ComboFix 12-07-21.01 - Piotr 2012-07-22  20:53:45.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.767.500 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Piotr\Pulpit\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Piotr\Dane aplikacji\facemoods.com
c:\documents and settings\Piotr\Dane aplikacji\PriceGong
c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\unins000.exe
c:\program files\StartSearch plugin
c:\windows\IsUn0415.exe
c:\windows\system32\CddbCdda.dll
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-22 do 2012-07-22  )))))))))))))))))))))))))))))))
.
.
2012-07-21 08:52 . 2012-07-21 09:17	--------	d-----w-	c:\program files\GPSBabel
2012-07-06 13:55 . 2012-07-06 13:55	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:55 . 2011-09-23 14:55	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 07:30 . 2011-09-30 15:45	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-02-10 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50	21864	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" -autorun
"Google Update"="c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" /bt
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Maxthon3\\Bin\\MxUp.exe"=
"c:\\Program Files\\Maxthon3\\Modules\\MxMiniThunder\\ThunderMini.exe"=
"c:\\Program Files\\Maxthon3\\Bin\\Maxthon.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2010-02-10 69248]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2010-02-10 212520]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-08-10 697328]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2011-07-07 101616]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-25 366640]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-10 1523008]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2012-06-15 589120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-25 22712]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 136176]
S3 cpu;cpu;\??\c:\cpu.sys --> c:\cpu.sys [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\Piotr\USTAWI~1\Temp\GPU-Z.sys --> c:\docume~1\Piotr\USTAWI~1\Temp\GPU-Z.sys [?]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-08-25 39984]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-05-01 27064]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-10-05 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-10-05 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-10-05 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-10-05 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-10-05 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-10-05 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-10-05 109864]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-05-07 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-05-02 09:22]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 21:19]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 21:19]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1957994488-854245398-1003Core.job
- c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-05-04 13:01]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1957994488-854245398-1003UA.job
- c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-05-04 13:01]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gazeta.pl/0,0.html?p=128
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=VEDD1458&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=VEDD1458&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=VEDD1458&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=VEDD1458&id=menu_ie_exclude
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=VEDD1458&id=menu_ie_report
IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: Interfaces\{44255C0E-2F26-4A4B-B380-C39BDEF469FF}: NameServer = 194.204.159.1,194.204.152.34
DPF: {FDB821F1-1290-4C95-AE1B-B368AEE99014} - mk:@MSITStore:c:\documents%20and%20settings\Piotr\Pulpit\new_links\new_links.chm::/ddd.ax
FF - ProfilePath - c:\documents and settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\rijm46xj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.wp.pl
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=65a61283-3a03-11e1-bb2c-0019e06d60b5&q=
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-updatesoft.exe - c:\updatesoft.exe\updatesoft.exe
AddRemove-Już w szkole, klasa 1, semestr 2 - c:\windows\IsUn0415.exe
AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 20:59
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6a,60,e8,1f,56,05,62,20,9f,6a,71,55,28,a9,be,a0,66,8b,16,25,37,
   6d,a3,1d,31,df,09,b0,af,eb,0b,67,18,a5,85,ed,54,f8,22,26,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ade6a08a-6ba2-49a3-8252-eb3d04c97cb0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ee
"Therad"=dword:00000018
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
Czas ukończenia: 2012-07-22  21:01:51
ComboFix-quarantined-files.txt  2012-07-22 19:01
.
Przed: 5 792 333 824 bajtów wolnych
Po: 9 368 444 928 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8F7E9F7895B9538B307A6753B45F9606