ComboFix 12-07-27.03 - Pablo 2012-07-27  15:41:30.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1526.880 [GMT 2:00]
Uruchomiony z: d:\dysk d\sdgf\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\windows\linkinfo.dll
c:\windows\msmqinst.log
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\regopt.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\drivers\IsDrv118.sys
c:\windows\system32\drivers\nvmini.sys
c:\windows\system32\TZLog.log
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVMINI
-------\Service_IsDrv118
-------\Service_nvmini
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-27 do 2012-07-27  )))))))))))))))))))))))))))))))
.
.
2012-07-23 11:17 . 2012-07-27 11:32	--------	d-----w-	C:\Temp
2012-07-23 11:16 . 2012-07-23 11:16	--------	d-----w-	C:\Sounds
2012-07-18 11:34 . 2012-07-18 11:34	--------	d-----w-	C:\ATI
2012-07-18 08:05 . 2012-07-18 08:05	59	----a-w-	C:\user.js
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:55 . 2008-04-15 12:00	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-15 12:00	1372672	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-15 12:00	1172480	------w-	c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-15 12:00	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-04-15 12:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-05-31 13:22 . 2008-04-15 12:00	602624	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2008-04-15 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2008-04-15 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2008-04-15 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2008-04-15 12:00	385024	------w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-15 12:00	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 21:59	2028032	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-07-14 00:15 . 2012-07-17 20:41	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-07-05 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2012-04-24 20065896]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
c:\documents and settings\Pablo\Menu Start\Programy\Autostart\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2012-3-26 4656632]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Pro Cycling Manager - Season 2010\\PCM.exe"=
"e:\\Pro Cycling Manager - Season 2010\\Autorun\\Exe\\Autorun.exe"=
"e:\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2012-07-18 691696]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2012-07-18 2627760]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-07-17 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-07-17 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-07-17 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-07-17 21256]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-07-17 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-07-17 1691480]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-07-17 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 21:14]
.
2012-07-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-17 16:21]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-17 20:22]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-17 20:22]
.
2012-07-27 c:\windows\Tasks\User_Feed_Synchronization-{B0813BFD-D61F-4B25-8676-67A4AF68009A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 10.1.181.1
FF - ProfilePath - c:\documents and settings\Pablo\Dane aplikacji\Mozilla\Firefox\Profiles\i7n10dph.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 2
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-DelReg - c:\program files\MSI\DualCoreCenter\DelReg.exe
Notify-AtiExtEvent - (no file)
AddRemove-PowerDVD 6 - c:\program files\CyberLink\PowerDVD\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-27 15:48
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(1172)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Czas ukończenia: 2012-07-27  15:50:31 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-07-27 13:50
.
Przed: 67 510 759 424 bajtów wolnych
Po: 67 770 687 488 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3C2E2A1879D611E07F509C0614B3DDF2