ComboFix 12-07-06.02 - Administrator 2012-07-06  21:25:35.1.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1774 [GMT 2:00]
Uruchomiony z: I:\ComboFix.exe
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\GLB1189.tmp
c:\documents and settings\Administrator\Moje dokumenty\~WRL0005.tmp
c:\documents and settings\Administrator\xmlUpdater.exe
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\Default User\GLB1189.tmp
c:\documents and settings\Default User\xmlUpdater.exe
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\hosts
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\setupapi.log
c:\windows\system32\config\systemprofile\GLB1189.tmp
c:\windows\system32\config\systemprofile\xmlUpdater.exe
c:\windows\system32\msconfig.exe
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
.
 c:\windows\system32\drivers\psched.sys . . . brak pliku!!
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-06 do 2012-07-06  )))))))))))))))))))))))))))))))
.
.
2012-07-06 17:57 . 2012-07-06 17:57	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\hellomoto
2012-06-25 15:18 . 2012-06-25 15:18	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\WEBREG
2012-06-25 15:14 . 2012-06-25 15:18	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\HP
2012-06-25 15:13 . 2012-06-25 15:13	--------	d-----w-	c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\HP
2012-06-25 15:09 . 2004-06-21 20:35	16496	----a-r-	c:\windows\system32\drivers\HPZipr12.sys
2012-06-25 15:09 . 2004-06-21 20:35	51088	----a-r-	c:\windows\system32\drivers\HPZid412.sys
2012-06-25 15:09 . 2009-04-16 12:08	123904	----a-w-	c:\windows\system32\hpf3l70v.dll
2012-06-25 15:09 . 2009-04-16 12:08	312832	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2012-06-25 15:09 . 2009-04-15 21:53	452408	----a-r-	c:\windows\system32\hpzids01.dll
2012-06-25 15:08 . 2004-06-21 20:35	21744	----a-r-	c:\windows\system32\drivers\HPZius12.sys
2012-06-25 15:08 . 2009-02-10 20:03	712704	----a-r-	c:\windows\system32\hposwia_d02c.dll
2012-06-25 15:08 . 2009-02-10 20:03	589824	----a-r-	c:\windows\system32\hpost_d02c.dll
2012-06-25 15:08 . 2009-02-10 20:03	315392	----a-r-	c:\windows\system32\hposc_d02a.dll
2012-06-25 15:08 . 2008-10-28 10:27	372736	----a-r-	c:\windows\system32\hppldcoi.dll
2012-06-25 15:08 . 2008-10-28 10:27	309760	----a-r-	c:\windows\system32\difxapi.dll
2012-06-25 12:14 . 2012-06-25 12:14	689456	----a-r-	c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{7059BDA7-E1DB-442C-B7A1-6144596720A4}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
2012-06-25 12:13 . 2012-06-25 12:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2012-06-25 12:09 . 2012-06-25 15:14	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\HP
2012-06-25 12:07 . 2012-06-25 12:07	--------	dc----w-	c:\windows\system32\DRVSTORE
2012-06-18 20:02 . 2012-06-18 20:04	--------	d-----w-	c:\program files\PLAY ONLINE
2012-06-18 20:02 . 2012-06-18 20:04	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\DatacardService
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 11:51 . 2012-04-07 20:04	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 11:51 . 2012-04-07 20:04	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-26 19:03 . 2012-01-16 19:42	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-22 . E88631E21A9CACA06104802F9E915115 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-07-22 13:23 . 9994E5A07D951FC1B0F5FB18501090FC . 1526784 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-07-22 . 5F1CCDF37F28A88D0473B0C9EA1E0D58 . 487424 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-07-22 . B49A80A502FD86B2F05BC7BBD723DDAB . 1528832 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-07-22 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\system32\usp10.dll
.
[-] 2008-07-22 . 0277E1A3E8B337555A45943808451981 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
.
.
c:\windows\System32\wscntfy.exe ...  - brak elementu !!
c:\windows\System32\regsvc.dll ...  - brak elementu !!
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"="c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-10-28 11539048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-06-26 217088]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WinampAgent"="c:\program files\winamp\winampa.exe" [2008-07-10 36352]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-20 16872448]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-23 887264]
"OxigenTrayIcon"="c:\program files\Oxigen\bin\OxiTray.exe" [2007-06-23 557536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"WSManHTTPConfig"="c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\912\WSManHTTPConfig.exe" [2012-07-06 50176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Del c:\documents and settings\Administrator\Pulpit\lody-na-patyku.png OnNextReboot"="DEL" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"="c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2010-09-09 124928]
.
c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-5-24 49152]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
HP Image Zone - szybkie uruchamianie.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2010-03-23 22:23	1432064	----a-w-	c:\program files\ALLPlayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-08-06 14:34	323392	----a-w-	c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-07-22 13:23	40448	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55	17148552	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27	144784	----a-w-	c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
S1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [2010-08-06 8576]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - HIDSERV
*NewlyCreated* - PARPORT
*NewlyCreated* - TERMSERVICE
*NewlyCreated* - VCDROM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
szdhyr
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 11:51]
.
2012-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-11 20:02]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-11 20:02]
.
2012-06-27 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-01-08 00:45]
.
2012-07-06 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-10-08 20:18]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://startsear.ch/?aff=1&cf=11ce28a4-3f9a-11e1-92e1-00221593b43f
mStart Page = hxxp://startsear.ch/?aff=1&cf=11ce28a4-3f9a-11e1-92e1-00221593b43f
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: google.com\mail
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\8oavyp5d.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - google.pl
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-wsctf.exe - wsctf.exe
Notify-WgaLogon - (no file)
AddRemove-Gadu-Gadu - c:\program files\Gadu-Gadu\Setup.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-06 21:31
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="D6BEE08CBC1122D50939F592D5CCBB0A58E149A1E395B68363BC1B7CFCF611F9F229B02DFCF7DCB7A4CD88635E955D46F01A5DE4E149F2A2F8CCFCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D67948EDD5E5BE2F6E667BA7FD869164D6794E7F727EF084A65B6D1A8EC4BDFC2DF7310B41FAFBD8F421A355AA29B2795E29AA47D37060E99C765FC4F82C9FC10B2C7A4CB2464ECC3C08BD3FA5A8299BC996E3C8F3DDAEE082DE2B94C7F5C0244002A953DC9281A048E3558409EE2D10138D62BDCD04AB8933FCD4C700D2A120ED496121FE990A3D6B98EF92597DE86DA6EE94FE78C2619CBEE785CE3D3527834003BA860602709569244D37D710E115B2D6F6E068E30E5D46D6976A007E3A110977BD03E0EEA7230AEB662EA60FB7325AA682E6179A195E734DB8B75D7659D0E716F634DD74D29A6667B8AE719A74E6FE1039AF573A6C5507D3C6F05FD4FA1AF2CE21DF4A5349A90D7D91040548369868F26239728DE356E47305AC7368E860BA65321F065FA585863CE20165176AFC7376B9BEAC5DD4837D60B6986BF8449C8847873D2066D19FBAE8B47DC505BB0289D9F3A6AFE2D06B231D99CDF5E850BA5AEB5FDFB7DCE370EA3F2775F18821DAECEC59AE30B461BFCA2D9D94858DA91F2D1A88C25C3D42FB3EDA00938F1ADCD769712BCF7A31CD645B9FD66057C4243975CA0D25A56AA24A9005D35D7AA94BCAD8AEE059E08902E51CAECF03397EB2F8B0521657BB46C5B3B8D2C9A8515620A987C78381F7AFCB7796C800ABEFD7C06DC4061BD3B64AEBF4C11C0BBD70635760F8981841842AC30A9F8C724EA088E1BAB4ECCB8236EF3DC5246047E3D57216B7B1010F67CA8DF78E18F061A50902E692D2D03188D5E39E6593091AD75E7ACF1DD305B8411FDCA12B5943027D8775C0C2CA1D782AAC56C337D12BBF71597D23A495153846F931526CE2FF1EA42218EC585B2D2FE7D38ECBA72F684EF844C8216E39E18B18541DA81E84AA96B20742D7A29AC30FB5FCF931DFD2B278A03709F7DE904802B16612D12D4136810D95D95B29D22DCCBFAA72A1AFA3F0EA39E7180892B349475B5D18EED767FF725A94B181C7CE3FE22D0616C99D6895A793DC16FFA8A2692F6CE76F6CBC4454FDB1D327B06F00DED9934228EA314A1612D97D42C34FE946BFB9EB45486CE5F1FC7998977673F773330CC11B668C8662B47BA266A3C13FBC533B6F705A0320F4961D3CCB9593A4410C5975BFC3820F673318733503D679F7AB1FD2F5DBBA4D3E485577BE2964CD7F820E1337189D7BA2CB731FD7908AE0597EBADCB25216E773B75811A8701F25A126951CA9475425AF810420BF48CB0F65EBED34519BB6A05CB5308AFB09D3F373A2FDE5DDD3B"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(224)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\antiwpa.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'lsass.exe'(280)
c:\windows\system32\setupapi.dll
.
Czas ukończenia: 2012-07-06  21:33:25
ComboFix-quarantined-files.txt  2012-07-06 19:33
.
Przed: 16 721 215 488 bajtów wolnych
Po: 17 633 685 504 bajtów wolnych
.
- - End Of File - - C1C16E2B8099D9703B9238B900508C1B