ComboFix 12-08-14.05 - Administrator 12-08-15  13:28:23.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.894.420 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Moje dokumenty\Pobieranie\ComboFix_www.INSTALKI.pl.exe
AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\rlmdxizksinuzij
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\All Users\Dane aplikacji\vcowkibt.exe
c:\documents and settings\All Users\Menu Start\HP Image Zone .lnk
c:\documents and settings\Mamusia\0.6582234967726477.exe
c:\documents and settings\Mamusia\ms.exe
c:\program files\Setup.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\office.exe
c:\windows\system32\tempdir
c:\windows\system32\tempdir\tinypdf.chm
c:\windows\system32\tempdir\tinypdf.dll
c:\windows\system32\tempdir\tinypdf1.dll
c:\windows\system32\tempdir\tinypdf2.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-07-15 do 2012-08-15  )))))))))))))))))))))))))))))))
.
.
2012-08-15 11:07 . 2012-08-15 11:08	--------	d-----w-	c:\documents and settings\Administrator
2012-08-11 15:09 . 2012-08-11 15:09	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ohswsvxhkrkhohr
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:55 . 2006-03-02 12:00	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2009-08-19 16:07	1372672	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-04-16 20:47	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-04-16 20:45	24088	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2006-12-31 23:43	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2006-12-31 23:43	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2006-12-31 23:43	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-04-16 21:45	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-12-31 23:43	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2006-12-31 23:43	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-04-16 20:47	16408	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2006-12-31 23:43	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-04-16 20:45	18968	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2006-12-31 23:43	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-02-19 09:35	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-02-19 09:35	214256	----a-w-	c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-02-19 09:35	18160	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-03-02 12:00	602624	----a-w-	c:\windows\system32\crypt32.dll
2009-08-20 13:33 . 2009-08-20 13:33	9812480	----a-w-	c:\program files\openofficeorg31.msi
2002-03-11 09:06 . 2002-03-11 09:06	1822520	----a-w-	c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45	1708856	----a-w-	c:\program files\instmsia.exe
2012-08-02 18:01 . 2011-05-07 15:52	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-03 09:19	325000	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-03 325000]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"GrooveMonitor"="f:\office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Mamusia\Menu Start\Programy\Autostart\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22	1004544	----a-w-	c:\program files\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-09-26 09:26	19675784	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04	2879488	----a-r-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54	37376	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"f:\\Office12\\OUTLOOK.EXE"=
"f:\\Office12\\GROOVE.EXE"=
"f:\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16946:TCP"= 16946:TCP:BitComet 16946 TCP
"16946:UDP"= 16946:UDP:BitComet 16946 UDP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
.
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11-03-01 10:08 136176]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11-03-01 10:08 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [10-01-15 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [12-05-17 07:39 113120]
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-01 08:08]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-01 08:08]
.
.
------- Skan uzupełniający -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\urz0y8tk.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-Gadu-Gadu - c:\program files\Gadu-Gadu\gg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 13:32
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2012-08-15  13:34:27
ComboFix-quarantined-files.txt  2012-08-15 11:34
.
Przed: 2 800 377 856 bajtów wolnych
Po: 3 490 156 544 bajtów wolnych
.
- - End Of File - - 76CCEDB0C13FAD8B8C7475A345D7CA99