ComboFix 15-12-03.01 - Bartosz 2015-12-03  21:18:38.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1518.780 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Bartosz\Moje dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\SET20.tmp
c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
c:\windows\wininit.ini
D:\install.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2015-11-03 do 2015-12-03  )))))))))))))))))))))))))))))))
.
.
2015-12-02 16:01 . 2015-12-02 16:01	--------	d-----w-	c:\documents and settings\Bartosz\.thumbnails
2015-12-02 16:00 . 2015-12-02 16:00	--------	d-----w-	c:\documents and settings\Bartosz\Ustawienia lokalne\Dane aplikacji\fontconfig
2015-12-02 16:00 . 2015-12-02 20:10	--------	d-----w-	c:\documents and settings\Bartosz\.gimp-2.8
2015-12-02 16:00 . 2015-12-02 16:00	--------	d-----w-	c:\documents and settings\Bartosz\Ustawienia lokalne\Dane aplikacji\gegl-0.2
2015-12-02 11:50 . 2015-12-02 21:03	--------	d-----w-	c:\program files\Google
2015-12-01 19:37 . 2015-12-01 19:37	--------	d-----w-	c:\documents and settings\Bartosz\Dane aplikacji\ProductData
2015-12-01 19:36 . 2015-12-01 19:36	--------	d-----w-	c:\documents and settings\Bartosz\Dane aplikacji\Apple Computer
2015-12-01 19:36 . 2015-12-01 19:36	--------	d-----w-	c:\documents and settings\Bartosz\AppData
2015-12-01 19:36 . 2015-12-01 19:41	--------	d-----w-	c:\program files\IObit
2015-12-01 17:48 . 2015-12-01 17:53	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2015-12-01 17:45 . 2015-12-01 18:00	--------	d-----w-	C:\AdwCleaner
2015-12-01 17:37 . 2015-12-02 21:27	170200	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-01 17:36 . 2015-10-05 08:50	121560	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-12-01 17:36 . 2015-10-05 08:50	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-12-01 17:36 . 2015-12-02 21:09	--------	d-----w-	c:\program files\Malwarebytes Anti-Malware
2015-12-01 17:36 . 2015-12-01 17:36	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2015-12-01 17:36 . 2015-12-01 17:36	19984	----a-w-	c:\windows\system32\drivers\EsgScanner.sys
2015-12-01 17:11 . 2015-12-01 17:42	--------	d-----w-	c:\program files\Common Files\Faselamcore
2015-11-27 14:43 . 2015-11-27 14:43	--------	d-----w-	c:\documents and settings\Bartosz\Ustawienia lokalne\Dane aplikacji\ArmA 2
2015-11-26 15:39 . 2015-11-26 15:39	--------	d-----w-	c:\documents and settings\Bartosz\Dane aplikacji\OpenOffice.org
2015-11-26 15:38 . 2015-11-26 15:38	--------	d-----w-	c:\program files\OpenOffice.org 3
2015-11-25 18:51 . 2015-11-25 18:51	--------	d-----w-	c:\documents and settings\Bartosz\Dane aplikacji\Unity
2015-11-25 18:50 . 2015-11-25 18:50	--------	d-----w-	c:\documents and settings\Bartosz\Ustawienia lokalne\Dane aplikacji\Unity
2015-11-23 21:46 . 2015-11-23 21:46	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Pivot Animator
2015-11-19 15:39 . 2015-11-19 15:39	--------	d-----w-	c:\program files\Valve
2015-11-15 15:14 . 2015-11-15 15:16	--------	d-----w-	c:\documents and settings\Bartosz\Dane aplikacji\GameTracker
2015-11-13 15:38 . 2015-11-13 15:38	--------	d-----w-	c:\program files\AGEIA Technologies
2015-11-13 15:02 . 2015-11-13 15:02	--------	d-----w-	c:\documents and settings\Bartosz\Ustawienia lokalne\Dane aplikacji\Mozilla
2015-11-12 21:14 . 2015-11-12 21:14	--------	d-----w-	c:\documents and settings\Bartosz\Ustawienia lokalne\Dane aplikacji\FalloutNV
2015-11-09 18:20 . 2015-11-10 17:09	--------	d-----w-	c:\documents and settings\Bartosz\Ustawienia lokalne\Dane aplikacji\Fallout3
2015-11-09 18:20 . 2015-11-09 18:20	--------	d-----w-	c:\windows\system32\xlive
2015-11-09 18:20 . 2015-11-09 18:20	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2015-11-08 09:50 . 2015-11-08 09:50	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Free Download Manager
2015-11-08 09:50 . 2015-11-08 09:50	--------	d-----w-	c:\documents and settings\Bartosz\Dane aplikacji\FreeDownloadManager.ORG
2015-11-07 18:17 . 2015-11-07 18:20	--------	d-----w-	c:\documents and settings\Bartosz\Dane aplikacji\Running with rifles
2015-11-07 18:17 . 2015-11-07 18:17	--------	d-----w-	c:\program files\OpenAL
2015-11-07 18:17 . 2015-11-07 18:17	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2015-11-07 18:17 . 2015-11-07 18:17	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2015-11-06 18:39 . 2015-11-06 18:40	--------	d-----w-	c:\documents and settings\Bartosz\Dane aplikacji\Talisman Prologue
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-10 21:58 . 2015-08-11 19:32	780488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-11-10 21:58 . 2015-08-11 19:32	142536	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-11-07 09:39 . 2015-08-17 12:09	435464	----a-w-	c:\windows\system32\drivers\aswsp.sys
2015-11-07 09:39 . 2015-08-17 12:09	794952	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2015-10-10 11:11 . 2015-08-17 12:09	57888	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2015-10-10 11:11 . 2015-08-17 12:09	208664	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-10-10 11:11 . 2015-08-17 12:09	157888	----a-w-	c:\windows\system32\drivers\aswStmXP.sys
2015-10-10 11:11 . 2015-08-17 12:09	76000	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-10-10 11:11 . 2015-08-17 12:09	49776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-10-10 11:11 . 2015-08-17 12:09	24016	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-10-10 11:11 . 2015-08-17 12:09	55200	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2015-10-10 11:11 . 2015-10-10 11:11	313472	----a-w-	c:\windows\system32\aswBoot.exe
2015-10-10 11:11 . 2015-10-10 11:11	43112	----a-w-	c:\windows\avastSS.scr
2015-10-04 08:44 . 2015-10-04 06:50	5967872	----a-w-	c:\windows\system32\nvopencl.dll
2015-10-04 08:44 . 2015-10-04 06:50	1869088	----a-w-	c:\windows\system32\nvcuvenc.dll
2015-10-04 08:44 . 2015-10-04 06:50	7536640	----a-w-	c:\windows\system32\nvcuda.dll
2015-10-04 08:44 . 2015-10-04 06:50	2581792	----a-w-	c:\windows\system32\nvcuvid.dll
2015-10-04 08:44 . 2015-10-04 06:50	19189760	----a-w-	c:\windows\system32\nvoglnt.dll
2015-10-04 08:44 . 2015-10-04 06:50	2389504	----a-w-	c:\windows\system32\nvapi.dll
2015-10-04 08:44 . 2015-10-04 06:50	17551360	----a-w-	c:\windows\system32\nvcompiler.dll
2015-10-04 08:44 . 2015-08-12 08:36	12648960	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2015-10-04 06:50 . 2015-10-04 06:50	1010464	----a-w-	c:\windows\system32\nvdispco32.dll
2015-10-04 06:50 . 2015-10-04 06:50	892704	----a-w-	c:\windows\system32\nvdispgenco32.dll
2015-10-04 06:50 . 2015-08-12 08:36	4494336	----a-w-	c:\windows\system32\nv4_disp.dll
2015-10-04 06:48 . 2015-10-04 06:48	23840	----a-w-	c:\windows\system32\drivers\HWiNFO32.SYS
2015-09-19 10:14 . 2015-09-19 10:14	25016	----a-w-	c:\windows\system32\drivers\dtlitescsibus.sys
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-10 11:11	696120	----a-w-	d:\avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="d:\daemon tools lite\DTAgent.exe" [2015-06-18 3576664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2009-12-01 401408]
"AvastUI.exe"="d:\avast\AvastUI.exe" [2015-11-07 6133520]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]
"IObit Malware Fighter"="d:\iobit malware fighter\IMF.exe" [2015-11-12 5893920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Steam\\bin\\steamwebhelper.exe"=
"d:\\Steam\\steamapps\\common\\The Binding Of Isaac\\Isaac.exe"=
"d:\\Steam\\steamapps\\common\\Prison Architect\\Prison Architect.exe"=
"d:\\Steam\\steamapps\\common\\MountBlade Warband\\mb_warband.exe"=
"d:\\Opera\\launcher.exe"=
"d:\\Steam\\steamapps\\common\\Dig or Die\\DigOrDie.exe"=
"d:\\Steam\\steamapps\\common\\King Arthur's Gold\\KAG.exe"=
"d:\\Steam\\steamapps\\common\\Terraria\\Terraria.exe"=
"c:\\Documents and Settings\\Bartosz\\Pulpit\\Gry\\CS2D\\CounterStrike2D.exe"=
"c:\\Documents and Settings\\Bartosz\\Pulpit\\Gry\\CS2D\\cs2d_dedicated.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Free Download Manager\\fdm.exe"=
"c:\\Documents and Settings\\Bartosz\\Dane aplikacji\\uTorrent\\uTorrent.exe"=
"d:\\Steam\\steamapps\\common\\Half-Life\\hl.exe"=
"d:\\Steam\\steamapps\\common\\Geometry Dash\\GeometryDash.exe"=
"c:\\SteamLibrary\\steamapps\\common\\Pixel Piracy\\PixelPiracy.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"d:\\Steam\\steamapps\\common\\Risen\\bin\\Risen.exe"=
"d:\\Steam\\steamapps\\common\\Counter-Strike Source\\hl2.exe"=
"d:\\Steam\\steamapps\\common\\Fallout New Vegas\\FalloutNVLauncher.exe"=
"c:\\SteamLibrary\\steamapps\\common\\Arma 2\\arma2.exe"=
"d:\\Steam\\steamapps\\common\\Rock of Ages\\Binaries\\Win32\\RoA.exe"=
"d:\\Steam\\steamapps\\common\\FTL Faster Than Light\\FTLGame.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Steam\\steamapps\\common\\dont_starve\\bin\\dontstarve_steam.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2015-08-17 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2015-08-17 208664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2015-08-17 794952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2015-08-17 435464]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-10-04 23840]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2015-08-30 204064]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-08-17 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-08-17 76000]
R2 GS In-Game Service;GS In-Game Service;d:\gametracker\GSInGameService.exe [2013-12-19 1677080]
R2 IMFservice;IMF Service;d:\iobit malware fighter\IMFsrv.exe [2015-12-01 882464]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2015-08-13 2519040]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2015-08-17 157888]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;d:\daemon tools lite\DiscSoftBusService.exe [2015-06-18 1034584]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [2015-09-19 25016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-12-01 23256]
R3 RegFilter;RegFilter;d:\iobit malware fighter\Drivers\wxp_x86\RegFilter.sys [2015-12-01 31776]
R3 UrlFilter;UrlFilter;d:\iobit malware fighter\Drivers\wxp_x86\UrlFilter.sys [2015-12-01 17360]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2015-12-01 2934048]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-12-01 1135416]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2015-12-01 19984]
S3 WinRing0_1_2_0;WinRing0_1_2_0;d:\game booster 3\Driver\WinRing0.sys [2015-10-18 14416]
S4 FileMonitor;FileMonitor;d:\iobit malware fighter\Drivers\wxp_x86\FileMonitor.sys [2015-12-01 247968]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - GUPDATEM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-02 21:03	1000264	----a-w-	c:\program files\Google\Chrome\Application\47.0.2526.73\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2015-11-28 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe [2015-11-10 21:58]
.
2015-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11 21:58]
.
2015-12-03 c:\windows\Tasks\avast! Emergency Update.job
- d:\avast\AvastEmUpdate.exe [2015-10-10 11:11]
.
2015-12-03 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- d:\game booster 3\AutoUpdate.exe [2015-10-18 13:05]
.
2015-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-02 21:02]
.
2015-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-02 21:02]
.
2015-12-03 c:\windows\Tasks\Opera scheduled Autoupdate 1439462414.job
- d:\opera\launcher.exe [2015-08-13 10:44]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP-OqRkK_4g5H3zXx0q1D1XXsHhKKzkrHC0sTjnSxFFPh8tDC2x1421yaorCe3UwTaO0LaHJiOfcqTKbveVXz3Riy1qOe0C71rzxgrr_WnhYO-YowQzg88sL_2IXGBUCMlUiYNWVdZvUc13gyU-xH8Po0WPzErV6hgxHnYBVJ8Cu0,
IE: Pobierz plik wideo w FDM - file://d:\free download manager\dlfvideo.htm
IE: Pobierz w FDM - file://d:\free download manager\dllink.htm
IE: Pobierz wszystkie pliki w FDM - file://d:\free download manager\dlall.htm
IE: Pobierz zaznaczone pliki w FDM - file://d:\free download manager\dlselected.htm
TCP: DhcpNameServer = 195.191.180.2 217.8.168.244
TCP: Interfaces\{BE47B40C-8833-49B5-AAFA-2A6F4F8FAF9B}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-Hotkey Commander - d:\hkcmdr\hkcmdr.exe
AddRemove-BattlEye for A2 - c:\steamlibrary\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-Miasto Sanktuarium - d:\steam\steamapps\common\Heroes of Might and Magic 5 Tribes of the East\Uninstal.exe
AddRemove-New Creatures Framework 3 - d:\steam\steamapps\common\Heroes of Might and Magic 5 Tribes of the East\Uninstal NCF.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-12-03 21:22
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2015-12-03  21:24:16
ComboFix-quarantined-files.txt  2015-12-03 20:24
.
Przed: 10 969 055 232 bajtów wolnych
Po: 10 997 575 680 bajtów wolnych
.
- - End Of File - - C49DB60E85A9D68D97E5688676331BF4
32052574BF9F325AE309ABC7BFD04460