ComboFix 10-10-12.03 - marek 2010-10-15  20:46:59.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.895.364 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Anetka\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Anetka\Pulpit\CFScript.txt
AV: COMODO Antivirus *On-access scanning disabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MOIVCYXX
-------\Service_fzymaqvoi
-------\Service_moivcyxx


(((((((((((((((((((((((((   Pliki utworzone od 2010-09-15 do 2010-10-15  )))))))))))))))))))))))))))))))
.

2010-10-14 06:24 . 2010-10-14 06:24	--------	d-----w-	C:\VritualRoot
2010-10-14 06:21 . 2010-10-14 06:21	--------	d-----w-	c:\program files\COMODO
2010-10-14 05:55 . 2010-10-15 18:56	--------	d-----w-	c:\documents and settings\Anetka\Dane aplikacji\Skype
2010-10-14 05:55 . 2010-10-14 05:55	--------	d-----w-	c:\program files\Common Files\Skype
2010-10-14 05:55 . 2010-10-14 05:55	--------	d-----r-	c:\program files\Skype
2010-10-13 18:19 . 2010-10-15 18:55	--------	d-----w-	c:\program files\Kalendarz XP
2010-10-13 16:28 . 2010-10-15 18:55	85328	----a-w-	c:\windows\system32\drivers\sfi.dat
2010-10-13 16:26 . 2010-10-14 06:24	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo
2010-10-13 16:21 . 2010-10-13 16:21	--------	d-----w-	c:\documents and settings\Anetka\Ustawienia lokalne\Dane aplikacji\Opera
2010-10-13 16:21 . 2010-10-13 16:21	--------	d-----w-	c:\program files\Opera
2010-10-12 14:43 . 2010-10-13 18:42	--------	d-----w-	c:\documents and settings\Anetka\Dane aplikacji\uTorrent
2010-10-12 14:09 . 2010-10-13 18:47	--------	d-----w-	c:\program files\blueconnect

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-07-04 336001]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-11-10 1725440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2010-10-13 882176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Anetka^Menu Start^Programy^Autostart^Spis treści programu OneNote.onetoc2]
path=c:\documents and settings\Anetka\Menu Start\Programy\Autostart\Spis treści programu OneNote.onetoc2
backup=c:\windows\pss\Spis treści programu OneNote.onetoc2Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Anetka^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\documents and settings\Anetka\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]
2010-05-04 14:05	11981408	----a-w-	c:\program files\Gadu-Gadu 10\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-05-18 15:56	2363392	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 12:41	434176	----a-w-	c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\hotpliki\\aplikacja\\gift\\giftl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Wru\\Wru.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\cs\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-09-10 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-09-10 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-09-10 25240]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-06-03 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-06-03 162936]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2010-05-16 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-05-16 27632]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-04-29 1684736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-05-16 13224]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-05-16 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-05-16 8320]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-05-16 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-05-16 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-05-16 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-05-16 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-05-16 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-05-16 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-05-16 109736]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - ASNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-18 15:54	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/
uSearchMigratedDefaultURL = hxxp://dpxml.infospace.com/info/dog/webresults.htm?&qkw={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {EA2839F2-3E23-4B74-88AA-ED2BDC773E87} = 208.67.222.222,194.204.159.1
FF - ProfilePath - c:\documents and settings\Anetka\Dane aplikacji\Mozilla\Firefox\Profiles\xfg81lt5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&q=
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\Anetka\Dane aplikacji\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-Nero DriveSpeed - c:\progra~1\Nero\NEROTO~1\NERODR~1\DRIVES~1.EXE


.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(2888)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Czas ukończenia: 2010-10-15  21:01:32 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2010-10-15 19:01
ComboFix2.txt  2010-10-14 08:02

Przed: 41 131 151 360 bajtów wolnych
Po: 41 393 041 408 bajtów wolnych

- - End Of File - - 27C3F0BD7ACA118D750FB3A77B23C33D