ComboFix 12-12-10.01 - Lucyna 2012-12-12  13:39:34.1.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.1023.796 [GMT 1:00]
Uruchomiony z: H:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\0tbpw.pad
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\All Users\Dane aplikacji\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\documents and settings\All Users\Menu Start\Programy\FLV Direct Player
c:\documents and settings\Lucyna\Dane aplikacji\Desktopicon
c:\documents and settings\Lucyna\Dane aplikacji\Qiyrs\keoq.exe
c:\documents and settings\Lucyna\Menu Start\Programy\Autostart\runctf.lnk
c:\documents and settings\Lucyna\Moje dokumenty\~WRL1488.tmp
c:\program files\ALLPlayerEN4267.exe
c:\program files\CyberLink.1830U_DVD071109-06_R1_Trial_Ultra.exe
c:\program files\FLV Direct Player
c:\program files\FLV Direct Player\downloading.swf
c:\program files\FLV Direct Player\player.swf
c:\program files\FLV Direct Player\preload.swf
c:\program files\FLV Direct Player\Skin\DirectFLV\Button.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Logo.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\skin.xml
c:\program files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Window.bmp
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\program files\Setup.exe
c:\program files\setup_e-pity2010_pit.exe
C:\Thumbs.db
c:\windows\system32\ijl11.dll
c:\windows\system32\SET152.tmp
c:\windows\system32\SET157.tmp
c:\windows\system32\SET9E1.tmp
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-11-12 do 2012-12-12  )))))))))))))))))))))))))))))))
.
.
2012-12-10 12:38 . 2012-10-30 22:51	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-12-10 12:38 . 2012-10-30 22:51	20624	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2012-12-10 12:37 . 2012-10-30 22:51	41224	----a-w-	c:\windows\avastSS.scr
2012-12-10 12:37 . 2012-12-10 12:37	--------	d-----w-	c:\program files\AVAST Software
2012-12-10 12:36 . 2012-12-10 12:37	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AVAST Software
2012-12-05 08:03 . 2012-12-05 08:03	--------	d-----w-	c:\documents and settings\Lucyna\Dane aplikacji\Search Settings
2012-12-05 08:03 . 2012-12-05 08:03	--------	d-----w-	c:\program files\Application Updater
2012-12-05 08:03 . 2012-12-05 08:03	--------	d-----w-	c:\program files\pdfforge Toolbar
2012-12-05 08:03 . 2012-12-05 08:03	--------	d-----w-	c:\program files\Common Files\Spigot
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2008-08-12 08:06	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2008-08-12 08:06	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2008-08-12 08:06	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2008-08-12 08:06	97608	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2008-08-12 08:06	89752	----a-w-	c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2008-08-12 08:06	25256	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2008-08-12 08:06	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:50 . 2008-08-12 08:06	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-07-30 06:47 . 2008-12-08 08:22	33964816	-c--a-w-	c:\program files\ALLPlayerPL.exe
2012-05-07 07:06 . 2012-04-27 07:04	17069568	----a-w-	c:\program files\Firefox Setup 12.0.exe
2012-01-03 08:20 . 2012-01-03 08:19	6984272	----a-w-	c:\program files\Mahjong.exe
2011-10-13 10:13 . 2011-10-13 10:11	1034752	----a-w-	c:\program files\PDFCreatorSetup.exe
2011-05-04 07:08 . 2011-05-04 07:01	13251976	----a-w-	c:\program files\Firefox Setup 4.0.1.exe
2011-02-24 14:52 . 2011-02-24 14:51	5652480	----a-w-	c:\program files\fp620.exe
2011-02-24 14:41 . 2011-02-24 14:37	4174272	----a-w-	c:\program files\dopdf-7.exe
2010-12-10 10:26 . 2010-12-10 10:08	13525424	----a-w-	c:\program files\Dropbox 0.7.110.exe
2010-06-02 13:37 . 2010-06-02 12:53	17744152	----a-w-	c:\program files\PDFCreator-1_0_0_setup(dobreprogramy.pl).exe
2010-06-02 12:34 . 2010-06-02 12:30	9612335	----a-w-	c:\program files\PDFCreator-1_0_0_setup.exe
2010-05-20 07:26 . 2010-05-20 07:26	1119519	----a-w-	c:\program files\dvdshrink32pl(dobreprogramy.pl).exe
2010-05-14 07:26 . 2010-05-14 07:24	1416944	----a-w-	c:\program files\WM9Codecs.exe
2010-02-02 11:29 . 2010-02-02 11:00	22550830	----a-w-	c:\program files\ViewerSetup.exe
2009-11-03 11:27 . 2009-11-03 11:24	8099069	----a-w-	c:\program files\topocr.exe
2009-10-30 10:46 . 2009-10-30 10:38	7701128	----a-w-	c:\program files\FreewarePrimoPDF.exe
2009-10-30 09:04 . 2009-10-30 09:00	17695920	----a-w-	c:\program files\PDFCreator-0_9_8_setup.exe
2009-10-30 08:12 . 2009-10-30 08:11	1808408	----a-w-	c:\program files\dopdf.exe
2009-10-29 09:22 . 2009-07-03 09:14	1925024	----a-w-	c:\program files\install_flash_player.exe
2009-10-23 07:53 . 2009-10-23 07:37	10638742	----a-w-	c:\program files\tvc.exe
2009-10-02 09:39 . 2009-10-02 09:39	452236	----a-w-	c:\program files\YouTubeVD(dobreprogramy.pl).exe
2009-09-07 10:27 . 2009-09-07 10:27	535576	----a-w-	c:\program files\RealPlayerSPGold.exe
2009-07-13 10:27 . 2009-07-13 10:27	570016	----a-w-	c:\program files\GoogleEarthPluginSetup.exe
2009-07-13 09:09 . 2009-07-13 09:09	1092248	----a-w-	c:\program files\Google Updater.exe
2009-05-21 11:00 . 2009-05-21 10:57	1265664	----a-w-	c:\program files\HDViewInstall_3_2.msi
2009-02-04 13:07 . 2009-02-04 13:02	6990453	-c--a-w-	c:\program files\PDFCreator_PL-0_8_0_AFPLGhostscript.exe
2009-02-02 07:49 . 2009-02-02 07:47	15892408	-c--a-w-	c:\program files\gimp-2.6.4-i686-setup_pobrane_z_megaplikipl_.exe
2009-01-12 08:28 . 2009-01-12 08:28	3303824	-c--a-w-	c:\program files\SetupScorchNS.exe
2008-12-08 08:29 . 2008-12-08 08:26	19130706	-c--a-w-	c:\program files\klmcodec425.exe
2008-12-04 08:13 . 2008-12-04 08:13	464408	-c--a-w-	c:\program files\RealPlayer11GOLD.exe
2008-12-04 08:07 . 2008-12-04 08:07	2592185	-c--a-w-	c:\program files\rmtoavi.exe
2008-12-03 10:08 . 2008-12-03 09:58	28999608	-c--a-w-	c:\program files\FileFormatConverters.exe
2008-12-03 09:57 . 2008-12-03 09:50	25772520	-c--a-w-	c:\program files\wordview_pl-pl.exe
2008-11-07 14:23 . 2008-11-07 14:20	22380328	----a-w-	c:\program files\SkypeSetup.exe
2008-10-14 07:47 . 2008-10-14 07:47	1039438	-c--a-w-	c:\program files\wrar351pl.exe
2008-08-12 08:03 . 2008-08-12 07:59	27303576	-c--a-w-	c:\program files\setuppolpro.exe
2008-07-15 08:56 . 2008-07-15 08:52	25802312	-c--a-w-	c:\program files\wmp11-windowsxp-x86-PL-PL.exe
2008-07-15 08:50 . 2008-07-15 08:50	318904	-c--a-w-	c:\program files\wmpfirefoxplugin.exe
2008-06-20 09:36 . 2008-06-20 09:36	8213400	-c--a-w-	c:\program files\Firefox Setup 3.0.exe
2012-12-05 13:54 . 2012-12-05 13:53	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Lucyna\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Lucyna\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Lucyna\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Lucyna\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-03 39408]
"MoneyRss"="c:\program files\MoneyRss\RssMoney.exe" [2007-03-22 2443264]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-27 91432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-07 198160]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-11-28 1123720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-29 15360]
.
c:\documents and settings\Lucyna\Menu Start\Programy\Autostart\
Dropbox.lnk - c:\documents and settings\Lucyna\Dane aplikacji\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Documents and Settings\\Lucyna\\Dane aplikacji\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26771:UDP"= 26771:UDP:UDP 26771
"15346:TCP"= 15346:TCP:TCP 15346
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-12-10 20624]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-10 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-08-12 361032]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 61424]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2012-11-28 793600]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-12 21256]
S2 gupdate1ca039a341f9594;Usługa Google Update (gupdate1ca039a341f9594);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-13 133104]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-04-02 38656]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47	451872	-c--a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2008-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
2012-12-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-10 22:50]
.
2012-12-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-06 12:39]
.
2012-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-13 09:13]
.
2012-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-13 09:13]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gazeta.pl/0,0.html?p=136
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Blokuj wszystkie obrazy z tego serwera - c:\program files\Avant Browser\AddAllToADBlackList.htm
IE: Dodaj do listy blokowanych reklam - c:\program files\Avant Browser\AddToADBlackList.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Otwórz wszystkie adresy z tej strony... - c:\program files\Avant Browser\OpenAllLinks.htm
IE: Podświetl - c:\program files\Avant Browser\Highlight.htm
IE: Subskrybuj w MoneyRss - file://c:\program files\MoneyRss\add_feed.htm
IE: Szukaj - c:\program files\Avant Browser\Search.htm
IE: {{B46B0919-62BA-4D99-A5C4-916B57A6805C} - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - c:\program files\Techland\English Translator XT\InternetTranslator.dll
TCP: DhcpNameServer = 194.204.152.34 194.204.159.1
FF - ProfilePath - c:\documents and settings\Lucyna\Dane aplikacji\Mozilla\Firefox\Profiles\elskpw4a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=971163&p=
FF - ExtSQL: 2012-12-10 13:50; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-{D1DC5A63-5598-AD7D-CE12-E888EB02CB9A} - c:\documents and settings\Lucyna\Dane aplikacji\Qiyrs\keoq.exe
AddRemove-Rozliczenie Roczne Rzeczpospolitej 2011 - c:\rozliczenie roczne 2011\Odinstaluj.exe
AddRemove-{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1 - c:\program files\ConvertHelper\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-12 13:56
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
Czas ukończenia: 2012-12-12  13:59:10
ComboFix-quarantined-files.txt  2012-12-12 12:58
.
Przed: 12 230 406 144 bajtów wolnych
Po: 13 310 545 920 bajtów wolnych
.
- - End Of File - - 561626531D5EEF330304DE9C43412C9A