ComboFix 12-10-21.01 - admin 2012-10-22   8:50.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.1215.683 [GMT 2:00]
Uruchomiony z: c:\documents and settings\admin\Pulpit\ComboFix.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-09-22 do 2012-10-22  )))))))))))))))))))))))))))))))
.
.
2012-10-20 09:38 . 2004-10-13 16:24	1694208	----a-w-	c:\program files\Messenger\msmsgs.exe
2012-10-20 09:37 . 2009-09-25 05:58	151552	----a-w-	c:\windows\system32\dllcache\cdfview.dll
2012-10-20 09:06 . 2012-10-20 09:06	--------	d-----w-	c:\program files\CCleaner
2012-10-20 06:59 . 2012-09-29 17:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-18 06:01 . 2012-10-18 06:01	--------	d-----w-	c:\documents and settings\LocalService\Dane aplikacji\McAfee
2012-10-17 14:49 . 2012-10-18 06:01	--------	d-----w-	c:\program files\McAfee Security Scan
2012-10-17 14:49 . 2012-10-18 06:17	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-05 13:27 . 2012-10-05 13:28	--------	d-----w-	c:\documents and settings\admin\Dane aplikacji\Party
2012-10-04 07:58 . 2012-10-20 08:40	--------	d-----w-	c:\documents and settings\admin\Dane aplikacji\Skype
2012-10-04 07:58 . 2012-10-04 07:58	--------	d-----w-	c:\program files\Common Files\Skype
2012-10-04 07:58 . 2012-10-04 07:58	--------	d-----r-	c:\program files\Skype
2012-10-04 07:57 . 2012-10-04 07:58	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 06:17 . 2011-08-16 05:37	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
1999-06-25 08:55 . 2006-06-12 13:03	149504	----a-w-	c:\program files\UNWISE.EXE
2012-10-12 11:19 . 2012-10-12 11:19	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^admin^Menu Start^Programy^Autostart^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\admin\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00	919008	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20	38872	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 12:00	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 21:12	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24	1694208	----a-w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22	589824	----a-w-	c:\program files\VIA\RAID\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33	17418928	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-12-22 09:09	77824	----a-w-	c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 11:59	252136	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-01-10 23:33	143360	----a-r-	c:\windows\system32\VTTrayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebToGo]
2010-05-06 08:54	191	----a-w-	f:\ks\WebToGo\WtgStart.bat
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"e:\\Program files\\Auto Partner\\AP Katalog 3\\apkat.exe"=
"f:\\AP\\AP Katalog 4\\apkat.exe"=
"f:\\polcar\\eCar\\eCar.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Spyware Doctor\\swdoctor.exe"=
"f:\\ks\\WebToGo\\webtogo.exe"=
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-20 399432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-20 22856]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 116648]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-20 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-17 250808]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 116648]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 115168]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - 26873148
*Deregistered* - 26873148
*Deregistered* - mchInjDrv
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-17 06:17]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 08:33]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 08:33]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q=google.pl&toolbar=UT2
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 192.168.4.1:8080
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
TCP: Interfaces\{255BC609-B64F-4903-8854-E6641C357101}: NameServer = 194.204.159.1,194.204.152.34
FF - ProfilePath - c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\cqqhl0hk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111732&babsrc=KW_ss&mntrId=28082837000000000000001485c03314&q=
FF - ExtSQL: 2012-10-04 07:55; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\cqqhl0hk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
SafeBoot-17856426.sys
MSConfigStartUp-Odkurzacz-MCD - c:\program files\Odkurzacz\odk_mcd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-22 08:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(1252)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2012-10-22  08:59:47
ComboFix-quarantined-files.txt  2012-10-22 06:59
ComboFix2.txt  2012-10-20 10:48
.
Przed: 12 600 451 072 bajtów wolnych
Po: 12 592 349 184 bajtów wolnych
.
- - End Of File - - 8A5BED454806BFA6183535645646F823