ComboFix 11-08-17.01 - Młodzież 2011-08-17 15:43:09.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.511.307 [GMT 2:00] Uruchomiony z: c:\documents and settings\M-odzie¬\Moje dokumenty\Pobieranie\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Pliki utworzone od 2011-07-17 do 2011-08-17 ))))))))))))))))))))))))))))))) . . 2011-08-16 17:11 . 2011-08-16 17:11 -------- d-----w- c:\documents and settings\Młodzież\Dane aplikacji\Malwarebytes 2011-08-16 17:11 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-16 17:11 . 2011-08-16 17:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2011-08-16 17:11 . 2011-08-16 17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-16 17:11 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-15 16:37 . 2011-08-15 16:37 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-08-15 16:29 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2011-08-15 16:29 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2011-08-15 16:29 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2011-08-13 11:47 . 2011-08-13 11:47 -------- d-----w- c:\windows\system32\wbem\Repository 2011-08-13 08:35 . 2011-08-15 18:57 -------- d-----w- c:\documents and settings\Młodzież\Dane aplikacji\PriceGong 2011-08-10 19:22 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 19:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-10 17:33 . 2011-08-15 16:37 -------- d-----w- c:\program files\DAEMON Tools Lite 2011-08-10 17:31 . 2011-08-15 16:38 -------- d-----w- c:\documents and settings\Młodzież\Dane aplikacji\DAEMON Tools Lite 2011-08-10 17:31 . 2011-08-10 17:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2011-08-10 15:18 . 2011-08-13 11:44 -------- d-----w- c:\program files\PowerISO 2011-08-07 19:42 . 2011-08-13 11:46 -------- d-----w- c:\documents and settings\Młodzież\Dane aplikacji\Skype 2011-08-01 01:15 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2011-07-31 12:44 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2011-07-31 12:42 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2011-07-31 08:25 . 2011-07-31 08:45 -------- d-----w- c:\documents and settings\Młodzież\Dane aplikacji\Tibia 2011-07-30 19:11 . 2011-01-21 14:44 440832 -c----w- c:\windows\system32\dllcache\shimgvw.dll 2011-07-30 19:11 . 2010-12-20 17:32 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll 2011-07-30 19:10 . 2010-08-17 13:17 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe 2011-07-30 19:08 . 2010-07-16 12:00 1287680 -c----w- c:\windows\system32\dllcache\ole32.dll 2011-07-30 19:06 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-07-30 09:22 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll 2011-07-30 09:20 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 13:29 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-10 22:00 . 2011-07-10 22:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-08 14:02 . 2006-03-02 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-04 11:43 . 2011-07-10 21:43 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:43 . 2011-07-10 21:43 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-04 11:36 . 2011-07-10 21:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36 . 2011-07-10 21:43 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-04 11:35 . 2011-07-10 21:43 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-04 11:35 . 2011-07-10 21:43 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-07-04 11:35 . 2011-07-10 21:43 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-07-04 11:32 . 2011-07-10 21:43 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-04 11:32 . 2011-07-10 21:43 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-07-04 11:32 . 2011-07-10 21:43 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-24 14:10 . 2011-07-10 20:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:18 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:18 . 2006-03-02 12:00 669696 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:18 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-06-21 18:16 . 2006-03-02 12:00 370688 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2006-03-02 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2006-03-02 12:00 1859200 ----a-w- c:\windows\system32\win32k.sys 2011-06-16 04:51 . 2011-07-10 21:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinBar"="c:\program files\WinBar\WinBar.exe" [2009-09-29 271360] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] "iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2010-10-01 464192] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2011-7-10 802816] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "e:\\Sniper elite\\Sniper Elite\\SniperElite.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-07-10 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-07-10 309848] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-08-15 232512] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-07-10 19544] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-16 366640] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-07-30 70656] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-16 22712] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-11 135664] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-07-30 101504] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-07-30 117504] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-11 135664] . Zawartość folderu 'Zaplanowane zadania' . 2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-11 20:12] . 2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-11 20:12] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2504091 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Młodzież\Dane aplikacji\Mozilla\Firefox\Profiles\rzknkuyj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://wp.pl/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q= . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-C6501Sound - c6501.cpl . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-17 15:49 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2011-08-17 15:51:28 ComboFix-quarantined-files.txt 2011-08-17 13:51 . Przed: 19 217 866 752 bajtów wolnych Po: 19 524 153 344 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 5C3D9A1688BD05AB0CF7C93E445B5BD1