ComboFix 12-11-13.02 - SWISTAKI 2012-11-13  19:32:37.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.750.452 [GMT 1:00]
Uruchomiony z: c:\documents and settings\SWISTAKI\Pulpit\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\48DE77D2AC.sys
c:\documents and settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
c:\documents and settings\All Users\Dane aplikacji\lsass.exe
c:\documents and settings\SWISTAKI\Menu Start\Programy\Autostart\ctfmon.lnk
C:\Thumbs.db
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\AutoRun.inf
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-10-13 do 2012-11-13  )))))))))))))))))))))))))))))))
.
.
2012-11-08 16:58 . 2012-11-08 16:58	1409	----a-w-	c:\windows\QTFont.for
2012-10-14 21:04 . 2012-10-14 21:04	--------	d-----w-	c:\documents and settings\Default User\Ustawienia lokalne\Dane aplikacji\Microsoft Help
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-02 15:02 . 2012-10-02 15:02	25088	----a-w-	C:\grab.exe
2012-08-28 15:18 . 2004-08-03 22:44	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-03 22:44	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-08-28 15:18 . 2004-08-03 22:44	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-08-28 12:07 . 2004-08-03 22:36	385024	----a-w-	c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-03 22:44	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-04 00:38	2070912	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2004-08-03 22:39	2194176	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-31 20:22 . 2012-10-31 20:20	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatBar"="c:\program files\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-12-04 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^SWISTAKI^Menu Start^Programy^Autostart^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\SWISTAKI\Menu Start\Programy\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 08:07	843712	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FreecoNet\\FreecoNet\\Ninja.exe"=
"c:\\Program Files\\X-Lite\\x-lite.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-01 165584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-06-29 242240]
R1 SMBHC;Sterownik kontrolera hosta magistrali zarządzania systemem firmy Microsoft;c:\windows\system32\drivers\smbhc.sys [2010-11-01 6784]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-01 17744]
R3 SMBBATT;Sterownik baterii inteligentnej Microsoft;c:\windows\system32\drivers\smbbatt.sys [2010-11-01 16000]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-12-01 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-12-01 8320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
2012-11-04 c:\windows\Tasks\ReclaimerUpdateFiles_SWISTAKI.job
- c:\documents and settings\SWISTAKI\Dane aplikacji\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-24 20:36]
.
2012-11-04 c:\windows\Tasks\ReclaimerUpdateXML_SWISTAKI.job
- c:\documents and settings\SWISTAKI\Dane aplikacji\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-24 20:36]
.
2012-11-13 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_SWISTAKI.job
- c:\documents and settings\SWISTAKI\Dane aplikacji\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-24 20:36]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pobierz plik wideo we Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Pobierz w Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Pobierz wszystkie pliki w Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Pobierz zaznaczone w Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
FF - ProfilePath - c:\documents and settings\SWISTAKI\Dane aplikacji\Mozilla\Firefox\Profiles\v563apjq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.startup.homepage - hxxp://richdad.com/Resources/Glossary.aspx
FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
FF - ExtSQL: !HIDDEN! 2010-11-19 18:06; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-13 19:43
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2012-11-13  19:47:21
ComboFix-quarantined-files.txt  2012-11-13 18:47
.
Przed: 753 508 352 bajtów wolnych
Po: 2 149 400 576 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0456F003B0F6927D6968F032277547B3