ComboFix 12-10-19.01 - admin 2012-10-20  12:32:56.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.1215.926 [GMT 2:00]
Uruchomiony z: c:\documents and settings\admin\Moje dokumenty\Pobieranie\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\admin\WINDOWS
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\INSTALL.LOG
c:\windows\$NtUninstallKB51744$
c:\windows\$NtUninstallKB51744$\1185051517\@
c:\windows\$NtUninstallKB51744$\1185051517\L\mavsnmua
c:\windows\$NtUninstallKB51744$\1185051517\loader.tlb
c:\windows\$NtUninstallKB51744$\1185051517\U\@00000001
c:\windows\$NtUninstallKB51744$\1185051517\U\@000000c0
c:\windows\$NtUninstallKB51744$\1185051517\U\@000000cb
c:\windows\$NtUninstallKB51744$\1185051517\U\@000000cf
c:\windows\$NtUninstallKB51744$\1185051517\U\@80000000
c:\windows\$NtUninstallKB51744$\1185051517\U\@800000c0
c:\windows\$NtUninstallKB51744$\1185051517\U\@800000cb
c:\windows\$NtUninstallKB51744$\1185051517\U\@800000cf
c:\windows\$NtUninstallKB51744$\2588586264
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ 
c:\windows\system32\_004303_.tmp.dll
c:\windows\system32\_004304_.tmp.dll
c:\windows\system32\_004305_.tmp.dll
c:\windows\system32\_004306_.tmp.dll
c:\windows\system32\_004313_.tmp.dll
c:\windows\system32\_004314_.tmp.dll
c:\windows\system32\_004315_.tmp.dll
c:\windows\system32\_004316_.tmp.dll
c:\windows\system32\_004318_.tmp.dll
c:\windows\system32\_004319_.tmp.dll
c:\windows\system32\_004322_.tmp.dll
c:\windows\system32\_004323_.tmp.dll
c:\windows\system32\_004325_.tmp.dll
c:\windows\system32\_004326_.tmp.dll
c:\windows\system32\_004327_.tmp.dll
c:\windows\system32\_004329_.tmp.dll
c:\windows\system32\_004332_.tmp.dll
c:\windows\system32\_004333_.tmp.dll
c:\windows\system32\_004335_.tmp.dll
c:\windows\system32\_004337_.tmp.dll
c:\windows\system32\_004338_.tmp.dll
c:\windows\system32\_004340_.tmp.dll
c:\windows\system32\_004343_.tmp.dll
c:\windows\system32\_004345_.tmp.dll
c:\windows\system32\_004346_.tmp.dll
c:\windows\system32\_004347_.tmp.dll
c:\windows\system32\_004348_.tmp.dll
c:\windows\system32\_004349_.tmp.dll
c:\windows\system32\_004352_.tmp.dll
c:\windows\system32\_004353_.tmp.dll
c:\windows\system32\_004354_.tmp.dll
c:\windows\system32\_004355_.tmp.dll
c:\windows\system32\_004356_.tmp.dll
c:\windows\system32\_004357_.tmp.dll
c:\windows\system32\_004361_.tmp.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
Zainfekowana kopia c:\windows\system32\wuauclt.exe została znaleziona. Problem naprawiono 
Plik odzyskano z - c:\windows\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\wuauclt.exe 
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-09-20 do 2012-10-20  )))))))))))))))))))))))))))))))
.
.
2012-10-20 09:38 . 2004-10-13 16:24	1694208	----a-w-	c:\program files\Messenger\msmsgs.exe
2012-10-20 09:37 . 2009-09-25 05:58	151552	----a-w-	c:\windows\system32\dllcache\cdfview.dll
2012-10-20 09:06 . 2012-10-20 09:06	--------	d-----w-	c:\program files\CCleaner
2012-10-20 06:59 . 2012-09-29 17:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-18 06:01 . 2012-10-18 06:01	--------	d-----w-	c:\documents and settings\LocalService\Dane aplikacji\McAfee
2012-10-17 14:49 . 2012-10-18 06:01	--------	d-----w-	c:\program files\McAfee Security Scan
2012-10-17 14:49 . 2012-10-18 06:17	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-05 13:27 . 2012-10-05 13:28	--------	d-----w-	c:\documents and settings\admin\Dane aplikacji\Party
2012-10-04 07:58 . 2012-10-20 08:40	--------	d-----w-	c:\documents and settings\admin\Dane aplikacji\Skype
2012-10-04 07:58 . 2012-10-04 07:58	--------	d-----w-	c:\program files\Common Files\Skype
2012-10-04 07:58 . 2012-10-04 07:58	--------	d-----r-	c:\program files\Skype
2012-10-04 07:57 . 2012-10-04 07:58	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 06:17 . 2011-08-16 05:37	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
1999-06-25 08:55 . 2006-06-12 13:03	149504	----a-w-	c:\program files\UNWISE.EXE
2012-10-12 11:19 . 2012-10-12 11:19	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"WebToGo"="f:\ks\webtogo\wtgstart.bat" [2010-05-06 191]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^admin^Menu Start^Programy^Autostart^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\admin\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00	919008	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20	38872	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 12:00	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 21:12	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24	1694208	----a-w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
2008-08-16 14:01	264704	----a-w-	c:\program files\Odkurzacz\odk_mcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22	589824	----a-w-	c:\program files\VIA\RAID\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33	17418928	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 11:59	252136	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-01-10 23:33	143360	----a-r-	c:\windows\system32\VTTrayp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"e:\\Program files\\Auto Partner\\AP Katalog 3\\apkat.exe"=
"f:\\AP\\AP Katalog 4\\apkat.exe"=
"f:\\polcar\\eCar\\eCar.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Spyware Doctor\\swdoctor.exe"=
"f:\\ks\\WebToGo\\webtogo.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-21 721904]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-20 399432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-20 22856]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 116648]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-20 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-17 250808]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 116648]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 115168]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*Deregistered* - mchInjDrv
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-17 06:17]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 08:33]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 08:33]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q=google.pl&toolbar=UT2
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 192.168.4.1:8080
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
TCP: DhcpNameServer = 194.204.159.1 194.204.152.34
FF - ProfilePath - c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\cqqhl0hk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111732&babsrc=KW_ss&mntrId=28082837000000000000001485c03314&q=
FF - ExtSQL: 2012-10-04 07:55; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\cqqhl0hk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
Notify-dimsntfy - (no file)
MSConfigStartUp-dmvpu - c:\windows\system32\dmvpu.exe
AddRemove-Adobe Acrobat 5.0 - c:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu
AddRemove-DAO 3.5 Installation - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-20 12:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(1908)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\crypserv.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\VTTimer.exe
f:\ks\WebToGo\webtogo.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Spyware Doctor\sdhelp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2012-10-20  12:48:39 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-10-20 10:48
.
Przed: 6 611 927 040 bajtów wolnych
Po: 10 387 984 384 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 42230D8C487038F8C5D4FA2E9CAC15A3