ComboFix 12-10-18.03 - Andrzej 2012-10-18  18:37:50.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1560 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Andrzej\Pulpit\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\winnt\IsUn0415.exe
D:\install.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-09-18 do 2012-10-18  )))))))))))))))))))))))))))))))
.
.
2012-10-18 15:51 . 2012-10-18 15:51	--------	d-----w-	c:\program files\LSoft Technologies
2012-10-18 09:40 . 2012-10-18 09:40	--------	d-----w-	C:\_OTL
2012-10-11 22:02 . 2012-10-16 16:17	--------	d-----w-	C:\UsbFix
2012-10-09 16:02 . 2012-10-09 16:02	--------	d-----w-	c:\documents and settings\Andrzej\Dane aplikacji\Media Player Classic
2012-09-24 14:23 . 2012-09-24 14:23	--------	d-----w-	c:\documents and settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Help
2012-09-22 11:07 . 2012-09-22 11:11	--------	d-----w-	c:\documents and settings\Andrzej\Dane aplikacji\ExpressFiles
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 21:03 . 2012-10-12 21:03	3381872	----a-w-	C:\UsbFix_Upload_Me_ANDRZEJLAP.zip
2012-09-10 14:50 . 2012-09-10 14:51	73728	----a-w-	c:\winnt\system32\javacpl.cpl
2012-09-10 14:50 . 2012-09-10 14:51	477168	----a-w-	c:\winnt\system32\npdeployJava1.dll
2012-09-10 14:50 . 2012-03-27 16:20	473072	----a-w-	c:\winnt\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2012-05-05 . F0E6C89AB059B7CDD7991940C634889A . 2193920 . . [5.1.2600.6223] . . c:\winnt\Driver Cache\i386\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Gadu-Gadu 10"="d:\programy\gg\Gadu-Gadu 10\gg.exe" [2011-06-01 13349472]
"uTorrent"="d:\programy\utorrent\uTorrent.exe" [2012-07-20 895376]
"uTorrent"="d:\programy\utorrent\uTorrent.exe" [2012-07-20 895376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\winnt\system32\WLTRAY" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Adobe Reader Speed Launcher"="d:\programy\adobe\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
$McRebootA5E6DEAA56$.lnk -  [N/A]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
backup=c:\winnt\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-06-29 10:13	1032192	----a-w-	c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-06-07 17:17	17425072	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-07-20 11:30	895376	----a-w-	d:\programy\utorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\utorrent\\uTorrent.exe"=
"d:\\Programy\\gg\\Gadu-Gadu 10\\gg.exe"=
.
R2 MSSQL$InsERT;MSSQL$InsERT;c:\program files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe -sInsERT --> c:\program files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe -sInsERT [?]
S2 0102741350577920mcinstcleanup;McAfee Application Installer Cleanup (0102741350577920);c:\docume~1\Andrzej\USTAWI~1\Temp\010274~1.EXE -cleanup -nolog --> c:\docume~1\Andrzej\USTAWI~1\Temp\010274~1.EXE -cleanup -nolog [?]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-15 136176]
S2 KMService;KMService;c:\winnt\system32\srvany.exe [2012-06-10 8192]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 250056]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-15 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SQLAgent$InsERT;SQLAgent$InsERT;c:\program files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlagent.EXE -i InsERT --> c:\program files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlagent.EXE -i InsERT [?]
S4 sptd;sptd;c:\winnt\system32\Drivers\sptd.sys --> c:\winnt\system32\Drivers\sptd.sys [?]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-10-18 c:\winnt\Tasks\Adobe Flash Player Updater.job
- c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 07:06]
.
2012-10-18 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-15 14:08]
.
2012-10-18 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-15 14:08]
.
2012-10-18 c:\winnt\Tasks\WGASetup.job
- c:\winnt\system32\KB905474\wgasetup.exe [2012-04-02 20:18]
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = hxxp://linktarget.ashampoo.com/linktarget/?target=regpopinstall&edition=eid=9384&x-thrdp=none
IE: E&ksportuj do programu Microsoft Excel - d:\programy\ofice\Office14\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - d:\programy\ofice\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\5esuaogd.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - ExtSQL: 2012-09-10 16:51; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; d:\programy\Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-DAEMON Tools Lite - d:\programy\deamon\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-Sweetpacks Communicator - c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
AddRemove-Pakiet firmy InsERT - c:\winnt\IsUn0415.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-18 18:51
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  Ujawaq = c:\documents and settings\Andrzej\Dane aplikacji\Ujawaq.exe 
.
skanowanie ukrytych plików ...  
.
.
c:\documents and settings\Andrzej\Dane aplikacji\Ujawaq.exe 930962 bytes executable
.
skanowanie pomyślnie ukończone
ukryte pliki: 1
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ujawaq"="c:\\Documents and Settings\\Andrzej\\Dane aplikacji\\Ujawaq.exe"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\winnt\system32\Ati2evxx.dll
c:\winnt\System32\BCMLogon.dll
c:\winnt\system32\WININET.dll
.
- - - - - - - > 'csrss.exe'(748)
c:\winnt\system32\WININET.dll
.
Czas ukończenia: 2012-10-18  18:57:54
ComboFix-quarantined-files.txt  2012-10-18 16:57
.
Przed: 5 872 091 136 bajtów wolnych
Po: 6 325 415 936 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9C4783A5D48F662A6E60A60FC8F2E264