ComboFix 11-05-28.01 - Ania 2011-05-29 19:30:50.13.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1022.835 [GMT 2:00] Uruchomiony z: c:\documents and settings\Ania\Pulpit\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\winlogon.exe . . . jest zainfekowany!! . c:\windows\explorer.exe . . . jest zainfekowany!! . . ((((((((((((((((((((((((( Pliki utworzone od 2011-04-28 do 2011-05-29 ))))))))))))))))))))))))))))))) . . 2011-05-29 16:42 . 2011-05-29 16:42 -------- d-----w- C:\Pliki 2011-05-29 15:38 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr 2011-05-29 15:37 . 2011-05-29 15:37 -------- d-----w- c:\program files\AVAST Software 2011-05-29 14:43 . 2004-08-03 23:44 1548288 -c--a-w- c:\windows\system32\dllcache\sfcfiles.dll 2011-05-27 21:41 . 2011-05-27 21:41 -------- d-----w- c:\program files\Gadu-Gadu 10 2011-05-27 21:24 . 2011-05-27 21:24 -------- d-----w- c:\documents and settings\UpdatusUser 2011-05-27 21:21 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-05-27 21:21 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-05-27 21:21 . 2011-04-08 05:14 14856192 ----a-w- c:\windows\system32\nvoglnt.dll 2011-05-27 21:21 . 2011-04-08 05:14 12501600 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys 2011-05-27 21:21 . 2011-04-08 05:14 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-05-27 21:18 . 2011-05-27 21:18 -------- d-----w- C:\NVIDIA 2011-05-27 20:40 . 2011-05-27 20:40 -------- d-----w- c:\program files\Lavalys 2011-05-27 20:30 . 2011-05-27 20:39 -------- d-----w- c:\documents and settings\anna lompa\Dane aplikacji\Winamp 2011-05-27 20:09 . 2011-05-29 14:36 -------- d-----w- c:\program files\Driver Cleaner 2011-05-20 23:48 . 2011-05-29 00:33 -------- d-----w- C:\## aswSnx private storage 2011-05-20 15:03 . 2011-05-20 15:03 -------- d-----w- c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\Balls 2011-05-20 15:03 . 2011-05-20 15:03 -------- d-----w- c:\program files\Super Kulki 2011-05-20 15:03 . 2011-05-20 15:03 -------- d-----w- c:\program files\NAPI-PROJEKT 2011-05-20 15:03 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll 2011-05-20 15:03 . 2009-09-27 22:02 797184 ----a-w- c:\windows\system32\ac3filter.ax 2011-05-20 15:03 . 2007-10-07 13:36 258048 ----a-w- c:\windows\system32\libFLAC.dll 2011-05-20 15:03 . 2011-05-20 15:03 -------- d-----w- c:\program files\ALLPlayer 2011-05-14 21:19 . 2006-10-30 22:10 120992 ----a-w- c:\windows\system32\EpPicPrt.dll 2011-05-14 21:19 . 2006-10-19 22:10 80024 ----a-w- c:\windows\system32\PICSDK.dll 2011-05-14 21:19 . 2006-10-19 22:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll 2011-05-14 21:19 . 2006-10-19 22:10 108704 ----a-w- c:\windows\system32\PICEntry.dll 2011-05-14 21:19 . 2006-10-30 22:10 71840 ----a-w- c:\windows\system32\EPPicMgr.dll 2011-05-14 21:05 . 2004-09-10 18:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL 2011-05-14 21:05 . 2007-12-07 00:08 86528 ----a-w- c:\windows\system32\E_FLBCDE.DLL 2011-05-14 21:05 . 2007-12-07 00:01 78848 ----a-w- c:\windows\system32\E_FD4BCDE.DLL 2011-05-14 18:24 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-05-14 18:24 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-05-14 18:21 . 2011-05-14 18:21 -------- d-----w- c:\program files\epson 2011-05-14 18:21 . 2007-03-26 22:00 67072 ----a-w- c:\windows\system32\escwiad.dll 2011-05-14 18:14 . 2011-05-14 21:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\EPSON 2011-05-14 17:55 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-05-14 17:55 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-05-02 13:58 . 2011-05-02 13:58 -------- d-----w- c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\IVONA_INST 2011-05-02 13:58 . 2011-05-02 13:58 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\IVONA ControlCenter 2011-05-02 13:57 . 2011-05-02 15:13 -------- d-----w- c:\program files\IVONA . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-04-08 05:14 . 2011-02-24 21:27 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-04-08 05:14 . 2011-02-24 21:27 2770536 ----a-w- c:\windows\system32\nvcuvid.dll 2011-04-08 05:14 . 2011-02-24 21:27 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-04-08 05:14 . 2011-02-24 21:27 5210112 ----a-w- c:\windows\system32\nvcuda.dll 2011-04-08 05:14 . 2011-02-24 21:27 13000704 ----a-w- c:\windows\system32\nvcompiler.dll 2011-04-08 05:14 . 2006-06-01 09:22 4111232 ----a-w- c:\windows\system32\nv4_disp.dll 2011-04-08 05:14 . 2006-06-01 09:22 2027008 ----a-w- c:\windows\system32\nvapi.dll 2011-04-07 20:16 . 2011-04-07 20:16 81920 ----a-w- c:\windows\system32\nvwddi.dll 2011-04-07 20:16 . 2011-04-07 20:16 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-04-07 20:16 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrsel.dll 2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsth.dll 2011-04-07 20:16 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrseng.dll 2011-04-07 20:16 . 2011-04-07 20:16 126976 ----a-w- c:\windows\system32\nvrszht.dll 2011-04-07 20:16 . 2011-04-07 20:16 331776 ----a-w- c:\windows\system32\nvrshe.dll 2011-04-07 20:16 . 2011-04-07 20:16 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2011-04-07 20:16 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2011-04-07 20:16 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2011-04-07 20:16 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsru.dll 2011-04-07 20:16 . 2011-04-07 20:16 262144 ----a-w- c:\windows\system32\nvrshu.dll 2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrstr.dll 2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrssl.dll 2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsda.dll 2011-04-07 20:16 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2011-04-07 20:16 . 2011-04-07 20:16 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2011-04-07 20:16 . 2011-04-07 20:16 335872 ----a-w- c:\windows\system32\nvrsar.dll 2011-04-07 20:16 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrsit.dll 2011-04-07 20:16 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrses.dll 2011-04-07 20:16 . 2011-04-07 20:16 278528 ----a-w- c:\windows\system32\nvrsde.dll 2011-04-07 20:16 . 2011-04-07 20:16 277608 ----a-w- c:\windows\system32\nvmccs.dll 2011-04-07 20:16 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrspt.dll 2011-04-07 20:16 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2011-04-07 20:16 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsja.dll 2011-04-07 20:16 . 2011-04-07 20:16 266240 ----a-w- c:\windows\system32\nvrsko.dll 2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrssk.dll 2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrspl.dll 2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrssv.dll 2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsno.dll 2011-04-07 20:16 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrscs.dll 2011-04-07 20:16 . 2011-04-07 20:16 13891176 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-07 20:16 . 2011-04-07 20:16 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-07 20:16 . 2011-04-07 20:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe 2011-04-07 20:16 . 2011-04-07 20:16 145000 ----a-w- c:\windows\system32\nvcolor.exe 2011-03-26 18:56 . 2010-08-04 20:28 15600 ----a-w- c:\windows\gdrv.sys 2011-03-04 19:44 . 2011-02-24 19:45 59888 ------w- c:\windows\system32\pxwma.dll 2011-03-04 19:44 . 2010-03-17 13:40 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys 2011-03-04 19:44 . 2010-03-17 13:40 133616 ------w- c:\windows\system32\pxafs.dll 2011-03-04 19:44 . 2011-02-24 19:45 123888 ------w- c:\windows\system32\pxcpyi64.exe 2011-03-04 19:44 . 2011-02-24 19:45 126448 ------w- c:\windows\system32\pxinsi64.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2004-08-03 . 2FF440CFE2A8211D41E44C53BC053197 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe . [-] 2004-08-03 . EB89812E3FDB0F9288B0962CAAC23A8C . 1033728 . . [6.00.2900.2180] . . c:\windows\explorer.exe . ((((((((((((((((((((((((((((( SnapShot_2011-05-20_23.58.38 ))))))))))))))))))))))))))))))))))))))))) . + 2000-07-14 22:00 . 2000-07-14 22:00 101888 c:\windows\system32\VB6STKIT.DLL + 2011-02-24 21:28 . 2011-05-27 21:21 259604 c:\windows\system32\nvdrsdb1.bin + 2011-02-24 21:28 . 2011-05-27 21:21 259604 c:\windows\system32\nvdrsdb0.bin + 2008-01-24 09:43 . 2004-08-03 23:44 1548288 c:\windows\system32\sfcfiles.dll - 2008-01-24 09:43 . 2008-01-24 09:43 1548288 c:\windows\system32\sfcfiles.dll + 2011-02-24 21:27 . 2011-04-08 05:14 2116894 c:\windows\system32\nvdata.bin + 2004-08-03 23:44 . 2004-02-22 22:00 1386496 c:\windows\system32\msvbvm60.dll + 2006-06-01 09:22 . 2011-04-08 05:14 4111232 c:\windows\system32\dllcache\nv4_disp.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-05-05 13345376] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-02-07 1362944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BearShare"="c:\program files\BearShare\BearShare.exe" [2006-08-01 3313664] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-17 74752] "RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-01-24 124928] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2010-3-16 262144] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1045 /KBD:2 /dir:C:\Program . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-27 2218600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-03-26 1691480] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2010-03-23 98488] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - PXHELP20 . Zawartość folderu 'Zaplanowane zadania' . 2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1177238915-1801674531-1003Core.job - c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-12-14 18:24] . 2011-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1177238915-1801674531-1003UA.job - c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-12-14 18:24] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.yahoo.com uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:25462 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.20 FF - ProfilePath - c:\documents and settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\ttr74es4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110224194650156&tb_oid=24-02-2011&tb_mrud=24-02-2011&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1561552&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110224194650156&tb_oid=24-02-2011&tb_mrud=24-02-2011&query= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - %profile%\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} FF - Ext: Iplex to ALLPlayer: IplextoALL@ALLPlayer.org - %profile%\extensions\IplextoALL@ALLPlayer.org . - - - - USUNIĘTO PUSTE WPISY - - - - . URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\Winamp Toolbar\winamptb.dll ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-29 19:34 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2011-05-29 19:35:29 ComboFix-quarantined-files.txt 2011-05-29 17:35 ComboFix2.txt 2011-05-29 15:52 ComboFix3.txt 2011-05-29 14:47 ComboFix4.txt 2011-05-29 11:45 ComboFix5.txt 2011-05-29 16:58 . Przed: 7 993 290 752 bajtów wolnych Po: 7 982 825 472 bajtów wolnych . - - End Of File - - C552B43400BEF86273D25629BA993465