ComboFix 12-07-16.01 - Admin 2012-07-18   9:29.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1407.837 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Admin\Moje dokumenty\Pobieranie\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\TEMP\MPENGINE.DLL
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-18 do 2012-07-18  )))))))))))))))))))))))))))))))
.
.
2012-07-18 07:18 . 2012-07-18 07:18	--------	d-----w-	C:\_OTL
2012-07-17 12:42 . 2012-07-17 12:42	--------	d-----w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Temp
2012-07-17 12:42 . 2012-07-17 12:42	--------	d-----w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
2012-07-17 12:35 . 2012-07-17 12:35	--------	d-----w-	c:\program files\CCleaner
2012-07-17 12:34 . 2012-07-17 12:34	--------	d-----w-	c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Temp
2012-07-17 12:34 . 2012-07-17 12:34	--------	d-----w-	c:\program files\Google
2012-07-13 07:36 . 2012-07-13 07:36	9822920	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 07:36 . 2012-04-24 14:47	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-13 07:36 . 2012-04-24 14:47	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2011-12-29 21:24	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-12-29 21:24	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-12-29 21:24	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-06 18:24	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24	24088	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-12-29 21:24	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-12-29 21:24	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2011-12-16 19:03	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:24	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24	16408	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-12-29 21:24	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-12-29 21:24	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-08-06 18:23	18968	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:19 . 2011-12-16 19:03	603136	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2011-12-16 19:03	920064	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2011-12-16 19:03	1872384	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 14:43 . 2011-12-16 19:03	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:43 . 2011-12-16 19:03	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-05-11 12:13 . 2011-12-16 19:03	385024	----a-w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2011-10-26 15:19	2070400	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2011-12-16 19:03	2193920	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-02 13:45 . 2011-12-29 21:20	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-19 09:21 . 2012-05-09 09:30	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-08-08 344064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2011-12-16 15360]
.
c:\documents and settings\Admin\Menu Start\Programy\Autostart\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
QLINK.lnk - c:\program files\Lexmark Applications\QLink\QLINK.EXE [2012-4-10 1346048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43	69632	----a-w-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-17 14:34	16143872	----a-w-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-06-01 12:57	573440	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
.
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2011-12-16 69248]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2011-12-16 210736]
R2 MSSQL$TITUSPLUSSQL;SQL Server (TITUSPLUSSQL);c:\program files\Microsoft SQL Server\MSSQL10.TITUSPLUSSQL\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS);c:\windows\system32\drivers\ZD1211BU.sys [2011-12-31 425472]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-07-17 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 250056]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-07-17 136176]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2011-12-31 34944]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-09 113120]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2012-02-13 131888]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-03-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-03-30 239336]
S4 SQLAgent$TITUSPLUSSQL;SQL Server Agent (TITUSPLUSSQL);c:\program files\Microsoft SQL Server\MSSQL10.TITUSPLUSSQL\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 07:36]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-17 12:34]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-17 12:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.88.1 176.103.32.2 213.199.225.14
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\lmcezdey.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=100512_1_
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - ac540c830000000000000018f3cd61b0
FF - user.js: extensions.BabylonToolbar_i.hardId - ac540c830000000000000018f3cd61b0
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15475
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:08
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-18 09:37
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\(*y“‘|]
"DisplayName"="??"
"DeviceDesc"="??"
"ProviderName"="???\11\08"
"MFG"="?\08???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"c:\\documents and settings\\admin\\pulpit\\vga_xp_070423\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2536)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Czas ukończenia: 2012-07-18  09:39:20 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-07-18 07:39
ComboFix2.txt  2012-07-17 13:33
.
Przed: 32 067 436 544 bajtów wolnych
Po: 31 971 917 824 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FD517E67B992B28E5891D3DC35C3F9AA