ComboFix 14-10-29.01 - Administrator 2014-10-30 11:19:24.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1485 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Moje dokumenty\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . [i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i] . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\TEMP c:\windows\$msi31uninstall_kb893803v2$ c:\windows\$msi31uninstall_kb893803v2$\msi.dll c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll c:\windows\$msi31uninstall_kb893803v2$\msisip.dll c:\windows\$msi31uninstall_kb893803v2$\reg00013 c:\windows\$msi31uninstall_kb893803v2$\reg00014 c:\windows\$msi31uninstall_kb893803v2$\reg00015 c:\windows\$msi31uninstall_kb893803v2$\reg00016 c:\windows\$msi31uninstall_kb893803v2$\reg00017 c:\windows\$msi31uninstall_kb893803v2$\reg00018 c:\windows\$msi31uninstall_kb893803v2$\reg00019 c:\windows\$msi31uninstall_kb893803v2$\reg00020 c:\windows\$msi31uninstall_kb893803v2$\reg00021 c:\windows\$msi31uninstall_kb893803v2$\reg00022 c:\windows\$msi31uninstall_kb893803v2$\reg00023 c:\windows\$msi31uninstall_kb893803v2$\reg00024 c:\windows\$msi31uninstall_kb893803v2$\reg00025 c:\windows\$msi31uninstall_kb893803v2$\reg00026 c:\windows\$msi31uninstall_kb893803v2$\reg00027 c:\windows\$msi31uninstall_kb893803v2$\reg00028 c:\windows\$msi31uninstall_kb893803v2$\reg00029 c:\windows\$msi31uninstall_kb893803v2$\reg00030 c:\windows\$msi31uninstall_kb893803v2$\reg00031 c:\windows\$msi31uninstall_kb893803v2$\reg00032 c:\windows\$msi31uninstall_kb893803v2$\reg00033 c:\windows\$msi31uninstall_kb893803v2$\reg00034 c:\windows\$msi31uninstall_kb893803v2$\reg00035 c:\windows\$msi31uninstall_kb893803v2$\reg00036 c:\windows\$msi31uninstall_kb893803v2$\reg00037 c:\windows\$msi31uninstall_kb893803v2$\reg00038 c:\windows\$msi31uninstall_kb893803v2$\reg00039 c:\windows\$msi31uninstall_kb893803v2$\reg00040 c:\windows\$msi31uninstall_kb893803v2$\reg00041 c:\windows\$msi31uninstall_kb893803v2$\reg00042 c:\windows\$msi31uninstall_kb893803v2$\reg00043 c:\windows\$msi31uninstall_kb893803v2$\reg00044 c:\windows\$msi31uninstall_kb893803v2$\reg00045 c:\windows\$msi31uninstall_kb893803v2$\reg00046 c:\windows\$msi31uninstall_kb893803v2$\reg00047 c:\windows\$msi31uninstall_kb893803v2$\reg00048 c:\windows\$msi31uninstall_kb893803v2$\reg00051 c:\windows\$msi31uninstall_kb893803v2$\reg00052 c:\windows\$msi31uninstall_kb893803v2$\reg00053 c:\windows\$msi31uninstall_kb893803v2$\reg00054 c:\windows\$msi31uninstall_kb893803v2$\reg00055 c:\windows\$msi31uninstall_kb893803v2$\reg00056 c:\windows\$msi31uninstall_kb893803v2$\reg00057 c:\windows\$msi31uninstall_kb893803v2$\reg00058 c:\windows\$msi31uninstall_kb893803v2$\reg00059 c:\windows\$msi31uninstall_kb893803v2$\reg00060 c:\windows\$msi31uninstall_kb893803v2$\reg00061 c:\windows\$msi31uninstall_kb893803v2$\reg00062 c:\windows\$msi31uninstall_kb893803v2$\reg00063 c:\windows\$msi31uninstall_kb893803v2$\reg00064 c:\windows\$msi31uninstall_kb893803v2$\reg00065 c:\windows\$msi31uninstall_kb893803v2$\reg00066 c:\windows\$msi31uninstall_kb893803v2$\reg00067 c:\windows\$msi31uninstall_kb893803v2$\reg00068 c:\windows\$msi31uninstall_kb893803v2$\reg00069 c:\windows\$msi31uninstall_kb893803v2$\reg00070 c:\windows\$msi31uninstall_kb893803v2$\reg00071 c:\windows\$msi31uninstall_kb893803v2$\reg00072 c:\windows\$msi31uninstall_kb893803v2$\reg00073 c:\windows\$msi31uninstall_kb893803v2$\reg00074 c:\windows\$msi31uninstall_kb893803v2$\reg00075 c:\windows\$msi31uninstall_kb893803v2$\reg00076 c:\windows\$msi31uninstall_kb893803v2$\reg00077 c:\windows\$msi31uninstall_kb893803v2$\reg00078 c:\windows\$msi31uninstall_kb893803v2$\reg00079 c:\windows\$msi31uninstall_kb893803v2$\reg00080 c:\windows\$msi31uninstall_kb893803v2$\reg00081 c:\windows\$msi31uninstall_kb893803v2$\reg00082 c:\windows\$msi31uninstall_kb893803v2$\reg00083 c:\windows\$msi31uninstall_kb893803v2$\reg00084 c:\windows\$msi31uninstall_kb893803v2$\reg00085 c:\windows\$msi31uninstall_kb893803v2$\reg00086 c:\windows\$msi31uninstall_kb893803v2$\reg00087 c:\windows\$msi31uninstall_kb893803v2$\reg00088 c:\windows\$msi31uninstall_kb893803v2$\reg00089 c:\windows\$msi31uninstall_kb893803v2$\reg00090 c:\windows\$msi31uninstall_kb893803v2$\reg00091 c:\windows\$msi31uninstall_kb893803v2$\reg00092 c:\windows\$msi31uninstall_kb893803v2$\reg00093 c:\windows\$msi31uninstall_kb893803v2$\reg00094 c:\windows\$msi31uninstall_kb893803v2$\reg00095 c:\windows\$msi31uninstall_kb893803v2$\reg00096 c:\windows\$msi31uninstall_kb893803v2$\reg00097 c:\windows\$msi31uninstall_kb893803v2$\reg00098 c:\windows\$msi31uninstall_kb893803v2$\reg00099 c:\windows\$msi31uninstall_kb893803v2$\reg00100 c:\windows\$msi31uninstall_kb893803v2$\reg00101 c:\windows\$msi31uninstall_kb893803v2$\reg00102 c:\windows\$msi31uninstall_kb893803v2$\reg00103 c:\windows\$msi31uninstall_kb893803v2$\reg00104 c:\windows\$msi31uninstall_kb893803v2$\reg00105 c:\windows\$msi31uninstall_kb893803v2$\reg00106 c:\windows\$msi31uninstall_kb893803v2$\reg00107 c:\windows\$msi31uninstall_kb893803v2$\reg00108 c:\windows\$msi31uninstall_kb893803v2$\reg00109 c:\windows\$msi31uninstall_kb893803v2$\reg00110 c:\windows\$msi31uninstall_kb893803v2$\reg00111 c:\windows\$msi31uninstall_kb893803v2$\reg00112 c:\windows\$msi31uninstall_kb893803v2$\reg00113 c:\windows\$msi31uninstall_kb893803v2$\reg00114 c:\windows\$msi31uninstall_kb893803v2$\reg00115 c:\windows\$msi31uninstall_kb893803v2$\reg00116 c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll . . ((((((((((((((((((((((((( Pliki utworzone od 2014-09-28 do 2014-10-30 ))))))))))))))))))))))))))))))) . . 2014-10-30 05:47 . 2014-10-30 05:47 -------- d-----w- c:\windows\LastGood 2014-10-30 05:47 . 2010-06-25 14:57 827488 ----a-w- c:\windows\system32\drivers\rt2870.sys 2014-10-30 05:47 . 2014-10-30 05:47 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TP-LINK Driver 2014-10-29 22:19 . 2014-10-29 22:19 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\ESET 2014-10-29 13:28 . 2014-10-29 13:28 -------- d-----w- c:\program files\ESET 2014-10-29 13:28 . 2014-10-29 13:28 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET 2014-10-29 13:15 . 2014-10-29 13:15 -------- d--h--w- c:\documents and settings\All Users\Dane aplikacji\Common Files 2014-10-29 13:15 . 2014-10-29 13:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MFAData 2014-10-29 13:15 . 2014-10-29 13:15 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\MFAData 2014-10-29 13:15 . 2014-10-29 13:15 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Avg2014 2014-10-29 12:10 . 2014-10-29 12:10 -------- d--h--w- c:\windows\system32\GroupPolicy 2014-10-29 09:28 . 2014-10-29 09:28 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\APN 2014-10-29 09:27 . 2014-10-29 11:07 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\uTorrent 2014-10-27 12:02 . 2014-10-27 12:02 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\PDF Writer 2014-10-27 12:02 . 2014-10-27 12:02 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\PDF Writer 2014-10-24 10:15 . 2014-10-24 10:15 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Temp 2014-10-24 10:10 . 2014-10-24 10:10 -------- d-----w- c:\program files\Common Files\Adobe 2014-10-24 09:39 . 2014-10-24 09:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\FLEXnet 2014-10-24 09:21 . 2014-10-24 09:39 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Autodesk 2014-10-24 09:09 . 2014-10-24 09:25 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2014-10-24 08:54 . 2014-10-24 09:27 -------- d-----w- c:\program files\Autodesk 2014-10-24 08:54 . 2014-10-24 09:40 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Autodesk 2014-10-24 08:44 . 2014-10-24 08:44 -------- d-----w- c:\program files\Common Files\Java 2014-10-24 08:44 . 2014-10-24 08:43 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-10-24 08:43 . 2014-10-24 08:43 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-10-24 08:42 . 2014-10-24 08:53 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Akamai 2014-10-24 08:42 . 2014-10-24 08:51 -------- d-----w- C:\Autodesk 2014-10-23 20:43 . 2014-10-23 20:43 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2014-10-23 20:12 . 2014-10-24 09:25 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Autodesk 2014-10-23 19:29 . 2014-10-23 19:29 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Macrovision 2014-10-10 07:59 . 2014-10-10 07:59 191928 ----a-w- c:\windows\system32\drivers\eamonm.sys 2014-10-10 07:59 . 2014-10-10 07:59 135296 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2014-10-10 07:59 . 2014-10-10 07:59 119792 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2014-10-09 14:25 . 2008-05-30 12:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-08-08 08:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-08-08 08:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-08-08 08:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-08-08 08:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-08-08 08:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-08-08 08:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-08-08 22734160] "Akamai NetSession Interface"="c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe" [2014-04-17 4672920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 383424] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2014-10-01 5088456] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Autodesk Licensing Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Administrator\\Ustawienia lokalne\\Dane aplikacji\\Akamai\\netsession_win.exe"= . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2014-10-10 191928] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2014-10-10 135296] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2014-10-10 119792] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2014-10-01 1349576] R2 KMService;KMService;c:\windows\system32\srvany.exe [2014-04-13 8192] S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-10-28 06:24 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-11 19:38] . 2014-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-11 19:38] . 2014-06-08 c:\windows\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job - c:\windows\system32\xp_eos.exe [2004-10-31 23:28] . 2014-10-29 c:\windows\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job - c:\windows\system32\xp_eos.exe [2004-10-31 23:28] . 2014-10-30 c:\windows\Tasks\User_Feed_Synchronization-{947F1C25-6DC9-48F5-9741-09D1E3D2C522}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Skan uzupełniający ------- . uStart Page = mStart Page = uInternet Settings,ProxyOverride = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 Trusted Zone: dell.com TCP: DhcpNameServer = 8.8.8.8 95.171.192.61 . . ------- Skojarzenia plików ------- . .scr=AutoCADScriptFile . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-fst_pl_96 - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-10-30 11:25 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1060284298-861567501-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,69,4c,22,ce,0f,92,47,86,f8,f7,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,69,4c,22,ce,0f,92,47,86,f8,f7,\ . Czas ukończenia: 2014-10-30 11:28:43 ComboFix-quarantined-files.txt 2014-10-30 10:28 . Przed: 9 917 566 976 bajtów wolnych Po: 13 371 813 888 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 4187E1E4910F68A7ADD1528BE9AC25DA 32052574BF9F325AE309ABC7BFD04460