ComboFix 11-10-29.06 - Administrator 2011-10-30 10:57:29.1.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1015.684 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Administrator\Pulpit\CFScript.txt AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . FILE :: "c:\windows\ld09.exe" "e:\windows\dhcp\svchost.exe" "e:\windows\system32\155.tmp.exe" "e:\windows\system32\159.tmp.exe" "e:\windows\system32\167.tmp.exe" "e:\windows\system32\174.tmp" "e:\windows\system32\dncyool32.sys" "e:\windows\System32\reader_s.exe" "e:\windows\system32\sopidkc.exe" "e:\windows\system32\tpszxyd.sys" "e:\windows\system32\twex.exe" "e:\windows\SYSTEM32\winepi32.dll" . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Setup.exe c:\windows\help\tours\htmltour\unlock_playing.htm c:\windows\IsUn0415.exe c:\windows\iun6002.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif . . ((((((((((((((((((((((((( Pliki utworzone od 2011-09-28 do 2011-10-30 ))))))))))))))))))))))))))))))) . . 2011-10-28 19:42 . 2010-01-13 10:28 155648 ----a-w- c:\windows\system32\igfxCoIn_v5218.dll 2011-10-28 19:42 . 2010-01-13 10:18 1498560 ----a-w- c:\windows\system32\igkrng400.bin 2011-10-28 19:42 . 2011-10-28 19:42 -------- d-----w- C:\Intel 2011-10-28 19:18 . 2011-10-28 19:53 -------- d-----w- c:\program files\.minecraft . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-26 16:52 . 2011-06-13 14:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2011-02-22 17:54 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 00:37 . 2009-02-04 17:17 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-26 09:41 . 2007-10-09 11:03 614400 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2006-03-02 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-10 12:55 . 2011-09-10 12:55 98304 ----a-w- c:\windows\W2BNEUnin.exe 2011-09-10 12:55 . 2011-09-10 12:55 2829 ----a-w- c:\windows\W2BNEUnin.pif 2011-09-10 11:47 . 2011-09-10 11:38 45056 ----a-w- c:\windows\system32\acovcnt.exe 2011-09-09 09:12 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 20:45 . 2010-06-29 19:14 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:45 . 2007-12-28 09:43 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:38 . 2011-05-26 14:42 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:37 . 2008-04-01 20:03 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2007-12-28 09:44 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2007-12-28 09:44 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2007-12-28 09:43 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-09-06 20:36 . 2007-12-28 09:43 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-09-06 20:36 . 2008-04-01 20:03 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-09-06 20:33 . 2007-12-28 09:43 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-09-06 14:10 . 2006-03-02 12:00 1859200 ----a-w- c:\windows\system32\win32k.sys 2011-08-17 21:25 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2011-08-17 21:25 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-08-17 21:25 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-08-17 21:25 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll 2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-08-17 12:22 . 2006-03-02 12:00 389120 ----a-w- c:\windows\system32\html.iec 2011-08-12 11:51 . 2007-12-14 18:55 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2011-10-05 18:48 . 2011-05-06 20:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-13 815104] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2009-03-20 174648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel] 2007-02-28 16:50 180224 -c----w- c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RichVideo"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "NMIndexingService"=3 (0x3) "NBService"=3 (0x3) "TOSHIBA Bluetooth Service"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\7-Zip\\7zFM.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Proficy\\Proficy Machine Edition\\fxView\\Runtime\\NT\\Runtime.exe"= "c:\\WINDOWS\\system32\\hasplms.exe"= "c:\\Program Files\\Proficy\\Proficy Alarm Viewer 2.0\\AEClientHostService.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-03-29 716272] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-05-26 442200] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-04-01 320856] S2 AEClientHostService2;Proficy AE Client Host Service;c:\program files\Proficy\Proficy Alarm Viewer 2.0\AEClientHostService.exe [2010-07-12 20480] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-01 20568] S2 DriverX;DriverX;c:\windows\system32\drivers\Driverx.sys [2009-12-14 40992] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?] S2 FxControlRuntime;FxControl Runtime;c:\program files\Proficy\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe [2010-10-15 651264] S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys --> c:\windows\system32\Drivers\e4ldr.sys [?] S2 LoggingService;Proficy Log Server;c:\program files\Proficy\Proficy Machine Edition\Proficy Event Logger\LoggingService.exe [2010-10-15 151552] S2 Proficy Driver Runtime;Proficy Driver Runtime;c:\program files\Proficy\Proficy Machine Edition\fxView\Runtime\ProficyDrivers\WIN32\GefPdfOpc.exe [2006-11-24 192512] S2 ProficyViewIntegratedOPCDriverLoggerV5;Proficy View Integrated OPC Driver 5.3 Event Logger;c:\program files\Proficy\Proficy View Integrated OPC Driver 5\server_eventlog.exe [2010-07-19 105248] S2 TrapiServer;Trapi File Server;c:\program files\Proficy\Proficy Machine Edition\Common\Components\NT\TrapiServer.exe [2010-10-15 131174] S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys --> c:\windows\system32\DRIVERS\adusbser.sys [?] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2007-12-14 39424] S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys --> c:\windows\system32\DRIVERS\e4usbaw.sys [?] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?] S3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [2007-12-14 733184] S3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [2007-12-14 1656576] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Skan uzupełniający ------- . TCP: DhcpNameServer = 194.204.152.34 194.204.159.1 FF - ProfilePath - . - - - - USUNIĘTO PUSTE WPISY - - - - . BHO-{DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - c:\progra~1\ALLPLA~1\Iplex\IPLEXT~1.DLL MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe MSConfigStartUp-AutoConnect - c:\program files\AutoConnect\AutoConnect.exe MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe AddRemove-ALLPlayer_is1 - c:\program files\ALLPlayer\unins000.exe AddRemove-BillardGL 1.75 - c:\program files\BillardGL 1.75\uninstall.exe AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe AddRemove-Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1 - c:\program files\ChickenInvadersROTYXmas\unins000.exe AddRemove-Chicken Invaders_is1 - c:\program files\Chicken Invaders\unins000.exe AddRemove-Free Easy Burner_is1 - c:\program files\Free Easy Burner\unins000.exe AddRemove-Mathcad7DemoUninstallKey - c:\program files\MathSoft\Explorer\DeIsL1.isu AddRemove-Nokia Ovi Suite - c:\documents and settings\All Users\Dane aplikacji\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe AddRemove-OpenVPN - c:\program files\OpenVPN\Uninstall.exe AddRemove-Poradnik_Mechnika - c:\windows\iun6002.exe AddRemove-PSpice Student - c:\program files\OrCAD_Demo\DeIsL1.isu AddRemove-RealAlt_is1 - c:\program files\Real Alternative\unins000.exe AddRemove-RealVNC_is1 - c:\program files\RealVNC\VNC4\unins000.exe AddRemove-Revo Uninstaller - c:\program files\VS Revo Group\Revo Uninstaller\uninst.exe AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe AddRemove-Wymarzony Dom 2.1 - c:\windows\IsUn0415.exe AddRemove-{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} - c:\program files\PDFCreator\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-30 11:04 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(264) c:\windows\system32\iac25_32.ax c:\windows\system32\l3codeca.acm c:\windows\system32\lameACM.acm c:\windows\system32\WININET.dll c:\windows\system32\divxa32.acm c:\windows\system32\imc32.acm c:\windows\system32\ac3acm.acm . Czas ukończenia: 2011-10-30 11:07:20 ComboFix-quarantined-files.txt 2011-10-30 10:07 . Przed: 8 521 011 200 bajtów wolnych Po: 8 566 067 200 bajtów wolnych . Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 4B3064192E6F5FAB67364BA953522844