ComboFix 12-12-27.02 - grom 2012-12-27  11:25:01.1.2 - x86
Uruchomiony z: G:\ComboFix.exe
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
c:\documents and settings\grom\Menu Start\Programy\Autostart\runctf.lnk
c:\documents and settings\grom\wgsdgsdgdsgsd.dll
c:\windows\dasetup.log
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\SYSTem~1.dll
c:\windows\system32\SystemHook.dll
c:\windows\system32\tmp3A.tmp
c:\windows\UA000104.DLL
c:\windows\UA000106.DLL
E:\install.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-11-27 do 2012-12-27  )))))))))))))))))))))))))))))))
.
.
2012-12-26 09:29 . 2012-12-26 09:29	--------	d-----w-	c:\documents and settings\Administrator
2012-12-26 01:32 . 2012-12-26 09:29	2934	----a-w-	c:\documents and settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.js
2012-12-16 09:33 . 2012-12-16 09:33	--------	d-----w-	c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-06-11 08:34	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-01-26 22:27	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-01-26 22:26	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-01-26 22:26	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2011-01-26 22:26	97608	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2011-01-26 22:26	89752	----a-w-	c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2011-01-26 22:27	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-01-26 22:26	25256	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2011-01-26 22:26	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-01-26 22:26	227648	----a-w-	c:\windows\system32\aswBoot.exe
2006-01-23 09:32 . 2006-01-23 09:32	131072	----a-w-	c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 13:40 . 2006-06-07 13:40	132848	----a-w-	c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2012-12-09 11:43 . 2012-12-09 11:43	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	121528	------w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-07-21 847872]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"aswAhAScr.dll"="c:\program files\Alwil Software\Avast5\aswRegSvr.exe" [2012-10-30 47832]
"aswasOutExt.dll"="c:\program files\Alwil Software\Avast5\aswRegSvr.exe" [2012-10-30 47832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"f:\\Gry\\Slave zero\\SlaveZero.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"f:\\Gry\\Splinter cell chaos theory\\Versus\\System\\SCCT_Versus.ex"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Gry\\ironman\\Iron Man\\IronMan.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Gry\\FEAR 3\\F.E.A.R. 3\\F.E.A.R. 3.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"f:\\Gry\\ACR\\ACRSP.exe"=
"f:\\Gry\\ACR\\ACRMP.exe"=
"f:\\Gry\\ACR\\AssassinsCreedRevelations.exe"=
"f:\\Gry\\Deep Black Reloaded\\DeepBlack.exe"=
"f:\\Gry\\RE\\RaccoonCity.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"e:\\Gry\\spc\\src\\system\\conviction_game.exe"=
"e:\\Gry\\spc\\src\\system\\gu.exe"=
"e:\\Gry\\Aliens vs. Predator\\AvP.exe"=
"e:\\Gry\\Aliens vs. Predator\\AvP_DX11.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26685:TCP"= 26685:TCP:BitComet 26685 TCP
"26685:UDP"= 26685:UDP:BitComet 26685 UDP
"27231:TCP"= 27231:TCP:BitComet 27231 TCP
"27231:UDP"= 27231:UDP:BitComet 27231 UDP
"34568:TCP"= 34568:TCP:BitComet 34568 TCP
"34568:UDP"= 34568:UDP:BitComet 34568 UDP
.
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [x]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-12-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-12 22:50]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://gazeta.hit.gemius.pl/hitredir/id=1_2aoau32zKrY2K8AzHtuKPMXfaG5wd126fPuctBzrP.67/stparam=loptipgnqn/url=http://www.gazeta.pl/0,0.html?promocja=pit2011_wyb01&utm_campaign=p_124
uInternet Settings,ProxyOverride = *.local
IE: &P&obierz &za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\grom\Dane aplikacji\Mozilla\Firefox\Profiles\igja32pl.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
.
.
------- Skojarzenia plików -------
.
.scr=AutoCADScriptFile
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-Steam - f:\gry\Mafia 2\steam.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
SafeBoot-Wdf01000.sys
AddRemove-toolplugin - c:\docume~1\grom\USTAWI~1\Temp\WZSE0.TMP\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-27 11:30
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2012-12-27  11:31:29
ComboFix-quarantined-files.txt  2012-12-27 10:31
.
Przed: 3 470 077 952 bajtów wolnych
Po: 7 422 820 352 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
.
- - End Of File - - 878F11A2BE2C8E3833ED3C336E99E5B9