ComboFix 13-05-23.02 - Sonic 2013-05-23  17:08:08.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.3519.3163 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Sonic\Pulpit\ComboFix.exe
AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9488E0FA-F058-4673-850E-E755F112BABC}
FW:  *Enabled* {9488E0FA-F058-4673-850E-E755F112BABC}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\All Users\Dane aplikacji\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-04-23 do 2013-05-23  )))))))))))))))))))))))))))))))
.
.
2013-05-22 17:14 . 2013-05-22 17:14	--------	d-----w-	c:\documents and settings\Sonic\Dane aplikacji\ElevatedDiagnostics
2013-05-22 17:14 . 2013-05-22 17:14	--------	d-----w-	C:\MATS
2013-05-21 21:27 . 2013-05-21 21:27	--------	d-----w-	c:\program files\iPod
2013-05-21 21:26 . 2013-05-21 21:29	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-21 14:12 . 2013-05-21 14:12	--------	d-----w-	C:\_OTL
2013-05-20 19:25 . 2013-05-20 19:25	--------	d-----w-	c:\documents and settings\NetworkService\Dane aplikacji\Apple Computer
2013-05-20 12:30 . 2013-05-20 12:30	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-05-17 18:56 . 2013-05-17 18:56	69632	----a-r-	c:\documents and settings\Sonic\Dane aplikacji\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\ARPPRODUCTICON.exe
2013-05-17 18:56 . 2013-05-17 18:56	49152	----a-r-	c:\documents and settings\Sonic\Dane aplikacji\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-05-17 18:56 . 2013-05-17 18:56	--------	d-----w-	c:\documents and settings\Sonic\Ustawienia lokalne\Dane aplikacji\Downloaded Installations
2013-05-17 11:38 . 2013-05-17 11:38	--------	d-----w-	c:\documents and settings\Administrator
2013-05-17 09:31 . 2013-05-17 09:33	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AVG
2013-05-17 09:30 . 2013-05-17 09:30	--------	d-sh--w-	c:\documents and settings\All Users\Dane aplikacji\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-05-17 09:13 . 2013-05-17 09:13	--------	d-----w-	c:\documents and settings\Sonic\Dane aplikacji\TuneUp Software
2013-05-11 17:38 . 2013-05-11 17:38	--------	d-----r-	c:\documents and settings\LocalService\Ulubione
2013-05-11 16:33 . 2013-05-02 15:28	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-05-11 16:28 . 2013-05-11 16:28	--------	d--h--w-	c:\documents and settings\All Users\Dane aplikacji\Common Files
2013-05-11 13:31 . 2013-05-11 13:31	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin7.dll
2013-05-11 13:31 . 2013-05-11 13:31	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin6.dll
2013-05-11 13:31 . 2013-05-11 13:31	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin5.dll
2013-05-11 13:31 . 2013-05-11 13:31	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin4.dll
2013-05-11 13:31 . 2013-05-11 13:31	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin3.dll
2013-05-11 13:31 . 2013-05-11 13:31	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin2.dll
2013-05-11 13:31 . 2013-05-11 13:31	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin.dll
2013-05-11 13:26 . 2013-05-11 13:26	225280	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-05-11 13:25 . 2013-05-11 16:39	--------	d-----w-	c:\program files\x264 Video Codec
2013-05-06 20:59 . 2008-04-14 20:50	159232	----a-w-	c:\windows\system32\ptpusd.dll
2013-05-06 20:59 . 2001-10-26 15:29	5632	----a-w-	c:\windows\system32\ptpusb.dll
2013-05-06 20:59 . 2008-04-13 22:15	15104	-c--a-w-	c:\windows\system32\dllcache\usbscan.sys
2013-05-06 20:59 . 2008-04-13 22:15	15104	----a-w-	c:\windows\system32\drivers\usbscan.sys
2013-05-04 01:06 . 2013-05-04 01:06	--------	d-----w-	c:\documents and settings\Sonic\Ustawienia lokalne\Dane aplikacji\Macroplant_LLC
2013-05-04 01:05 . 2012-04-09 14:27	223760	----a-w-	c:\windows\system32\CbFsNetRdr3.dll
2013-05-04 01:05 . 2012-04-09 14:27	158224	----a-w-	c:\windows\system32\CbFsMntNtf3.dll
2013-05-04 01:05 . 2012-04-09 14:27	299024	----a-w-	c:\windows\system32\drivers\cbfs3.sys
2013-05-04 01:00 . 2013-05-04 01:00	--------	d-----w-	c:\program files\Microsoft.NET
2013-05-02 16:34 . 2013-05-04 01:05	--------	d-----w-	c:\documents and settings\Sonic\Ustawienia lokalne\Dane aplikacji\Apple Computer
2013-05-02 16:34 . 2013-05-03 19:28	--------	d-----w-	c:\documents and settings\Sonic\Dane aplikacji\Apple Computer
2013-05-02 16:34 . 2012-08-21 11:01	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-05-02 16:33 . 2013-05-02 16:33	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2013-05-02 16:33 . 2013-05-02 16:33	--------	d-----w-	c:\documents and settings\Sonic\Ustawienia lokalne\Dane aplikacji\Apple
2013-05-02 16:33 . 2013-05-02 16:33	--------	d-----w-	c:\program files\Apple Software Update
2013-05-02 16:33 . 2013-05-02 16:33	--------	d-----w-	c:\documents and settings\LocalService\Dane aplikacji\Apple Computer
2013-05-02 16:33 . 2012-12-13 11:50	6112864	----a-w-	c:\windows\system32\usbaaplrc.dll
2013-05-02 16:33 . 2012-12-13 11:50	45056	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2013-05-02 16:32 . 2013-05-02 16:32	--------	d-----w-	c:\program files\Bonjour
2013-05-02 16:32 . 2013-05-21 21:27	--------	d-----w-	c:\program files\Common Files\Apple
2013-05-02 16:32 . 2013-05-02 16:32	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Apple
2013-05-01 19:36 . 2009-02-12 13:11	22312	----a-w-	c:\windows\system32\drivers\rsdrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-23 14:05 . 2008-04-15 12:00	138496	----a-w-	c:\windows\system32\drivers\afd.sys
2013-05-20 12:31 . 2008-04-15 12:00	162816	----a-w-	c:\windows\system32\drivers\NETBT.SYS
2013-05-18 00:24 . 2012-11-28 18:12	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-18 00:24 . 2012-11-28 18:12	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:26 . 2008-04-15 12:00	920064	----a-w-	c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2008-04-15 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2008-04-15 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-04-12 23:30 . 2008-04-15 12:00	385024	------w-	c:\windows\system32\html.iec
2013-04-12 14:01 . 2008-04-15 12:00	1876608	----a-w-	c:\windows\system32\win32k.sys
2013-03-08 08:36 . 2008-04-15 12:00	293888	----a-w-	c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-15 12:00	2151424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2008-04-14 21:59	2030080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:58 . 2012-11-28 17:41	2067456	----a-w-	c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaIconsOverlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2013-04-30 17:33	225280	----a-w-	c:\program files\x264 Video Codec\Filters\Haali\mmdinfo.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	158224	----a-w-	c:\windows\system32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-12-03 33718272]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 110592]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="d:\programy\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2013-05-01 22312]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/11/28 19:25];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 13:58 87536]
R3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\drivers\cbfs3.sys [2013-05-04 299024]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-11-28 1617408]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [2012-11-28 1656960]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2013-01-20 99400]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-09 23:56	1642448	----a-w-	c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-28 00:24]
.
2013-05-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-1757981266-1801674531-1004Core.job
- c:\documents and settings\Sonic\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [2013-01-10 01:39]
.
2013-05-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-1757981266-1801674531-1004UA.job
- c:\documents and settings\Sonic\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [2013-01-10 01:39]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-29 11:46]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-29 11:46]
.
2013-05-23 c:\windows\Tasks\User_Feed_Synchronization-{FCE02AE3-15D9-4C9B-A4CB-6F914B9E4A3F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = https://www.google.pl/
mStart Page = hxxp://www.interia.pl/?utm_source=is
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:picasso@fixitpc.pl?subject=B%C5%82%C4%99dy%20na%20forum
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
SafeBoot-15286671.sys
SafeBoot-59889454.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-23 17:21
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-1757981266-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:4b,82,52,b8,c1,38,8e,af,9c,23,b0,5e,f5,87,b7,20,20,c3,c0,0a,45,
   30,90,c4,9b,df,41,35,e4,ab,99,88,38,4a,c4,a4,3c,04,10,92,6a,b8,38,70,8b,20,\
"rkeysecu"=hex:34,74,5a,66,f7,55,7a,fb,96,9e,6c,01,32,fd,f4,bb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="08692E143D8F61C2BE466AF6A5AC838A98F25A64CAFD8D9586D614393C7F9FCC734101A9087988DF879369202FAAB5654576CEA3E58D0110EE9E9C5923213DEBBEA51F0601C91EB8F3EF56306FC16C4525238BC430928965ED2A4557AB2944F3E2CFFE6710EF7E65DF65B33EC07E9FE91972BF57995C5B9E0A830D5D7A484455AB7C09302D1AB25FFA00F886143576F45664110FA6FD5BA89E3C6336C9F10265B86C1E6568BFFD844CD191FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DC038D530D6EB34525D575E7D6A3B9808D720B8555F9F0F8B6A85A1F1071B8448E455781A9EDBF0966054BCD292B71284D2BB6939CF8A60015ED5962ADA80B66B2AECA5336F2C846BCA117F5C32739822BEA265B777C4F4A379B6CBC58F9E35C47DC6CCAEAFED87B7052FA241602DB078BE84B9CB8065230718AE4F3F59F3A8F7965B9A203F2091CC413F9252458803259EA736A57E584AB5BD58F0C153CE3F1ACE3B02D2E19BC3EDD0E503166C04C2B949656FA867DDC82F8FE0C5AD7D552B39A70AB9C33E8840D22ED9EBC848EC2139502B3CEB928983E3D68CA99938002251427D3C2560E4AC2974E988D62DE4569F68783A3C3F4364B982AF37CB4B1C5CD7E5E246DB3702B48E62F357E4D0641E576A65C9978DC6D78C24B5CFC1604A99327D18DA0196078798DB6D1B47D135B84353988D3204234DA7711D19AC05FD99BC9811BFE2B5EC564E6ADEDC8A30F66837C3D06EF30BBC3B504476FBEFAD81A344E8D400033081D72D39E2E4EBCF1C757C025E99F7F0CB18B99A6AA724AFF0800EC57E691685E5C7A4182BC55E7A6A2DD0F4287C0D66DB620F9631891645BD7D512A3E8D861891E498FA7D50885AFD5C64AAA5CE3800CC9AEEFD1AD8C60D2C6CB6B5D542F1314C70E07A2F9BC482C4595D5466862F3951C4E9BA878FE90954A45F2A9DA329F935324950AC83A1E482F952C5095F5F6FF268875AEF6A69A0247C5E6F018CB104BC74125EF8A7E1DB4D99D2F843DAE7628B1441905CE7601DDB55B80FFE2346C0AA06EFA7276A7BA10F99DE89E0BC9BB74C588530EC519F2D900D6BB9AAC95309173A0A55DD7399D809DCEB3A3D8C82F8B7C83436D1ACABE32B0D65C12B2EF91870667CB1DA2D9A05CBCAE2EEC897D614287F263DD249BDB768BC081DBB3C918CF8E5582E6E47118EBE4F20308AEC8A5B4618258A4A36C102D7892CE62CA5216AC596205C7BB4C2C19BD9F5AB1B613F8194B26C81A449D7825FE51CDEDFE1E81941DBCCF6FCACAA4FF35E2831A60CCC23647431ADE69DD5D9384817674D2BD763281DCAD87CABF7CA28D4EFB6F0CABFBA5E8697BC250E43106EA8CF0801FE95798CC379011C6E8CAD6FB77A544D3C56AB"
.
Czas ukończenia: 2013-05-23  17:23:08
ComboFix-quarantined-files.txt  2013-05-23 15:23
.
Przed: 18 853 687 296 bajtów wolnych
Po: 19 357 863 936 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 4BC1931CD4890AFC1905D15BC97BB84A