ComboFix 13-04-14.01 - Irena 2013-04-14  23:39:02.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.3583.2986 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Irena\Pulpit\ComboFix.exe
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-03-14 do 2013-04-14  )))))))))))))))))))))))))))))))
.
.
2013-04-14 19:31 . 2013-04-14 19:49	--------	d-----w-	c:\program files\Eusing Free Registry Cleaner
2013-04-14 19:28 . 2013-04-14 19:28	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\BrowserProtect
2013-04-14 19:28 . 2013-04-14 19:28	--------	d-----w-	c:\documents and settings\Irena\Dane aplikacji\BabSolution
2013-04-14 19:27 . 2013-04-14 19:27	--------	d-----w-	c:\program files\Delta
2013-04-14 18:37 . 2013-04-14 18:37	--------	d-----w-	c:\documents and settings\Irena\Dane aplikacji\Babylon
2013-04-14 18:37 . 2013-04-14 18:37	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Babylon
2013-04-14 18:37 . 2013-04-14 18:37	--------	d-----w-	c:\program files\Gophoto.it
2013-04-14 18:37 . 2013-04-14 18:37	--------	d-----w-	c:\documents and settings\Irena\Ustawienia lokalne\Dane aplikacji\PutLockerDownloader
2013-04-11 09:24 . 2013-04-11 09:24	--------	d-sh--w-	c:\windows\system32\config\systemprofile\IETldCache
2013-04-04 13:47 . 2013-04-04 13:50	--------	d-----w-	c:\documents and settings\Irena\Dane aplikacji\Comodo
2013-03-26 14:57 . 2013-03-26 14:57	--------	d-----w-	C:\VTRoot
2013-03-26 14:25 . 2013-03-26 14:25	--------	d-s---w-	c:\documents and settings\All Users\Dane aplikacji\Shared Space
2013-03-26 14:24 . 2013-03-26 14:24	--------	d-----w-	c:\program files\COMODO
2013-03-26 14:24 . 2013-04-14 21:20	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo
2013-03-26 14:24 . 2013-03-26 14:24	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader
2013-03-26 14:02 . 2013-03-27 00:31	--------	d-----w-	c:\documents and settings\Irena\Dane aplikacji\Expressivo
2013-03-26 08:52 . 2013-03-26 08:52	--------	d-----w-	c:\windows\speech
2013-03-21 17:50 . 2013-02-12 00:32	12928	-c----w-	c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 17:50 . 2013-02-12 00:32	12928	-c----w-	c:\windows\system32\dllcache\usb8023.sys
2013-03-15 22:01 . 2013-03-15 22:01	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\MetaQuotes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 05:14 . 2013-02-09 22:21	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-13 05:14 . 2013-02-09 22:21	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2004-08-04 12:00	293888	----a-w-	c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-04 12:00	2151424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-04 00:39	2030080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:08 . 2004-08-04 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2004-08-04 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-03-02 01:58 . 2004-08-04 12:00	1867520	----a-w-	c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 12:00	385024	------w-	c:\windows\system32\html.iec
2013-02-27 07:58 . 2011-05-11 08:12	2067456	----a-w-	c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 18:56	12928	------w-	c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 12:00	12928	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2004-08-04 12:00	552448	----a-w-	c:\windows\system32\oleaut32.dll
2013-01-24 21:43 . 2013-01-24 21:43	35488	----a-w-	c:\windows\system32\cmdcsr.dll
2013-01-24 21:43 . 2013-01-24 21:43	354752	----a-w-	c:\windows\system32\guard32.dll
2013-01-24 21:42 . 2013-01-24 21:42	40656	----a-w-	c:\windows\system32\cmdkbd32.dll
2013-01-24 21:42 . 2013-01-24 21:42	263888	----a-w-	c:\windows\system32\cmdvrt32.dll
2013-01-16 18:51 . 2013-01-16 18:51	98752	----a-w-	c:\windows\system32\drivers\inspect.sys
2013-01-16 18:51 . 2013-01-16 18:51	586728	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2013-01-16 18:51 . 2013-01-16 18:51	32824	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2013-01-16 18:51 . 2013-01-16 18:51	18536	----a-w-	c:\windows\system32\drivers\cmderd.sys
2012-10-06 17:20 . 2012-10-06 17:20	18551816	----a-w-	c:\program files\Firefox Setup 15.0.1.exe
2001-05-24 10:59 . 2011-06-09 06:40	162304	----a-w-	c:\program files\UNWISE.EXE
2013-04-10 21:27 . 2013-04-10 21:26	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IVONA ControlCenter"="c:\program files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" [2012-11-07 2172864]
"ExprOElauncher"="c:\program files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe" [2009-04-28 86016]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2010-03-10 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-10 86016]
"ATKOSD2"="c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"ATKHOTKEY"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControl.exe" [2010-10-07 182912]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2011-05-11 534528]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-11 17567744]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1430736]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [N/A]
mcserver.lnk - c:\program files\T-Mobile\InternetManager_Z\Bin\mcserver.exe [2012-12-4 70512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM 
"1947:UDP"= 1947:UDP:HASP SRM 
.
R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-12-04 13184]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-01-16 18536]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [2013-01-16 586728]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-01-16 32824]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-05-11 218688]
R2 BrowserProtect;BrowserProtect;c:\documents and settings\All Users\Dane aplikacji\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-04-14 2569168]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-04-21 89856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-05-11 1684736]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-01-24 127184]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys --> c:\windows\system32\drivers\ewfiltertdidriver.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe" --> c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [?]
S3 zte_cdc_acm;ZTE All CDC-ACM driver;c:\windows\system32\drivers\zte_cdc_acm.sys [2012-12-04 67968]
S3 zte_cpo;ZTE All Install;c:\windows\system32\drivers\zte_cpo.sys [2012-12-04 9984]
S4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-09 05:14]
.
2013-04-12 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16 19:12]
.
2013-04-14 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16 19:12]
.
2013-04-12 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16 19:12]
.
2013-04-12 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16 19:12]
.
2013-04-14 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 21:42]
.
2013-04-14 c:\windows\Tasks\EPUpdater.job
- c:\docume~1\Irena\DANEAP~1\BABSOL~1\Shared\BabMaint.exe [2013-04-14 09:48]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.239.127.5 89.239.127.4
TCP: Interfaces\{00CA8143-EE45-4DCB-A639-EA941016ED9F}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{02258B0A-CC95-42CA-8F81-1F0CE00EB731}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Irena\Dane aplikacji\Mozilla\Firefox\Profiles\8d9xfd51.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl
FF - ExtSQL: 2013-03-26 15:02; expressivo@expressivo.com; c:\program files\ivo\Expressivo\integr\ih-ffox
FF - ExtSQL: 2013-04-11 17:54; ftdownloader3@ftdownloader.com; c:\documents and settings\Irena\Dane aplikacji\Mozilla\Firefox\Profiles\8d9xfd51.default\extensions\ftdownloader3@ftdownloader.com.xpi
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 849db367000000000000485b39517fa7
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15809
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1621:27
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
------- Skojarzenia plików -------
.
.scr=AutoCADScriptFile
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-NvCplDaemon - c:\windows\system32\NvCpl.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-14 23:49
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(3860)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\program files\Elantech\ETDApix.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(724)
c:\windows\system32\cmdcsr.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\RTHDCPL.EXE
c:\program files\T-Mobile\InternetManager_Z\Bin\remcserver.exe
c:\program files\COMODO\COMODO Internet Security\cis.exe
c:\program files\T-Mobile\InternetManager_Z\Bin\remcserver.exe
c:\program files\T-Mobile\InternetManager_Z\Bin\remcserver.exe
c:\program files\T-Mobile\InternetManager_Z\Bin\remcserver.exe
c:\program files\T-Mobile\InternetManager_Z\Bin\remcserver.exe
c:\program files\T-Mobile\InternetManager_Z\Bin\remcserver.exe
c:\program files\T-Mobile\InternetManager_Z\Bin\remcserver.exe
c:\program files\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
.
**************************************************************************
.
Czas ukończenia: 2013-04-14  23:53:23 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2013-04-14 21:53
.
Przed: 75 215 151 104 bajtów wolnych
Po: 79 006 146 560 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 298CFF6956442EF5E2CFA21A4309E867