ComboFix 12-11-27.01 - Ewa i Jan 2012-11-28   8:41.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2559.1757 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Ewa i Jan\Pulpit\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG 7.5.516 *Enabled/Outdated* {41564737-3200-1071-989B-0000E87B4FB1}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-10-28 do 2012-11-28  )))))))))))))))))))))))))))))))
.
.
2012-11-27 13:26 . 2012-11-27 13:26	--------	d-----w-	c:\program files\TeamViewer
2012-11-20 13:39 . 2012-11-20 13:39	60928	----a-w-	c:\windows\system32\WwYNcw.exe
2012-11-20 13:37 . 2012-10-30 22:51	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-11-20 13:37 . 2012-10-30 22:51	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-11-20 13:37 . 2012-10-30 22:51	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-11-20 13:37 . 2012-10-30 22:51	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-11-20 13:37 . 2012-10-30 22:51	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-11-20 13:37 . 2012-10-30 22:51	97608	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2012-11-20 13:37 . 2012-10-30 22:51	89752	----a-w-	c:\windows\system32\drivers\aswmon.sys
2012-11-20 13:37 . 2012-10-30 22:51	25256	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2012-11-20 13:36 . 2012-10-30 22:51	41224	----a-w-	c:\windows\avastSS.scr
2012-11-20 13:36 . 2012-10-30 22:50	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-11-20 13:35 . 2012-11-20 13:35	--------	d-----w-	c:\program files\AVAST Software
2012-11-20 13:35 . 2012-11-20 13:35	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AVAST Software
2012-11-20 13:24 . 2012-11-20 13:24	--------	d-----w-	c:\documents and settings\Ewa i Jan\Dane aplikacji\TeamViewer
2012-11-18 22:55 . 2012-11-18 22:55	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\RDRM
2012-11-18 21:38 . 2012-11-18 21:43	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Mobile Partner
2012-11-18 21:38 . 2008-03-21 12:57	14640	------w-	c:\windows\system32\spmsgXP_2k3.dll
2012-11-18 21:36 . 2008-04-13 19:45	32128	-c--a-w-	c:\windows\system32\dllcache\usbccgp.sys
2012-11-18 21:36 . 2008-04-13 19:45	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2012-11-18 20:41 . 2012-11-18 20:41	--------	d-----w-	c:\documents and settings\Ewa i Jan\Dane aplikacji\Malwarebytes
2012-11-18 20:41 . 2012-11-18 20:41	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2012-11-11 17:19 . 2012-11-19 17:24	--------	d-----w-	c:\documents and settings\Ewa i Jan\Ustawienia lokalne\Dane aplikacji\Facebook
2012-11-04 10:02 . 2012-11-04 10:02	--------	d-----w-	c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 19:57 . 2004-08-03 22:37	1866624	----a-w-	c:\windows\system32\win32k.sys
2012-10-10 14:13 . 2012-06-12 05:56	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-10 14:13 . 2012-06-12 05:56	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 14:13 . 2012-10-09 16:13	10220472	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2012-10-02 18:04 . 2004-08-03 22:44	58368	----a-w-	c:\windows\system32\synceng.dll
2012-08-31 11:43 . 2012-08-31 11:43	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 11:43 . 2012-06-02 16:24	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-08-31 11:43 . 2010-09-18 07:39	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-31 11:43 . 2009-12-25 11:54	143872	----a-w-	c:\windows\system32\javacpl.cpl
2004-10-01 14:00 . 2009-12-25 10:34	40960	-c--a-w-	c:\program files\Uninstall_CDS.exe
2012-10-28 15:04 . 2012-10-28 15:04	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2004-08-03 22:54 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-05 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00	919008	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20	38872	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00	299008	----a-w-	c:\program files\Creative\Shared Files\CamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-22 18:29	39264	----a-w-	c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:21	1695232	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 17:25	1961984	----a-w-	c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
2011-02-20 08:58	370688	----a-w-	c:\program files\Odkurzacz\odk_mcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24	32768	----a-w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-06-22 21:01	98304	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-11-19 18:37	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGAUtil]
2005-08-16 14:50	544768	----a-w-	c:\program files\GigaByte\VGA Utility Manager\G-vga.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Ares\\chatServer.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-20 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-20 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-20 21256]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-11-18 72576]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2009-12-25 162176]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -/service --> c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -/service [?]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [2012-11-18 218624]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 WwYNcw;Intel Chipset Service;c:\windows\system32\WwYNcw.exe [2012-11-20 60928]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-05-08 1691480]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-11-18 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-11-18 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-11-18 117504]
S3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2009-12-25 13440]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2009-12-25 23524]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 14:13]
.
2012-11-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-20 22:50]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:38]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 13:38]
.
2012-11-27 c:\windows\Tasks\User_Feed_Synchronization-{D2CEEDF4-C1AB-4422-8270-3030DFCB032E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.67.222.222 8.8.4.4 192.168.1.252
DPF: {41ACD49D-791A-1974-0981-AA9872721044} - hxxp://cached.gamedesire.com/g_bin/pl/boards_2_0_0_39.cab
FF - ProfilePath - c:\documents and settings\Ewa i Jan\Dane aplikacji\Mozilla\Firefox\Profiles\md2ubuvp.default-1353345010953\
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
FF - ExtSQL: 2012-11-20 14:53; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-ccagent - c:\documents and settings\Ewa i Jan\Dane aplikacji\Control-Center\ccagent.exe
MSConfigStartUp-Facebook Update - c:\documents and settings\Ewa i Jan\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-Onet - c:\program files\Common Files\Onet.pl\NewAutoUpdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Sweetpacks Communicator - c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-28 08:51
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(924)
c:\windows\system32\wininet.dll
.
- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(836)
c:\windows\system32\wininet.dll
.
Czas ukończenia: 2012-11-28  08:55:48
ComboFix-quarantined-files.txt  2012-11-28 07:55
.
Przed: 13 354 926 080 bajtów wolnych
Po: 13 305 217 024 bajtów wolnych
.
- - End Of File - - AC6E69FF56B44EFFC202DE3F50E10B02