ComboFix 12-11-05.01 - Matthew 2012-11-05  17:06:46.7.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3326.2705 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Matthew\Pulpit\ComboFix.exe
AV: ESET Smart Security 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 * Rezydentny antywirus jest aktywny
.
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\E029A837F76588F20000E028C8148E51
c:\documents and settings\All Users\Dane aplikacji\E029A837F76588F20000E028C8148E51\E029A837F76588F20000E028C8148E51
c:\documents and settings\All Users\Dane aplikacji\E029A837F76588F20000E028C8148E51\E029A837F76588F20000E028C8148E51.exe
c:\documents and settings\All Users\Dane aplikacji\E029A837F76588F20000E028C8148E51\E029A837F76588F20000E028C8148E51.ico
c:\documents and settings\Matthew\WINDOWS
c:\windows\system32\TZLog.log
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-10-05 do 2012-11-05  )))))))))))))))))))))))))))))))
.
.
2012-10-30 09:41 . 2012-10-30 17:11	--------	d-----w-	c:\program files\Mozilla Thunderbird
2012-10-30 09:40 . 2012-10-30 09:51	--------	d-----w-	C:\UDC Output Files
2012-10-25 14:32 . 2012-10-25 14:32	--------	d-----w-	c:\documents and settings\Matthew\temp
2012-10-24 11:49 . 2012-10-24 11:49	--------	d-----w-	c:\documents and settings\Matthew\Ustawienia lokalne\Dane aplikacji\M-Photo_Ltd
2012-10-24 11:23 . 2012-10-24 11:23	--------	d-----w-	C:\Najlepszefoto
2012-10-24 11:18 . 2012-10-24 11:18	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\M-Photo
2012-10-24 11:17 . 2012-10-24 11:17	8443327	----a-w-	c:\windows\system32\Najlepszefoto.pl_NKreator_uninstaller.exe
2012-10-24 11:17 . 2012-10-24 11:17	--------	d-----w-	c:\program files\Najlepszefoto
2012-10-10 06:49 . 2012-10-10 06:49	--------	d-----w-	c:\documents and settings\Matthew\Ustawienia lokalne\Dane aplikacji\NetDragon
2012-10-10 06:49 . 2012-10-10 06:49	--------	d-----w-	c:\program files\Common Files\NetDragon
2012-10-10 05:56 . 2012-10-10 05:56	--------	d-----w-	c:\program files\iPod
2012-10-10 05:56 . 2012-10-10 05:57	--------	d-----w-	c:\program files\iTunes
2012-10-10 05:56 . 2012-10-10 05:57	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-10 05:47 . 2012-10-10 05:47	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin7.dll
2012-10-10 05:47 . 2012-10-10 05:47	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin6.dll
2012-10-10 05:47 . 2012-10-10 05:47	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin5.dll
2012-10-10 05:47 . 2012-10-10 05:47	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin4.dll
2012-10-10 05:47 . 2012-10-10 05:47	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin3.dll
2012-10-10 05:47 . 2012-10-10 05:47	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin2.dll
2012-10-10 05:47 . 2012-10-10 05:47	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin.dll
2012-10-10 05:46 . 2012-10-10 05:47	--------	d-----w-	c:\program files\QuickTime
2012-10-10 05:31 . 2012-10-10 05:31	--------	d-----w-	c:\documents and settings\Matthew\Dane aplikacji\iFunbox_UserCache
2012-10-10 05:30 . 2012-10-10 05:31	--------	d-----w-	c:\program files\i-Funbox DevTeam
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 10:47 . 2012-04-02 06:54	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 10:47 . 2011-05-16 18:29	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2007-10-29 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2007-10-29 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2007-10-29 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2007-10-29 12:00	385024	------w-	c:\windows\system32\html.iec
2012-08-24 13:53 . 2007-10-29 12:00	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2007-10-29 12:00	2150400	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-04 00:39	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-21 11:01 . 2010-07-08 09:16	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2010-07-08 09:16	106928	----a-w-	c:\windows\system32\GEARAspi.dll
2012-10-30 09:50 . 2012-10-30 09:50	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2011-06-23 623520]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABIT uGuruIII]
2007-04-11 16:58	425984	----a-w-	c:\program files\U-ABIT\uGuru\uGuru.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 13:57	1289000	----a-w-	c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NetDragon\\91 Mobile\\iPhone\\iPhone PC Suite.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5910:TCP"= 5910:TCP:vnc5910
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-08-04 120152]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2010-07-07 14592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2012-03-07 913144]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-22 814344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-07-07 1373480]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-06-16 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-06-16 8576]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\DRIVERS\RtsUCcid.sys --> c:\windows\system32\DRIVERS\RtsUCcid.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RtsUIr;Realtek IR Driver;c:\windows\system32\DRIVERS\RtsUIr.sys --> c:\windows\system32\DRIVERS\RtsUIr.sys [?]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys --> c:\windows\system32\DRIVERS\snp325.sys [?]
S3 Tq_91Assistant;Tq_91Assistant;c:\program files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [2012-06-15 14248]
S3 xp;xp;\??\c:\documents and settings\Matthew\xp.sys --> c:\documents and settings\Matthew\xp.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-07-19 685816]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:47]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1960408961-725345543-1003Core.job
- c:\documents and settings\Matthew\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-07-07 17:18]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1960408961-725345543-1003UA.job
- c:\documents and settings\Matthew\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-07-07 17:18]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=SAMSUNG_HD501LJ_S0MUJ1EQ201337&ts=1349850697
mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=SAMSUNG_HD501LJ_S0MUJ1EQ201337&ts=1349850697
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Inspect Element with DebugBar - c:\program files\Core Services\DebugBar\DebugInfoBar.dll/247
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: Interfaces\{0E554D2F-2C12-46A3-918A-62AC0BDDDABD}: NameServer = 87.204.204.204,62.233.233.233
FF - ProfilePath - c:\documents and settings\Matthew\Dane aplikacji\Mozilla\Firefox\Profiles\3v5sfi6m.default\
FF - prefs.js: browser.search.selectedEngine - v9
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl
FF - ExtSQL: !HIDDEN! 2010-07-09 07:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-05 17:10
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-1960408961-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\9*1*Kb:g©RKb]
"Order"=hex:08,00,00,00,02,00,00,00,a6,01,00,00,01,00,00,00,03,00,00,00,8c,00,
   00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,\
.
[HKEY_USERS\S-1-5-21-1390067357-1960408961-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f8,0b,68,85,e4,73,0a,ba,a4,85,77,3a,c4,de,73,db,52,18,7b,1b,e1,
   cf,1f,6b,d5,fb,4f,98,b3,bf,88,be,cb,4c,c2,53,bb,14,29,ca,7d,ef,94,e7,83,77,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="34CCBEF5A560B5C5C55744C619BBCB200E6697B181FDAD2CD4D09D3DAC96830FD26F4F84BD450E704C423835AE12D10001ADCC9BA9C98E0866C283C5AA110A1BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794BA7FD869164D6794BA7FD869164D67942E54A2B6832CD44E33CCB119DD9E5DCAC96C76DADAFB8B392CDA8E816CE197B3D4497E9AF96179DB3A425DDA0889B5FC60FBBC4F2610764A304DEF16BA7FF11BA51F1732917AA24A4EFA02E4C1915398942662A3669FF22358C9480D1C433F6CE231F5025C5D406C1E0E7E3B9CA20ABFA0D83AF947405A5A8E39FDCCF98E804AC100B753A2521615C9B346A6DD100298B326AAC02AED5B832DA58E7F732588DD6AB28E326188BA9DE74BDCB47C113A4B71C6B0A3A608F73B85C08A95DAAFFCD27A103F6DC40F1C6202D55DB6A54001857094DA9483D0859E595C15C1363AD7590306A39A33DD78C417F9F742B91A7C7A3B8E4C4B41712D516472E6FA4135E9220925A811C34BE3A919006C2F4E83255F51D73C418EF46EF84F1E4C7BE775D4E805224E6D40184678EE58939C2AC0486DA637F63453CA19C13C9FA6444F338FE5E356AC102AE25A9DEF13556ACAFD8662A0975AA6A7C5D3D83ED868974E8AE45A083EEA1C3533B20C6CE6303D61C8537F1C875A5FD89C19F1DD541A7C6DFBF30B457BC67A467130B5A52DB8FE5092788B653AFDE5E96CB4C317BC59BEEB6DAF3C65D191577BE90C955264935C3333134F4387610C0F344B085962556D3CA45DBD24AB30A2A3CFD1A61CADF9C753E49398E8E832E1335650FC083952D9064F195B34941D1042B8DFE99F4F3CF4B3C53FB804FC363E719A8EE77D59A99D227ED16B3A3D64988E9C6D6470333BDD08D7AD86B209423A9DAD238D047DC61320A5C9C4CDFC2877F3597E1F94686EBEB8024CD987F042343D9D01B7DC862A59C29D18427D491D2E12B071A5069E5E1AE10FDB928A423550085D6CB6B97867D27F23A6C4CA420C803DC8F489B12D2BB4D52D718F36AAB0F2EC46015CC47AA8A78156B5AFA8A6D375FB290DDE7B0E079616ED76B9F8FBD8C58C92AA7F1A58284228B9D66A815B64DA0BBF913FB7DDB68DDDC726F7362FEA38BD61AC7B4883B55283B8716032EA433F58DFADC53160942B98969139465E357C09359BAD540FB8CA5D9EBE810C818AF7083C611426F911C466171EEE72481C872CF761F9B6B127E22D1BD041D36FE61C73EF81CF48B52C721D6C050F7BCF969318F33DC5D9C88D96A3C30797C1A99888A277B49F3DC07E92441ED192137B2E2173593FFC9F540C23A28F1A0183C9775ED73577B0206DAF46181565F760F604EE1739CD0D5A77D78DBF5C947ABA0C6A7F866D9835FD317EF08A1F7640"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2012-11-05  17:11:25
ComboFix-quarantined-files.txt  2012-11-05 16:11
.
Przed: 50 525 741 056 bajtów wolnych
Po: 50 507 501 568 bajtów wolnych
.
- - End Of File - - 8AB4D603561385396265AC5570115F40