ComboFix 11-02-12.02 - Rafał 2011-02-13  13:01:18.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.510.201 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Rafał\Pulpit\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dane aplikacji\hpe6.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2011-01-13 do 2011-02-13  )))))))))))))))))))))))))))))))
.

2011-02-13 11:50 . 2009-09-04 16:29	1892184	----a-w-	c:\windows\system32\D3DX9_42.dll
2011-02-13 11:50 . 2011-02-13 11:50	--------	d-----w-	c:\windows\LastGood
2011-02-13 11:49 . 2006-09-28 15:05	2414360	----a-w-	c:\windows\system32\d3dx9_31.dll
2011-02-13 11:49 . 2011-02-13 11:49	--------	d-----w-	c:\windows\Logs
2011-02-13 11:48 . 2011-02-13 11:48	--------	d-----w-	c:\program files\Winamp Detect
2011-02-13 11:47 . 2011-02-13 11:51	--------	d-----w-	c:\program files\Winamp
2011-02-13 11:47 . 2011-02-13 11:47	--------	d-----w-	c:\documents and settings\Rafał\Dane aplikacji\Winamp
2011-02-13 11:45 . 2011-02-13 11:45	--------	d-----w-	c:\program files\Common Files\Java
2011-02-13 11:45 . 2010-11-12 17:53	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-13 11:45 . 2010-11-12 17:53	472808	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-13 11:35 . 2011-02-13 11:35	--------	d-----w-	c:\program files\Disktrix
2011-02-13 11:04 . 2011-01-13 08:37	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-02-13 11:04 . 2011-01-13 08:41	294608	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-02-13 11:03 . 2011-01-13 08:37	23632	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-02-13 11:03 . 2011-01-13 08:40	47440	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-02-13 11:03 . 2011-01-13 08:40	100176	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-02-13 11:03 . 2011-01-13 08:39	94544	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-02-13 11:03 . 2011-01-13 08:37	29392	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-02-13 11:02 . 2011-01-13 08:47	38848	----a-w-	c:\windows\avastSS.scr
2011-02-13 11:02 . 2011-01-13 08:47	188216	----a-w-	c:\windows\system32\aswBoot.exe
2011-02-13 10:32 . 2011-02-13 10:34	--------	d-----w-	c:\documents and settings\Administrator
2011-02-13 09:31 . 2011-02-13 09:31	--------	d-----w-	c:\program files\CCleaner
2011-02-04 15:18 . 2011-02-04 22:18	--------	d-----w-	c:\windows\SxsCaPendDel
2011-01-29 13:19 . 2010-11-24 10:12	120296	----a-w-	c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
2011-01-29 13:19 . 2011-01-29 13:19	--------	d-----w-	c:\program files\Ganymede
2011-01-29 12:50 . 2010-08-20 09:05	955904	----a-w-	c:\program files\Mozilla Firefox\plugins\NPDEMON.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-19 10:00 . 2010-12-19 10:00	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Rafał^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\documents and settings\Rafał\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-07 15:11	133104	----atw-	c:\documents and settings\Rafał\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 12:41	434176	----a-w-	c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"OMSI download service"=2 (0x2)
"odserv"=3 (0x3)
"NMSAccessU"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"nwiz"=nwiz.exe /installquiet

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Gry\\call\\CoDMP.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-10-02 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-02-13 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-02-13 17744]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-04-02 27632]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-02-13 1691480]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2010-04-02 90112]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\fjayrs7k.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Skojarzenia plików -------
.
.scr=AutoCADScriptFile
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-ALLUpdate - c:\program files\ALLPlayer\ALLUpdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-WindowsUptime - c:\program files\Windows Uptime\Windows Uptime.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-13 13:10
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2011-02-13  13:14:53
ComboFix-quarantined-files.txt  2011-02-13 12:14

Przed: 4 325 720 064 bajtów wolnych
Po: 4 286 734 336 bajtów wolnych

- - End Of File - - B89301C09563CBA146B37B2A1DC34495