ComboFix 12-08-20.02 - BLABLABLA 2012-08-21  18:25:28.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.1535.834 [GMT 2:00]
Uruchomiony z: c:\documents and settings\BLABLABLA\Pulpit\ComboFix.exe
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\TEMP
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-07-21 do 2012-08-21  )))))))))))))))))))))))))))))))
.
.
2012-08-20 23:42 . 2012-08-21 16:15	--------	d-----w-	c:\documents and settings\BLABLABLA\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
2012-08-20 23:42 . 2012-08-21 16:30	--------	d-----w-	c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
2012-08-20 21:26 . 2012-08-20 21:25	167936	----a-w-	c:\windows\system32\appmgmts.dll
2012-08-20 17:00 . 2012-08-20 20:08	--------	d-----w-	c:\windows\system32\drivers\NIS
2012-08-20 17:00 . 2012-08-20 17:01	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Norton
2012-08-20 16:59 . 2012-08-20 16:59	--------	d-----w-	c:\program files\NortonInstaller
2012-08-19 16:48 . 2012-08-19 17:14	--------	d-----w-	c:\program files\PANDORA.TV
2012-08-19 16:47 . 2012-08-19 16:47	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Ask
2012-08-19 15:37 . 2012-08-19 15:37	--------	d-----w-	c:\documents and settings\BLABLABLA\Dane aplikacji\HD Tune Pro
2012-08-18 20:06 . 2012-08-18 20:06	--------	d-----w-	c:\windows\ie8updates
2012-08-18 20:03 . 2012-08-18 20:03	--------	d-----w-	c:\program files\MSXML 4.0
2012-08-16 17:23 . 2012-08-16 17:23	--------	d-----w-	c:\documents and settings\BLABLABLA\VirtualBox VMs
2012-08-15 16:12 . 2012-08-21 16:23	--------	d-----w-	c:\documents and settings\BLABLABLA\Ustawienia lokalne\Dane aplikacji\Paint.NET
2012-08-12 20:12 . 2012-08-12 20:13	--------	d-----w-	c:\documents and settings\BLABLABLA\AlwaysOnPC
2012-08-08 13:29 . 2012-08-08 16:02	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Tarma Installer
2012-08-08 13:22 . 2012-08-08 13:22	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2012-08-06 20:47 . 2012-08-06 20:47	304	----a-w-	C:\user.js
2012-08-06 20:46 . 2012-08-06 20:46	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Babylon
2012-08-06 20:46 . 2012-08-06 20:46	--------	d-----w-	c:\documents and settings\BLABLABLA\Dane aplikacji\YourFileDownloader
2012-08-06 09:50 . 2012-08-14 10:20	--------	d-----w-	c:\documents and settings\BLABLABLA\Ustawienia lokalne\Dane aplikacji\Fallout3
2012-08-06 09:42 . 2012-08-06 09:42	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Fallout3
2012-08-06 09:41 . 2012-08-06 09:41	--------	d-----w-	c:\program files\MSBuild
2012-08-06 09:37 . 2012-08-14 10:18	--------	d-----w-	c:\windows\system32\XPSViewer
2012-08-06 09:37 . 2012-08-06 09:37	--------	d-----w-	c:\program files\Reference Assemblies
2012-08-06 09:37 . 2006-06-29 11:07	14048	------w-	c:\windows\system32\spmsg2.dll
2012-08-06 09:36 . 2012-08-06 09:36	--------	d-----w-	c:\windows\system32\xlive
2012-08-06 09:35 . 2005-04-03 21:00	184320	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-08-06 09:35 . 2012-08-06 09:35	331908	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-08-06 09:35 . 2012-08-06 09:35	200836	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-08-06 09:35 . 2005-04-03 21:02	753664	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-08-06 09:35 . 2005-04-03 21:02	69714	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-08-06 09:35 . 2005-04-03 21:01	274432	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-08-06 09:35 . 2005-04-03 20:59	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-08-06 09:31 . 2012-08-06 09:31	685816	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-08-03 17:04 . 2012-08-06 20:02	--------	d-----w-	c:\documents and settings\BLABLABLA\Dane aplikacji\DMCache
2012-08-01 22:38 . 2011-12-26 13:33	254464	----a-w-	c:\windows\system32\PuranDC.exe
2012-08-01 22:38 . 2011-12-26 13:33	1133568	----a-w-	c:\windows\system32\PuranFD.exe
2012-08-01 22:38 . 2011-12-26 13:33	258048	----a-w-	c:\windows\system32\PuranDefragS.exe
2012-08-01 22:38 . 2011-12-26 13:33	107008	----a-w-	c:\windows\system32\PuranDefragBT.exe
2012-08-01 22:38 . 2011-12-26 11:51	216576	----a-w-	c:\windows\system32\PuranDefrag.dll
2012-07-31 19:32 . 2012-07-31 19:32	74703	----a-w-	c:\windows\system32\mfc45.dat
2012-07-31 19:14 . 2010-11-12 13:03	82432	----a-w-	c:\windows\system32\msxml4r.dll
2012-07-31 19:14 . 2010-11-12 13:03	44544	----a-w-	c:\windows\system32\msxml4a.dll
2012-07-31 18:46 . 2012-07-31 18:46	--------	d-----w-	c:\documents and settings\NetworkService\Dane aplikacji\iolo
2012-07-31 18:46 . 2010-09-23 11:29	511328	----a-w-	c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-07-31 18:44 . 2012-07-31 18:44	74703	----a-w-	c:\windows\system32\mfc45.dll
2012-07-31 18:44 . 2012-07-31 20:30	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\iolo
2012-07-31 15:49 . 2012-07-31 15:49	--------	d-----w-	c:\documents and settings\BLABLABLA\Dane aplikacji\Locktime
2012-07-31 15:49 . 2012-07-31 15:49	--------	d-----r-	c:\documents and settings\NetworkService\Ulubione
2012-07-31 15:47 . 2012-07-31 15:47	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Locktime
2012-07-29 14:10 . 2012-07-29 14:10	--------	d-----w-	c:\documents and settings\BLABLABLA\Ustawienia lokalne\Dane aplikacji\PackageAware
2012-07-29 13:32 . 2012-07-29 13:32	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Vodafone
2012-07-29 13:32 . 2012-07-29 13:32	--------	d-----w-	c:\program files\Vodafone
2012-07-27 20:07 . 2012-07-27 20:07	--------	d-----w-	c:\documents and settings\BLABLABLA\Ustawienia lokalne\Dane aplikacji\PCHealth
2012-07-26 21:00 . 2012-07-26 21:00	--------	d-----w-	c:\documents and settings\BLABLABLA\Ustawienia lokalne\Dane aplikacji\Rawr
2012-07-26 20:32 . 2012-07-26 20:32	--------	d-----w-	c:\program files\Microsoft.NET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 20:03 . 2012-06-11 19:09	60872	----a-w-	c:\windows\system32\S32EVNT1.DLL
2012-08-20 20:03 . 2012-06-11 19:09	141944	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-31 16:34 . 2004-08-04 12:00	361600	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-07-26 16:52 . 2012-06-11 22:33	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-26 16:52 . 2012-06-11 22:33	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-04 12:00	78336	----a-w-	c:\windows\system32\browser.dll
2012-07-04 14:05 . 2012-06-11 18:29	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-04 12:00	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2012-06-23 15:41	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-02 17:38 . 2004-08-04 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2004-08-04 12:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec
2012-06-21 10:28 . 2012-06-21 10:28	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2012-06-15 20:00 . 2012-06-15 19:29	772592	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-15 20:00 . 2012-06-15 19:29	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-06-15 20:00 . 2012-06-15 19:20	687600	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-05 15:49 . 2012-06-11 20:34	1372672	------w-	c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-04 12:00	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-05 14:33 . 2012-06-14 22:00	158552	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2012-06-05 14:33 . 2012-06-14 22:00	82776	----a-w-	c:\windows\system32\drivers\VBoxUSB.sys
2012-06-05 14:33 . 2012-06-14 22:00	91992	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2012-06-05 14:33 . 2012-06-05 14:33	116056	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2012-06-05 14:33 . 2012-05-22 13:08	104792	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2012-06-05 14:32 . 2012-06-05 14:32	135512	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
2012-06-04 04:32 . 2004-08-04 12:00	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2012-06-11 18:31	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2012-06-11 18:31	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2012-06-11 18:31	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 17:24	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24	24088	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2012-06-11 18:31	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2012-06-11 18:31	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-04 12:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24	16408	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2012-06-11 18:31	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2012-06-11 18:31	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-08-06 17:23	18968	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00	602624	----a-w-	c:\windows\system32\crypt32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-07-31 . EAEC6EA32BDABD7622371C10B8D68A17 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2012-07-31 . 05F3441246BFEDC2A5B12CF827012F7F . 361600 . . [5.1.2600.5625] . . c:\windows\LastGood\system32\DRIVERS\tcpip.sys
[-] 2012-07-31 . 05F3441246BFEDC2A5B12CF827012F7F . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2012-08-20 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Connection Manager"="d:\program files\O2\Connection Manager\emmsn.exe" [2010-08-03 3779504]
"LogMeIn Hamachi Ui"="d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousUserGroupPolicy"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2012-08-06 685816]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1308000.00E\symds.sys [2012-08-20 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1308000.00E\symefa.sys [2012-08-20 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120803.001\BHDrvx86.sys [2012-08-03 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1308000.00E\ccsetx86.sys [2012-08-20 132768]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2010-03-25 82360]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1308000.00E\ironx86.sys [2012-08-20 149624]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [2010-07-08 26008]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2012-06-15 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2012-06-15 91992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-02 1373576]
R2 NIS;Norton Internet Security;d:\program files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-08-20 138272]
R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;d:\program files\O2\Connection Manager\ImpWiFiSvc.exe [2010-08-02 199600]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2010-03-15 9216]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120818.001\IDSXpx86.sys [2012-08-21 369632]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2012-06-05 116056]
R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [2010-03-01 86016]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-03-01 80000]
S3 EraserUtilDrv11210;EraserUtilDrv11210;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-06-23 22344]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-06-14 27064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-05-22 104792]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2012-06-15 82776]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [2010-03-01 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [2010-03-01 9728]
S4 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-06-23 655944]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2012-08-02 258048]
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
TCP: Interfaces\{996A4CCB-02D2-4F16-BD50-D66742C87371}: NameServer = 10.2.0.1 10.2.0.2
FF - ProfilePath - 
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-21 18:30
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"d:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"d:\program files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
Czas ukończenia: 2012-08-21  18:32:12
ComboFix-quarantined-files.txt  2012-08-21 16:32
.
Przed: 78 004 224 bajtów wolnych
Po: 41 074 688 bajtów wolnych
.
- - End Of File - - B20F6724F98FBC24D1C24EBE29DB47EB