ComboFix 10-12-29.02 - Ania 2010-12-30  12:24:55.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1023.790 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Ania\Moje dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsprst7.dll
c:\windows\system32\msssc.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll

c:\windows\regedit.exe . . . jest zainfekowany!!

c:\windows\system32\midimap.dll . . . jest zainfekowany!!

.
(((((((((((((((((((((((((   Pliki utworzone od 2010-11-28 do 2010-12-30  )))))))))))))))))))))))))))))))
.

Nie utworzono żadnych nowych plików w tym okresie

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2009-08-10 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe


[-] 2009-08-10 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-05-17 . 9526A0E8C46C3DC0C3FAB0164D7546CC . 643072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-08-10 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2009-08-10 . EB3B4771498DD3FFD97E123643A26D91 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll

[-] 2009-08-15 . 3901C68A498BCAF5AFF25F1DB550B918 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2009-08-10 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe



c:\windows\System32\wuauclt.exe ...  - brak elementu !!
c:\windows\System32\regsvc.dll ...  - brak elementu !!
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\programy\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"GrooveMonitor"="d:\programy\Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-02-15 58968]
"Norton Ghost 10.0"="d:\programy\Norton Ghost\Agent\GhostTray.exe" [2005-09-09 1537648]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-08-10 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-08-10 128512]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
hp psc 1000 series.lnk - e:\stery\Digital Imaging\bin\hpohmr08.exe [2004-6-16 147456]
hpoddt01.exe.lnk - e:\stery\Digital Imaging\bin\hpotdd01.exe [2004-6-16 28672]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\PROGRAMY\\Office\\Office12\\OUTLOOK.EXE"=
"d:\\PROGRAMY\\Office\\Office12\\GROOVE.EXE"=
"d:\\PROGRAMY\\Office\\Office12\\ONENOTE.EXE"=
"d:\\PROGRAMY\\Gadu-Gadu 10\\gg.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-12-28 436792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-27 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-27 17744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-08-10 20:46	128512	----a-w-	c:\windows\system32\advpack.dll
.
Zawartość folderu 'Zaplanowane zadania'

2010-12-29 c:\windows\Tasks\FRU Task 2004-06-17 01:06ewlett-Packard2004-06-17 01:06p psc 1200 seriesD66655067F78228D3716D2BFC2C61DA319188DBF293625928.job
- e:\stery\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 17:06]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1078145449-1177238915-1005Core.job
- c:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-12-28 19:01]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1078145449-1177238915-1005UA.job
- c:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-12-28 19:01]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.pl/
IE: E&ksportuj do programu Microsoft Excel - d:\programy\Office\Office12\EXCEL.EXE/3000
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-30 12:29
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\scecli.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll
.
Czas ukończenia: 2010-12-30  12:31:40
ComboFix-quarantined-files.txt  2010-12-30 11:31

Przed: 1 901 764 608 bajtów wolnych
Po: 2 012 938 240 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0874B0A504ABD740ADE07E6E3B00746D