ComboFix 14-01-23.02 - Adam 2014-01-26  17:44:44.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.511.249 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Adam\Moje dokumenty\Pobieranie\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-12-26 do 2014-01-26  )))))))))))))))))))))))))))))))
.
.
2014-01-26 16:00 . 2014-01-26 16:12	--------	d-----w-	C:\AdwCleaner
2014-01-26 15:51 . 2014-01-26 15:51	--------	d-----w-	c:\program files\EMCO
2014-01-26 14:26 . 2014-01-26 15:22	--------	d-----w-	c:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-01-26 13:37 . 2011-06-21 10:24	32768	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2014-01-26 10:32 . 2014-01-26 10:32	--------	d-----w-	c:\program files\Enigma Software Group
2014-01-26 10:31 . 2014-01-26 14:26	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2014-01-26 09:31 . 2014-01-26 09:31	--------	d-----w-	c:\documents and settings\Adam\.android
2014-01-26 09:30 . 2014-01-26 09:30	--------	d-----w-	c:\documents and settings\Adam\Ustawienia lokalne\Dane aplikacji\cache
2014-01-26 09:29 . 2014-01-26 10:23	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\IePluginService
2014-01-20 18:28 . 2014-01-20 18:28	--------	d-----w-	c:\documents and settings\Adam\Dane aplikacji\MathematicaPlayer
2014-01-20 18:28 . 2014-01-20 18:28	--------	d-----w-	c:\documents and settings\Adam\Ustawienia lokalne\Dane aplikacji\MathematicaPlayer
2014-01-20 18:27 . 2014-01-20 18:27	--------	d-----w-	c:\program files\Common Files\Wolfram Research
2014-01-20 18:27 . 2014-01-20 18:27	--------	d-----w-	c:\program files\Extras
2014-01-20 18:27 . 2014-01-20 18:27	--------	d-----w-	c:\program files\Common Files\ResearchSoft
2014-01-20 18:27 . 2014-01-20 18:27	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Mathematica
2014-01-20 18:26 . 2013-02-07 18:39	360752	----a-w-	c:\windows\system32\mltcpip32.mlp
2014-01-20 18:26 . 2013-02-07 18:39	95536	----a-w-	c:\windows\system32\mltcp32.mlp
2014-01-20 18:26 . 2013-02-07 18:39	88368	----a-w-	c:\windows\system32\mlshm32.mlp
2014-01-20 18:26 . 2013-02-07 18:39	78128	----a-w-	c:\windows\system32\mlmap32.mlp
2014-01-20 18:26 . 2013-02-07 18:39	173360	----a-w-	c:\windows\system32\mlmodule32.dll
2014-01-20 18:26 . 2013-02-07 18:39	369968	----a-w-	c:\windows\system32\ml32i3.dll
2014-01-20 18:26 . 2013-02-07 18:39	258864	----a-w-	c:\windows\system32\ml32i2.dll
2014-01-20 18:26 . 2013-02-07 18:39	252720	----a-w-	c:\windows\system32\ml32i1.dll
2014-01-20 18:23 . 2014-01-20 18:23	--------	d-----w-	c:\program files\Wolfram Research
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-01 16:10 . 2013-11-10 16:26	203024	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2013-11-01 16:09 . 2013-11-10 16:26	103696	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2013-11-01 16:09 . 2013-11-01 16:09	126224	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2013-11-01 16:09 . 2013-11-01 16:09	114960	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2013-11-01 16:08 . 2013-11-01 16:08	174864	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	121968	----a-w-	d:\programy\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"avast"="d:\programy\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2238704]
"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-14 200704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2013-02-08 18:30	66800	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Adam^Menu Start^Programy^Autostart^OpenOffice.org 3.4.1.lnk]
path=c:\documents and settings\Adam\Menu Start\Programy\Autostart\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GG]
2013-12-19 09:07	4047424	----a-w-	c:\documents and settings\Adam\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-12-11 19:40	1823656	----a-w-	c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"c:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"c:\\Program Files\\Wolfram Research\\Wolfram CDF Player\\9.0\\WolframCDFPlayer.exe"=
"c:\\Program Files\\Wolfram Research\\Wolfram CDF Player\\9.0\\math.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-08-06 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-08-06 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-08-06 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-08-06 369584]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2013-11-10 203024]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2013-11-10 103696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-08-06 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-06 66336]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2013-08-06 12808]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2013-11-01 114960]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2013-11-01 126224]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
S2 Update Surftastic;Update Surftastic;"c:\program files\Surftastic\updateSurftastic.exe" --> c:\program files\Surftastic\updateSurftastic.exe [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-01-26 c:\windows\Tasks\avast! Emergency Update.job
- d:\programy\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-06 08:58]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.awesomehp.com/?type=hp&ts=1390728523&from=amt&uid=SAMSUNGXSP0812N_S00MJ10L201489
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{8B972B40-269B-4A10-831B-7B7DF21723C7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\documents and settings\Adam\Dane aplikacji\Mozilla\Firefox\Profiles\sctlj4v7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-AQQ - d:\progra~1\WAPSTE~1\AQQ.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-26 17:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(1404)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Czas ukończenia: 2014-01-26  17:56:57
ComboFix-quarantined-files.txt  2014-01-26 16:56
.
Przed: 7 310 368 768 bajtów wolnych
Po: 7 652 233 216 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1C0D781CC26AF747CD5DF1A23E5C1C8D
32052574BF9F325AE309ABC7BFD04460