ComboFix 15-03-01.01 - xXx 2015-03-03 18:26:46.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1533 [GMT 1:00] Uruchomiony z: c:\documents and settings\xXx\Pulpit\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\CFLog c:\cflog\EPLog.txt c:\documents and settings\All Users\Dane aplikacji\TEMP c:\documents and settings\All Users\Dane aplikacji\TEMP\RAIDTest c:\documents and settings\All Users\ntuser.pol c:\windows\$msi31uninstall_kb893803v2$ c:\windows\$msi31uninstall_kb893803v2$\msi.dll c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll c:\windows\$msi31uninstall_kb893803v2$\msisip.dll c:\windows\$msi31uninstall_kb893803v2$\reg00013 c:\windows\$msi31uninstall_kb893803v2$\reg00014 c:\windows\$msi31uninstall_kb893803v2$\reg00015 c:\windows\$msi31uninstall_kb893803v2$\reg00016 c:\windows\$msi31uninstall_kb893803v2$\reg00017 c:\windows\$msi31uninstall_kb893803v2$\reg00018 c:\windows\$msi31uninstall_kb893803v2$\reg00019 c:\windows\$msi31uninstall_kb893803v2$\reg00020 c:\windows\$msi31uninstall_kb893803v2$\reg00021 c:\windows\$msi31uninstall_kb893803v2$\reg00022 c:\windows\$msi31uninstall_kb893803v2$\reg00023 c:\windows\$msi31uninstall_kb893803v2$\reg00024 c:\windows\$msi31uninstall_kb893803v2$\reg00025 c:\windows\$msi31uninstall_kb893803v2$\reg00026 c:\windows\$msi31uninstall_kb893803v2$\reg00027 c:\windows\$msi31uninstall_kb893803v2$\reg00028 c:\windows\$msi31uninstall_kb893803v2$\reg00029 c:\windows\$msi31uninstall_kb893803v2$\reg00030 c:\windows\$msi31uninstall_kb893803v2$\reg00031 c:\windows\$msi31uninstall_kb893803v2$\reg00032 c:\windows\$msi31uninstall_kb893803v2$\reg00033 c:\windows\$msi31uninstall_kb893803v2$\reg00034 c:\windows\$msi31uninstall_kb893803v2$\reg00035 c:\windows\$msi31uninstall_kb893803v2$\reg00036 c:\windows\$msi31uninstall_kb893803v2$\reg00037 c:\windows\$msi31uninstall_kb893803v2$\reg00038 c:\windows\$msi31uninstall_kb893803v2$\reg00039 c:\windows\$msi31uninstall_kb893803v2$\reg00040 c:\windows\$msi31uninstall_kb893803v2$\reg00041 c:\windows\$msi31uninstall_kb893803v2$\reg00042 c:\windows\$msi31uninstall_kb893803v2$\reg00043 c:\windows\$msi31uninstall_kb893803v2$\reg00044 c:\windows\$msi31uninstall_kb893803v2$\reg00045 c:\windows\$msi31uninstall_kb893803v2$\reg00046 c:\windows\$msi31uninstall_kb893803v2$\reg00047 c:\windows\$msi31uninstall_kb893803v2$\reg00048 c:\windows\$msi31uninstall_kb893803v2$\reg00051 c:\windows\$msi31uninstall_kb893803v2$\reg00052 c:\windows\$msi31uninstall_kb893803v2$\reg00053 c:\windows\$msi31uninstall_kb893803v2$\reg00054 c:\windows\$msi31uninstall_kb893803v2$\reg00055 c:\windows\$msi31uninstall_kb893803v2$\reg00056 c:\windows\$msi31uninstall_kb893803v2$\reg00057 c:\windows\$msi31uninstall_kb893803v2$\reg00058 c:\windows\$msi31uninstall_kb893803v2$\reg00059 c:\windows\$msi31uninstall_kb893803v2$\reg00060 c:\windows\$msi31uninstall_kb893803v2$\reg00061 c:\windows\$msi31uninstall_kb893803v2$\reg00062 c:\windows\$msi31uninstall_kb893803v2$\reg00063 c:\windows\$msi31uninstall_kb893803v2$\reg00064 c:\windows\$msi31uninstall_kb893803v2$\reg00065 c:\windows\$msi31uninstall_kb893803v2$\reg00066 c:\windows\$msi31uninstall_kb893803v2$\reg00067 c:\windows\$msi31uninstall_kb893803v2$\reg00068 c:\windows\$msi31uninstall_kb893803v2$\reg00069 c:\windows\$msi31uninstall_kb893803v2$\reg00070 c:\windows\$msi31uninstall_kb893803v2$\reg00071 c:\windows\$msi31uninstall_kb893803v2$\reg00072 c:\windows\$msi31uninstall_kb893803v2$\reg00073 c:\windows\$msi31uninstall_kb893803v2$\reg00074 c:\windows\$msi31uninstall_kb893803v2$\reg00075 c:\windows\$msi31uninstall_kb893803v2$\reg00076 c:\windows\$msi31uninstall_kb893803v2$\reg00077 c:\windows\$msi31uninstall_kb893803v2$\reg00078 c:\windows\$msi31uninstall_kb893803v2$\reg00079 c:\windows\$msi31uninstall_kb893803v2$\reg00080 c:\windows\$msi31uninstall_kb893803v2$\reg00081 c:\windows\$msi31uninstall_kb893803v2$\reg00082 c:\windows\$msi31uninstall_kb893803v2$\reg00083 c:\windows\$msi31uninstall_kb893803v2$\reg00084 c:\windows\$msi31uninstall_kb893803v2$\reg00085 c:\windows\$msi31uninstall_kb893803v2$\reg00086 c:\windows\$msi31uninstall_kb893803v2$\reg00087 c:\windows\$msi31uninstall_kb893803v2$\reg00088 c:\windows\$msi31uninstall_kb893803v2$\reg00089 c:\windows\$msi31uninstall_kb893803v2$\reg00090 c:\windows\$msi31uninstall_kb893803v2$\reg00091 c:\windows\$msi31uninstall_kb893803v2$\reg00092 c:\windows\$msi31uninstall_kb893803v2$\reg00093 c:\windows\$msi31uninstall_kb893803v2$\reg00094 c:\windows\$msi31uninstall_kb893803v2$\reg00095 c:\windows\$msi31uninstall_kb893803v2$\reg00096 c:\windows\$msi31uninstall_kb893803v2$\reg00097 c:\windows\$msi31uninstall_kb893803v2$\reg00098 c:\windows\$msi31uninstall_kb893803v2$\reg00099 c:\windows\$msi31uninstall_kb893803v2$\reg00100 c:\windows\$msi31uninstall_kb893803v2$\reg00101 c:\windows\$msi31uninstall_kb893803v2$\reg00102 c:\windows\$msi31uninstall_kb893803v2$\reg00103 c:\windows\$msi31uninstall_kb893803v2$\reg00104 c:\windows\$msi31uninstall_kb893803v2$\reg00105 c:\windows\$msi31uninstall_kb893803v2$\reg00106 c:\windows\$msi31uninstall_kb893803v2$\reg00107 c:\windows\$msi31uninstall_kb893803v2$\reg00108 c:\windows\$msi31uninstall_kb893803v2$\reg00109 c:\windows\$msi31uninstall_kb893803v2$\reg00110 c:\windows\$msi31uninstall_kb893803v2$\reg00111 c:\windows\$msi31uninstall_kb893803v2$\reg00112 c:\windows\$msi31uninstall_kb893803v2$\reg00113 c:\windows\$msi31uninstall_kb893803v2$\reg00114 c:\windows\$msi31uninstall_kb893803v2$\reg00115 c:\windows\$msi31uninstall_kb893803v2$\reg00116 c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll c:\windows\msmqinst.log c:\windows\system32\roboot.exe c:\windows\system32\SET1D7.tmp c:\windows\system32\SET1DC.tmp c:\windows\system32\SET1E3.tmp . . ((((((((((((((((((((((((( Pliki utworzone od 2015-02-03 do 2015-03-03 ))))))))))))))))))))))))))))))) . . 2015-02-18 19:03 . 2015-02-18 19:05 -------- d-----w- c:\program files\Google 2015-02-18 17:22 . 2015-02-26 19:01 -------- d-----w- c:\documents and settings\xXx\Dane aplikacji\Tibia . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-01-17 21:40 . 2006-12-31 22:10 94208 ----a-w- c:\windows\DUMP5a06.tmp 2015-01-01 11:31 . 2006-12-31 22:10 94208 ----a-w- c:\windows\DUMP42d5.tmp 2014-12-27 08:50 . 2006-12-31 22:10 94208 ----a-w- c:\windows\DUMP4d45.tmp 2004-10-01 13:00 . 2008-05-25 14:45 40960 ----a-w- c:\program files\Uninstall_CDS.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="e:\daemon tools lite\DTLite.exe" [2014-03-04 3696912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-05 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2014-05-20 15717664] "NvMediaCenter"="NvMCTray.dll" [2014-05-20 377288] "StartCCC"="e:\ati technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 98304] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= "e:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\uTorrent\\torrent\\uTorrent.exe"= "e:\\pes13\\Crack\\pes2013.exe"= "e:\\pes13\\pes2013_100.exe"= . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-07-28 243128] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-07-20 23256] S2 MBAMService;MBAMService;e:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-07-20 860472] S2 NvNetworkService;NVIDIA Network Service;"c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe" --> c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [?] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2014-08-30 103040] S3 cpuz137;cpuz137;\??\c:\docume~1\xXx\USTAWI~1\Temp\cpuz137\cpuz137_x32.sys --> c:\docume~1\xXx\USTAWI~1\Temp\cpuz137\cpuz137_x32.sys [?] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-07-20 110296] S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2011-02-10 51968] S3 XDva410;XDva410;\??\c:\windows\system32\XDva410.sys --> c:\windows\system32\XDva410.sys [?] S3 XDva412;XDva412;\??\c:\windows\system32\XDva412.sys --> c:\windows\system32\XDva412.sys [?] S3 XDva415;XDva415;\??\c:\windows\system32\XDva415.sys --> c:\windows\system32\XDva415.sys [?] S4 MBAMScheduler;MBAMScheduler;e:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-07-20 1809720] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-02-19 19:09 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2015-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-02-18 19:03] . 2015-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-02-18 19:03] . 2015-03-03 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-16 20:18] . . ------- Skan uzupełniający ------- . uDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404977115&from=tt4u&uid=SAMSUNGXSP6003H_0594J1FW206897&q={searchTerms} uInternet Connection Wizard,ShellNext = iexplore TCP: DhcpNameServer = 192.168.65.65 46.148.145.10 195.46.37.2 . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nview\nwiz.exe HKLM-Run-NvBackend - c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe Notify-WgaLogon - (no file) AddRemove-EVEREST Home Edition_is1 - e:\everest home edition\unins000.exe AddRemove-RegClean Pro_is1 - c:\program files\RegClean Pro\unins000.exe AddRemove-RegClean-Pro_is1 - c:\program files\RegClean Pro\unins000.exe AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.{63AB18A9-13C3-4A15-969A-F104CAA4D89F}\NVI2.DLL AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience - c:\program files\NVIDIA Corporation\Installer2\installer.{63AB18A9-13C3-4A15-969A-F104CAA4D89F}\NVI2.DLL AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView - c:\program files\NVIDIA Corporation\Installer2\installer.{63AB18A9-13C3-4A15-969A-F104CAA4D89F}\NVI2.DLL AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX - c:\program files\NVIDIA Corporation\Installer2\installer.{63AB18A9-13C3-4A15-969A-F104CAA4D89F}\NVI2.DLL . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-03-03 18:36 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . detected NTDLL code modification: ZwQueryDirectoryFile . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(648) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(3776) c:\windows\system32\ieframe.dll . Czas ukończenia: 2015-03-03 18:38:20 ComboFix-quarantined-files.txt 2015-03-03 17:38 . Przed: 1 184 968 704 bajtów wolnych Po: 1 172 320 256 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 00C179B9C2157ABB4814E4176E2A4D63 32052574BF9F325AE309ABC7BFD04460