ComboFix 12-07-18.04 - Mateusz 2012-07-18  17:15:00.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.502.101 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Mateusz\Pulpit\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\windows\Installer\{b0ca8efd-5cf3-b5ad-fd8e-83f08a05f23b}\@
c:\windows\Installer\{b0ca8efd-5cf3-b5ad-fd8e-83f08a05f23b}\n
c:\windows\Installer\{b0ca8efd-5cf3-b5ad-fd8e-83f08a05f23b}\U\00000001.@
c:\windows\system32\SET25E.tmp
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-18 do 2012-07-18  )))))))))))))))))))))))))))))))
.
.
2012-07-18 14:08 . 2012-07-18 14:08	--------	d-----w-	c:\documents and settings\Mateusz\DoctorWeb
2012-07-18 13:21 . 2012-07-18 13:21	--------	d-----w-	c:\documents and settings\Mateusz\Dane aplikacji\Malwarebytes
2012-07-18 13:20 . 2012-07-18 13:20	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2012-07-18 13:20 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-16 11:58 . 2012-07-16 11:58	--------	d-----w-	C:\ST_NG_SetupWizard
2012-07-09 13:48 . 2012-07-16 12:00	--------	d-----w-	c:\program files\Thomson
2012-07-09 13:37 . 2012-07-09 13:37	--------	d-----w-	c:\documents and settings\Mateusz\Ustawienia lokalne\Dane aplikacji\AskToolbar
2012-07-09 13:12 . 2012-07-09 13:12	--------	d--h--w-	c:\windows\PIF
2012-07-09 12:51 . 2012-07-09 12:51	32000	----a-w-	c:\windows\system32\drivers\stppp.sys
2012-07-09 12:33 . 2012-07-03 16:21	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-07-09 12:33 . 2012-07-03 16:21	353688	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-07-09 12:33 . 2012-07-03 16:21	113776	----a-w-	c:\windows\system32\drivers\aswFW.sys
2012-07-09 12:33 . 2012-07-03 16:21	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-07-09 12:33 . 2012-07-03 16:21	202928	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2012-07-09 12:33 . 2012-07-03 16:21	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-07-09 12:33 . 2012-07-03 16:21	721000	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-07-09 12:33 . 2012-07-03 16:21	18544	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2012-07-09 12:32 . 2012-07-03 16:21	97608	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2012-07-09 12:32 . 2012-07-03 16:21	89624	----a-w-	c:\windows\system32\drivers\aswmon.sys
2012-07-09 12:32 . 2012-07-03 16:21	25256	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2012-07-09 12:30 . 2012-06-27 20:33	12112	----a-w-	c:\windows\system32\drivers\aswNdis.sys
2012-07-09 12:30 . 2012-07-03 16:21	41224	----a-w-	c:\windows\avastSS.scr
2012-07-09 12:30 . 2012-07-03 16:21	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-07-09 11:28 . 2012-07-09 11:28	40320	----a-w-	c:\windows\system32\drivers\steth.sys
2012-07-09 11:28 . 2012-07-09 11:28	30464	----a-w-	c:\windows\system32\drivers\st330.sys
2012-07-09 11:28 . 2012-07-09 11:28	12672	----a-w-	c:\windows\system32\drivers\stbus.sys
2012-07-09 11:28 . 2012-07-09 11:28	16128	----a-w-	c:\windows\system32\drivers\lpwdm.sys
2012-07-08 18:22 . 2012-07-08 18:22	5536	----a-w-	c:\windows\system32\d3d9caps.tmp
2012-07-08 18:05 . 2012-07-08 18:06	--------	d-----w-	c:\documents and settings\Administrator
2012-07-08 18:03 . 2012-07-08 18:03	--------	d-----w-	c:\documents and settings\Rodzice\Dane aplikacji\hellomoto
2012-07-07 06:11 . 2012-07-07 06:11	--------	d-----w-	c:\documents and settings\Mateusz\Dane aplikacji\hellomoto
2012-07-04 09:16 . 2012-07-04 10:56	--------	d-----w-	c:\program files\Google
2012-06-27 12:31 . 2012-06-27 12:31	--------	d-----w-	c:\documents and settings\Rodzice\Dane aplikacji\IObit
2012-06-27 06:48 . 2012-06-27 06:48	--------	d-----w-	c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\ant.com
2012-06-27 06:46 . 2012-06-27 06:46	--------	d-----w-	c:\windows\system32\config\systemprofile\Dane aplikacji\IObit
2012-06-26 18:29 . 2012-02-23 12:25	21336	----a-w-	c:\windows\system32\RegistryDefragBootTime.exe
2012-06-26 18:08 . 2012-06-26 18:08	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\IObit
2012-06-26 18:08 . 2012-06-29 15:11	--------	d-----w-	c:\documents and settings\Mateusz\Dane aplikacji\IObit
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\system32\msxml4.dll
2012-06-23 21:37 . 2012-06-23 21:37	--------	d-sh--w-	c:\documents and settings\NetworkService\IETldCache
2012-06-23 21:35 . 2012-06-23 21:43	--------	d-----w-	c:\program files\TuneUp Utilities 2012
2012-06-23 20:36 . 2012-06-23 20:36	--------	d--h--w-	c:\documents and settings\All Users\Dane aplikacji\Common Files
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 08:37 . 2012-04-02 20:13	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-16 08:37 . 2011-06-03 12:02	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:55 . 2009-03-22 22:44	1875328	----a-w-	c:\windows\system32\win32k.sys
2012-06-05 15:48 . 2009-01-30 14:29	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-05 15:48 . 2009-01-30 14:29	1447936	----a-w-	c:\windows\system32\msxml6.dll
2012-06-04 04:31 . 2009-03-22 22:45	153088	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2011-04-16 15:44	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-04-16 15:44	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-04-16 15:44	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 14:54	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 14:54	24088	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-04-16 15:44	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-04-16 15:44	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 14:54	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-04-14 16:50	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 14:54	16408	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-04-16 15:44	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-04-16 15:44	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-08-06 14:53	18968	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18 . 2011-04-18 14:23	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-04-18 14:23	214256	----a-w-	c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2011-04-18 14:23	18160	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 16:50	602624	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2008-10-16 17:33	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2008-10-16 17:33	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-05-11 14:44 . 2008-05-08 14:01	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-11 11:39 . 2008-05-08 14:01	385024	----a-w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2009-01-30 14:29	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-08-14 13:57	2028032	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47 . 2011-04-16 15:42	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-17 13:15 . 2012-02-03 08:40	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	121528	----a-w-	d:\programy\avastinternetsecurity\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2006-12-02 310784]
"AQQ"="d:\programy\WAPSTE~1\AQQ.exe" [2012-07-16 10354176]
"Advanced SystemCare 5"="d:\programy\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="d:\programy\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-06-13 16040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"Sage Komunikator"="c:\program files\Sage\Komunikator\SageUpdt.exe" [2010-11-15 247008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="d:\programy\quicktime\QTTask.exe" [2012-04-18 421888]
"avast"="d:\programy\avastinternetsecurity\avastUI.exe" [2012-07-03 4273976]
"diagnostics"="c:\program files\Thomson\ST330\diagnostics\diagnostics.exe" [2012-07-16 557149]
"Malwarebytes' Anti-Malware"="d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Dane aplikacji\TuneUp Software\TuneUp Utilities 2012\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"CloneCDTray"="c:\program files\CloneCD\CloneCDTray.exe" /s
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-07-09 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-07-09 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-07-09 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-07-09 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-07-09 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-07-09 353688]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\programy\Advanced SystemCare 5\ASCService.exe [2012-06-26 913792]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-07-09 21256]
R2 avast! Firewall;avast! Firewall;d:\programy\avastinternetsecurity\afwServ.exe [2012-07-09 133912]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2011-07-18 98984]
R2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-18 655944]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-18 22344]
R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2012-07-09 30464]
R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2012-07-09 12672]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2012-07-09 32000]
S2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [2011-06-29 520216]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 250056]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-01-21 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2011-11-27 21248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-02-05 114160]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2012-03-22 402432]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [2012-07-09 40320]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:37]
.
2012-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-07-18 c:\windows\Tasks\ASC5_AutoClean.job
- d:\programy\Advanced SystemCare 5\AutoSweep.exe [2012-06-26 08:45]
.
2012-07-17 c:\windows\Tasks\ASC5_AutoUpdate.job
- d:\programy\Advanced SystemCare 5\AutoUpdate.exe [2012-06-26 16:33]
.
2012-07-18 c:\windows\Tasks\ASC5_PerformanceMonitor.job
- d:\programy\Advanced SystemCare 5\PMonitor.exe [2012-06-26 08:46]
.
2012-07-18 c:\windows\Tasks\avast! Emergency Update.job
- d:\programy\avastinternetsecurity\AvastEmUpdate.exe [2012-07-09 16:21]
.
2012-07-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-220523388-2146935855-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
2012-07-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-220523388-2146935855-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
2012-07-18 c:\windows\Tasks\User_Feed_Synchronization-{3FC5AB0D-3BF7-443D-9C49-5EE761465E7B}.job
- c:\windows\system32\msfeedssync.exe [2008-05-08 02:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://pl.v9.com/?utm_source=b&utm_medium=vlt
mStart Page = hxxp://pl.v9.com/?utm_source=b&utm_medium=vlt
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: Interfaces\{240DC072-24EA-4D0A-B8AA-47F618757AB1}: NameServer = 194.204.152.34 194.204.159.1
FF - ProfilePath - c:\documents and settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\cmmgyusg.default-1341590226656\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.pl
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&apn_uid=91d3aba8-3b89-460a-b07d-64e232630fb0&apn_ptnrs=FV&apn_sauid=92AE45EC-9B64-42E6-97CC-4B9147D243ED&apn_dtid=YYYYYYYYPL&&q=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-18 17:26
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
Czas ukończenia: 2012-07-18  17:28:40
ComboFix-quarantined-files.txt  2012-07-18 15:28
ComboFix2.txt  2012-02-18 11:22
ComboFix3.txt  2011-06-20 15:39
.
Przed: 2 370 060 288 bajtów wolnych
Po: 2 750 664 704 bajtów wolnych
.
- - End Of File - - 174169112DCC4BF30791153F8C1B8C10