ComboFix 12-11-19.01 - Administrator 2012-11-20  14:58:33.1.1 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.639.449 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-10-20 do 2012-11-20  )))))))))))))))))))))))))))))))
.
.
2012-11-20 12:50 . 2012-10-30 22:51	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-11-20 12:50 . 2012-10-30 22:51	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-11-20 12:50 . 2012-10-30 22:51	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-11-20 12:50 . 2012-10-30 22:51	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-11-20 12:50 . 2012-10-30 22:51	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-11-20 12:50 . 2012-10-30 22:51	97608	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2012-11-20 12:50 . 2012-10-30 22:51	89752	----a-w-	c:\windows\system32\drivers\aswmon.sys
2012-11-20 12:50 . 2012-10-30 22:51	25256	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2012-11-20 12:49 . 2012-10-30 22:51	41224	----a-w-	c:\windows\avastSS.scr
2012-11-20 12:49 . 2012-10-30 22:50	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-11-20 12:48 . 2012-11-20 12:48	--------	d-----w-	c:\program files\AVAST Software
2012-11-20 12:48 . 2012-11-20 12:48	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AVAST Software
2012-11-19 18:16 . 2012-11-19 18:16	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\Malwarebytes
2012-11-19 17:04 . 2012-11-19 17:04	--------	d-----w-	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla
2012-11-14 14:06 . 2012-06-27 08:37	114280	----a-w-	c:\windows\system32\drivers\ssadserd.sys
2012-11-14 14:06 . 2012-06-27 08:37	30312	----a-w-	c:\windows\system32\drivers\ssadadb.sys
2012-11-14 14:06 . 2012-06-27 08:37	1416680	----a-w-	c:\windows\system32\WdfCoInstaller01005.dll
2012-11-14 14:06 . 2012-06-27 08:37	1416680	----a-w-	c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-11-14 14:03 . 2012-11-14 14:05	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Samsung
2012-11-12 18:39 . 2012-11-12 18:39	--------	d-----w-	c:\program files\Fajna Faktura Start
2012-10-29 15:00 . 2012-10-29 15:00	--------	d-----w-	c:\program files\PlayReady
2012-10-22 15:52 . 2012-10-22 15:52	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\RDRM
2012-10-22 15:52 . 2012-10-22 15:52	--------	d-----w-	c:\program files\ipla
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 14:58 . 2012-08-05 12:18	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 14:58 . 2011-12-06 06:38	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-26 19:57 . 2012-09-26 19:57	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2012-09-26 19:57 . 2012-09-26 19:57	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-09-26 19:57 . 2012-09-26 19:57	30568	----a-w-	c:\windows\MusiccityDownload.exe
2012-09-26 19:57 . 2012-09-26 19:57	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2012-09-26 19:57 . 2012-09-26 19:57	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2012-09-26 19:57 . 2012-09-26 19:57	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2012-09-26 19:57 . 2012-09-26 19:57	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2012-09-26 19:57 . 2012-09-26 19:57	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2012-09-26 19:57 . 2012-09-26 19:57	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2012-09-26 19:57 . 2012-09-26 19:57	569344	----a-w-	c:\windows\system32\muzdecode.ax
2012-09-26 19:57 . 2012-09-26 19:57	491520	----a-w-	c:\windows\system32\muzapp.dll
2012-09-26 19:57 . 2012-09-26 19:57	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2012-09-26 19:57 . 2012-09-26 19:57	45320	----a-w-	c:\windows\system32\MAMACExtract.dll
2012-09-26 19:57 . 2012-09-26 19:57	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2012-09-26 19:57 . 2012-09-26 19:57	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2012-09-26 19:57 . 2012-09-26 19:57	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2012-09-26 19:57 . 2012-09-26 19:57	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2012-09-26 19:57 . 2012-09-26 19:57	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2012-09-26 19:57 . 2012-09-26 19:57	245760	----a-w-	c:\windows\system32\MSCLib.dll
2012-09-26 19:57 . 2012-09-26 19:57	24576	----a-w-	c:\windows\system32\MASetupCleaner.exe
2012-09-26 19:57 . 2012-09-26 19:57	200704	----a-w-	c:\windows\system32\muzwmts.dll
2012-09-26 19:57 . 2012-09-26 19:57	155648	----a-w-	c:\windows\system32\MSFLib.dll
2012-09-26 19:57 . 2012-09-26 19:57	143360	----a-w-	c:\windows\system32\3DAudio.ax
2012-09-26 19:57 . 2012-09-26 19:57	135168	----a-w-	c:\windows\system32\muzaf1.dll
2012-09-26 19:57 . 2012-09-26 19:57	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2012-09-26 19:57 . 2012-09-26 19:57	122880	----a-w-	c:\windows\system32\muzeffect.ax
2012-09-26 19:57 . 2012-09-26 19:57	118784	----a-w-	c:\windows\system32\MaDRM.dll
2012-09-26 19:57 . 2012-09-26 19:57	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2012-10-27 17:57 . 2012-10-27 17:57	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\5cb56d26ae277f6fc62b86faa15488d1\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\5cb56d26ae277f6fc62b86faa15488d1\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\5cb56d26ae277f6fc62b86faa15488d1\SP2GDR\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\5cb56d26ae277f6fc62b86faa15488d1\SP2QFE\tcpip.sys
[-] 2008-05-02 . 8E036EEC565910417EA020CE0962AA24 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"ORAHSSSessionManager"="c:\program files\Livebox\SessionManager\SessionManager.exe" [2008-06-10 107248]
"ISTray"="d:\spyware doctor\pctsTray.exe" [2008-04-10 1107848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-03-01 124928]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2011-08-16 18:30	1379840	----a-w-	d:\allplayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-01-15 14:18	16200	----a-r-	c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-10-11 08:33	309688	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 13:53	1312080	----a-w-	d:\malwarebytes' anti-malware\mbam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"d:\\Ares\\Ares.exe"=
"d:\\Program Files\\Counter-Strike\\cstrike.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-15 64288]
R2 sdAuxService;PC Tools Auxiliary Service;d:\spyware doctor\pctsAuxs.exe [2009-11-14 337800]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-20 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-20 361032]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-20 21256]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-11-14 30312]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [2010-10-17 18048]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-11-14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-11-14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-11-14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-11-14 114280]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-10 691696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 14:58]
.
2012-11-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-20 22:50]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ir3r563s.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-Kaspersky Setup - c:\docume~1\ADMINI~1\USTAWI~1\Temp\nsd47.tmp\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-20 15:05
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\sfc_os.dll
.
- - - - - - - > 'explorer.exe'(1736)
c:\windows\system32\msi.dll
.
Czas ukończenia: 2012-11-20  15:06:56
ComboFix-quarantined-files.txt  2012-11-20 14:06
ComboFix2.txt  2012-11-20 11:24
ComboFix3.txt  2012-11-19 18:32
ComboFix4.txt  2012-11-19 18:08
ComboFix5.txt  2012-11-20 13:56
.
Przed: 34 889 666 560 bajtów wolnych
Po: 35 052 380 160 bajtów wolnych
.
- - End Of File - - DAE22DE0687360565B298486C802DE09