ComboFix 12-07-16.01 - Karolinaa 2012-07-17  18:00:12.3.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.3583.3179 [GMT 2:00]
Uruchomiony z: E:\ComboFix.exe
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\WindowsUpdate.log
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-17 do 2012-07-17  )))))))))))))))))))))))))))))))
.
.
2012-07-17 09:56 . 2012-07-17 10:00	--------	d-----w-	c:\program files\AVAST Software
2012-07-17 09:56 . 2012-07-17 10:00	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AVAST Software
2012-07-17 09:21 . 2012-07-17 09:45	--------	d-----w-	c:\program files\CCleaner
2012-07-17 09:21 . 2012-07-17 09:21	--------	d-----w-	c:\program files\Recuva
2012-07-17 09:19 . 2012-07-17 09:25	--------	d-----w-	c:\documents and settings\Administrator
2012-07-14 15:14 . 2012-07-14 15:14	--------	d-----w-	c:\documents and settings\Karolinaa\Dane aplikacji\hellomoto
2012-07-09 03:56 . 2012-07-09 17:50	--------	d-----w-	c:\documents and settings\Karolinaa\Dane aplikacji\Loes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-10-01 14:00 . 2009-07-02 14:39	40960	----a-w-	c:\program files\Uninstall_CDS.exe
2012-06-17 05:35 . 2012-04-26 16:30	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . A9ED600F08A92143253C10EDB5651ECF . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sfcfiles.dll
[-] 2006-01-31 . 427EA2FC5A6D079CC0FA620A2E421F45 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-19 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-19 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"xinput1_3"="c:\documents and settings\Karolinaa\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\2904\xinput1_3.exe" [2012-07-14 51712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\Karolinaa\Menu Start\Programy\Autostart\
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
INTELLINET NETWORK SOLUTIONS Wireless Utility.lnk - c:\program files\INTELLINET\Common\INTELLINET_UI.exe [2010-11-12 1630208]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys --> c:\windows\system32\Drivers\e4ldr.sys [?]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2010-11-12 19072]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys --> c:\windows\system32\DRIVERS\e4usbaw.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 113120]
S3 RT80x86;INTELLINET 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2010-11-12 1069824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-261903793-839522115-1003Core.job
- c:\documents and settings\Karolinaa\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-03-09 17:34]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-261903793-839522115-1003UA.job
- c:\documents and settings\Karolinaa\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-03-09 17:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.pl/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Karolinaa\Dane aplikacji\Mozilla\Firefox\Profiles\em36t222.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.pl/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-Windows System - c:\documents and settings\Karolinaa\Dane aplikacji\svchost.exe
AddRemove-Biologia i geografia 2005 - c:\windows\IsUn0415.exe
AddRemove-Liceum - Podstawy Przedsiębiorczości - c:\windows\IsUn0415.exe
AddRemove-Liceum klasa 1 - Potęga słowa - c:\windows\IsUn0415.exe
AddRemove-Liceum klasa 2 - Chemia - podstawowa - c:\windows\IsUn0415.exe
AddRemove-Wielka Powtórka. Lektury cz. 2 - c:\windows\IsUn0415.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-17 18:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2012-07-17  18:05:57
ComboFix-quarantined-files.txt  2012-07-17 16:05
.
Przed: 15 298 756 608 bajtów wolnych
Po: 15 258 546 176 bajtów wolnych
.
- - End Of File - - 6A9557C03D9AABB8CFEDBE0FE9A66BDB