ComboFix 12-06-28.03 - PC 2012-06-29  20:56:47.32.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.511.301 [GMT 2:00]
Uruchomiony z: c:\documents and settings\PC\Pulpit\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\PC\Dane aplikacji\PriceGong
c:\documents and settings\PC\Dane aplikacji\PriceGong\Data\mru.xml
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-05-28 do 2012-06-29  )))))))))))))))))))))))))))))))
.
.
2012-06-29 17:26 . 2012-06-29 17:26	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2012-06-22 15:43 . 2012-06-23 13:19	--------	d-----w-	c:\documents and settings\PC\Ustawienia lokalne\Dane aplikacji\NCH_EN
2012-06-22 15:30 . 2012-06-22 15:30	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PDF reDirect
2012-06-22 15:27 . 2012-06-22 15:33	--------	d-----w-	c:\documents and settings\PC\Dane aplikacji\PDF reDirect
2012-06-22 15:15 . 2012-06-22 15:15	--------	d-----w-	c:\documents and settings\PC\Dane aplikacji\OpenCandy
2012-06-22 15:06 . 2012-06-22 15:06	--------	d-----w-	c:\program files\Conduit
2012-06-17 15:51 . 2012-06-17 15:51	--------	d-----w-	c:\documents and settings\PC\Ustawienia lokalne\Dane aplikacji\ABBYY
2012-06-13 17:19 . 2012-06-13 17:19	--------	d-----w-	c:\windows\ie8updates
2012-06-13 14:12 . 2012-05-11 14:44	521728	------w-	c:\windows\system32\dllcache\jsdbgui.dll
2012-06-08 20:57 . 2012-06-08 20:57	--------	d-----w-	c:\program files\Piranha Bytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2011-10-04 08:48	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-10-04 08:48	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-10-04 08:48	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 17:24	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24	24088	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-10-04 08:48	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2011-10-04 08:48	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-08-06 17:24	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-04 00:43	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24	16408	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-10-04 08:48	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-10-04 08:48	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-08-06 17:23	18968	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22 . 2004-08-04 00:43	602624	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2006-06-23 11:16	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2006-09-13 16:22	1863424	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2004-08-04 00:44	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 14:44 . 2004-08-04 00:44	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-11 11:39 . 2004-08-04 00:36	385024	----a-w-	c:\windows\system32\html.iec
2012-05-10 17:23 . 2011-12-15 12:01	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-05 15:41 . 2012-05-01 14:25	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 15:41 . 2012-05-01 14:25	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 15:41 . 2012-05-05 15:41	4126880	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2012-05-05 03:15 . 2006-09-13 18:19	2070400	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:15 . 2006-09-13 16:21	2193920	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-02 13:47 . 2011-10-04 08:46	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-05-01 14:07 . 2012-05-01 14:07	3584	----a-r-	c:\documents and settings\PC\Dane aplikacji\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2004-10-01 14:00 . 2011-11-11 09:57	40960	----a-w-	c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\PC\Menu Start\Programy\Autostart\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /k:D *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2005-07-08 14:25	1397760	------w-	c:\program files\Ahead\InCD\InCD.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-04-24 136360]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 14:25]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-07 12:15]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-07 12:15]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = hxxp://www.wp.pl/
TCP: Interfaces\{116CA4D7-F4EC-436A-AD3B-ADFB779DB2F7}: NameServer = 217.172.224.160 80.244.128.3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 21:01
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2012-06-29  21:04:10
ComboFix-quarantined-files.txt  2012-06-29 19:04
.
Przed: 11 558 543 360 bajtów wolnych
Po: 11 589 181 440 bajtów wolnych
.
- - End Of File - - 6E4280618ACF999AE86ADA4AA53F8710