ComboFix 14-07-31.02 - Biuro 2014-07-31 17:59:31.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.2005.1619 [GMT 2:00] Uruchomiony z: c:\documents and settings\Biuro\My Documents\Pobrane\ComboFix.exe AV: 360 Total Security *Enabled/Updated* {5EEE8B0C-BEB2-4f05-BA7E-5EF3A65B8ECC} . . ((((((((((((((((((((((((( Pliki utworzone od 2014-06-28 do 2014-07-31 ))))))))))))))))))))))))))))))) . . 2014-07-31 15:47 . 2014-07-31 15:49 -------- d-----w- C:\AdwCleaner 2014-07-31 15:21 . 2014-07-31 15:27 -------- d--h--w- c:\windows\msdownld.tmp 2014-07-31 15:21 . 2014-07-31 15:42 -------- d-----w- c:\windows\Logs 2014-07-31 15:09 . 2009-11-27 16:37 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll 2014-07-31 15:09 . 2009-11-27 16:37 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll 2014-07-31 15:08 . 2009-11-27 17:33 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll 2014-07-31 14:59 . 2014-07-31 14:59 -------- d-----w- c:\windows\ServicePackFiles 2014-07-31 14:55 . 2008-07-30 09:44 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2014-07-31 14:47 . 2007-11-22 11:43 78720 -c----w- c:\windows\system32\dllcache\sdbus.sys 2014-07-31 14:47 . 2007-11-22 11:23 10240 -c----w- c:\windows\system32\dllcache\sffp_mmc.sys 2014-07-31 14:47 . 2007-11-22 11:23 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys 2014-07-31 14:47 . 2007-11-22 11:23 12032 -c----w- c:\windows\system32\dllcache\sffdisk.sys 2014-07-31 14:47 . 2007-11-22 11:23 11008 -c----w- c:\windows\system32\dllcache\sffp_sd.sys 2014-07-31 14:39 . 2006-06-01 18:47 27648 -c----w- c:\windows\system32\dllcache\jgpl400.dll 2014-07-31 14:39 . 2006-06-01 18:47 163840 -c----w- c:\windows\system32\dllcache\jgdw400.dll 2014-07-31 14:38 . 2006-03-17 00:38 28672 ------w- c:\windows\system32\verclsid.exe 2014-07-31 14:33 . 2014-07-31 15:30 -------- d--h--w- c:\windows\$hf_mig$ 2014-07-31 14:33 . 2014-07-31 15:29 -------- d-----w- c:\windows\LastGood 2014-07-31 13:47 . 2014-07-31 14:09 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-07-31 13:14 . 2014-07-31 13:14 -------- d-----w- c:\program files\Enigma Software Group 2014-07-31 13:14 . 2014-07-31 13:59 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP 2014-07-31 13:14 . 2014-07-31 13:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2014-07-31 13:11 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-07-31 13:11 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-07-31 13:11 . 2014-07-31 14:09 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-07-31 13:11 . 2014-07-31 13:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2014-07-31 12:50 . 2014-07-31 15:43 -------- d-sh--w- c:\documents and settings\Biuro\Application Data\360Quarant 2014-07-31 12:50 . 2014-07-31 13:14 -------- d-----w- C:\$360Section 2014-07-31 12:49 . 2014-07-31 12:49 -------- d--h--w- c:\windows\system32\GroupPolicy 2014-07-31 12:48 . 2014-07-31 12:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\360safe 2014-07-31 12:47 . 2014-07-31 12:48 -------- d-----w- c:\documents and settings\Biuro\Application Data\360safe 2014-07-31 12:47 . 2014-07-16 05:47 65608 ----a-w- c:\windows\system32\drivers\360AvFlt.sys 2014-07-31 12:47 . 2014-07-31 14:35 -------- d-----w- c:\documents and settings\Biuro\Application Data\360WD 2014-07-31 12:47 . 2014-07-31 12:47 -------- d-----r- C:\360SANDBOX 2014-07-31 12:47 . 2014-07-31 12:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\360safe 2014-07-31 12:47 . 2014-07-16 05:47 174536 ----a-w- c:\windows\system32\drivers\360SelfProtection.sys 2014-07-31 12:47 . 2014-07-16 05:47 88136 ----a-w- c:\windows\system32\drivers\360AntiHacker.sys 2014-07-31 12:47 . 2014-07-16 05:47 165968 ----a-w- c:\windows\system32\drivers\BAPIDRV.SYS 2014-07-31 12:47 . 2014-07-16 05:47 257352 ----a-w- c:\windows\system32\drivers\qutmdrv.sys 2014-07-31 12:47 . 2014-07-16 05:47 54856 ----a-w- c:\windows\system32\drivers\hookport.sys 2014-07-31 12:47 . 2014-07-16 05:47 23752 ----a-w- c:\windows\system32\drivers\efimon.sys 2014-07-31 12:47 . 2014-07-16 05:47 202312 ----a-w- c:\windows\system32\drivers\360Box.sys 2014-07-31 12:46 . 2014-07-31 12:46 -------- d-----w- c:\program files\360 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-15 12:26 . 2013-11-07 12:24 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-07-15 12:26 . 2013-11-07 12:24 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480] "atchk"="c:\program files\Intel\AMT\atchk.exe" [2009-12-01 401408] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 141848] "QHSafeTray"="c:\program files\360\Total Security\safemon\QHSafeTray.exe" [2014-07-16 1590896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "KB923561"="apphelp.dll" [2004-08-04 126976] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Watch.lnk - c:\windows\twain_32\S6U12BX\WATCH.exe [2014-1-3 356352] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\360\\Total Security\\safemon\\QHSafeTray.exe"= "c:\\Program Files\\360\\Total Security\\LiveUpdate360.exe"= . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-01-02 243128] S0 HookPort;HookPort;c:\windows\system32\drivers\hookport.sys [2014-07-31 54856] S1 360Box;360Box mini-filter driver;c:\windows\system32\drivers\360Box.sys [2014-07-31 202312] S1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys [2014-07-31 174536] S1 BAPIDRV;BAPIDRV;c:\windows\system32\drivers\BAPIDRV.SYS [2014-07-31 165968] S1 EfiMon;EfiSystemMon;c:\windows\system32\drivers\efimon.sys [2014-07-31 23752] S1 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\drivers\qutmdrv.sys [2014-07-31 257352] S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2007-01-23 133968] S2 QHActiveDefense;360 Total Security;c:\program files\360\Total Security\safemon\QHActiveDefense.exe [2014-07-31 617072] S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2014-01-02 2519040] S3 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\drivers\360AntiHacker.sys [2014-07-31 88136] S3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\drivers\360AvFlt.sys [2014-07-31 65608] S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-01-23 42832] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-07-22 08:03 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe . . ------- Skan uzupełniający ------- . uInternet Connection Wizard,ShellNext = hxxp://downloads.dell.com/tools/dellsystemdetect/DellSystemDetect.application IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dell.com TCP: DhcpNameServer = 5.175.225.136 8.8.8.8 FF - ProfilePath - c:\documents and settings\Biuro\Application Data\Mozilla\Firefox\Profiles\uwo42e64.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-07-31 18:01 Windows 5.1.2600 Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2014-07-31 18:02:43 ComboFix-quarantined-files.txt 2014-07-31 16:02 . Przed: 134 783 352 832 bytes free Po: 134 737 584 128 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 92800AEA2CE9255AD4E0B95EB458C91F 8F558EB6672622401DA993E1E865C861