ComboFix 13-04-15.01 - Kruk 2013-04-15  16:54:44.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.1023.581 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Kruk\Pulpit\ComboFix.exe
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\documents and settings\Kruk\Ustawienia lokalne\Dane aplikacji\lollipop
c:\windows\Alcmtr.exe
c:\windows\system32\WinSys.exe
C:\wmit.pif
D:\Autorun.inf
E:\autorun.inf
E:\lmmr.exe
F:\autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-03-15 do 2013-04-15  )))))))))))))))))))))))))))))))
.
.
2013-04-06 16:58 . 2013-04-06 16:58	103140	--sh--r-	C:\mosocn.exe
2013-03-25 13:13 . 2012-05-16 20:52	--------	d-----w-	C:\Fix.Eset.Antivirus
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-27 02:17 . 2013-04-07 12:05	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\documents and settings\Kruk\Dane aplikacji\uTorrent\uTorrent.exe" [2013-03-22 1111276]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1699840]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 286720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChicaPasswordManager]
2012-07-09 10:05	4299624	----a-w-	c:\program files\ChicaLogic\Chica Password Manager\stpass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2013-03-22 17:01	3093624	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2004-03-23 11:06	958464	----a-w-	c:\program files\Thomson\SpeedTouch USB\dragdiag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-22 15:47	218912	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-03-22 16:38	1111276	----a-w-	c:\documents and settings\Kruk\Dane aplikacji\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\winsys2.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\Thomson\\SpeedTouch USB\\stdialup.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"d:\\Programy do instalacji\\LeagueofLegends.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"e:\\CS\\hl.exe"=
"c:\\Documents and Settings\\Kruk\\Dane aplikacji\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Kruk\\Pulpit\\LeagueofLegends.exe"=
"e:\\LOL\\League of Legends\\RADS\\system\\rads_user_kernel.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\BrowserProtect\\2.6.1125.80\\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\\BrowserProtect.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56520:TCP"= 56520:TCP:Pando Media Booster
"56520:UDP"= 56520:UDP:Pando Media Booster
"4584:TCP"= 4584:TCP:prrurrsp
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2013-03-25 691696]
R2 BrowserProtect;BrowserProtect;c:\documents and settings\All Users\Dane aplikacji\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-04-08 2569168]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 noujwnm;zbhius;c:\windows\system32\svchost.exe -k netsvcs [2006-03-02 14336]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - AMSINT32
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
noujwnm
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-04-08 c:\windows\Tasks\EPUpdater.job
- c:\docume~1\Kruk\DANEAP~1\BABSOL~1\Shared\BabMaint.exe [2013-04-08 09:48]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=B4E5005345000000
TCP: Interfaces\{BAB36C25-3FF9-41D5-9EF8-66F072078A2C}: NameServer = 194.204.152.34 194.204.159.1
FF - ProfilePath - c:\documents and settings\Kruk\Dane aplikacji\Mozilla\Firefox\Profiles\xual04kp.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=B4E5005345000000
FF - ExtSQL: 2013-03-22 16:47; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-IROElauncher - c:\program files\IVONA\IVONA Reader\integr\OutlookExpress\IROElauncher.exe
MSConfigStartUp-IVONA ControlCenter - c:\program files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe
MSConfigStartUp-IVONA Reader - c:\program files\IVONA\IVONA Reader\IVONA Reader.exe.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-15 16:59
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\noujwnm]
"ServiceDll"="c:\windows\system32\qcrkf.dll"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(3064)
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Czas ukończenia: 2013-04-15  17:00:59 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2013-04-15 15:00
.
Przed: 6 203 711 488 bajtów wolnych
Po: 7 515 140 096 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5AAD9384CE94A318AAD74EAA2DD902B3