ComboFix 13-06-08.02 - uy6 2013-06-12  14:20:54.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.991.686 [GMT 2:00]
Uruchomiony z: c:\documents and settings\uy6\Moje dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-05-12 do 2013-06-12  )))))))))))))))))))))))))))))))
.
.
2013-06-10 08:41 . 2002-12-05 12:10	155648	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2013-06-10 08:41 . 2002-12-05 12:12	692224	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2013-06-10 08:41 . 2002-12-02 13:22	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-06-10 08:41 . 2002-12-02 11:33	57344	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2013-06-10 08:41 . 2002-12-02 11:33	237568	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2013-06-10 08:41 . 2013-06-10 08:41	282756	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2013-06-10 08:41 . 2013-06-10 08:41	163972	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2013-06-10 08:23 . 2013-06-10 08:47	--------	d-----w-	c:\documents and settings\uy6\Dane aplikacji\PerformerSoft
2013-06-10 08:23 . 2012-12-19 13:53	18096	----a-w-	c:\windows\system32\roboot.exe
2013-06-10 08:21 . 2008-07-31 08:41	68616	----a-w-	c:\windows\system32\XAPOFX1_1.dll
2013-06-10 08:08 . 2013-06-10 17:51	--------	d-----w-	c:\windows\Logs
2013-06-10 07:48 . 2013-06-10 07:49	--------	d-----w-	c:\program files\ChickenInvadersUOPolish
2013-06-10 07:46 . 2013-06-10 07:46	--------	d-----w-	c:\program files\ChickenInvadersROTYEasterPolish
2013-06-10 07:03 . 2013-06-10 08:44	--------	d-----w-	c:\windows\SxsCaPendDel
2013-06-10 06:36 . 2013-06-10 06:36	--------	d-----w-	c:\windows\system32\wbem\Repository
2013-06-10 06:31 . 2013-06-10 07:02	--------	d-----w-	c:\program files\ipla
2013-06-10 06:30 . 2013-06-10 06:30	--------	d-----w-	c:\program files\Common Files\Java
2013-06-10 06:30 . 2013-06-10 06:30	--------	d-----w-	c:\program files\Java
2013-06-09 11:21 . 2013-06-09 11:21	--------	d-----w-	c:\documents and settings\uy6\Ustawienia lokalne\Dane aplikacji\AlawarWrapper
2013-06-09 11:21 . 2013-06-09 11:24	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AlawarWrapper
2013-06-09 11:21 . 2013-06-10 06:28	--------	d-----w-	c:\program files\DoubleGames.pl
2013-06-08 13:07 . 2013-06-10 07:46	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\InterAction studios
2013-06-08 13:07 . 2013-06-10 06:42	--------	d-----w-	c:\program files\ChickenInvadersTrilogyPolish
2013-05-18 08:18 . 2013-05-18 08:18	--------	d-----w-	c:\program files\PlayReady
2013-05-18 08:16 . 2013-06-10 06:39	--------	d-----w-	c:\documents and settings\uy6\Dane aplikacji\ipla
2013-05-18 08:16 . 2013-05-18 08:16	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\RDRM
2013-05-18 08:15 . 2013-05-18 08:15	348160	----a-w-	c:\windows\system32\msvcr71.dll
2013-05-18 08:15 . 2013-05-18 08:15	1060864	----a-w-	c:\windows\system32\mfc71.dll
2013-05-18 08:15 . 2013-05-18 08:15	1700352	----a-w-	c:\windows\system32\gdiplus.dll
2013-05-18 07:44 . 2012-06-02 13:18	275696	----a-w-	c:\windows\system32\mucltui.dll
2013-05-18 07:44 . 2012-06-02 13:18	214256	----a-w-	c:\windows\system32\muweb.dll
2013-05-17 13:36 . 2013-05-17 13:36	--------	d-----w-	c:\program files\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 08:59 . 2012-11-05 18:25	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-12 08:59 . 2012-11-05 18:25	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-10 08:41 . 2006-01-09 10:18	12160	----a-w-	c:\windows\system32\drivers\srvkp.sys
2013-06-10 08:41 . 2006-01-09 10:18	1570489	----a-w-	c:\windows\system32\sisgl.dll
2013-06-10 08:41 . 2006-01-09 10:03	1832960	----a-w-	c:\windows\system32\sisgrv.dll
2013-06-10 08:41 . 2006-01-09 09:59	242688	----a-w-	c:\windows\system32\drivers\sisgrp.sys
2013-06-10 08:41 . 2006-01-09 09:57	28672	----a-w-	c:\windows\system32\SiSPInst.dll
2013-04-16 22:26 . 2004-08-03 22:44	920064	----a-w-	c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2004-08-03 22:44	43520	------w-	c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2004-08-03 22:44	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-04-12 23:30 . 2004-08-03 22:36	385024	------w-	c:\windows\system32\html.iec
2013-04-12 14:01 . 2004-08-03 22:37	1876608	----a-w-	c:\windows\system32\win32k.sys
2013-03-31 19:42 . 2013-03-31 19:43	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-31 19:42 . 2013-03-31 19:43	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-03-31 19:42 . 2012-11-07 19:48	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-31 19:42 . 2012-11-07 19:48	782240	----a-w-	c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SiSPower"="SiSPower.dll" [2013-06-10 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2013-6-10 262144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 17:00	1818624	----a-w-	c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-09 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-09 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-09 21256]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-10 12:25	1165776	----a-w-	c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-05 08:59]
.
2013-06-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-09 22:50]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-05 12:57]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-05 12:57]
.
2013-06-11 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2013-03-28 17:54]
.
2013-06-12 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-03-28 17:54]
.
2013-06-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-03-28 17:54]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www1.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=CC36003005BD58EB
uInternet Connection Wizard,ShellNext = iexplore
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-12 14:25
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(1208)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Czas ukończenia: 2013-06-12  14:27:22
ComboFix-quarantined-files.txt  2013-06-12 12:27
ComboFix2.txt  2013-04-23 06:17
ComboFix3.txt  2013-02-05 15:25
.
Przed: 27 817 046 016 bajtów wolnych
Po: 27 816 411 136 bajtów wolnych
.
- - End Of File - - 98800071D85AA3DAD1CC4507AB59317E
32052574BF9F325AE309ABC7BFD04460