ComboFix 12-04-26.01 - s. Iwona 2012-04-26  16:09:55.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2001.1269 [GMT 2:00]
Uruchomiony z: c:\documents and settings\s. Iwona\Pulpit\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 * Rezydentny antywirus jest aktywny
.
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-03-26 do 2012-04-26  )))))))))))))))))))))))))))))))
.
.
2012-04-26 13:53 . 2012-04-26 13:53	--------	d-----w-	C:\_OTL
2012-04-23 15:03 . 2010-01-14 02:18	1730272	----a-w-	c:\windows\system32\drivers\igxpmp32.sys
2012-04-23 15:03 . 2010-01-14 02:28	155648	----a-w-	c:\windows\system32\igfxCoIn_v5218.dll
2012-04-23 14:41 . 2012-04-23 14:41	--------	d-----w-	c:\documents and settings\s. Iwona\Dane aplikacji\Malwarebytes
2012-04-23 14:41 . 2012-04-23 14:41	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2012-04-20 07:30 . 2012-04-20 07:30	--------	d-----w-	c:\documents and settings\s. Iwona\Dane aplikacji\ESET
2012-04-20 07:27 . 2012-04-20 07:27	--------	d-----w-	c:\program files\ESET
2012-04-20 06:51 . 2008-04-14 16:11	53248	-c--a-w-	c:\windows\system32\dllcache\i8042prt.sys
2012-04-20 06:51 . 2008-04-14 16:11	53248	----a-w-	c:\windows\system32\drivers\i8042prt.sys
2012-04-20 06:19 . 2011-08-17 13:49	138496	----a-w-	c:\windows\system32\drivers\afd.sys
2012-04-19 14:20 . 2012-04-19 14:20	--------	d-----w-	c:\documents and settings\s. Iwona\Dane aplikacji\ArcaVirMicroScan
2012-04-19 13:59 . 2012-04-20 07:13	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2012-04-19 12:28 . 2012-04-19 12:28	--------	d-sh--w-	c:\windows\system32\config\systemprofile\PrivacIE
2012-04-19 12:28 . 2012-04-19 12:28	--------	d-sh--w-	c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 10:59 . 2002-12-31 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2002-12-31 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2002-12-31 12:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-08-29 07:22	148480	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2002-12-31 12:00	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2002-12-31 12:00	385024	----a-w-	c:\windows\system32\html.iec
2012-02-07 09:02 . 2012-02-07 09:02	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:57 . 2008-08-29 07:22	1860352	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DS Clock"="c:\program files\DS Clock\dsclock.exe" [2001-12-11 270336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-14 161328]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-02 1055792]
"CryptoCard Suite Cert Monitor"="c:\program files\CryptoTech\CryptoCard\CCMonitor.exe" [2006-03-15 237568]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-07 16377344]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-29 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-29 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-29 142360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\s. Iwona\Menu Start\Programy\Autostart\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Action Manager 32.lnk - c:\program files\ScannerU\AM32.exe [2008-5-10 57344]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-8 113664]
Device Monitor.lnk - c:\program files\ArcSoft\MediaConverter 3\Monitor.exe [2011-2-21 139264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
2007-06-28 04:18	404248	-c--a-r-	c:\program files\Intel\AMT\atchk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:21	1695232	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
"50000:TCP"= 50000:TCP:ArcaVir CommunicationPort (A)
"50001:TCP"= 50001:TCP:ArcaVir CommunicationPort (S)
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-08-04 118104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-10-15 2554648]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2008-09-09 47488]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 136176]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 136176]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2005-02-02 9344]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
HpqKbFiltr
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 05:43]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 05:43]
.
2012-04-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {961480A1-6231-445F-AF8F-5F52B081391A} - hxxp://www.digi.fotofocus.pl/e-photoshop/fotofocus_pl/uploader/PoewarePhotoSender.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-26 16:18
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
.
c:\docume~1\S0904~1.IWO\USTAWI~1\Temp\catchme.dll 53248 bytes executable
.
skanowanie pomyślnie ukończone
ukryte pliki: 1
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2608949019-1795743748-2640794766-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,af,5a,8f,5c,63,b9,1a,f2,4a,49,45,56,02,eb,a2,e2,1e,53,80,f3,ec,27,
   00,77,20,cc,79,ee,d2,04,32,ea,59,0b,82,55,01,f1,40,09,1a,2e,75,db,c9,92,a8,\
"??"=hex:29,b9,a0,d8,51,b5,90,9a,9c,64,12,a8,f2,20,e6,56
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(2552)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll
c:\program files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
c:\program files\WinRAR\rarext.dll
c:\program files\Photo!\Photo! Web Album\webalbumcontext.dll
c:\program files\Krajowa Izba Rozliczeniowa S.A\SZAFIR 1.0\bin\SzafirContextMenu.dll
c:\program files\Nero\Nero 7\InCD\InCDshx.dll
c:\program files\Nero\Nero 7\InCD\InCDAPI2.dll
c:\program files\ESET\ESET Smart Security\shellExt.dll
c:\progra~1\ArcSoft\MEDIAC~1\AMCExt.dll
c:\progra~1\ArcSoft\MEDIAC~1\DeviceList.dll
c:\progra~1\ArcSoft\MEDIAC~1\MagCore.dll
c:\progra~1\ArcSoft\MEDIAC~1\XMLWrapper.dll
c:\windows\system32\CmdLineExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
.
Czas ukończenia: 2012-04-26  16:21:28
ComboFix-quarantined-files.txt  2012-04-26 14:21
.
Przed: 5 566 251 008 bajtów wolnych
Po: 5 553 061 888 bajtów wolnych
.
- - End Of File - - B3E42549D3C71E97F64F5524F59AB8EE