ComboFix 12-07-31.03 - MAŁY 2012-08-01  20:04:15.2.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3071.2635 [GMT 2:00]
Uruchomiony z: c:\documents and settings\MAŁY\Moje dokumenty\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Poprzednie uruchomienie -------
.
c:\documents and settings\MAŁY\Ustawienia lokalne\Dane aplikacji\oedceloj.exe
c:\program files\Mozilla Firefox\Plugins\NPMyGlSh.dll
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\00011170
c:\program files\myglobalsearch\bar\Cache\00018A1A
c:\program files\myglobalsearch\bar\Cache\000322EA
c:\program files\myglobalsearch\bar\Cache\00DAF2A8.bin
c:\program files\myglobalsearch\bar\Cache\0101B94B.bin
c:\program files\myglobalsearch\bar\Cache\0101BB8D.bin
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\windows\IsUn0415.exe
c:\windows\msmqinst.log
c:\windows\system32\crt.dat
c:\windows\system32\cryptnet32.dll
c:\windows\system32\SET16.tmp
c:\windows\system32\shimg.dll
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
E:\install.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-07-01 do 2012-08-01  )))))))))))))))))))))))))))))))
.
.
2012-08-01 17:58 . 2012-08-01 17:58	--------	d-----w-	c:\windows\system32\wbem\snmp
2012-08-01 17:58 . 2012-08-01 17:58	--------	d-----w-	c:\windows\system32\xircom
2012-08-01 17:58 . 2012-08-01 17:58	--------	d-----w-	c:\program files\microsoft frontpage
2012-07-28 21:05 . 2012-07-28 21:05	--------	d-----w-	c:\documents and settings\Administrator
2012-07-28 08:04 . 2012-07-28 08:04	--------	d-----w-	c:\documents and settings\MAŁY\Dane aplikacji\hellomoto
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:55 . 2008-11-20 21:08	1875328	----a-w-	c:\windows\system32\win32k.sys
2012-06-05 15:48 . 2008-11-20 21:08	1447936	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 15:48 . 2008-11-20 21:08	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-15 11:00	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-11-30 12:03	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-11-30 12:03	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-11-30 12:03	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 18:24	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24	24088	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-11-30 12:03	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-11-30 12:03	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 18:24	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-04-15 11:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:24	16408	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-11-30 12:03	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-11-30 12:03	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-08-06 18:23	18968	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18 . 2010-08-30 15:19	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-08-30 15:19	214256	----a-w-	c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-08-30 15:19	18160	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-15 11:00	602624	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2008-08-26 07:27	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2008-11-20 21:09	43520	------w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2008-08-26 07:26	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2008-11-20 21:09	385024	------w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-11-20 21:08	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-08-14 13:57	2028032	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-07-20 19:28 . 2012-01-24 15:32	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-17 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-10-28 11539048]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-05 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-13 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"RayV"="c:\program files\RayV\RayV\RayV.exe" [2010-06-28 2561320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"V0415Mon.exe"="c:\windows\V0415Mon.exe" [2008-08-07 28672]
"Live! Central"="c:\program files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" [2008-08-22 438399]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-20 273544]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-11-06 229376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-29 108352]
"RstrtMgr"="c:\documents and settings\MAŁY\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\2494\RstrtMgr.exe" [2012-07-28 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\MAŁY\Menu Start\Programy\Autostart\
MagicDisc.lnk - d:\program files\MagicDisc\MagicDisc.exe [2009-12-29 534016]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.dll"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"i:\\Program Files\\FIFA 12\\Game\\fifa.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-30 721904]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-02-09 233472]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-04-07 2348352]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-11-30 90112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-30 1684736]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-01-27 135616]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-02-09 36608]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 113120]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2010-01-27 31616]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-02-09 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-02-09 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-02-09 121856]
S3 V0415Afx;Creative Camera VF0415 Audio Effects Driver;c:\windows\system32\drivers\V0415Afx.sys [2010-01-27 160768]
S3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\drivers\V0415Vid.sys [2010-01-27 282464]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 14:30]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 14:30]
.
2012-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-813497703-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-06-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-813497703-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 91.203.18.1 91.203.16.5
FF - ProfilePath - c:\documents and settings\MAŁY\Dane aplikacji\Mozilla\Firefox\Profiles\xm7vqoan.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-TrialReset - c:\windows\regx32.exe
HKLM-Run-FLMK08KB - c:\program files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
HKLM-Run-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0415.EXE
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-GameDesire-Pool & Snooker - c:\program files\Ganymede\billiards_uninstall.exe
AddRemove-Muiltmedia keyboard utility 1.3 - c:\program files\Muiltmedia keyboard utility\1.3\uninst00.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-01 20:10
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F03\4&2c575acb&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
   00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
   00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(1868)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
.
Czas ukończenia: 2012-08-01  20:11:50
ComboFix-quarantined-files.txt  2012-08-01 18:11
.
Przed: 5 417 324 544 bajtów wolnych
Po: 5 367 623 680 bajtów wolnych
.
- - End Of File - - 0DC54977F852DBF3EF4C505C8E9731C7