ComboFix 11-04-29.03 - hubol 2011-05-01 14:28:46.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.1232 [GMT 2:00] Uruchomiony z: c:\documents and settings\hubol\Pulpit\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\hubol\Dane aplikacji\mservice32_m.exe c:\documents and settings\hubol\WINDOWS . . ((((((((((((((((((((((((( Pliki utworzone od 2011-04-01 do 2011-05-01 ))))))))))))))))))))))))))))))) . . 2011-05-01 03:22 . 2011-05-01 03:23 -------- d-----w- C:\ERDNT . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Speeder"="c:\program files\Speed Gear\SpeedGear.exe" [2011-02-26 999424] "RouterControl"="c:\progra~1\ROUTER~1\ROUTERCONTROL.EXE" [2009-05-19 3449344] "ares"="c:\program files\Ares\Ares.exe" [2010-10-27 1015808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496] "cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2011-02-09 1183928] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3] 2010-12-14 13:18 2402512 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-04-12 22:44 8429568 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-04-12 22:44 81920 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-04-12 22:44 1626112 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] 2004-01-26 09:38 866816 ----a-w- c:\program files\Thomson\SpeedTouch USB\dragdiag.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC] 2010-11-12 14:11 67960 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Free] 2010-08-07 13:36 4667904 ----a-w- c:\program files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\hubol\\Dane aplikacji\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"= "c:\\Documents and Settings\\hubol\\Dane aplikacji\\Football Superstars\\FSPatchR.exe"= "c:\\Documents and Settings\\hubol\\Dane aplikacji\\Football Superstars\\FSClientr.exe"= "d:\\Nowy folder\\Nowy folder (3)\\Football Superstars\\FSClientr.exe"= "c:\\Program Files\\Metin 2\\metin2.bin"= "c:\\Program Files\\Metin 2\\metin2client.bin"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-04-22 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-04-22 301528] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-04-22 19544] R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 3795560] . Zawartość folderu 'Zaplanowane zadania' . 2011-05-01 c:\windows\Tasks\AWC AutoSweep.job - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2011-04-22 12:11] . 2011-05-01 c:\windows\Tasks\AWC Update.job - c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2011-04-22 13:24] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl uInternet Connection Wizard,ShellNext = hxxp://www.cfos.de/traffic_shaping/calibration_pl.htm?oem=topos FF - ProfilePath - c:\documents and settings\hubol\Dane aplikacji\Mozilla\Firefox\Profiles\8yt6cqb6.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . - - - - USUNIĘTO PUSTE WPISY - - - - . MSConfigStartUp-Cmaudio - cmicnfg.cpl . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-01 14:47 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2011-05-01 14:53:25 ComboFix-quarantined-files.txt 2011-05-01 12:53 . Przed: 66 564 038 656 bajtów wolnych Po: 66 546 102 272 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 0722BC3CDA361FC2C5AC2906393BC163