ComboFix 12-05-24.02 - conieco 2012-05-24  17:46:12.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2046.1588 [GMT 2:00]
Uruchomiony z: c:\documents and settings\conieco\Pulpit\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\tmp77.tmp
c:\windows\system32\tmp78.tmp
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-04-24 do 2012-05-24  )))))))))))))))))))))))))))))))
.
.
2012-05-24 13:58 . 2012-05-24 15:35	--------	d-----w-	C:\32788R22FWJFW
2012-05-11 21:16 . 2012-05-11 21:16	--------	d-----w-	c:\program files\ESET
2012-04-25 15:42 . 2012-04-25 15:43	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-04-25 15:42 . 2012-04-25 15:42	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 15:42 . 2012-04-25 15:42	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 15:56 . 2011-03-13 09:47	949104	----a-w-	c:\program files\opera.exe
2012-05-15 15:56 . 2011-03-13 09:47	14290800	----a-w-	c:\program files\opera.dll
2012-05-15 15:56 . 2011-03-13 09:47	529137	----a-w-	c:\program files\encoding.bin
2012-05-02 21:41 . 2011-10-31 21:14	164880	---ha-w-	c:\documents and settings\merkury\Dane aplikacji\Microsoft\Virtual PC\VPCKeyboard.dll
2012-04-11 13:55 . 2004-08-04 00:39	2028032	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2007-08-02 12:00	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 13:54 . 2007-08-02 12:00	1862528	----a-w-	c:\windows\system32\win32k.sys
2012-04-08 12:12 . 2012-04-08 12:12	413696	----a-w-	c:\windows\system32\wrap_oal.dll
2012-04-08 12:12 . 2012-04-08 12:12	110592	----a-w-	c:\windows\system32\OpenAL32.dll
2012-04-03 12:47 . 2012-04-12 11:21	158512	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2012-04-03 12:47 . 2012-04-03 12:47	104752	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-03 12:47 . 2011-11-05 15:35	91952	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2012-03-08 16:13 . 2011-08-22 18:29	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2010-08-15 16:17	41184	----a-w-	c:\windows\avastSS.scr
2012-03-07 00:15 . 2008-01-22 17:37	201352	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-06-30 16:05	612184	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2008-04-05 08:50	337880	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2008-01-22 17:37	35672	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2008-01-22 17:37	53848	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2008-01-22 17:37	95704	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2008-01-22 17:37	89048	----a-w-	c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2008-04-05 08:50	20696	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2008-01-22 17:37	24920	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2012-03-01 01:15 . 2007-08-02 12:00	832512	----a-w-	c:\windows\system32\wininet.dll
2012-03-01 01:15 . 2007-08-02 12:00	1830912	------w-	c:\windows\system32\inetcpl.cpl
2012-03-01 01:15 . 2007-08-02 12:00	78336	----a-w-	c:\windows\system32\ieencode.dll
2012-03-01 01:15 . 2007-08-02 12:00	17408	------w-	c:\windows\system32\corpol.dll
2012-02-29 14:10 . 2007-08-02 12:00	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2007-08-02 12:00	148480	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-25 15:42 . 2011-12-04 09:23	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15	123536	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"COMODO Firewall Pro"="e:\programy\Comodo\cfp.exe" [2010-01-28 1800464]
"COMODO Internet Security"="e:\programy\Comodo\cfp.exe" [2010-01-28 1800464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^conieco^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\documents and settings\conieco\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43	69632	-c----r-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-04 09:39	149040	-c--a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-02-09 15:43	2621440	------r-	c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39	1289000	----a-w-	c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 12:26	484904	-c--a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-05-04 09:59	161328	-c--a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-11-06 09:30	1626112	-c--a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 09:33	16132608	-c----r-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49	249064	-c--a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"SQLBrowser"=2 (0x2)
"MSSQL$INSERTGT"=2 (0x2)
"gusvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Programy\\G\\iw3mp.exe"=
"c:\\Program Files\\opera.exe"=
"c:\\Program Files\\Sega\\Virtua Tennis 4\\VT4.exe"=
"e:\\Nowe\\programy\\IHF Handball Challenge 12\\IHF_HC12.exe"=
"e:\\Nowe\\programy\\IHF Handball Challenge 12\\updater\\Updater.exe"=
"e:\\Programy\\Game\\fifa.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-06-30 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-04-05 337880]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2007-02-09 134344]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2007-02-09 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 20696]
R2 MSSQL$FAKTURABYMARCIO;SQL Server (FAKTURABYMARCIO);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2011-11-07 245760]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-01-26 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-01-26 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-01-26 42112]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-04-03 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23	452136	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gazeta.pl/0,0.html?p=102
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 84.205.161.138 84.205.160.1
FF - ProfilePath - c:\documents and settings\conieco\Dane aplikacji\Mozilla\Firefox\Profiles\cu151j2b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
FF - prefs.js: network.proxy.type - 4
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-Ubuntu - c:\windows\uninstall-ubuntu.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-24 17:53
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-838170752-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Czas ukończenia: 2012-05-24  17:55:41
ComboFix-quarantined-files.txt  2012-05-24 15:55
.
Przed: 4 143 484 928 bajtów wolnych
Po: 5 231 185 920 bajtów wolnych
.
- - End Of File - - 642DC654529ED574BFC95B9155B37F80