ComboFix 12-07-08.03 - Lech 2012-07-10 8:02.4.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1790.1502 [GMT 2:00] Uruchomiony z: G:\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-10 do 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-09 12:23 . 2012-07-09 13:22 -------- d-----w- c:\documents and settings\Administrator 2012-07-09 11:55 . 2012-07-09 11:55 -------- d-----w- c:\documents and settings\Lech\Dane aplikacji\hellomoto 2012-06-19 07:16 . 2012-06-19 07:18 -------- d-----w- c:\documents and settings\Lech\Ustawienia lokalne\Dane aplikacji\Google . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-25 06:06 . 2012-05-25 14:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-25 06:06 . 2012-02-22 18:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-07-02 05:15 . 2012-02-14 15:56 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-09_14.02.32 ))))))))))))))))))))))))))))))))))))))))) . + 2001-10-26 17:15 . 2012-07-10 05:55 49492 c:\windows\system32\perfc015.dat - 2001-10-26 17:15 . 2012-07-09 13:44 49492 c:\windows\system32\perfc015.dat + 2001-08-17 22:30 . 2012-07-10 05:55 39992 c:\windows\system32\perfc009.dat - 2001-08-17 22:30 . 2012-07-09 13:44 39992 c:\windows\system32\perfc009.dat + 2001-10-26 17:15 . 2012-07-10 05:55 355486 c:\windows\system32\perfh015.dat - 2001-10-26 17:15 . 2012-07-09 13:44 355486 c:\windows\system32\perfh015.dat + 2001-08-17 22:30 . 2012-07-10 05:55 311604 c:\windows\system32\perfh009.dat - 2001-08-17 22:30 . 2012-07-09 13:44 311604 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13533184] "nwiz"="nwiz.exe" [2008-05-23 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 86016] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "xwizard"="c:\documents and settings\Lech\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\2800\xwizard.exe" [2012-07-09 48640] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-04-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-09-13 31952] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-07-11 301248] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-07 235216] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-06-13 5161080] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 250056] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 113120] . Zawartość folderu 'Zaplanowane zadania' . 2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 06:06] . 2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-2025429265-839522115-1003Core.job - c:\documents and settings\Lech\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-06-19 07:16] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-2025429265-839522115-1003UA.job - c:\documents and settings\Lech\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-06-19 07:16] . . ------- Skan uzupełniający ------- . uInternet Connection Wizard,ShellNext = iexplore IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 85.193.224.9 85.193.224.2 FF - ProfilePath - c:\documents and settings\Lech\Dane aplikacji\Mozilla\Firefox\Profiles\5yynt5x3.def\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14276 FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=KW_def&AF=14276&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-10 08:06 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-07-10 08:07:19 ComboFix-quarantined-files.txt 2012-07-10 06:07 ComboFix2.txt 2012-07-09 14:18 ComboFix3.txt 2012-07-09 14:04 . Przed: 27 816 972 288 bajtów wolnych Po: 27 806 683 136 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - A4F50A92971D953991F3953A5061539F