ComboFix 12-10-10.02 - Ja i nikt inny 2012-10-10  16:48:11.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2038.1349 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Ja i nikt inny\Moje dokumenty\Pobieranie\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ja i nikt inny\bulirizkonyd.exe
c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\sLT.exf
c:\program files\Internet Explorer\dmlconf.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
c:\windows\system32\spoolsv.exe . . . jest zainfekowany!!
.
c:\windows\explorer.exe . . . jest zainfekowany!!
.
c:\windows\system32\clipsrv.exe . . . jest zainfekowany!!
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HOST_GENERIC_PROCESS
-------\Legacy_NPF
-------\Legacy_NVUPDSERVICE
-------\Service_Host Generic Process
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-09-10 do 2012-10-10  )))))))))))))))))))))))))))))))
.
.
2012-10-10 05:35 . 2012-10-10 05:35	--------	d-----w-	C:\_OTL
2012-10-09 19:34 . 2012-10-09 19:34	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-09-23 18:01 . 2012-09-23 18:01	--------	d-----w-	C:\Intel
2012-09-23 17:23 . 2012-09-23 17:23	--------	d-----w-	C:\stery
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 19:35 . 2009-06-30 19:32	455936	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2012-10-09 18:53 . 2008-04-15 11:00	285696	----a-w-	c:\windows\winhlp32.exe
2012-10-09 18:53 . 2008-04-15 11:00	25600	----a-w-	c:\windows\twunk_32.exe
2012-10-09 18:53 . 2009-06-30 18:57	146432	----a-w-	c:\windows\system32\wudfhost.exe
2012-10-09 18:53 . 2008-04-15 11:00	32256	----a-w-	c:\windows\system32\wupdmgr.exe
2012-10-09 18:53 . 2008-04-15 11:00	30720	----a-w-	c:\windows\system32\xcopy.exe
2012-10-09 18:52 . 2008-04-15 11:00	155648	----a-w-	c:\windows\system32\wscript.exe
2012-10-09 18:52 . 2008-04-15 11:00	13824	----a-w-	c:\windows\system32\wscntfy.exe
2012-10-09 18:52 . 2008-04-15 11:00	11776	----a-w-	c:\windows\system32\wpnpinst.exe
2012-10-09 18:52 . 2009-06-30 18:57	17408	----a-w-	c:\windows\system32\wpdshextautoplay.exe
2012-10-09 18:52 . 2008-04-15 11:00	32256	----a-w-	c:\windows\system32\wpabaln.exe
2012-10-09 18:52 . 2008-04-15 11:00	5632	----a-w-	c:\windows\system32\winver.exe
2012-10-09 18:52 . 2008-04-15 11:00	8192	----a-w-	c:\windows\system32\winhlp32.exe
2012-10-09 18:52 . 2008-04-15 11:00	66048	----a-w-	c:\windows\system32\wextract.exe
2012-10-09 18:52 . 2008-04-15 11:00	435712	----a-w-	c:\windows\system32\wiaacmgr.exe
2012-10-09 18:52 . 2008-04-15 11:00	11776	----a-w-	c:\windows\system32\winmsd.exe
2012-10-09 18:52 . 2009-06-30 18:56	8704	----a-w-	c:\windows\system32\wdfmgr.exe
2012-10-09 18:52 . 2008-04-15 11:00	51200	----a-w-	c:\windows\system32\w32tm.exe
2012-10-09 18:52 . 2008-04-15 11:00	33792	----a-w-	c:\windows\system32\vssadmin.exe
2012-10-09 18:52 . 2008-04-15 11:00	291840	----a-w-	c:\windows\system32\vssvc.exe
2012-10-09 18:52 . 2008-04-15 11:00	102400	----a-w-	c:\windows\system32\verifier.exe
2012-10-09 18:52 . 2009-06-30 18:56	8704	----a-w-	c:\windows\system32\uWDF.exe
2012-10-09 18:52 . 2008-04-15 11:00	50176	----a-w-	c:\windows\system32\utilman.exe
2012-10-09 18:52 . 2008-04-15 11:00	28672	----a-w-	c:\windows\system32\verclsid.exe
2012-10-09 18:52 . 2001-10-26 15:30	77824	----a-w-	c:\windows\system32\usrmlnka.exe
2012-10-09 18:52 . 2001-10-26 15:30	69632	----a-w-	c:\windows\system32\usrshuta.exe
2012-10-09 18:52 . 2001-08-18 04:37	61440	----a-w-	c:\windows\system32\usrprbda.exe
2012-10-09 18:52 . 2008-04-15 11:00	4096	----a-w-	c:\windows\system32\unlodctr.exe
2012-10-09 18:52 . 2008-04-15 11:00	26624	----a-w-	c:\windows\system32\userinit.exe
2012-10-09 18:52 . 2008-04-15 11:00	18432	----a-w-	c:\windows\system32\ups.exe
2012-10-09 18:52 . 2008-04-15 11:00	16896	----a-w-	c:\windows\system32\upnpcont.exe
2012-10-09 18:52 . 2008-04-15 11:00	36864	----a-w-	c:\windows\system32\typeperf.exe
2012-10-09 18:52 . 2008-04-15 11:00	32256	----a-w-	c:\windows\system32\tracert6.exe
2012-10-09 18:52 . 2008-04-15 11:00	12800	----a-w-	c:\windows\system32\tracert.exe
2012-10-09 18:52 . 2008-04-15 11:00	347136	----a-w-	c:\windows\system32\tourstart.exe
2012-10-09 18:52 . 2008-04-15 11:00	260096	----a-w-	c:\windows\system32\tracerpt.exe
2012-10-09 18:52 . 2008-04-15 11:00	80384	----a-w-	c:\windows\system32\tlntsess.exe
2012-10-09 18:52 . 2008-04-15 11:00	79360	----a-w-	c:\windows\system32\tasklist.exe
2012-10-09 18:52 . 2008-04-15 11:00	77824	----a-w-	c:\windows\system32\telnet.exe
2012-10-09 18:52 . 2008-04-15 11:00	75264	----a-w-	c:\windows\system32\tlntsvr.exe
2012-10-09 18:52 . 2008-04-15 11:00	63488	----a-w-	c:\windows\system32\tlntadmn.exe
2012-10-09 18:52 . 2008-04-15 11:00	19456	----a-w-	c:\windows\system32\tcpsvcs.exe
2012-10-09 18:52 . 2008-04-15 11:00	16896	----a-w-	c:\windows\system32\tftp.exe
2012-10-09 18:52 . 2008-04-15 11:00	15360	----a-w-	c:\windows\system32\taskman.exe
2012-10-09 18:52 . 2008-04-15 11:00	139776	----a-w-	c:\windows\system32\taskmgr.exe
2012-10-09 18:52 . 2008-04-15 11:00	13312	----a-w-	c:\windows\system32\tcmsetup.exe
2012-10-09 18:52 . 2008-04-15 11:00	78848	----a-w-	c:\windows\system32\taskkill.exe
2012-10-09 18:52 . 2008-04-15 11:00	73728	----a-w-	c:\windows\system32\systeminfo.exe
2012-10-09 18:52 . 2008-04-15 11:00	51200	----a-w-	c:\windows\system32\syncapp.exe
2012-10-09 18:52 . 2008-04-15 11:00	37376	----a-w-	c:\windows\system32\syskey.exe
2012-10-09 18:52 . 2008-04-15 11:00	3072	----a-w-	c:\windows\system32\systray.exe
2012-10-09 18:52 . 2008-04-15 11:00	107008	----a-w-	c:\windows\system32\sysocmgr.exe
2012-10-09 18:52 . 2008-04-15 11:00	9216	----a-w-	c:\windows\system32\subst.exe
2012-10-09 18:52 . 2008-04-15 11:00	679936	----a-w-	c:\windows\system32\sstext3d.scr
2012-10-09 18:52 . 2008-04-15 11:00	610304	----a-w-	c:\windows\system32\sspipes.scr
2012-10-09 18:52 . 2008-04-15 11:00	47104	----a-w-	c:\windows\system32\ssmypics.scr
2012-10-09 18:52 . 2008-04-15 11:00	393216	----a-w-	c:\windows\system32\ssflwbox.scr
2012-10-09 18:52 . 2008-04-15 11:00	20992	----a-w-	c:\windows\system32\ssmarque.scr
2012-10-09 18:52 . 2008-04-15 11:00	18944	----a-w-	c:\windows\system32\ssmyst.scr
2012-10-09 18:52 . 2008-04-15 11:00	14848	----a-w-	c:\windows\system32\stimon.exe
2012-10-09 18:52 . 2008-04-15 11:00	14336	----a-w-	c:\windows\system32\ssstars.scr
2012-10-09 18:52 . 2008-04-15 11:00	708608	----a-w-	c:\windows\system32\ss3dfo.scr
2012-10-09 18:52 . 2008-04-15 11:00	57856	----a-w-	c:\windows\system32\spoolsv.exe
2012-10-09 18:52 . 2008-04-15 11:00	19968	----a-w-	c:\windows\system32\ssbezier.scr
2012-10-09 18:52 . 2008-04-15 11:00	12800	----a-w-	c:\windows\system32\spiisupd.exe
2012-10-09 18:52 . 2008-04-15 11:00	11264	----a-w-	c:\windows\system32\spnpinst.exe
2012-10-09 18:52 . 2008-04-15 11:00	91136	----a-w-	c:\windows\system32\smlogsvc.exe
2012-10-09 18:52 . 2008-04-15 11:00	78336	----a-w-	c:\windows\system32\shrpubw.exe
2012-10-09 18:52 . 2008-04-15 11:00	70656	----a-w-	c:\windows\system32\sigverif.exe
2012-10-09 18:52 . 2008-04-15 11:00	26112	----a-w-	c:\windows\system32\skeys.exe
2012-10-09 18:52 . 2008-04-15 11:00	24576	----a-w-	c:\windows\system32\sort.exe
2012-10-09 18:52 . 2008-04-15 11:00	20480	----a-w-	c:\windows\system32\shutdown.exe
2012-10-09 18:52 . 2008-04-15 11:00	9728	----a-w-	c:\windows\system32\sfc.exe
2012-10-09 18:52 . 2008-04-15 11:00	45056	----a-w-	c:\windows\system32\shmgrate.exe
2012-10-09 18:52 . 2008-04-15 11:00	32768	----a-w-	c:\windows\system32\setupn.exe
2012-10-09 18:52 . 2008-04-15 11:00	23040	----a-w-	c:\windows\system32\setup.exe
2012-10-09 18:52 . 2008-04-15 11:00	98304	----a-w-	c:\windows\system32\scardsvr.exe
2012-10-09 18:52 . 2008-04-15 11:00	9216	----a-w-	c:\windows\system32\scrnsave.scr
2012-10-09 18:52 . 2008-04-15 11:00	77824	----a-w-	c:\windows\system32\sdbinst.exe
2012-10-09 18:52 . 2008-04-15 11:00	32768	----a-w-	c:\windows\system32\sethc.exe
2012-10-09 18:52 . 2008-04-15 11:00	19456	----a-w-	c:\windows\system32\secedit.exe
2012-10-09 18:52 . 2008-04-15 11:00	128000	----a-w-	c:\windows\system32\schtasks.exe
2012-10-09 18:52 . 2008-04-15 11:00	77824	----a-w-	c:\windows\system32\rtcshare.exe
2012-10-09 18:52 . 2008-04-15 11:00	62976	----a-w-	c:\windows\system32\rsopprov.exe
2012-10-09 18:52 . 2008-04-15 11:00	54272	----a-w-	c:\windows\system32\rsm.exe
2012-10-09 18:52 . 2008-04-15 11:00	49152	----a-w-	c:\windows\system32\rsmui.exe
2012-10-09 18:52 . 2008-04-15 11:00	33280	----a-w-	c:\windows\system32\rundll32.exe
2012-10-09 18:52 . 2008-04-15 11:00	31232	----a-w-	c:\windows\system32\sc.exe
2012-10-09 18:52 . 2008-04-15 11:00	24576	----a-w-	c:\windows\system32\rsmsink.exe
2012-10-09 18:52 . 2008-04-15 11:00	16896	----a-w-	c:\windows\system32\runas.exe
2012-10-09 18:52 . 2008-04-15 11:00	14336	----a-w-	c:\windows\system32\runonce.exe
2012-10-09 18:52 . 2008-04-15 11:00	13824	----a-w-	c:\windows\system32\savedump.exe
2012-10-09 18:52 . 2008-04-15 11:00	132608	----a-w-	c:\windows\system32\rsvp.exe
2012-10-09 18:52 . 2008-04-15 11:00	107520	----a-w-	c:\windows\system32\rsnotify.exe
2012-10-09 18:52 . 2008-04-15 11:00	4608	----a-w-	c:\windows\system32\regwiz.exe
2012-10-09 18:52 . 2008-04-15 11:00	33792	----a-w-	c:\windows\system32\relog.exe
2012-10-09 18:52 . 2008-04-15 11:00	25600	----a-w-	c:\windows\system32\routemon.exe
2012-10-09 18:52 . 2008-04-15 11:00	20480	----a-w-	c:\windows\system32\route.exe
2012-10-09 18:52 . 2008-04-15 11:00	15360	----a-w-	c:\windows\system32\rsh.exe
2012-10-09 18:52 . 2008-04-15 11:00	14336	----a-w-	c:\windows\system32\rexec.exe
2012-09-06 01:26 . 2012-09-23 17:35	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-06-30 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2012-10-09 . 9D1989D024F95BAADEB367A8027CF844 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
.
[-] 2012-10-09 . 7C6E94047B81B2DCD0982B1DC75EF9C7 . 112128 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
.
[-] 2009-06-30 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
.
[-] 2012-10-09 . 6A714C064EDD33E215B65618373CEF39 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
.
[-] 2009-06-30 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
.
[-] 2012-10-09 . 152658C34606C312F37F49F4C8C2BE69 . 1035264 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2012-10-09 . 1E401129F94E4344B9C67E255B2EED21 . 149504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2012-10-09 . 925282AF1CA600167E6893D0F033EF35 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2012-10-09 . CEBAB186A2DEF0837C53076F5B636934 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2012-10-09 868352]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2012-10-09 17408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"fo8fjmv"=c:\documents and settings\Ja i nikt inny\Dane aplikacji\82cv9eew.exe
"kusnowearugc"=c:\documents and settings\All Users\kusnowearugc.exe
"qykopigturuq"=c:\documents and settings\All Users\qykopigturuq.exe
"beanifkeafal"=c:\documents and settings\All Users\beanifkeafal.exe
"smwcore"=c:\windows\TEMP\VRT3.tmp
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-06 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-06 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-06 22856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-23 114144]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 12:35]
.
2012-10-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-09-23 19:59]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Ja i nikt inny\Dane aplikacji\Mozilla\Firefox\Profiles\n6n8uf7t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-bulirizkonyd - c:\documents and settings\Ja i nikt inny\bulirizkonyd.exe
HKU-Default-Run-tcpudp - c:\windows\VRTB.tmp
HKU-Default-Run-Intel - c:\documents and settings\Ja i nikt inny\Dane aplikacji\Intel.exe
HKU-Default-Explorer_Run-Intel - c:\documents and settings\Ja i nikt inny\Dane aplikacji\Intel.exe
SafeBoot-42077351.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-10 20:25
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(708)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2012-10-10  20:27:18 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-10-10 18:27
.
Przed: 6 307 164 160 bajtów wolnych
Po: 6 242 607 104 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="USB Repair NOT to Start Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 088B064B1E934CD32367349145171D90