ComboFix 13-09-19.01 - KERAMTI 2013-09-22  12:03:12.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2046.1504 [GMT 2:00]
Uruchomiony z: g:\programy do komputera\ComboFix.exe
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\_isTmp_{8675309}\CapabilityTable.exe
c:\windows\TEMP\_isTmp_{8675309}\DPInst.exe
c:\windows\TEMP\_isTmp_{8675309}\DPInst_64.exe
c:\windows\TEMP\_isTmp_{8675309}\NVUninst-amd64.exe
c:\windows\TEMP\_isTmp_{8675309}\NVUninst.exe
c:\windows\TEMP\_isTmp_{8675309}\nvupnp-amd64.exe
c:\windows\TEMP\_isTmp_{8675309}\nvupnpbr.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WSYSSVC
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-08-22 do 2013-09-22  )))))))))))))))))))))))))))))))
.
.
2013-09-22 09:53 . 2013-09-22 09:53	--------	d-----w-	c:\program files\DLLSuite
2013-09-22 08:07 . 2013-09-22 08:07	159200	----a-w-	c:\documents and settings\KERAMTI\Dane aplikacji\CrashRpt1402.dll
2013-09-22 08:03 . 2013-09-22 08:03	--------	d-----w-	c:\documents and settings\KERAMTI\Ustawienia lokalne\Dane aplikacji\CrashRpt
2013-09-22 07:49 . 2013-09-22 07:49	--------	d-----w-	C:\FRST
2013-09-22 06:48 . 2013-09-22 06:48	--------	d-----w-	C:\found.000
2013-09-21 20:52 . 2013-09-21 20:52	--------	d-----w-	c:\documents and settings\KERAMTI\Dane aplikacji\Absolute Uninstaller
2013-09-21 20:51 . 2001-10-26 14:57	980034	----a-w-	c:\windows\system32\dllcache\cicap.sys
2013-09-21 20:48 . 2001-08-17 18:12	37916	----a-w-	c:\windows\system32\dllcache\cb102.sys
2013-09-21 20:47 . 2008-04-13 22:16	11776	----a-w-	c:\windows\system32\dllcache\bdasup.sys
2013-09-21 20:46 . 2001-08-17 18:19	747392	----a-w-	c:\windows\system32\dllcache\adm8830.sys
2013-09-21 19:09 . 2013-09-21 20:54	--------	d-----w-	c:\documents and settings\KERAMTI\Ustawienia lokalne\Dane aplikacji\iPQ
2013-09-21 19:09 . 2013-09-21 19:09	--------	d-----w-	c:\documents and settings\KERAMTI\Dane aplikacji\Plus Internet
2013-09-21 19:09 . 2013-09-21 19:09	--------	d-----w-	c:\program files\Plus Internet Monitor
2013-09-21 19:08 . 2012-09-28 06:53	9216	----a-w-	c:\windows\system32\drivers\massfilter.sys
2013-09-21 19:08 . 2012-09-28 06:53	130048	----a-w-	c:\windows\system32\drivers\ZTEusbnet.sys
2013-09-21 19:08 . 2012-09-28 06:53	107520	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys
2013-09-21 19:08 . 2012-09-28 06:53	107520	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys
2013-09-21 19:08 . 2012-09-28 06:53	107520	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys
2013-09-21 19:08 . 2013-09-21 19:08	--------	d-----w-	c:\program files\Plus Internet
2013-09-21 18:31 . 2006-04-15 03:09	34176	----a-r-	c:\windows\system32\drivers\NVENETFD.sys
2013-09-21 18:31 . 2006-04-15 03:07	203776	----a-r-	c:\windows\system32\fdco1.dll
2013-09-21 18:31 . 2006-04-15 03:08	101888	----a-r-	c:\windows\system32\drivers\nvtcp.sys
2013-09-21 18:31 . 2006-03-15 04:44	176128	----a-w-	c:\windows\system32\nvunrm.exe
2013-09-21 18:31 . 2013-09-21 18:31	--------	d-----w-	c:\windows\NV19362812.TMP
2013-09-21 18:31 . 2006-04-15 03:09	13056	----a-r-	c:\windows\system32\drivers\nvnetbus.sys
2013-09-21 18:31 . 2006-04-15 03:08	305152	----a-r-	c:\windows\system32\drivers\nvnrm.sys
2013-09-21 18:31 . 2006-04-15 03:08	222720	----a-r-	c:\windows\system32\drivers\nvsnpu.sys
2013-09-21 18:31 . 2006-04-15 03:07	9728	----a-r-	c:\windows\system32\bdco1.dll
2013-09-21 18:31 . 2006-03-15 04:45	35840	----a-r-	c:\windows\system32\nvconrm.dll
2013-09-21 17:51 . 2013-09-21 17:51	--------	d-----w-	c:\windows\NV5722632.TMP
2013-09-21 17:37 . 2013-09-21 17:37	--------	d-----w-	c:\windows\NV16442644.TMP
2013-09-21 17:13 . 2013-09-21 17:13	--------	d-----w-	c:\documents and settings\KERAMTI\Dane aplikacji\InstallShield
2013-09-21 17:07 . 2013-08-30 07:48	369584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-09-21 17:07 . 2013-08-30 07:48	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-09-21 17:07 . 2013-08-30 07:48	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-09-21 17:07 . 2013-08-30 07:48	177864	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-09-21 17:07 . 2013-08-30 07:48	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-09-21 17:07 . 2013-08-30 07:48	49760	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2013-09-21 17:07 . 2013-08-30 07:48	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-09-21 17:07 . 2013-08-30 07:48	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-09-21 17:07 . 2013-08-30 07:47	229648	----a-w-	c:\windows\system32\aswBoot.exe
2013-09-21 17:07 . 2013-08-30 07:47	41664	----a-w-	c:\windows\avastSS.scr
2013-09-21 16:36 . 2007-06-28 17:16	266240	------r-	c:\windows\Cmi6501Uninstall.exe
2013-09-21 16:35 . 2013-09-21 16:35	--------	d-----w-	c:\program files\C-Media 6501 Sound
2013-09-21 16:33 . 2004-02-26 22:00	962612	----a-w-	c:\windows\system32\mfc42d.dll
2013-09-21 16:33 . 2004-02-16 22:00	434252	----a-w-	c:\windows\system32\MSVCRTD.DLL
2013-09-21 16:33 . 2006-10-19 01:11	12096	----a-w-	c:\windows\system32\drivers\AsInsHelp64.sys
2013-09-21 16:33 . 2006-10-19 01:11	10304	----a-w-	c:\windows\system32\drivers\AsInsHelp32.sys
2013-09-21 16:29 . 2013-09-21 16:29	--------	d-----w-	c:\windows\NV22962532.TMP
2013-09-21 15:12 . 2013-09-21 15:12	--------	d-----w-	c:\program files\BeniaminNet
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-03 11:30 . 2012-12-27 22:39	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-03 11:30 . 2012-12-27 22:39	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[7] 2008-04-14 . EBEF7EDB0DF1B4BF195FDA7CCFB7AC30 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-07-13 . A29DE506E89C131C0AACC86047CB1373 . 3856896 . . [7.00.6000.20591] . . c:\windows\system32\mshtml.dll
.
[7] 2008-04-14 . AF3C3F051675CF688EAD4065FE11542D . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47	121968	----a-w-	e:\antywirus\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dyps"="e:\magister.{208d2c60-3aea-1069-a2d7-08002b30309d}\services.exe" [2007-08-15 2079232]
"avastusb"="c:\users\Public\SysSettings\avastusb.exe" [2012-09-19 49152]
"avast"="e:\antywirus\avastUI.exe" [2013-08-30 4858968]
"Plus Internet"="c:\program files\Plus Internet\PlusInternetChecker.exe" [2012-09-28 645040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Ablegat"="e:\magister.{208d2c60-3aea-1069-a2d7-08002b30309d}\Ablegat.exe" [2007-08-15 436224]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-04-14 100864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /k:C /k:D *\0aswBoot.exe /M:179cd2960
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StartCCC"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\cs\\hl.exe"=
"e:\\SKYPE\\Phone\\Skype.exe"=
"e:\\OFFICE 2010\\Office14\\GROOVE.EXE"=
"e:\\OFFICE 2010\\Office14\\ONENOTE.EXE"=
"e:\\OFFICE 2010\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"e:\\cs\\hl.exe"=
"e:\\ares\\Ares.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\MicroVoltsDownloader\\MVDownloader.exe"=
"d:\\GRY\\Metin2\\metin2client.bin"=
"d:\\GRY\\Virtualmt2\\VirtualMT2 (bez patchera).exe"=
"d:\\GRY\\tiveriaaa\\tiveriannie\\Tiveria\\game.bin"=
"d:\\hamachi\\Metin2\\metin2client.bin"=
"d:\\GRY\\mw2\\Steam.exe"=
"d:\\GRY\\EliteMT2\\metin2.bin"=
"d:\\GRY\\Virtualmt2\\metin2.bin"=
"d:\\GRY\\Delta Force Xtreme\\dfx.exe"=
"d:\\GRY\\Balmora\\metin2client.dll"=
"d:\\VirtualMT2\\VirtualMT2 (bez patchera).exe"=
"d:\\Ethana.Eu - Official Client 06.09.2013\\Ethana.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9191:TCP"= 9191:TCP:BnmnService
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-09-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-09-21 177864]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2007-10-17 16640]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-09-21 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-09-21 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-09-21 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-09-21 66336]
R2 Guardian_;Guardian_;c:\users\Public\AppData\avastusb_guardian.exe [2013-02-02 24064]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2012-12-22 1310720]
S0 iqsb;iqsb;c:\windows\system32\drivers\alrccl.sys --> c:\windows\system32\drivers\alrccl.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FairplayKD;FairplayKD;\??\c:\documents and settings\All Users\Dane aplikacji\MTA San Andreas All\Common\temp\FairplayKD.sys --> c:\documents and settings\All Users\Dane aplikacji\MTA San Andreas All\Common\temp\FairplayKD.sys [?]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2013-09-21 9216]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2013-09-21 130048]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2012-12-27 260992]
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-09-22 c:\windows\Tasks\avast! Emergency Update.job
- e:\antywirus\AvastEmUpdate.exe [2013-09-21 07:47]
.
2013-09-22 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files\Glary Utilities 3\Initialize.exe [2013-07-22 07:32]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40
FF - ProfilePath - c:\documents and settings\KERAMTI\Dane aplikacji\Mozilla\Firefox\Profiles\dh3hwabm.default-1375527670265\
FF - prefs.js: browser.startup.homepage - www.wp.pl
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - 29.0.1547.66\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-22 12:13
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3644)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
e:\office~1\Office14\1045\GrooveIntlResource.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
e:\antywirus\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\Install\{7C8D85B3-C264-4F4B-BCB1-3E11D0200F18}\29.0.1547.76_29.0.1547.66_chrome_updater.exe
c:\windows\system32\config\SYSTEM~1\USTAWI~1\Temp\CR_5CD50.tmp\setup.exe
c:\windows\system32\wscntfy.exe
c:\program files\Glary Utilities 3\Integrator.exe
.
**************************************************************************
.
Czas ukończenia: 2013-09-22  12:14:53 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2013-09-22 10:14
.
Przed: 38 130 716 672 bajtów wolnych
Po: 38 123 769 856 bajtów wolnych
.
- - End Of File - - 1CBECD64EE0F9F122ED37A5DFF61B1D9
32052574BF9F325AE309ABC7BFD04460