ComboFix 11-01-31.02 - sławek 2011-02-01  23:19:41.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1279.924 [GMT 1:00]
Uruchomiony z: c:\documents and settings\sławek\Pulpit\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

(((((((((((((((((((((((((   Pliki utworzone od 2011-01-01 do 2011-02-01  )))))))))))))))))))))))))))))))
.

2011-02-01 20:26 . 2010-08-23 16:07	27192	----a-w-	c:\windows\system32\drivers\rspSanity32.sys
2011-02-01 20:26 . 2011-02-01 20:26	--------	d-----w-	c:\program files\SanityCheck
2011-02-01 17:17 . 2011-02-01 17:17	--------	d-----w-	c:\program files\Sophos
2011-02-01 10:32 . 2011-02-01 10:32	388096	----a-r-	c:\documents and settings\sławek\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-01 10:32 . 2011-02-01 10:32	--------	d-----w-	c:\program files\hijack
2011-01-22 13:30 . 2009-09-02 11:44	65602	----a-w-	c:\windows\system32\cook3260.dll
2011-01-22 13:30 . 2009-09-02 11:44	217127	----a-w-	c:\windows\system32\drv43260.dll
2011-01-22 13:30 . 2009-09-02 11:44	208935	----a-w-	c:\windows\system32\drv33260.dll
2011-01-22 13:30 . 2009-09-02 11:44	176165	----a-w-	c:\windows\system32\drv23260.dll
2011-01-22 13:30 . 2009-09-02 11:44	102439	----a-w-	c:\windows\system32\sipr3260.dll
2011-01-22 13:30 . 2009-09-02 11:44	626688	----a-w-	c:\windows\system32\vp7vfw.dll
2011-01-22 13:30 . 2009-09-02 11:44	1184984	----a-w-	c:\windows\system32\wvc1dmod.dll
2011-01-22 13:26 . 2007-08-31 17:36	36864	----a-w-	c:\windows\system32\trayicon_handler.ocx
2011-01-22 13:26 . 2003-01-26 12:41	40960	----a-w-	c:\windows\system32\ssubtmr6.dll
2011-01-21 19:13 . 2011-01-13 08:37	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-01-21 19:13 . 2011-01-13 08:41	294608	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-01-21 19:13 . 2011-01-13 08:40	47440	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-01-21 19:13 . 2011-01-13 08:37	23632	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-01-21 19:13 . 2011-01-13 08:40	100176	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-01-21 19:13 . 2011-01-13 08:39	94544	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-01-21 19:13 . 2011-01-13 08:37	29392	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-01-21 19:13 . 2011-01-13 08:47	38848	----a-w-	c:\windows\avastSS.scr
2011-01-21 19:13 . 2011-01-13 08:47	188216	----a-w-	c:\windows\system32\aswBoot.exe
2011-01-21 12:04 . 2008-10-08 09:16	139264	----a-w-	c:\windows\system32\xvid.ax
2011-01-21 12:04 . 2008-12-04 20:46	180224	----a-w-	c:\windows\system32\xvidvfw.dll
2011-01-21 09:44 . 2011-01-21 09:44	21419	----a-w-	c:\windows\system32\drivers\AegisP.sys
2011-01-21 09:44 . 2007-07-28 15:10	483968	----a-w-	c:\windows\system32\drivers\rt61.sys
2011-01-21 09:43 . 2011-01-21 09:43	--------	d-----w-	c:\program files\RALINK
2011-01-21 09:43 . 2011-01-21 09:43	--------	d-----w-	c:\documents and settings\sławek\Dane aplikacji\InstallShield
2011-01-20 21:51 . 2011-01-20 21:51	--------	d-----w-	c:\documents and settings\sławek\Dane aplikacji\AVG10
2011-01-20 21:50 . 2011-01-20 21:50	--------	d--h--w-	c:\documents and settings\All Users\Dane aplikacji\Common Files
2011-01-20 21:40 . 2011-01-20 21:46	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\MFAData
2011-01-20 13:36 . 2011-01-20 13:36	--------	d-----w-	c:\program files\Lame For Audacity
2011-01-20 10:54 . 2011-01-27 12:54	--------	d-----w-	c:\documents and settings\sławek\Dane aplikacji\Audacity
2011-01-20 10:52 . 2011-01-20 13:30	--------	d-----w-	c:\program files\Audacity 1.3 Beta (Unicode)
2011-01-15 17:22 . 2011-01-31 23:04	22328	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2011-01-15 17:22 . 2011-01-15 17:22	22328	----a-w-	c:\documents and settings\sławek\Dane aplikacji\PnkBstrK.sys
2011-01-15 17:22 . 2011-01-31 23:03	103736	----a-w-	c:\windows\system32\PnkBstrB.exe
2011-01-15 17:22 . 2011-01-31 22:54	66872	----a-w-	c:\windows\system32\PnkBstrA.exe
2011-01-15 17:02 . 2011-01-15 17:02	--------	d-----w-	c:\windows\system32\LogFiles
2011-01-09 16:45 . 2011-01-09 16:45	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2011-01-04 17:04 . 2011-01-04 17:04	--------	d-----w-	c:\program files\AutoCAD 2009
2011-01-04 17:03 . 2011-01-04 17:27	--------	d-----w-	c:\documents and settings\sławek\Dane aplikacji\Autodesk
2011-01-04 17:03 . 2011-01-04 17:17	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Autodesk
2011-01-04 17:03 . 2011-01-04 17:15	--------	d-----w-	c:\program files\Common Files\Autodesk Shared
2011-01-04 17:03 . 2011-01-04 17:03	--------	d-----w-	c:\documents and settings\sławek\Ustawienia lokalne\Dane aplikacji\Autodesk

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-24 08:15 . 2010-12-24 08:15	86016	----a-w-	c:\windows\system32\frapsvid.dll
2010-12-10 15:28 . 2008-04-14 20:50	219648	----a-w-	c:\windows\system32\uxtheme.dll
2010-11-25 17:19 . 2010-11-25 17:19	162304	-c--a-w-	c:\windows\CleanUpUninstall.exe
2010-02-10 03:18 . 2010-07-23 12:47	2131336	-c----w-	c:\program files\Common Files\AskToolbarInstaller.exe
.

------- Sigcheck -------

[-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot@2011-02-01_17.01.07   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-01 22:15 . 2011-02-01 22:15	16384              c:\windows\temp\Perflib_Perfdata_7e8.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-08-29 328568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-08-05 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-08-05 13923432]
"CM-SmWizard"="c:\windows\System\SmWizard.exe" [2003-08-30 1454080]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-05-08 123904]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2011-1-21 1114112]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2010-03-24 00:23	1432064	-c----w-	c:\program files\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-02-08 15:51	1015808	-c----w-	c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50	1603152	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01	644696	----a-w-	c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
2007-11-01 12:25	2165272	------w-	c:\program files\VDOTool\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-26 19:30	136176	----atw-	c:\documents and settings\sławek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47	31016	------w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50	155648	-c----w-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu]
2008-06-27 08:28	8798816	----a-w-	c:\program files\Nowe Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-08-05 17:39	13923432	----a-w-	c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-08-05 17:39	110696	----a-w-	c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-08-04 23:11	1753192	----a-w-	c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 11:02	79400	------w-	c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-06-24 17:24	98304	-c----w-	c:\windows\system32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03	210472	------w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	------w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-08-29 15:33	328568	------w-	c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\windows\system32\qttask.exe" -atboottime
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"RelevantKnowledge"=c:\program files\RelevantKnowledge\rlvknlg.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"g:\\fifa10\\FIFA10.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7350:TCP"= 7350:TCP:BitComet 7350 TCP
"7350:UDP"= 7350:UDP:BitComet 7350 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-01-21 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-01-21 17744]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2010-09-26 81920]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2010-09-26 2736128]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-06-26 27632]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-06-26 13224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2E.tmp --> c:\windows\system32\2E.tmp [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2011-02-01 27192]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Zawartość folderu 'Zaplanowane zadania'

2010-12-10 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- g:\program files\DriverEasy\DriverEasy.exe [2010-12-10 19:55]

2011-02-01 c:\windows\Tasks\GlaryInitialize.job
- g:\program files\Glary Utilities\initialize.exe [2011-01-21 13:13]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.windowsxlive.net
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
.
.
------- Skojarzenia plików -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-01 23:33
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2E.tmp"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
Czas ukończenia: 2011-02-01  23:38:11
ComboFix-quarantined-files.txt  2011-02-01 22:38
ComboFix2.txt  2011-02-01 17:04

Przed: 1 179 623 424 bajtów wolnych
Po: 1 177 468 928 bajtów wolnych

- - End Of File - - C9DB7DD721EB59393A0DFA09713223DC