ComboFix 14-03-24.01 - Admin 2014-04-01  13:54:28.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.3071.2355 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\WINDOWS
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-03-01 do 2014-04-01  )))))))))))))))))))))))))))))))
.
.
2014-04-01 11:22 . 2014-04-01 11:22	--------	d-----w-	c:\program files\CCleaner
2014-04-01 11:05 . 2014-04-01 11:05	--------	d-----w-	c:\documents and settings\Admin\Dane aplikacji\TeamViewer
2014-04-01 09:23 . 2014-04-01 09:23	--------	d-----w-	c:\windows\system32\wbem\Repository
2014-04-01 09:18 . 2014-04-01 09:19	--------	d-s---w-	c:\documents and settings\Administrator
2014-03-18 15:01 . 2014-03-18 15:01	--------	d-----w-	C:\spoolerlogs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-13 10:03 . 2012-04-10 07:46	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-13 10:03 . 2011-09-22 09:49	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 16:05 . 2006-03-02 12:00	920064	----a-w-	c:\windows\system32\wininet.dll
2014-02-24 11:35 . 2006-03-02 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2014-02-24 11:35 . 2006-03-02 12:00	18944	----a-w-	c:\windows\system32\corpol.dll
2014-02-24 11:35 . 2006-03-02 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2014-02-24 10:59 . 2006-03-02 12:00	385024	----a-w-	c:\windows\system32\html.iec
2014-02-07 06:36 . 2006-03-02 12:00	1879296	----a-w-	c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2006-03-02 12:00	563712	----a-w-	c:\windows\system32\qedit.dll
2014-01-04 03:12 . 2006-03-02 12:00	420864	----a-w-	c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-04-30 1527432]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-09 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-04-30 1721480]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-11-06 206448]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"CryptoCard Suite Cert Monitor"="c:\program files\CryptoTech\CryptoCard\CCMonitor.exe" [2012-05-08 524800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Menu Start\Programy\Autostart\
HP Print View Resource Center.lnk - c:\program files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe -hidden [2012-6-18 482304]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-03-04 11352]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-11-16 38656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-03-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-02 19472]
S3 cxbu0wdm;OMNIKEY 6121;c:\windows\system32\drivers\cxbu0wdm.sys [2013-10-11 119040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-17 08:27	1150280	----a-w-	c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 10:03]
.
2014-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 09:20]
.
2014-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 09:20]
.
2014-04-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2013-04-30 09:57]
.
2014-04-01 c:\windows\Tasks\User_Feed_Synchronization-{A2526DD2-C0FE-487D-B781-32C673AA0A0E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
2014-04-01 c:\windows\Tasks\User_Feed_Synchronization-{A28CD6FB-1E9A-47C1-9191-E62F0A51B2C6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 217.172.224.160 89.231.1.206
DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} - file:///C:/Program%20Files/AutoCAD%20LT%202000i%20Plk/InstFred.ocx
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\grv7kz1l.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - ExtSQL: !HIDDEN! 2011-03-02 17:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Skojarzenia plików -------
.
.scr=DWGTrueViewScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-01 13:59
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Czas ukończenia: 2014-04-01  14:00:39
ComboFix-quarantined-files.txt  2014-04-01 12:00
.
Przed: 17 666 097 152 bajtów wolnych
Po: 19 273 551 872 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - EB3A8EF6F5679D9E2D051A671FE35335
32052574BF9F325AE309ABC7BFD04460