ComboFix 12-08-07.05 - Admin 2012-08-08 18:56:38.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1022.506 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\assembly\tmp c:\documents and settings\Admin\WINDOWS c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000014_.tmp.dll c:\windows\system32\SET24F.tmp c:\windows\system32\SET264.tmp c:\windows\system32\SET2E6.tmp c:\windows\system32\SET309.tmp c:\windows\system32\SET313.tmp c:\windows\system32\SET314.tmp c:\windows\system32\SET315.tmp c:\windows\system32\SET319.tmp c:\windows\system32\SET31A.tmp c:\windows\system32\SET31B.tmp c:\windows\system32\SET320.tmp c:\windows\system32\SET322.tmp . . ((((((((((((((((((((((((( Pliki utworzone od 2012-07-08 do 2012-08-08 ))))))))))))))))))))))))))))))) . . 2012-08-08 15:36 . 2012-08-08 15:36 -------- d-----w- c:\program files\ESET 2012-08-07 20:22 . 2012-08-08 14:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2012-08-07 20:22 . 2012-08-07 20:22 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-08-07 17:51 . 2012-08-07 17:51 -------- d-----w- c:\program files\jv16 PowerTools 2012-08-05 20:21 . 2012-05-15 10:18 14014656 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys 2012-08-05 20:21 . 2012-05-15 10:18 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-08-05 19:58 . 2012-08-05 19:58 9231560 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-08-05 19:53 . 2012-08-05 19:53 -------- d-----w- c:\windows\system32\wbem\Repository 2012-08-05 19:22 . 2012-08-05 19:22 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-01 19:08 . 2012-08-01 19:08 477240 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-08-01 18:42 . 2012-08-01 18:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Battle.net 2012-07-26 18:31 . 2012-07-26 18:31 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Chromium 2012-07-25 18:05 . 2012-07-25 18:08 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\.beniamin 2012-07-17 14:23 . 2012-08-08 16:41 -------- d-----w- c:\program files\Common Files\Akamai 2012-07-12 18:38 . 2012-07-12 18:38 -------- d-----w- c:\program files\uTorrent 2012-07-10 20:33 . 2012-07-10 20:33 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\NCSoft . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-05 20:00 . 2012-05-01 06:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-05 20:00 . 2011-05-13 14:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 16:21 . 2012-07-08 18:44 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2012-07-08 18:44 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2012-07-08 18:44 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2012-07-08 18:44 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-03 16:21 . 2012-07-08 18:44 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-07-03 16:21 . 2012-07-08 18:44 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-07-03 16:21 . 2012-07-08 18:44 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-07-03 16:21 . 2012-07-08 18:43 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2012-07-08 18:43 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-29 20:06 . 2012-06-29 20:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-13 13:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 07:52 . 2008-09-05 17:18 98304 -c--a-w- c:\windows\system32\CmdLineExt.dll 2012-06-09 17:21 . 2012-07-06 18:25 178688 ----a-w- c:\windows\system32\unrar.dll 2012-06-05 15:49 . 2009-08-19 16:07 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2008-12-02 06:22 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2008-12-02 06:22 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2008-01-21 09:37 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2008-01-21 09:37 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2008-01-21 09:37 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2008-01-21 10:12 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-01-21 09:37 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2008-01-21 09:37 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2008-12-02 06:22 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2008-01-21 09:37 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2008-12-02 06:22 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2008-01-21 09:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:18 . 2011-05-01 12:15 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18 . 2011-05-01 12:15 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2011-05-01 12:15 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-05-31 13:22 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 10:18 . 2012-05-22 17:43 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18 . 2012-05-16 16:40 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18 . 2012-05-16 16:40 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:18 . 2010-08-18 16:52 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 10:18 . 2010-04-03 22:55 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18 . 2010-04-03 22:55 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18 . 2010-04-03 22:55 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18 . 2010-04-03 22:55 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18 . 2010-04-03 22:55 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18 . 2010-04-03 22:55 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 09:43 . 2010-04-03 17:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-05-15 09:43 . 2010-04-03 17:23 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-05-15 09:43 . 2010-04-03 17:22 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-05-15 09:43 . 2010-04-03 17:22 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-05-15 09:43 . 2010-04-03 17:22 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-05-15 09:43 . 2010-04-03 17:22 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-05-15 09:43 . 2010-04-03 17:22 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-05-15 09:43 . 2010-04-03 17:22 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-05-15 09:43 . 2010-04-03 17:22 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-05-15 09:43 . 2010-04-03 17:22 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-05-15 09:43 . 2010-04-03 17:22 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-05-15 09:43 . 2010-04-03 17:22 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-05-15 09:43 . 2010-04-03 17:22 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-05-15 09:43 . 2010-04-03 17:22 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-05-15 09:43 . 2010-04-03 17:22 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-05-15 09:43 . 2010-04-03 17:22 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-05-15 09:43 . 2010-04-03 17:22 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-05-15 09:43 . 2010-04-03 17:22 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-05-15 09:43 . 2010-04-03 17:22 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-05-15 09:43 . 2010-04-03 17:22 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-05-15 09:43 . 2010-04-03 17:22 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-05-15 09:43 . 2010-04-03 17:22 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-05-15 09:43 . 2010-04-03 17:22 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-05-15 09:43 . 2010-04-03 17:22 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-05-15 09:43 . 2010-04-03 17:22 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-05-15 09:43 . 2010-04-03 17:22 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-05-15 09:43 . 2010-04-03 17:22 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-05-15 09:43 . 2010-04-03 17:22 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-05-15 09:40 . 2010-04-03 17:22 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40 . 2010-04-03 17:23 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40 . 2010-04-03 17:23 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40 . 2010-04-03 17:23 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40 . 2010-04-03 17:23 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-14 11:03 . 2009-08-06 16:43 3985688 -c--a-w- c:\windows\system32\GameMon.des 2012-05-11 14:44 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2012-04-25 14:08 . 2011-04-01 18:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngin0.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-07-12 895376] "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-04 296056] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2012-04-04 462408] "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU] 2009-08-04 15:29 346320 ----a-w- c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] 2006-03-22 22:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG] 2007-03-06 13:51 212992 -c--a-w- c:\program files\Mouse Driver\StartAutorun.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2012-05-15 09:40 108352 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-06-25 06:07 17887232 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] 2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TuneUp.UtilitiesSvc"=2 (0x2) "Steam Client Service"=3 (0x3) "StarWindServiceAE"=2 (0x2) "SSScsiSV"=3 (0x3) "SPTISRV"=3 (0x3) "SonicStage Back-End Service"=3 (0x3) "npggsvc"=3 (0x3) "IDriverT"=3 (0x3) "MozillaMaintenance"=3 (0x3) "FileZilla Server"=3 (0x3) "AdobeFlashPlayerUpdateSvc"=3 (0x3) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount "ctfmon.exe"=c:\windows\system32\ctfmon.exe "uTorrent"="c:\program files\uTorrent\uTorrent.exe" /MINIMIZED . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" blrun "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "IgfxTray"=c:\windows\system32\igfxtray.exe "HotKeysCmds"=c:\windows\system32\hkcmd.exe "Persistence"=c:\windows\system32\igfxpers.exe "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" /autostart "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe "InCD"=c:\program files\Nero\Nero 7\InCD\InCD.exe "SecurDisc"=c:\program files\Nero\Nero 7\InCD\NBHGui.exe "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE -startup "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot "ACQTMOUSE"="c:\program files\MC-610\MC-610 Innovation G-Laser Mouse\1.0\ACQTMAPP.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\WINDOWS\\system32\\java.exe"= "d:\\League of Legends\\lol.launcher.exe"= "d:\\Mirc\\mirc.exe"= "d:\\steam\\SteamApps\\common\\dawn of war 2\\DOW2.exe"= "c:\\Program Files\\Kamuse\\kcsDownloadV3Tray\\kcsDownloadV3Tray.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Cryptic Studios\\Champions Online.exe"= "c:\\Program Files\\Cryptic Studios\\Champions Online\\Live\\GameClient.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Allods\\Allods Online\\bin\\Launcher.exe"= "d:\\StarCraft II\\StarCraft II.exe"= "d:\\StarCraft II\\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe"= "d:\\StarCraft II\\Versions\\Base15405\\SC2.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57247:TCP"= 57247:TCP:Pando Media Booster "57247:UDP"= 57247:UDP:Pando Media Booster "8394:TCP"= 8394:TCP:League of Legends Launcher "8394:UDP"= 8394:UDP:League of Legends Launcher "56689:TCP"= 56689:TCP:Pando Media Booster "56689:UDP"= 56689:UDP:Pando Media Booster "8375:TCP"= 8375:TCP:League of Legends Launcher "8375:UDP"= 8375:UDP:League of Legends Launcher "57189:TCP"= 57189:TCP:Pando Media Booster "57189:UDP"= 57189:UDP:Pando Media Booster "8376:TCP"= 8376:TCP:League of Legends Launcher "8376:UDP"= 8376:UDP:League of Legends Launcher "8377:TCP"= 8377:TCP:League of Legends Launcher "8377:UDP"= 8377:UDP:League of Legends Launcher "8378:TCP"= 8378:TCP:League of Legends Launcher "8378:UDP"= 8378:UDP:League of Legends Launcher "8379:TCP"= 8379:TCP:League of Legends Launcher "8379:UDP"= 8379:UDP:League of Legends Launcher "8380:TCP"= 8380:TCP:League of Legends Launcher "8380:UDP"= 8380:UDP:League of Legends Launcher "58101:TCP"= 58101:TCP:Pando Media Booster "58101:UDP"= 58101:UDP:Pando Media Booster "8381:TCP"= 8381:TCP:League of Legends Launcher "8381:UDP"= 8381:UDP:League of Legends Launcher "6993:TCP"= 6993:TCP:League of Legends Launcher "6993:UDP"= 6993:UDP:League of Legends Launcher "58724:TCP"= 58724:TCP:Pando Media Booster "58724:UDP"= 58724:UDP:Pando Media Booster "6980:TCP"= 6980:TCP:League of Legends Launcher "6980:UDP"= 6980:UDP:League of Legends Launcher "8382:TCP"= 8382:TCP:League of Legends Launcher "8382:UDP"= 8382:UDP:League of Legends Launcher "6970:TCP"= 6970:TCP:League of Legends Launcher "6970:UDP"= 6970:UDP:League of Legends Launcher "6961:TCP"= 6961:TCP:League of Legends Launcher "6961:UDP"= 6961:UDP:League of Legends Launcher "6932:TCP"= 6932:TCP:League of Legends Launcher "6932:UDP"= 6932:UDP:League of Legends Launcher "6906:TCP"= 6906:TCP:League of Legends Launcher "6906:UDP"= 6906:UDP:League of Legends Launcher "6978:TCP"= 6978:TCP:League of Legends Launcher "6978:UDP"= 6978:UDP:League of Legends Launcher "6914:TCP"= 6914:TCP:League of Legends Launcher "6914:UDP"= 6914:UDP:League of Legends Launcher "6934:TCP"= 6934:TCP:League of Legends Launcher "6934:UDP"= 6934:UDP:League of Legends Launcher "8383:TCP"= 8383:TCP:League of Legends Launcher "8383:UDP"= 8383:UDP:League of Legends Launcher "8393:TCP"= 8393:TCP:League of Legends Lobby "8393:UDP"= 8393:UDP:League of Legends Lobby "8390:TCP"= 8390:TCP:League of Legends Game Client "8390:UDP"= 8390:UDP:League of Legends Game Client "6987:TCP"= 6987:TCP:League of Legends Launcher "6987:UDP"= 6987:UDP:League of Legends Launcher "56968:TCP"= 56968:TCP:Pando Media Booster "56968:UDP"= 56968:UDP:Pando Media Booster "56413:TCP"= 56413:TCP:Pando Media Booster "56413:UDP"= 56413:UDP:Pando Media Booster "5985:TCP"= 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows "56462:TCP"= 56462:TCP:Pando Media Booster "56462:UDP"= 56462:UDP:Pando Media Booster "58903:TCP"= 58903:TCP:Pando Media Booster "58903:UDP"= 58903:UDP:Pando Media Booster . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-02-07 14776] R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-07-08 353688] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-19 913752] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-07-08 21256] R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472] R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2012-02-07 821592] R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2012-05-15 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-05 1262400] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-05-15 22344] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-04-07 123840] S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?] S1 aswSnx;aswSnx; [x] S2 ATE_PROCMON;ATE_PROCMON; [x] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-04-12 1684736] S3 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-01-18 24635] S3 apf001;apf001;c:\windows\system32\apf001.sys [2012-03-29 10872] S3 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-04-12 219360] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336] S3 dump_wmimmc;dump_wmimmc; [x] S3 EagleXNt;EagleXNt; [x] S3 esgiguard;esgiguard; [x] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\everestcorporate530\kerneld.wnt --> h:\everestcorporate530\kerneld.wnt [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-06-29 40776] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [2012-02-07 30368] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x] S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [2012-02-07 16208] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [2012-05-16 14416] S3 XDva370;XDva370; [x] S3 XDva391;XDva391; [x] S3 XDva397;XDva397; [x] S3 zlportio;zlportio; [x] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 250056] S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [2012-02-07 246816] S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976] S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service; [x] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Zawartość folderu 'Zaplanowane zadania' . 2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 18:45] . 2012-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-08-08 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-08 16:21] . 2012-08-08 c:\windows\Tasks\Game_Booster_AutoUpdate.job - c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-04-09 09:21] . 2012-08-08 c:\windows\Tasks\Game_Booster_Startup.job - c:\program files\IObit\Game Booster 3\gbtray.exe [2012-04-09 17:05] . 2012-08-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1425521274-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02] . 2012-08-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1425521274-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02] . 2012-08-08 c:\windows\Tasks\SmartDefrag_Startup.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2012-02-07 13:26] . . ------- Skan uzupełniający ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = 127.0.0.1:9421; Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bi1w6to7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2604146&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2604146&q= FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - USUNIĘTO PUSTE WPISY - - - - . URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file) WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file) HKLM-Run-NAV - c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\19.7.1.5\InstStub.exe MSConfigStartUp-AdvancedDefrag - (no file) MSConfigStartUp-Akamai NetSession Interface - c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe AddRemove-Aro 2012 8.0 - c:\program files\SDC Software . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-08 19:11 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\h:\everestcorporate530\kerneld.wnt" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . Czas ukończenia: 2012-08-08 19:16:18 ComboFix-quarantined-files.txt 2012-08-08 17:16 ComboFix2.txt 2012-04-24 18:13 . Przed: 1 674 235 904 bajtów wolnych Po: 1 917 497 344 bajtów wolnych . - - End Of File - - F8B6E8A5EAD1A57312DD15397BD6B94E