38 . 2010-09-27 18:26	832512	----a-w-	c:\windows\system32\wininet.dll
2011-06-21 18:38 . 2011-01-25 11:01	78336	----a-w-	c:\windows\system32\ieencode.dll
2011-06-21 18:38 . 2010-09-27 18:26	1830912	------w-	c:\windows\system32\inetcpl.cpl
2011-06-21 18:38 . 2010-09-27 18:26	17408	----a-w-	c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2010-09-27 18:26	389120	----a-w-	c:\windows\system32\html.iec
2011-06-20 17:44 . 2010-09-27 18:26	293888	----a-w-	c:\windows\system32\winsrv.dll
2011-06-19 04:58 . 2011-06-19 04:58	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2010-09-27 18:26	1859200	----a-w-	c:\windows\system32\win32k.sys
2011-04-14 16:59 . 2011-06-19 04:54	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-07-31 65536]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"AvMenu"="c:\program files\ArcaBit\ArcaVir\AVMenu.exe" [2011-07-26 491912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-09-06 15360]
.
c:\documents and settings\ola\Menu Start\Programy\Autostart\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-7-30 2158592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:ArcaVir CommunicationPort (A)
"50001:TCP"= 50001:TCP:ArcaVir CommunicationPort (S)
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-08-15 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-08-15 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-08-15 656320]
R1 ABTDI;ArcaBit Network Driver;c:\program files\ArcaBit\ArcaVir\ABTDI.sys [2010-10-26 51280]
R3 ABFLT;ArcaBit File Monitor Driver;c:\program files\ArcaBit\ArcaVir\ABFLT.sys [2010-09-08 52304]
R3 ABndisMP;ABndisMP;c:\windows\system32\drivers\abndis.sys [2011-01-25 37968]
S3 ABndis;AbNDIS Service;c:\windows\system32\drivers\abndis.sys [2011-01-25 37968]
S3 ps_drv;ps_drv;\??\c:\program files\ArcaBit\ArcaVir\ps_drv.sys --> c:\program files\ArcaBit\ArcaVir\ps_drv.sys [?]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*Deregistered* - PCTSDInjDriver32
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 12:42]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 12:42]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - c:\program files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\ola\Dane aplikacji\Mozilla\Firefox\Profiles\euqcuw7z.default\
FF - prefs.js: browser.startup.homepage - hxxp://farmerama.bigpoint.com/?action=internalGame
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=pl&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 15:00
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'lsass.exe'(1464)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Czas ukończenia: 2011-08-15  15:01:22
ComboFix-quarantined-files.txt  2011-08-15 13:01
.
Przed: 65 349 365 760 bajtów wolnych
Po: 65 453 830 144 bajtów wolnych
.
- - End Of File - - 151071CC11942D7CBE2D353B13AC416F