ComboFix 11-10-10.01 - Rasta 2011-10-10  16:59:16.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1023.489 [GMT 2:00]
Uruchomiony z: h:\pliki pobrane @\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rasta\Dane aplikacji\SQLite3.dll
c:\documents and settings\Rasta\WINDOWS
c:\windows\d.ini
c:\windows\ehome\medctrro.exe
c:\windows\ST6UNST.000
c:\windows\system32\BReWErS.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VCS
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-09-10 do 2011-10-10  )))))))))))))))))))))))))))))))
.
.
2011-10-10 12:10 . 2011-10-10 12:26	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PC Tools
2011-10-10 10:37 . 2011-10-10 11:24	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2011-10-10 09:56 . 2011-10-10 09:56	--------	d-----w-	c:\documents and settings\Rasta\Dane aplikacji\Malwarebytes
2011-10-10 09:56 . 2011-10-10 09:56	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2011-10-09 12:23 . 2011-10-09 04:11	764275	--sha-w-	c:\program files\Internet Explorer\iexplore_update.exe
2011-10-03 18:19 . 2011-10-03 18:22	--------	d-----w-	C:\Temp
2011-10-01 15:59 . 2011-10-01 15:59	--------	d-----w-	c:\documents and settings\Rasta\.swt
2011-09-30 10:25 . 2011-09-30 10:25	--------	d-----w-	c:\documents and settings\Rasta\Ustawienia lokalne\Dane aplikacji\Installer3732
2011-09-21 20:13 . 2011-09-22 21:32	--------	d-----w-	c:\documents and settings\Rasta\Dane aplikacji\TS3Client
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-09 17:28 . 2009-07-08 11:39	268952	-c--a-w-	c:\windows\system32\PnkBstrB.xtr
2011-10-09 17:28 . 2008-12-14 13:02	268952	----a-w-	c:\windows\system32\PnkBstrB.exe
2011-10-09 16:28 . 2008-12-14 13:03	137176	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2011-10-09 16:28 . 2008-12-14 13:02	268952	----a-w-	c:\windows\system32\PnkBstrB.ex0
2011-09-28 07:06 . 2011-07-29 17:11	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2001-10-26 17:29	602624	----a-w-	c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-07-25 16:18	41184	----a-w-	c:\windows\avastSS.scr
2011-09-06 20:45 . 2008-12-14 11:33	199304	----a-w-	c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-07-25 16:19	442200	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2008-12-14 11:34	320856	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2008-12-14 11:34	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2008-12-14 11:34	52568	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2008-12-14 11:34	110552	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2008-12-14 11:34	104536	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2008-12-14 11:34	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2008-12-14 11:34	30808	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-07-15 13:29 . 2001-08-18 06:24	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-09-29 07:30 . 2011-09-10 15:38	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54	175912	----a-w-	c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-01-07 46592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="d:\qt\QTTask.exe" [2009-11-10 417792]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Internet Explorer Update"="c:\program files\Internet Explorer\iexplore_update.exe" [2011-10-09 764275]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Gry\\ET\\ET.exe"=
"d:\\Gry\\ET\\ETDED.exe"=
"d:\\Xfire\\Xfire.exe"=
"d:\\Progg\\DC PlusPlus 0.670\\DCPlusPlus.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"d:\\Gry\\Diablo II\\Diablo II.exe"=
"d:\\Gry\\NFSU\\Speed.exe"=
"h:\\Diablo II\\Diablo II.exe"=
"h:\\Teamspeak2SERVER\\server_windows.exe"=
"h:\\Ascaron Entertainment\\Sacred Underworld\\sacred.exe"=
"h:\\Ascaron Entertainment\\Sacred Underworld\\gameserver.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-12-23 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-07-25 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-12-14 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-14 20568]
S2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [2001-10-26 14336]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2010-11-28 219136]
S3 cpuz130;cpuz130;\??\c:\docume~1\Rasta\USTAWI~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Rasta\USTAWI~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2009-01-14 19018]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\Ntaccess.sys [2008-12-14 17585]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
wmcmgc
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://startsear.ch/?aff=1
mStart Page = hxxp://startsear.ch/?aff=1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.50.4.1 89.107.153.5
FF - ProfilePath - c:\documents and settings\Rasta\Dane aplikacji\Mozilla\Firefox\Profiles\wbxaityt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-ASIO4ALL - d:\pr\uninstall.exe
AddRemove-Nokia PC Suite - c:\documents and settings\All Users\Dane aplikacji\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_pol.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-10 18:07
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1E341961-E3AA-34BF-2F30-613DAF41646B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaphdnkjahedbjgimf"=hex:6b,61,6c,65,63,68,63,6c,64,68,61,6b,6b,62,68,67,65,6c,
   63,6f,69,62,00,00
"hajmnmganknenmcn"=hex:6b,61,6c,65,63,68,63,6c,64,68,61,6b,6b,62,68,67,65,6c,
   63,6f,69,62,00,00
.
[HKEY_USERS\S-1-5-21-1177238915-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A17963B7-55D2-E7D6-ED48-1038C90AD541}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaflhefggpmmdaidbf"=hex:6b,61,6a,6b,6b,62,62,64,62,69,64,6a,68,65,62,6d,70,6f,
   67,69,6a,68,00,00
"haljdlepmnkpjmhi"=hex:6b,61,6a,6b,6b,62,62,64,62,69,64,6a,68,65,62,6d,70,6f,
   67,69,6a,68,00,00
.
[HKEY_USERS\S-1-5-21-1177238915-412668190-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c4,cc,53,50,3d,c5,54,f2,9d,4d,85,a5,ca,58,c9,b2,07,ab,2e,48,be,
   e3,fb,02,01,a3,e9,0a,41,44,6d,2f,3f,c1,a3,e5,5f,41,58,8f,6c,d4,a4,a8,52,98,\
"rkeysecu"=hex:b9,39,30,17,6f,ee,c7,69,70,4a,de,ea,dc,78,3f,4b
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E341961-E3AA-34BF-2F30-613DAF41646B}\InProcServer32*]
"fanhkieacfka"=hex:70,61,6f,65,66,65,62,61,6e,6a,68,67,64,6a,68,6b,66,64,6f,66,
   70,66,65,68,6e,63,70,6f,69,65,62,66,00,1d
"nanhaikfgeliohafdfkhlhndklih"=hex:70,61,6f,67,6a,6b,6e,6d,68,68,70,68,62,61,
   67,63,6a,6b,68,68,69,68,66,6a,67,6e,6c,69,6d,67,6d,69,00,1d
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(2608)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
h:\nokla\Nokia PC Suite 7\PhoneBrowser.dll
h:\nokla\Nokia PC Suite 7\NGSCM.DLL
h:\nokla\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr
h:\nokla\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2011-10-10  18:19:28 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-10-10 16:19
.
Przed: 961 642 496 bajtów wolnych
Po: 811 929 600 bajtów wolnych
.
- - End Of File - - E8D870831EF9FCE3ED12E4DC58EDE62C