ComboFix 13-01-15.02 - GTI 2013-01-16  13:16:18.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.2559.1706 [GMT 1:00]
Uruchomiony z: c:\documents and settings\GTI\Moje dokumenty\Downloads\ComboFix.exe
AV: ESET Smart Security 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 * Rezydentny antywirus jest aktywny
.
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\GTI\WINDOWS
c:\program files\ccsetup_2.26.1050(dobreprogramy.pl).exe
c:\program files\Setup.exe
c:\program files\tleninst60110.exe
c:\program files\winamp5541_full_emusic-7plus_pl-pl.exe
c:\windows\system32\SET16EF.tmp
c:\windows\system32\SET16F1.tmp
c:\windows\system32\SET16F2.tmp
c:\windows\system32\SET16F8.tmp
c:\windows\system32\SET16F9.tmp
c:\windows\system32\SET16FA.tmp
c:\windows\system32\SET16FE.tmp
c:\windows\system32\SET1701.tmp
c:\windows\system32\SET1702.tmp
c:\windows\system32\SET1704.tmp
c:\windows\system32\SET1709.tmp
c:\windows\system32\SET170D.tmp
c:\windows\system32\SET308.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET30D.tmp
c:\windows\system32\SET314.tmp
c:\windows\system32\SET35B.tmp
c:\windows\system32\SET40D.tmp
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-12-16 do 2013-01-16  )))))))))))))))))))))))))))))))
.
.
2013-01-16 11:18 . 2013-01-16 11:46	--------	d-----w-	c:\program files\VS Revo Group
2013-01-16 11:05 . 2013-01-16 11:05	--------	d-----w-	c:\documents and settings\Administrator
2013-01-16 06:59 . 2013-01-16 06:59	--------	d-----w-	c:\documents and settings\GTI\Ustawienia lokalne\Dane aplikacji\CRE
2013-01-16 06:59 . 2013-01-16 07:36	--------	d-----w-	c:\documents and settings\GTI\Ustawienia lokalne\Dane aplikacji\Conduit
2013-01-07 08:28 . 2013-01-09 12:28	16369160	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2013-01-07 07:59 . 2013-01-09 12:28	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-07 07:59 . 2013-01-09 12:28	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-04 07:35 . 2012-06-02 14:19	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2013-01-03 12:46 . 2013-01-03 12:46	--------	d-----w-	c:\documents and settings\GTI\Ustawienia lokalne\Dane aplikacji\ESET
2013-01-03 12:46 . 2013-01-03 12:46	--------	d-----w-	c:\documents and settings\GTI\Dane aplikacji\ESET
2013-01-03 12:45 . 2013-01-03 12:45	--------	d-----w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET
2013-01-03 12:44 . 2013-01-03 12:44	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ESET
2013-01-03 12:25 . 2013-01-03 12:25	--------	d-----r-	c:\program files\Skype
2013-01-03 12:25 . 2013-01-03 12:25	--------	d-----w-	c:\program files\Common Files\Skype
2012-12-27 12:21 . 2012-12-27 12:21	--------	d-----w-	c:\documents and settings\GTI\Ustawienia lokalne\Dane aplikacji\ABBYY
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 12:56 . 2012-11-16 12:56	62512	----a-w-	c:\windows\system32\drivers\epfwtdi.sys
2012-11-16 12:56 . 2012-11-16 12:56	160856	----a-w-	c:\windows\system32\drivers\eamon.sys
2009-05-15 10:11 . 2009-05-15 10:06	10053112	----a-w-	c:\program files\picasa3-setup.exe
2007-09-24 06:43 . 2007-09-24 06:43	1045560	----a-w-	c:\program files\druki_instalacja5.exe
2007-01-08 11:10 . 2007-01-08 11:09	3657784	----a-w-	c:\program files\gg76.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"pdfFactory Pro Dyspozytor v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-12-15 614400]
"Live! Central 2"="c:\program files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe" [2009-11-04 426140]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-16 3117384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^GTI^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.2.lnk]
path=c:\documents and settings\GTI\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk
backup=c:\windows\pss\OpenOffice.ux.pl 2.0.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^GTI^Menu Start^Programy^Autostart^Registration-Studio 7.lnk]
path=c:\documents and settings\GTI\Menu Start\Programy\Autostart\Registration-Studio 7.lnk
backup=c:\windows\pss\Registration-Studio 7.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^GTI^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
path=c:\documents and settings\GTI\Menu Start\Programy\Autostart\UniSpiker-2.6.lnk
backup=c:\windows\pss\UniSpiker-2.6.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataCardMonitor]
2009-10-22 11:32	249856	----a-w-	c:\program files\blueconnect\DataCardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-11 17:01	46368	----a-w-	c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:21	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-04-14 15:56	1957888	------w-	c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dyspozytor v3]
2009-12-15 12:52	614400	----a-w-	c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 07:01	328992	----a-w-	c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03	210472	----a-w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:Terapia
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-03-14 120152]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2012-11-16 913184]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-11-13 99896]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-05-31 143936]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2012-11-13 17408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 06:51	1606760	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-07 12:28]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-13 11:23]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-13 11:23]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://www.22apple.com/?utm_source=b&ch=bnl&uid=WDCXWD2500KS-00MJB0_WD-WCANK929287492874&reg=1358319562
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{96D848C9-2DC8-451D-A52B-157A9A707FD8}: NameServer = 212.244.6.75,212.244.6.198
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-Komunikator - c:\program files\Tlen.pl\tlen.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-16 13:21
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2013-01-16  13:23:43
ComboFix-quarantined-files.txt  2013-01-16 12:23
.
Przed: 19 269 914 624 bajtów wolnych
Po: 19 777 253 376 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E18C604F826213CDE01FCB9A0645E8ED