ComboFix 14-01-01.01 - Bogdan 2014-01-03 19:36:17.1.4 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3582.2997 [GMT 1:00] Uruchomiony z: c:\documents and settings\Bogdan\Moje dokumenty\Pobieranie\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: F-Secure Anti-Virus 8.10 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\100 c:\documents and settings\All Users\Dane aplikacji\TEMP c:\documents and settings\Bogdan\WINDOWS c:\program files\UNWISE.EXE c:\windows\IsUn0415.exe c:\windows\system32\1.tmp c:\windows\system32\2.tmp c:\windows\system32\3.tmp c:\windows\system32\4.tmp c:\windows\system32\TZLog.log c:\windows\wininit.ini D:\install.exe D:\RECYCLER(2) d:\recycler(2)\S-1-5-21-606747145-1637723038-839522115-1004(2)\INFO2 . . ((((((((((((((((((((((((( Pliki utworzone od 2013-12-03 do 2014-01-03 ))))))))))))))))))))))))))))))) . . 2014-01-03 00:13 . 2014-01-03 00:13 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP 2014-01-03 00:12 . 2014-01-03 00:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2014-01-02 23:59 . 2014-01-03 00:06 -------- d-----w- C:\AdwCleaner 2013-12-31 13:25 . 2013-12-31 13:25 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Doctor Web 2013-12-31 13:25 . 2013-12-31 13:30 -------- d-----w- c:\documents and settings\Bogdan\Doctor Web 2013-12-31 13:21 . 2013-12-31 13:48 -------- d-----w- c:\documents and settings\Bogdan\Ustawienia lokalne\Dane aplikacji\genienext 2013-12-31 02:46 . 2010-05-26 08:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2013-12-31 00:06 . 2013-12-31 00:06 515896 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2013-12-30 23:43 . 2013-12-30 23:43 -------- d-----w- c:\program files\ESET 2013-12-30 23:15 . 2013-12-31 15:16 17248136 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-12-25 00:56 . 2013-12-25 00:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Sony Corporation 2013-12-25 00:56 . 2013-12-25 00:56 -------- d-----w- c:\program files\Sony 2013-12-24 15:53 . 2013-12-24 15:53 -------- d-----w- c:\windows\system32\wbem\Repository 2013-12-23 01:19 . 2013-12-23 01:19 -------- d-----w- c:\documents and settings\Bogdan\Ustawienia lokalne\Dane aplikacji\fontconfig 2013-12-23 01:19 . 2013-12-30 22:55 -------- d-----w- c:\documents and settings\Bogdan\.gimp-2.8 2013-12-23 01:19 . 2013-12-23 01:19 -------- d-----w- c:\documents and settings\Bogdan\Ustawienia lokalne\Dane aplikacji\gegl-0.2 2013-12-23 01:17 . 2013-12-30 22:55 -------- d-----w- c:\program files\GIMP 2 2013-12-23 01:15 . 2013-12-23 01:15 -------- d-----w- c:\documents and settings\Bogdan\.android 2013-12-23 01:15 . 2013-12-31 13:21 -------- d-----w- c:\documents and settings\Bogdan\Ustawienia lokalne\Dane aplikacji\cache 2013-12-23 01:15 . 2013-12-30 22:55 -------- d-----w- c:\documents and settings\Bogdan\Dane aplikacji\newnext.me . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-30 19:39 . 2013-03-16 18:04 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-30 19:39 . 2012-03-30 23:25 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-12-30 19:39 . 2012-03-30 23:25 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-30 19:39 . 2012-03-30 23:25 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-12-30 19:39 . 2013-03-16 18:04 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-30 19:39 . 2012-03-30 23:25 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-12-30 19:39 . 2012-03-30 23:25 43152 ----a-w- c:\windows\avastSS.scr 2013-12-30 19:39 . 2012-03-30 23:25 270240 ----a-w- c:\windows\system32\aswBoot.exe 2013-12-10 20:15 . 2012-04-06 19:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-12-10 20:15 . 2011-05-16 07:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-11-28 14:43 . 2013-03-16 18:04 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-11-13 03:00 . 2006-03-02 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38 . 2006-03-02 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:36 . 2008-05-05 05:25 7680 ----a-w- c:\windows\system32\xpsp4res.dll 2013-11-02 20:32 . 2013-11-02 20:33 717080 ----a-w- c:\windows\unins000.exe 2013-10-30 02:51 . 2006-03-02 12:00 1879296 ----a-w- c:\windows\system32\win32k.sys 2013-10-25 11:14 . 2006-03-02 12:00 841216 ----a-w- c:\windows\system32\wininet.dll 2013-10-25 11:14 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2013-10-25 11:14 . 2006-03-02 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2013-10-25 11:14 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll 2013-10-23 23:45 . 2006-03-02 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll 2013-10-12 15:57 . 2006-03-02 12:00 279552 ----a-w- c:\windows\system32\oakley.dll 2013-10-09 13:13 . 2006-03-02 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll 2013-10-07 10:59 . 2006-03-02 12:00 606720 ----a-w- c:\windows\system32\crypt32.dll 2008-09-21 21:59 . 2008-09-21 22:00 774144 -c--a-w- c:\program files\RngInterstitial.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-11-28 14:43 321752 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="rem" [X] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-11-28 3568312] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-11-28 3568312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoFileAssociate"= 0 (0x0) "NoResolveTrack"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 13:57 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "FSIHS"=2 (0x2) "FSORSPClient"=3 (0x3) "FSMA"=2 (0x2) "FSAUA"=3 (0x3) "F-Secure Gatekeeper Handler Starter"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"= "c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"= "c:\\Program Files\\Empire Interactive\\FlatOut2\\FlatOut2.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Raptr\\raptr.exe"= "c:\\Program Files\\Raptr\\raptr_im.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-03-16 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-03-16 180248] R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2008-11-16 30856] R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2010-05-31 40368] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-12 28544] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-03-31 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-03-31 410528] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-12-08 239168] R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2013-12-31 18816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-16 67824] R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-06-04 117584] S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-09-07 51144] S2 aswFsBlk;aswFsBlk;\??\c:\windows\system32\drivers\aswFsBlk.sys --> c:\windows\system32\drivers\aswFsBlk.sys [?] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680] S2 SolutoService;Soluto PCGenome Core Service;"c:\program files\Soluto\SolutoService.exe" --> c:\program files\Soluto\SolutoService.exe [?] S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [2011-02-08 406016] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\519C.tmp --> c:\windows\system32\519C.tmp [?] S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [2011-12-31 74392] S3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2008-09-29 230784] S4 FSORSPClient;F-Secure ORSP Client;"c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe" --> c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-06-20 13:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2014-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:15] . 2014-01-03 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-08 19:39] . 2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 22:42] . 2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 22:42] . . ------- Skan uzupełniający ------- . uStart Page = about:blank mStart Page = about:blank IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel IE: E&ksportuj do programu Microsoft Excel IE: Pobierz za pomocą Mega Manager... LSP: c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 192.168.1.100 FF - ProfilePath - c:\documents and settings\Bogdan\Dane aplikacji\Mozilla\Firefox\Profiles\jeqga4c3.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{A903B7AE-3A5E-4B2A-ACAE-0AD3EDCF0F22} - (no file) ShellIconOverlayIdentifiers-{C3A29B1F-5C52-4D81-9BCB-2347D0F80A07} - (no file) ShellIconOverlayIdentifiers-{E4366784-B767-408D-B120-9E5318E650D1} - (no file) AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe AddRemove-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\uninst.exe AddRemove-Szkoła podstawowa klasa 6 – Tajemnice przyrody - c:\windows\IsUn0415.exe AddRemove-{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129} - c:\program files\HP\Digital Imaging\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}\setup\hpzscr01.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-01-03 19:40 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\519C.tmp" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'lsass.exe'(832) c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL . Czas ukończenia: 2014-01-03 19:42:18 ComboFix-quarantined-files.txt 2014-01-03 18:42 . Przed: 1 010 061 312 bajtów wolnych Po: 3 803 652 096 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - F0E83E55F338068D22B13A55E7858109 32052574BF9F325AE309ABC7BFD04460