ComboFix 11-07-21.02 - Daniel 2011-07-21 20:54:51.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.1182 [GMT 2:00] Uruchomiony z: c:\documents and settings\Daniel\Moje dokumenty\Pobieranie\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\autorun.inf C:\d1vmq.exe c:\windows\system32\EXPLORER.EXE c:\windows\system32\urretnd.exe D:\autorun.inf D:\d1vmq.exe D:\install.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2011-06-21 do 2011-07-21 ))))))))))))))))))))))))))))))) . . 2011-07-21 18:12 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-07-21 18:12 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-21 18:12 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-21 18:12 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-21 18:12 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-21 18:12 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-07-21 18:12 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-07-21 18:12 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-07-21 18:12 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr 2011-07-21 18:12 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-21 18:11 . 2011-07-21 18:11 -------- d-----w- c:\program files\AVAST Software 2011-07-21 18:11 . 2011-07-21 18:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AVAST Software 2011-07-12 08:35 . 2011-07-12 08:35 -------- d-----w- c:\documents and settings\Daniel\Ustawienia lokalne\Dane aplikacji\Identities 2011-07-08 09:00 . 2011-07-08 09:00 -------- d-----w- c:\documents and settings\Daniel\Pulpit 2011-07-08 08:51 . 2011-07-08 08:51 -------- d-----w- c:\program files\Codemasters 2011-07-08 08:48 . 2011-07-08 09:03 21840 ----atw- c:\windows\system32\SIntfNT.dll 2011-07-08 08:48 . 2011-07-08 09:03 17212 ----atw- c:\windows\system32\SIntf32.dll 2011-07-08 08:48 . 2011-07-08 09:03 12067 ----atw- c:\windows\system32\SIntf16.dll 2011-07-08 08:38 . 2011-07-08 09:04 -------- d-----w- c:\program files\Common Files\InstallShield 2011-07-05 21:39 . 2011-07-05 21:41 -------- d-----w- c:\program files\Prawo Jazdy 2006 2011-06-29 11:55 . 2011-06-29 11:55 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-29 11:55 . 2011-06-29 11:55 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-29 11:41 . 2011-06-29 11:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-24 16:58 . 2004-11-07 12:05 139305 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll 2011-06-24 16:58 . 2004-11-07 12:05 81967 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll 2011-06-24 16:58 . 2011-06-24 16:58 -------- d-----w- c:\program files\Media Player Classic 2011-06-24 16:58 . 2011-06-24 16:58 -------- d-----w- c:\program files\Real Alternative 2011-06-24 16:58 . 2004-01-25 15:49 303104 ----a-w- c:\windows\system32\RealMediaSplitter.ax 2011-06-24 16:55 . 2011-06-24 16:55 737280 ----a-w- c:\windows\iun6002.exe 2011-06-24 16:55 . 2011-06-24 16:55 -------- d-----w- c:\program files\Codec Pack - All In 1 2011-06-24 16:53 . 2011-06-24 16:53 -------- d-----w- c:\program files\MarBit 2011-06-24 16:53 . 2011-06-24 16:53 -------- d-----w- c:\program files\ffdshow . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-21 18:22 . 2011-05-03 16:55 94208 ------w- c:\windows\system32\trz1.tmp 2011-05-21 12:49 . 2011-05-21 12:43 431672 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-05-15 13:50 . 2011-05-15 13:50 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-15 13:50 . 2011-05-15 13:50 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-29 11:55 . 2011-05-03 17:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-14 3784704] "nwiz"="nwiz.exe" [2004-05-14 831488] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-05-14 81920] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-07-21 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-07-21 309848] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-07-21 19544] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - ASWSNX . . ------- Skan uzupełniający ------- . uStart Page = my.daemon-search.com TCP: Interfaces\{3CD03929-415E-48E0-A1EE-CED8BE0A9723}: NameServer = 194.126.164.5 194.126.164.5 FF - ProfilePath - c:\documents and settings\Daniel\Dane aplikacji\Mozilla\Firefox\Profiles\r122dklh.default\ FF - prefs.js: browser.search.selectedEngine - Allegro FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: network.proxy.type - 0 . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-cbvcs - c:\windows\system32\urretnd.exe HKCU-Run-wsctf.exe - wsctf.exe HKLM-Run-Cmaudio - cmicnfg.cpl . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-21 21:04 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2011-07-21 21:10:26 ComboFix-quarantined-files.txt 2011-07-21 19:10 . Przed: 15 946 461 184 bajtów wolnych Po: 15 971 377 152 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=signature(45c545c4)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug signature(45c545c4)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 7CD871806C28351FB1C4A17EB83AC7D2