ComboFix 12-07-06.02 - Administrator 12-07-07 0:18.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2046.1785 [GMT 2:00] Uruchomiony z: H:\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-06 do 2012-07-06 ))))))))))))))))))))))))))))))) . . 2012-07-06 21:47 . 2012-07-06 21:47 -------- d-----w- c:\documents and settings\Administrator 2012-07-02 08:36 . 2012-07-02 08:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MumboJumbo 2012-06-14 08:41 . 2012-06-14 08:41 -------- d-----w- c:\program files\Dropbox 2012-06-11 17:55 . 2012-06-11 17:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-11 17:55 . 2011-11-08 23:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((( SnapShot@2012-07-06_21.57.19 ))))))))))))))))))))))))))))))))))))))))) . + 2001-10-26 17:15 . 2012-07-06 22:09 75880 c:\windows\system32\perfc015.dat - 2001-10-26 17:15 . 2012-07-06 21:51 75880 c:\windows\system32\perfc015.dat + 2001-08-17 22:30 . 2012-07-06 22:09 59532 c:\windows\system32\perfc009.dat - 2001-08-17 22:30 . 2012-07-06 21:51 59532 c:\windows\system32\perfc009.dat + 2001-10-26 17:15 . 2012-07-06 22:09 453654 c:\windows\system32\perfh015.dat - 2001-10-26 17:15 . 2012-07-06 21:51 453654 c:\windows\system32\perfh015.dat + 2001-08-17 22:30 . 2012-07-06 22:09 397060 c:\windows\system32\perfh009.dat - 2001-08-17 22:30 . 2012-07-06 21:51 397060 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256] "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "P17Helper"="P17.dll" [2005-05-03 64512] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "wincredprovider"="c:\documents and settings\Kynio\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\3929\wincredprovider.exe" [2012-07-06 50176] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders schannel.dll, digest.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Documents and Settings\\Kynio\\Dane aplikacji\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21595:TCP"= 21595:TCP:BitComet 21595 TCP "21595:UDP"= 21595:UDP:BitComet 21595 UDP . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11-11-10 00:52 232512] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11-11-08 19:59 612184] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11-11-08 19:59 337880] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11-11-08 19:59 20696] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [11-11-09 00:28 2253120] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [11-08-12 18:13 87040] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [12-02-12 11:26 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [10-06-22 19:01 21248] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [10-01-09 22:37 4640000] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1383384898-1801674531-1003Core.job - c:\documents and settings\Kynio\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-11-18 06:47] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1383384898-1801674531-1003UA.job - c:\documents and settings\Kynio\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-11-18 06:47] . . ------- Skan uzupełniający ------- . TCP: DhcpNameServer = 62.179.1.62 62.179.1.63 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-07 00:20 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-07-07 00:20:57 ComboFix-quarantined-files.txt 2012-07-06 22:20 ComboFix2.txt 2012-07-06 21:58 . Przed: 131 690 688 512 bajtów wolnych Po: 131 681 640 448 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - B07C23729344F9F26E0153C74A4E4285