ComboFix 14-05-19.01 - Paluch 2014-05-23  23:08:29.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3326.1728 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Paluch\Moje dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\MaxTdss.sys
c:\windows\system32\roboot.exe
c:\windows\system32\TZLog.log
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_004
-------\Service_MaxTdss
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-04-23 do 2014-05-23  )))))))))))))))))))))))))))))))
.
.
2014-05-23 20:28 . 2014-05-23 20:28	--------	d-sh--w-	c:\documents and settings\LocalService.ZARZĄDZANIE NT\IETldCache
2014-05-23 20:27 . 2014-05-10 14:07	117248	----a-w-	c:\windows\system32\MaxNative.exe
2014-05-23 20:27 . 2014-05-14 09:36	77792	----a-w-	c:\windows\system32\drivers\MaxProtector64.sys
2014-05-23 20:27 . 2014-05-14 09:36	68576	----a-w-	c:\windows\system32\drivers\MaxProc64.sys
2014-05-23 20:27 . 2014-05-14 09:36	74208	----a-w-	c:\windows\system32\drivers\SDActMon2K.sys
2014-05-23 20:27 . 2014-05-23 20:51	--------	d-----w-	c:\program files\Max Spyware Detector
2014-05-23 20:27 . 2014-05-14 09:36	13280	----a-w-	c:\windows\system32\drivers\004.sys
2014-05-23 20:27 . 2014-05-14 09:36	85984	----a-w-	c:\windows\system32\drivers\MaxProtector32.sys
2014-05-23 20:27 . 2014-05-14 09:36	69432	----a-w-	c:\windows\system32\drivers\MaxMgr.sys
2014-05-23 20:27 . 2014-05-14 09:36	123360	----a-w-	c:\windows\system32\drivers\SDActMon.sys
2014-05-23 19:43 . 2014-05-23 20:27	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Max Secure
2014-05-23 17:33 . 2014-05-23 17:30	5310224	----a-w-	c:\documents and settings\All Users\Dane aplikacji\pclunst.exe
2014-05-23 17:33 . 2014-05-23 17:33	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PC Cleaners
2014-05-23 17:33 . 2014-05-23 18:48	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PC1Data
2014-05-23 15:12 . 2014-05-23 18:04	2532	----a-w-	c:\windows\system32\ASOROSet.bin
2014-05-20 17:04 . 2014-05-20 17:04	--------	d-----w-	c:\program files\Common Files\Skype
2014-05-20 17:04 . 2014-05-20 17:04	--------	d-----r-	c:\program files\Skype
2014-05-20 17:04 . 2014-05-20 17:04	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype
2014-05-18 15:11 . 2014-05-18 15:11	--------	d--h--w-	c:\windows\msdownld.tmp
2014-05-18 15:05 . 2014-05-18 17:42	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\WarThunder
2014-05-16 18:05 . 2014-05-16 18:05	--------	d-----w-	c:\windows\Logs
2014-05-16 17:42 . 2014-05-16 17:42	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\LumaEmu_SteamCloud
2014-05-16 13:10 . 2009-09-16 05:02	27136	----a-w-	c:\windows\system32\drivers\tap0901t.sys
2014-05-15 21:52 . 2014-05-15 21:52	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Package Cache
2014-05-15 16:31 . 2014-05-15 16:31	--------	d-----w-	c:\windows\system32\LogFiles
2014-05-15 15:24 . 2014-05-15 15:24	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ATI
2014-05-15 15:09 . 2014-05-15 15:09	0	----a-w-	c:\windows\ativpsrm.bin
2014-05-14 19:42 . 2014-05-15 15:10	--------	d-----w-	c:\program files\ATI Technologies
2014-05-14 19:41 . 2014-05-14 19:41	--------	d-----w-	c:\program files\ATI
2014-05-14 19:40 . 2014-05-14 19:40	--------	d-----w-	C:\AMD
2014-05-14 19:07 . 2010-08-31 14:28	1251944	------w-	c:\windows\RtlExUpd.dll
2014-05-14 19:07 . 2014-05-14 19:07	--------	d-----w-	c:\program files\Common Files\InstallShield
2014-05-14 17:22 . 2014-05-14 17:22	--------	d-----w-	c:\program files\AVAST Software
2014-05-14 17:21 . 2014-05-14 17:21	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AVAST Software
2014-05-14 16:38 . 2014-05-14 19:08	--------	d--h--w-	c:\program files\InstallShield Installation Information
2014-05-14 16:38 . 2011-04-08 11:31	1076968	----a-w-	c:\windows\system32\rtl8192cu.sys
2014-05-14 16:38 . 2011-04-08 11:31	1076968	----a-w-	c:\windows\system32\drivers\RTL8192cu.sys
2014-05-14 16:38 . 2014-05-23 18:02	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\TP-LINK
2014-05-14 16:34 . 2014-05-23 18:04	--------	d-----w-	c:\documents and settings\Paluch
2014-05-14 15:47 . 2008-04-14 20:50	21504	----a-w-	c:\windows\system32\hidserv.dll
2014-05-14 15:47 . 2008-04-14 20:50	21504	----a-w-	c:\windows\system32\dllcache\hidserv.dll
2014-05-14 15:47 . 2008-04-14 19:50	14720	----a-w-	c:\windows\system32\drivers\kbdhid.sys
2014-05-14 15:47 . 2008-04-14 19:50	14720	----a-w-	c:\windows\system32\dllcache\kbdhid.sys
2014-05-13 15:59 . 2014-02-26 23:28	13312	------w-	c:\windows\system32\xp_eos.exe
2014-05-13 15:59 . 2014-02-26 23:28	13312	------w-	c:\windows\system32\dllcache\xp_eos.exe
2014-05-13 15:59 . 2013-07-03 02:12	25088	------w-	c:\windows\system32\dllcache\hidparse.sys
2014-05-13 15:59 . 2013-07-03 01:59	14976	------w-	c:\windows\system32\dllcache\usbscan.sys
2014-05-13 15:58 . 2013-07-17 00:58	123008	------w-	c:\windows\system32\dllcache\usbvideo.sys
2014-05-13 15:58 . 2013-07-17 00:58	46848	------w-	c:\windows\system32\dllcache\irbus.sys
2014-05-13 15:58 . 2013-07-17 00:58	60160	------w-	c:\windows\system32\dllcache\usbaudio.sys
2014-05-13 15:58 . 2013-08-09 00:55	144128	------w-	c:\windows\system32\dllcache\usbport.sys
2014-05-13 15:58 . 2013-08-09 00:55	32384	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2014-05-13 15:58 . 2013-08-09 00:55	32384	----a-w-	c:\windows\system32\dllcache\usbccgp.sys
2014-05-13 15:58 . 2013-08-09 00:55	5376	------w-	c:\windows\system32\dllcache\usbd.sys
2014-05-13 15:58 . 2009-03-18 11:02	30336	------w-	c:\windows\system32\dllcache\usbehci.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 17:44 . 2014-05-14 17:44	776976	----a-w-	c:\windows\system32\drivers\aswsnx.sys.1400163052984
2014-05-14 17:44 . 2014-05-14 17:44	54832	----a-w-	c:\windows\system32\drivers\aswrdr.sys.1400163052984
2014-03-06 17:58 . 2002-09-28 21:00	920064	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2002-09-28 21:00	43520	------w-	c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2002-09-28 21:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2014-03-06 17:58 . 2002-09-28 21:00	18944	----a-w-	c:\windows\system32\corpol.dll
2014-03-06 00:50 . 2009-01-05 12:49	385024	------w-	c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-14 17:44	260976	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\gry\Steam\steam.exe" [2014-05-21 1775808]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"PC Cleaners"="c:\documents and settings\All Users\Dane aplikacji\PC Cleaners\PCCleaners.exe" [2014-05-23 69345552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-14 3873704]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2014-01-07 98304]
"SDActiveMonitor"="c:\program files\Max Spyware Detector\MaxSDTray.exe" [2014-05-14 1091552]
"MaxUSBProc"="c:\program files\Max Spyware Detector\MaxUSBProc.exe" [2014-05-14 447968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\µTorrent\\uTorrent.exe"=
"d:\\Gry\\Steam\\Steam.exe"=
"d:\\Gry\\Steam\\SteamApps\\common\\War Thunder\\launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\programy\µTorrent\uTorrent.exe"= 
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2014-05-14 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [2014-05-14 252464]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-05-14 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-05-14 180632]
R0 MaxMgr;MaxMgr;c:\windows\system32\drivers\MaxMgr.sys [2014-05-23 69432]
R0 SDActMon;SDActMon;c:\windows\system32\drivers\SDActMon.sys [2014-05-23 123360]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-05-14 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-05-14 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-05-14 411680]
R1 MaxProtector32;MaxProtector32;c:\windows\system32\drivers\MaxProtector32.sys [2014-05-23 85984]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-05-14 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-05-14 67824]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-05-14 109048]
R2 MaxMerger;MaxMerger;c:\program files\Max Spyware Detector\MaxMerger.exe [2014-05-23 307168]
R2 MaxWatchDogService;MaxWatchDogService;c:\program files\Max Spyware Detector\MaxWatchDogService.exe [2014-05-23 653280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2014-05-14 103040]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2014-05-14 1691480]
S3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\RTL8192cu.sys [2014-05-14 1076968]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 19:52	1091912	----a-w-	c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-05-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-14 17:44]
.
2014-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-14 16:40]
.
2014-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-14 16:40]
.
2014-05-23 c:\windows\Tasks\PC Cleaner Pro Optimization.job
- c:\documents and settings\All Users\Dane aplikacji\PC Cleaners\PCCleaners.exe [2014-05-23 17:33]
.
2014-05-23 c:\windows\Tasks\PC Cleaner Pro Update Job.job
- c:\documents and settings\All Users\Dane aplikacji\PC Cleaners\PCCleaners.exe [2014-05-23 17:33]
.
2014-05-14 c:\windows\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job
- c:\windows\system32\xp_eos.exe [2014-05-13 23:28]
.
2014-05-23 c:\windows\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job
- c:\windows\system32\xp_eos.exe [2014-05-13 23:28]
.
2014-05-23 c:\windows\Tasks\User_Feed_Synchronization-{C37361E3-524F-4FCD-B374-036DC6E8BE2C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = https://www.google.pl/
TCP: DhcpNameServer = 23.253.94.129 8.8.8.8
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-uTorrent - d:\programy\µTorrent\uTorrent.exe
HKLM-Run-SDAutoScan - (no file)
AddRemove-uTorrent - d:\programy\µTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-23 23:13
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  Shell = Explorer.exe? 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  Userinit = c:\windows\system32\userinit.exe,? 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3860)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files\Max Spyware Detector\MaxActMon.exe
c:\program files\Max Spyware Detector\MaxDBServer.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Czas ukończenia: 2014-05-23  23:15:57 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2014-05-23 21:15
.
Przed: 337 695 383 552 bajtów wolnych
Po: 337 706 876 928 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Nvidia + i865 Nod32" /fastdetect /NoExecute=OptIn
C:\ = "Microsoft Windows"
.
- - End Of File - - 037372581656EBC5254012EB7DAC6E26
32052574BF9F325AE309ABC7BFD04460