ComboFix 14-09-09.01 - admin 2014-09-10 9:58.91.4 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3299.2798 [GMT 2:00] Uruchomiony z: C:\ComboFix.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2014-08-10 do 2014-09-10 ))))))))))))))))))))))))))))))) . . 2014-09-10 06:09 . 2014-09-10 06:09 -------- d-----w- c:\program files\PDF Architect 2 2014-09-10 06:07 . 2014-09-10 06:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PDF Architect 2 2014-09-10 06:06 . 2014-09-10 06:06 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\pdfforge 2014-09-10 06:06 . 2014-04-25 15:44 95416 ----a-w- c:\windows\system32\pdfcmon.dll 2014-09-10 06:06 . 2014-04-25 15:44 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2014-09-10 06:06 . 2014-04-25 15:44 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2014-09-10 06:06 . 2014-09-10 06:10 -------- d-----w- c:\program files\PDFCreator 2014-09-10 06:06 . 2014-04-25 15:44 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2014-09-10 06:03 . 2014-09-10 06:05 -------- d-----w- C:\appstoredl 2014-09-10 06:03 . 2014-09-10 06:03 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\isafeYAC App Store 2014-09-09 15:12 . 2014-09-09 15:12 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\computer software market 2014-09-09 14:38 . 2014-08-08 06:24 40768 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys 2014-09-09 14:37 . 2014-09-09 14:37 -------- d-----w- c:\program files\Elex-tech 2014-09-09 14:37 . 2014-09-10 05:33 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\iSafe 2014-09-09 14:36 . 2014-09-09 14:38 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\eCyber 2014-09-09 05:27 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll 2014-09-08 10:10 . 2014-09-08 10:10 -------- d-----w- c:\windows\system32\wbem\Repository 2014-09-08 10:08 . 2014-09-08 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2014-09-08 10:07 . 2014-09-08 10:07 -------- d-----w- c:\program files\AmiBroker 2014-09-08 10:06 . 2014-09-08 10:06 -------- d-----w- c:\program files\Dropbox 2014-09-08 10:06 . 2014-09-08 10:06 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\DropboxMaster 2014-09-08 10:05 . 2014-09-08 10:05 -------- d-----w- c:\program files\Common Files\BiesseGroup 2014-09-08 10:04 . 2014-09-08 10:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\McAfee Security Scan 2014-09-08 10:04 . 2014-09-08 10:04 -------- d-----w- c:\program files\Kolorowanka Świąteczna 2014-09-08 10:04 . 2014-09-08 10:04 -------- d-----w- c:\program files\McAfee Security Scan 2014-09-05 06:14 . 2014-09-09 05:28 -------- d-----w- C:\AdwCleaner 2014-09-02 07:24 . 2014-09-02 07:24 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\com.adobe.downloadassistant.AdobeDownloadAssistant 2014-09-02 07:24 . 2014-09-08 10:05 -------- d-----w- c:\program files\Adobe Download Assistant 2014-09-02 07:24 . 2014-09-02 07:24 -------- d-----w- c:\program files\Common Files\Adobe AIR 2014-09-02 06:26 . 2014-09-02 06:26 -------- d-----w- c:\program files\Enigma Software Group 2014-09-01 05:29 . 2014-09-01 05:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2014-08-26 05:46 . 2014-09-08 09:26 -------- d-----w- c:\program files\Common Files\Java 2014-08-26 05:45 . 2014-08-26 05:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Oracle . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-26 05:45 . 2014-08-11 05:23 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-08-26 05:45 . 2009-04-16 11:07 146432 ----a-w- c:\windows\system32\javacpl.cpl 2014-07-09 09:53 . 2014-01-30 14:17 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-07-09 09:53 . 2012-08-09 05:34 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-07-07 06:19 . 2014-03-26 06:49 3155304 ----a-w- c:\windows\system32\MetaViewer.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-17 181568] "ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2012-08-13 547984] "RTHDCPL"="RTHDCPL.EXE" [2012-10-30 20117648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-30 507776] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Direct Web.lnk - c:\program files\DVR System\Web\DirectWeb.exe [2004-3-11 40960] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe "LMab1err"=c:\program files\Lexmark\ErrorApp\LMab1err.exe "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RTHDCPL"=RTHDCPL.EXE "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DVR System\\DVRMain.exe"= "c:\\Program Files\\DVR System\\WatchNet.EXE"= "c:\\WINDOWS\\system32\\lmabcoms.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\DVR System\\Web\\DirectWeb.exe"= "c:\\Program Files\\IP Camera Super Client(PnP)\\SuperIPCam.exe"= "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Documents and Settings\\admin\\Dane aplikacji\\Dropbox\\bin\\Dropbox.exe"= . R1 iSafeKrnl;iSafeKrnl Mini-Filter Driver;c:\program files\Elex-tech\YAC\iSafeKrnl.sys [2014-09-09 214592] R1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files\Elex-tech\YAC\iSafeKrnlKit.sys [2014-09-09 68288] R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;c:\program files\Elex-tech\YAC\iSafeKrnlR3.sys [2014-09-09 37696] R1 iSafeNetFilter;iSafeNetFilter NDIS Driver;c:\program files\Elex-tech\YAC\iSafeNetFilter.sys [2014-09-09 55464] R2 appstoreService;appstoreService;c:\program files\Elex-tech\YAC\appstore\appstoreSvc.exe [2014-09-09 12464] R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 458464] R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-07-30 161560] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-17 369952] R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-17 292128] R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-07-30 363800] R3 AiCharger;AiCharger;c:\windows\system32\drivers\AiCharger.sys [2013-07-30 13952] R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-07-30 46080] S2 iSafeService;iSafeService;c:\program files\Elex-tech\YAC\iSafeSvc.exe [2014-09-09 118048] S2 tor;Tor Win32 Service;c:\program files\Tor\tor.exe [2013-08-31 3233806] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-07-30 1691480] S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2011-01-18 26674] S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\drivers\iSafeKrnlBoot.sys [2014-09-09 40768] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696] S3 PDF Architect 2;PDF Architect 2;c:\program files\PDF Architect 2\ws.exe [2014-06-26 1771560] S3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files\PDF Architect 2\crash-handler-ws.exe [2014-06-26 861736] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - ISAFEKRNL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-09-10 05:57 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2014-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-30 09:53] . 2014-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-09 05:34] . 2014-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-09 05:34] . 2014-09-08 c:\windows\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job - c:\windows\system32\xp_eos.exe [2014-03-14 23:28] . 2014-09-10 c:\windows\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job - c:\windows\system32\xp_eos.exe [2014-03-14 23:28] . 2014-09-10 c:\windows\Tasks\User_Feed_Synchronization-{07359834-EE20-4772-A75D-94330AD0A25A}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.mbank.pl/logout.html?lang=P mStart Page = about:blank IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 194.204.152.34 194.204.159.1 TCP: Interfaces\{20C8E35A-9881-4CA9-AE13-47FB9B6BD8FF}: NameServer = 194.204.159.1,194.204.152.34 TCP: Interfaces\{6D16F032-9851-448E-A79B-1C7A873B3263}: NameServer = 194.204.152.34,194.204.159.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-09-10 10:06 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(4008) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Czas ukończenia: 2014-09-10 10:08:03 ComboFix-quarantined-files.txt 2014-09-10 08:08 ComboFix2.txt 2014-09-09 05:43 ComboFix3.txt 2014-09-08 10:27 ComboFix4.txt 2014-09-08 06:59 ComboFix5.txt 2014-09-10 07:57 . Przed: 243 499 393 024 bajtów wolnych Po: 243 506 008 064 bajtów wolnych . - - End Of File - - 617357E2E251D7014F94ED0849897E36 32052574BF9F325AE309ABC7BFD04460