ComboFix 14-01-21.02 - admin 2014-01-03  16:40:33.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.479.41 [GMT 1:00]
Uruchomiony z: c:\docume~1\admin\USTAWI~1\Temp\Katalog tymczasowy 1 dla combofix.zip\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\lxpnkh.exe
C:\mgxfv.exe
C:\nlwb.pif
c:\windows\system32\NET06NMH.LOG
c:\windows\system32\SET97.tmp
c:\windows\system32\SET9B.tmp
c:\windows\system32\SETA4.tmp
D:\autorun.inf
D:\rgtr.exe
D:\rxhb.pif
D:\uaoc.pif
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_amsint32
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-12-03 do 2014-01-03  )))))))))))))))))))))))))))))))
.
.
2014-01-03 14:33 . 2009-06-30 09:37	28552	----a-w-	c:\windows\system32\drivers\pavboot.sys
2014-01-03 14:32 . 2014-01-03 14:32	--------	d-----w-	c:\program files\Panda Security
2014-01-03 14:26 . 2014-01-03 14:26	--------	d-----w-	c:\program files\SkanerOnline
2014-01-03 14:21 . 2014-01-03 14:21	--------	d-----w-	c:\program files\ESET
2013-12-30 14:39 . 2013-12-30 14:39	410528	----a-w-	c:\windows\system32\drivers\kwjiusbz.sys
2013-12-30 14:05 . 2013-12-30 14:10	--------	d-----r-	C:\2fiji.com
2013-12-29 13:06 . 2013-12-29 13:06	0	----a-w-	c:\windows\nseBF.tmp
2013-12-29 09:37 . 2007-08-07 12:35	49152	----a-w-	c:\program files\Mozilla Firefox\plugins\np32dsw.dll
2013-12-28 07:25 . 2013-12-28 07:25	166	---ha-w-	c:\windows\nslD5.tmp
2013-12-28 07:24 . 2013-12-28 07:24	0	----a-w-	c:\windows\nsyD1.tmp
2013-12-28 07:08 . 2010-05-14 09:13	643072	----a-w-	c:\windows\system32\ykx32ncu.dll
2013-12-28 07:07 . 2013-12-28 07:07	--------	d-----w-	c:\program files\Marvell
2013-12-28 07:07 . 2013-12-29 13:06	--------	d-----w-	c:\documents and settings\admin\Ustawienia lokalne\Dane aplikacji\TMP
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-03 15:13 . 2012-06-21 11:32	85504	--sh--r-	c:\windows\system32\ckvo0.dll
2012-06-01 15:38 . 2012-06-14 11:39	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2008-10-21 10:43	1625600	--sh--r-	c:\windows\system32\ckvo.exe
2006-10-25 08:32	94208	--sh--r-	c:\windows\system32\EXPLORER.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	123536	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_PLAY ONLINE"="c:\program files\PLAY ONLINE\UpdateDog\ouc.exe" [2009-04-14 167936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-06-20 1114112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 282624]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 135168]
"VTTimer"="VTTimer.exe" [2005-03-07 110592]
"VTTrayp"="VTtrayp.exe" [2005-03-11 204800]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 106496]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-15 671744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 87040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 288344]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\WINDOWS\\system32\\ckvo.exe"=
"c:\\WINDOWS\\system32\\VTTimer.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\2fiji.com"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\2fiji.com"=
"c:\\Program Files\\PLAY ONLINE\\UpdateDog\\ouc.exe"=
"c:\\Documents and Settings\\admin\\Dane aplikacji\\PLAY ONLINE\\ouc.exe"=
"c:\\WINDOWS\\system32\\VTtrayp.exe"=
"c:\\Program Files\\SONEL PE 2\\BIN\\SonelPE.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\PLAY ONLINE\\UpdateDog\\LiveUpdate.exe"=
"c:\\Documents and Settings\\admin\\Dane aplikacji\\PLAY ONLINE\\LiveUpdate.exe"=
"c:\\Program Files\\VIA\\RAID\\raid_tool.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\EXPLORER.EXE"=
"c:\\Program Files\\Windows Media Player\\wmdbexport.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=
"c:\\Program Files\\PLAY ONLINE\\PLAY ONLINE.exe"=
"c:\\Program Files\\Home Media Networks Limited\\ShowShifter\\Launch.exe"=
"c:\\WINDOWS\\Samsung\\PanelMgr\\SSMMgr.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\chcp.com"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2014-01-03 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-06-14 612184]
R2 FSHOOK;FSHOOK;c:\windows\system32\drivers\FSHOOK.SYS [2013-03-07 7040]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -/service --> c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -/service [?]
R3 dpti930;dpti930;\??\c:\windows\system32\drivers\hqrii.sys --> c:\windows\system32\drivers\hqrii.sys [?]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-06-22 72576]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [2004-08-04 14336]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-06-22 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-06-22 117504]
S3 kwjiusbz;kwjiusbz;kwjiusbz.sys --> kwjiusbz.sys [?]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x86l.sys [2010-05-14 65824]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x86v.sys [2010-05-14 20992]
S4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-06-14 20696]
S4 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-06-14 337880]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
yksvcs	REG_MULTI_SZ   	yksvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 09:28]
.
2014-01-03 c:\windows\Tasks\User_Feed_Synchronization-{93DF8422-9046-431A-B0CD-8908709E8CE4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\wjow9f1r.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-wsctf.exe - wsctf.exe
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
HKLM-Run-NWEReboot - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-03 16:49
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(1804)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\snmp.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
c:\documents and settings\admin\Dane aplikacji\PLAY ONLINE\ouc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Czas ukończenia: 2014-01-03  16:52:45 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2014-01-03 15:52
.
Przed: 30 853 025 792 bajtów wolnych
Po: 31 774 519 296 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=0 /fastdetect
.
- - End Of File - - 6EAC55A379DC00E26364CE7095C69556
32052574BF9F325AE309ABC7BFD04460