ComboFix 12-05-28.01 - Administrator 2012-05-28  14:29:39.7.1 - x86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.1526.1231 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-04-28 do 2012-05-28  )))))))))))))))))))))))))))))))
.
.
2012-05-28 00:40 . 2012-05-28 00:40	63	----a-w-	C:\xpAVG.exe
2012-05-26 22:02 . 2012-05-26 22:02	60	----a-w-	C:\xp1.exe
2012-05-26 19:21 . 2012-05-26 19:21	--------	d-sh--w-	c:\documents and settings\LocalService.ZARZĄDZANIE NT\IETldCache
2012-05-26 18:52 . 2012-05-26 18:52	41	----a-w-	c:\windowsh\system32\windows321.sys
2012-05-26 18:52 . 2012-05-26 21:24	130	----a-w-	c:\windowsh\system32\mcsql.vbs
2012-05-26 18:51 . 2012-05-26 18:51	47	----a-w-	c:\windowsh\system32\Lonely.sys
2012-05-25 15:22 . 2012-05-25 15:22	64	----a-w-	C:\zy1314.exe
2012-05-25 15:22 . 2012-05-25 15:22	63	----a-w-	C:\sh1314.exe
2012-05-25 15:22 . 2012-05-25 15:22	66	----a-w-	C:\xp1314.exe
2012-05-25 12:02 . 2012-05-25 12:02	--------	d-----w-	c:\windowsh\LastGood
2012-05-25 11:04 . 2012-05-25 11:04	--------	d-----w-	c:\program files\Common Files\ABBYY
2012-05-25 10:59 . 2012-05-25 11:07	--------	d-----w-	c:\program files\ABBYY FineReader 9.0
2012-05-25 09:27 . 2012-05-28 11:56	--------	d-----w-	c:\documents and settings\Administrator
2012-05-25 08:56 . 2012-05-26 08:33	64	----a-w-	C:\zysys.exe
2012-05-25 08:56 . 2012-05-26 08:33	63	----a-w-	C:\shsys.exe
2012-05-25 08:56 . 2012-05-28 07:59	66	----a-w-	C:\xpsys.exe
2012-05-25 08:29 . 2012-05-25 08:29	0	----a-w-	C:\stserver.exe
2012-05-25 08:29 . 2012-05-26 04:03	68	----a-w-	C:\zyserver.exe
2012-05-25 08:29 . 2012-05-25 08:29	0	----a-w-	C:\sserver.exe
2012-05-25 08:29 . 2012-05-26 04:03	67	----a-w-	C:\shserver.exe
2012-05-25 08:28 . 2012-05-25 08:28	0	----a-w-	C:\bootserver.exe
2012-05-25 08:28 . 2012-05-27 13:49	70	----a-w-	C:\xpserver.exe
2012-05-23 10:01 . 2012-05-23 10:01	--------	d-----w-	c:\documents and settings\All Users.WINDOWSH\Dane aplikacji\Sophos
2012-05-23 10:01 . 2012-05-23 10:01	--------	d-----w-	c:\program files\Sophos
2012-05-21 20:09 . 2012-05-21 20:18	0	----a-w-	C:\bootsssss.exe
2012-05-18 05:24 . 2012-05-18 05:24	0	----a-w-	C:\hex123.exe
2012-05-17 17:23 . 2012-05-17 17:23	--------	d-----w-	c:\documents and settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\ESET
2012-05-17 11:55 . 2012-05-17 11:55	--------	d-----w-	c:\windowsh\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ESET
2012-05-16 12:34 . 2012-05-16 12:34	--------	d-----w-	c:\program files\Attractel
2012-05-16 10:17 . 2012-05-25 12:30	--------	d-----w-	c:\program files\ABBYY FineReader 11
2012-05-16 05:01 . 2012-05-16 05:01	--------	d-sh--w-	c:\documents and settings\NetworkService.ZARZĄDZANIE NT\PrivacIE
2012-05-16 05:00 . 2012-05-16 05:00	--------	d-----r-	c:\documents and settings\NetworkService.ZARZĄDZANIE NT\Ulubione
2012-05-15 12:48 . 2012-05-15 12:49	--------	d-----w-	c:\windowsh\tt
2012-05-15 12:48 . 2012-05-15 12:48	--------	d-----w-	c:\windowsh\kk
2012-05-15 12:48 . 2012-05-15 12:48	--------	d-----w-	c:\windowsh\bb
2012-05-15 12:25 . 2012-05-17 11:02	--------	d-----w-	c:\windowsh\5DF63F42
2012-05-15 09:18 . 2012-05-15 09:18	113	----a-w-	c:\windowsh\system32\gouri.bat
2012-04-30 07:24 . 2012-04-30 07:24	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-04-30 07:24 . 2012-04-30 07:24	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 11:20 . 2012-04-12 11:14	419488	------w-	c:\windowsh\system32\FlashPlayerApp.exe
2012-05-05 11:20 . 2011-05-20 06:10	70304	------w-	c:\windowsh\system32\FlashPlayerCPLApp.cpl
2012-05-05 11:20 . 2012-04-14 15:20	4140192	------w-	c:\windowsh\system32\FlashPlayerInstaller.exe
2012-04-11 13:55 . 2004-08-04 00:38	2070400	------w-	c:\windowsh\system32\ntkrnlpa.exe
2012-04-11 13:54 . 2006-03-02 12:00	1862528	------w-	c:\windowsh\system32\win32k.sys
2012-04-11 13:54 . 2006-03-02 12:00	2193920	------w-	c:\windowsh\system32\ntoskrnl.exe
2012-03-11 21:13 . 2011-10-07 16:48	97760	------w-	c:\windowsh\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-10-07 16:48	31704	------w-	c:\windowsh\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-10-07 16:48	494968	------w-	c:\windowsh\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-10-07 16:48	18056	------w-	c:\windowsh\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-10-07 16:47	33984	------w-	c:\windowsh\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-10-07 16:47	301224	------w-	c:\windowsh\system32\guard32.dll
2012-03-01 10:59 . 2006-03-02 12:00	916992	------w-	c:\windowsh\system32\wininet.dll
2012-03-01 10:59 . 2006-03-02 12:00	43520	------w-	c:\windowsh\system32\licmgr10.dll
2012-03-01 10:59 . 2006-03-02 12:00	1469440	------w-	c:\windowsh\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-03-02 12:00	177664	------w-	c:\windowsh\system32\wintrust.dll
2012-02-29 14:10 . 2006-03-02 12:00	148480	------w-	c:\windowsh\system32\imagehlp.dll
2012-02-29 12:17 . 2006-03-02 12:00	385024	------w-	c:\windowsh\system32\html.iec
2012-02-28 14:26 . 2012-03-15 07:14	23392	------w-	c:\windowsh\system32\dopdfmn7.dll
2012-02-28 14:26 . 2012-03-15 07:14	20832	------w-	c:\windowsh\system32\dopdfmi7.dll
2007-08-06 11:07 . 2008-03-05 13:54	8784	-c--a-w-	c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-07-18 13:54 . 2008-03-05 13:54	245408	-c--a-w-	c:\program files\mozilla firefox\plugins\unicows.dll
2012-05-28 05:59 . 2011-03-29 12:37	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-02-14 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windowsh\system32\dllcache\tcpip.sys
[-] 2012-02-14 . 22A389083780C053B52519AF28201A96 . 361344 . . [5.1.2600.5512] . . c:\windowsh\ServicePackFiles\i386\tcpip.sys
[-] 2012-02-14 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windowsh\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windowsh\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windowsh\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windowsh\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windowsh\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windowsh\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windowsh\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windowsh\$NtUninstallKB951748$\tcpip.sys
[7] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windowsh\$NtUninstallKB951748_0$\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jester2K Speed Fix"="regedit" [X]
"UMonit"="c:\windowsh\system32\UMonit.exe" [2007-11-12 200704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Bonus.SSR.FR11"="c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2012-05-25 925960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windowsh\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2010-10-01 07:12	87424	------w-	c:\windowsh\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-08-06 15:48	110592	----a-w-	c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windowsh\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWSH^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWSH\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windowsh\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWSH^Menu Start^Programy^Autostart^Philips SA19xx Device Manager.lnk]
path=c:\documents and settings\All Users.WINDOWSH\Menu Start\Programy\Autostart\Philips SA19xx Device Manager.lnk
backup=c:\windowsh\pss\Philips SA19xx Device Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWSH^Menu Start^Programy^Autostart^Service Manager.lnk]
path=c:\documents and settings\All Users.WINDOWSH\Menu Start\Programy\Autostart\Service Manager.lnk
backup=c:\windowsh\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Piotr^Menu Start^Programy^Autostart^BD Serwer.lnk]
path=c:\documents and settings\Piotr\Menu Start\Programy\Autostart\BD Serwer.lnk
backup=c:\windowsh\pss\BD Serwer.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Piotr^Menu Start^Programy^Autostart^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Piotr\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk
backup=c:\windowsh\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-11-16 13:12	88209	-c--a-w-	c:\windowsh\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-03-13 03:37	3331872	----a-w-	c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03	33120	----a-w-	c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-02-08 14:38	159744	-c--a-w-	c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2012-02-23 10:38	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
2010-09-23 14:46	3154432	----a-w-	c:\program files\Cobian Backup 10\cbInterface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2012-03-11 21:13	6749512	----a-w-	c:\program files\COMODO\COMODO Internet Security\cfp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 17:21	15360	------w-	c:\windowsh\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	357696	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-08-06 15:52	356352	-c--a-w-	c:\program files\Intel\Wireless\Bin\EOUWiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2009-12-30 23:25	1208832	----a-w-	c:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-12-13 12:38	126976	------w-	c:\windowsh\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52	49152	-c--a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-10-15 08:20	36864	-c--a-w-	c:\program files\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-10-03 14:15	480560	----a-w-	c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-12-13 12:43	155648	------w-	c:\windowsh\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-08-06 15:48	385024	----a-w-	c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
2004-01-20 19:02	815104	----a-w-	c:\program files\NetLimiter\NetLimiter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 14:53	190768	----a-w-	c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2011-12-16 10:04	1508408	----a-w-	d:\nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessGovernor]
2011-09-28 02:00	333328	----a-w-	c:\program files\Process Lasso\ProcessGovernor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessLassoManagementConsole]
2011-09-28 02:00	609808	----a-w-	c:\program files\Process Lasso\ProcessLasso.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl11]
2011-07-19 04:39	234792	----a-w-	c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-09-11 09:22	614400	----a-w-	c:\windowsh\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2004-09-23 11:41	860160	----a-w-	c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 08:11	1388544	----a-w-	c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TgbVpn]
2011-11-15 14:01	649904	----a-w-	c:\program files\TheGreenBow\TheGreenBow VPN\vpnconf.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2007-08-22 08:24	53248	----a-w-	c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2010-07-08 13:28	815704	----a-w-	c:\program files\TightVNC\tvnserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
".EsetTrialReset"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"tvnserver"=2 (0x2)
"PDEngine"=2 (0x2)
"PDAgent"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"CyberLink PowerDVD 11.0 Service"=2 (0x2)
"CyberLink PowerDVD 11.0 Monitor Service"=2 (0x2)
"TeamViewer6"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TgbIke Starter"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SCPDFReadSpool"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"rpcapd"=3 (0x3)
"RegSrvc"=2 (0x2)
"OwnershipProtocol"=2 (0x2)
"ose"=3 (0x3)
"MsDepSvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Internet Manager. RunOuc"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"HWDeviceService.exe"=2 (0x2)
"hpqwmiex"=2 (0x2)
"hpqwmi"=3 (0x3)
"EMSService"=2 (0x2)
"cmdAgent"=2 (0x2)
"CLHNServiceForPowerDVD"=2 (0x2)
"cbVSCService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IPView Pro\\IPView Pro.exe"=
"c:\\Program Files\\Elnix_IP_PBX\\Konsola_IP_PBX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Elnix_IP_PBX\\PCVOIP.exe"=
"c:\\Program Files\\EMS\\EMS.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EPSON Projector\\EMP Monitor V4.22\\EMPMonitor.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PowerDVD11.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PDVD11Serv.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\Common\\MediaServer\\CLMSServer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Elnix_IP_PBX_nowsze\\Konsola_IP_PBX.exe"=
"c:\\WINDOWSH\\system32\\mmc.exe"=
"c:\\Program Files\\Look@LAN\\LookAtLan.exe"=
"c:\\Program Files\\Look@LAN\\LookAtHost.exe"=
"c:\\Program Files\\Axence\\NetTools\\4.0\\NetTools.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\uT\\utorrent.exe"=
"c:\\Program Files\\Aptana\\Aptana Studio 2.0\\AptanaStudio.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CASIO\\Wireless Connection 3\\Wireless Connection 3.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4014:UDP"= 4014:UDP:DVR TIME SYNC SERVICE
"21:UDP"= 21:UDP:ftp udp
"21:TCP"= 21:TCP:fto tcp
"5985:TCP"= 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows 
.
R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windowsh\system32\drivers\BMLoad.sys [2012-02-08 13184]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windowsh\system32\drivers\cmderd.sys [2011-10-07 18056]
R3 huawei_enumerator;huawei_enumerator;c:\windowsh\system32\drivers\ew_jubusenum.sys [2012-02-08 73216]
S0 sptd;sptd;c:\windowsh\system32\drivers\sptd.sys [2010-09-01 436792]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windowsh\system32\drivers\cmdGuard.sys [2011-10-07 494968]
S1 ehdrv;ehdrv;c:\windowsh\system32\drivers\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:\windowsh\system32\drivers\epfwtdir.sys [2009-05-14 94360]
S1 TgbVPN;TheGreenBow VPN Client;c:\windowsh\system32\drivers\TgbVPN.sys [2011-11-15 137216]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/27 11:14];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-07-19 20:34 77296]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S2 CesarFTP;CesarFTP FTP Server;c:\program files\CesarFTP\server.exe -S --> c:\program files\CesarFTP\server.exe -S [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windowsh\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [2011-10-18 1125376]
S2 cpuz135;cpuz135;c:\windowsh\system32\drivers\cpuz135_x32.sys [2012-01-27 21992]
S2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\IBM\SQLLIB\BIN\db2mgmtsvc.exe [2009-04-04 38688]
S2 DvrTimeServer;DvrTimeServer;c:\program files\EMS\DvrTimeSvr.exe [2008-10-29 49152]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 MSSQL$MAGICEYE;MSSQL$MAGICEYE;c:\program files\Microsoft SQL Server\MSSQL$MAGICEYE\Binn\sqlservr.exe -sMAGICEYE --> c:\program files\Microsoft SQL Server\MSSQL$MAGICEYE\Binn\sqlservr.exe -sMAGICEYE [?]
S2 MSSQL$PRNWATCH;SQL Server (PRNWATCH);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MySQL_ZendServer51;MySQL_ZendServer51;"c:\program files\Zend\MySQL51\bin\mysqld" --defaults-file="c:\program files\Zend\MySQL51\my.ini" MySQL_ZendServer51 --> c:\program files\Zend\MySQL51\bin\mysqld [?]
S2 NPF;NetGroup Packet Filter Driver;c:\windowsh\system32\drivers\npf.sys [2009-10-20 50704]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-09-27 71664]
S2 PCPrintLogger;PaperCut Print Logger;c:\program files\PaperCut Print Logger\pcpl.exe [2011-11-29 430080]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\postgres\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "c:\postgres\data\" --> c:\postgres\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?]
S2 SSPORT;SSPORT;\??\c:\windowsh\system32\Drivers\SSPORT.sys --> c:\windowsh\system32\Drivers\SSPORT.sys [?]
S2 TeamViewer7;TeamViewer 7;c:\docume~1\Piotr\USTAWI~1\Temp\TeamViewer\Version7\TeamViewer_Service.exe --> c:\docume~1\Piotr\USTAWI~1\Temp\TeamViewer\Version7\TeamViewer_Service.exe [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windowsh\system32\drivers\A5AGU.sys [2006-09-21 347648]
S3 CV2K1;CommView Network Monitor;c:\windowsh\system32\DRIVERS\cv2k1.sys --> c:\windowsh\system32\DRIVERS\cv2k1.sys [?]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;\??\c:\program files\DU Meter\DUM_XP32.SYS --> c:\program files\DU Meter\DUM_XP32.SYS [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2011-02-17 26224]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windowsh\system32\drivers\ew_hwusbdev.sys [2012-02-08 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windowsh\system32\drivers\ew_usbenumfilter.sys [2012-02-08 11136]
S3 filtertdidriver;filtertdidriver;c:\windowsh\system32\drivers\ewfiltertdidriver.sys --> c:\windowsh\system32\drivers\ewfiltertdidriver.sys [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]
S3 FIXUSTOR;FIXUSTOR;c:\windowsh\system32\drivers\fixustor.sys [2007-06-11 12416]
S3 huawei_cdcacm;huawei_cdcacm;c:\windowsh\system32\drivers\ew_jucdcacm.sys [2012-02-08 90368]
S3 huawei_cdcecm;huawei_cdcecm;c:\windowsh\system32\drivers\ew_jucdcecm.sys [2012-02-08 64384]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windowsh\system32\drivers\ew_juextctrl.sys [2012-02-08 26624]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windowsh\system32\DRIVERS\ewusbdev.sys --> c:\windowsh\system32\DRIVERS\ewusbdev.sys [?]
S3 PortTalk;PortTalk;c:\windowsh\system32\drivers\PortTalk.sys [2010-04-07 3567]
S3 pwdrvio;pwdrvio;c:\windowsh\system32\pwdrvio.sys [2012-03-01 16472]
S3 pwdspio;pwdspio;c:\windowsh\system32\pwdspio.sys [2012-03-01 11104]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windowsh\system32\drivers\silabenm.sys [2011-01-27 47176]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windowsh\system32\drivers\silabser.sys [2011-01-27 58496]
S3 SQLAgent$MAGICEYE;SQLAgent$MAGICEYE;c:\program files\Microsoft SQL Server\MSSQL$MAGICEYE\Binn\sqlagent.EXE -i MAGICEYE --> c:\program files\Microsoft SQL Server\MSSQL$MAGICEYE\Binn\sqlagent.EXE -i MAGICEYE [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windowsh\system32\drivers\tap0801.sys [2006-10-01 26624]
S3 WinRM;Windows Remote Management (WS-Management);c:\windowsh\system32\svchost.exe -k WINRM [2006-03-02 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windowsh\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windowsh\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 257696]
S4 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2011-10-18 67584]
S4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-09-27 83240]
S4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-09-27 70952]
S4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-09-27 312616]
S4 EMSService;Schedule Service;c:\program files\EMS\ScheduleService.exe [2009-12-24 1982976]
S4 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users.WINDOWSH\Dane aplikacji\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S4 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [2012-02-08 224096]
S4 MsDepSvc;Usługa agenta wdrażania w sieci Web;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304]
S4 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windowsh\Installer\MSI2138.tmp [2010-08-31 189760]
S4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S4 TgbIke Starter;TgbIke Starter;c:\windowsh\system32\TgbStarter.exe [2011-11-15 239280]
S4 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2010-07-08 815704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqddsvc hpqcxs08
bdx	REG_MULTI_SZ   	scan sysagent
WINRM	REG_MULTI_SZ   	WINRM
xcvs	REG_MULTI_SZ   	xcvs
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-05-28 c:\windowsh\Tasks\Adobe Flash Player Updater.job
- c:\windowsh\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:20]
.
2012-05-24 c:\windowsh\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-05-28 c:\windowsh\Tasks\User_Feed_Synchronization-{06D02C2D-1A72-4AFB-B2A4-4B08DBA54773}.job
- c:\windowsh\system32\msfeedssync.exe [2007-08-13 03:31]
.
2012-05-28 c:\windowsh\Tasks\User_Feed_Synchronization-{D05F4871-52D4-40F8-903B-09DD3C27888C}.job
- c:\windowsh\system32\msfeedssync.exe [2007-08-13 03:31]
.
2012-05-28 c:\windowsh\Tasks\User_Feed_Synchronization-{EEDAF504-BD94-466C-A3E9-F6B8EE1E94A0}.job
- c:\windowsh\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Skan uzupełniający -------
.
IE: Add to Google Photos Screensa&ver - c:\windowsh\system32\GPhotos.scr/200
LSP: c:\program files\NetLimiter\nl_lsp.dll
TCP: Interfaces\{C4643C14-3AB0-43F8-B764-B5D4E835A35C}: NameServer = 194.204.152.34,194.204.159.1
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://192.168.1.108/webrec.cab
DPF: {8970206C-9776-44A3-AF8D-82DD7D46A2E6} - hxxp://10.0.7.46/XViewer.cab
DPF: {C1D592D2-D4F6-4E9C-968D-797449DC0ADC} - hxxp://www.dvrstation.com/webServer.cab
DPF: {F0C46420-B50B-4BA1-ADBE-C1ECF47E0916} - hxxp://192.168.1.2/XViewer.cab
FF - ProfilePath - 
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-28 14:44
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  UMonit = c:\windowsh\system32\UMonit.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 4.1\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL_ZendServer51]
"ImagePath"="\"c:\program files\Zend\MySQL51\bin\mysqld\" --defaults-file=\"c:\program files\Zend\MySQL51\my.ini\" MySQL_ZendServer51"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windowsh\Installer\MSI2138.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-1708537768-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,e8,dc,51,cf,e1,8f,48,ac,db,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,e8,dc,51,cf,e1,8f,48,ac,db,f0,\
.
[HKEY_LOCAL_MACHINE\software\Philips]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Xanthic\{1246792F-C12E-81AE-FE96-35D2FC917677}*_]
"fr"="078D6072595552"
"lr"="078D6072595552"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(244)
c:\windowsh\system32\guard32.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'lsass.exe'(300)
c:\windowsh\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(272)
c:\windowsh\system32\WININET.dll
.
Czas ukończenia: 2012-05-28  14:49:02
ComboFix-quarantined-files.txt  2012-05-28 12:49
ComboFix2.txt  2012-05-28 12:17
ComboFix3.txt  2012-05-18 07:11
ComboFix4.txt  2012-05-18 06:42
ComboFix5.txt  2012-05-28 12:24
.
Przed: 2 436 104 192 bajtów wolnych
Po: 2 410 029 056 bajtów wolnych
.
- - End Of File - - 7D2E22D1212715205A0C21CF0A5C0D44