ComboFix 11-05-29.04 - Ania 2011-05-31 1:13.15.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1022.589 [GMT 2:00] Uruchomiony z: c:\documents and settings\Ania\Pulpit\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Pliki utworzone od 2011-04-28 do 2011-05-30 ))))))))))))))))))))))))))))))) . . 2011-05-30 21:52 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-30 21:52 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-30 21:52 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-30 21:52 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-30 21:51 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-30 21:51 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-05-30 21:51 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-05-30 21:51 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-05-30 21:51 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-30 21:51 . 2011-05-30 21:51 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AVAST Software 2011-05-30 19:16 . 2011-05-31 03:17 -------- d-----w- C:\Pliki 2011-05-29 15:38 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr 2011-05-29 15:37 . 2011-05-29 15:37 -------- d-----w- c:\program files\AVAST Software 2011-05-29 14:43 . 2004-08-03 23:44 1548288 -c--a-w- c:\windows\system32\dllcache\sfcfiles.dll 2011-05-27 21:41 . 2011-05-27 21:41 -------- d-----w- c:\program files\Gadu-Gadu 10 2011-05-27 21:24 . 2011-05-27 21:24 -------- d-----w- c:\documents and settings\UpdatusUser 2011-05-27 21:21 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-05-27 21:21 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-05-27 21:21 . 2011-04-08 05:14 14856192 ----a-w- c:\windows\system32\nvoglnt.dll 2011-05-27 21:21 . 2011-04-08 05:14 12501600 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys 2011-05-27 21:21 . 2011-04-08 05:14 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-05-27 21:18 . 2011-05-27 21:18 -------- d-----w- C:\NVIDIA 2011-05-27 20:40 . 2011-05-27 20:40 -------- d-----w- c:\program files\Lavalys 2011-05-27 20:30 . 2011-05-27 20:39 -------- d-----w- c:\documents and settings\anna lompa\Dane aplikacji\Winamp 2011-05-27 20:09 . 2011-05-29 14:36 -------- d-----w- c:\program files\Driver Cleaner 2011-05-20 23:48 . 2011-05-29 00:33 -------- d-----w- C:\## aswSnx private storage 2011-05-20 15:03 . 2011-05-20 15:03 -------- d-----w- c:\program files\NAPI-PROJEKT 2011-05-20 15:03 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll 2011-05-20 15:03 . 2009-09-27 22:02 797184 ----a-w- c:\windows\system32\ac3filter.ax 2011-05-20 15:03 . 2007-10-07 13:36 258048 ----a-w- c:\windows\system32\libFLAC.dll 2011-05-20 15:03 . 2011-05-20 15:03 -------- d-----w- c:\program files\ALLPlayer 2011-05-14 21:19 . 2006-10-30 22:10 120992 ----a-w- c:\windows\system32\EpPicPrt.dll 2011-05-14 21:19 . 2006-10-19 22:10 80024 ----a-w- c:\windows\system32\PICSDK.dll 2011-05-14 21:19 . 2006-10-19 22:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll 2011-05-14 21:19 . 2006-10-19 22:10 108704 ----a-w- c:\windows\system32\PICEntry.dll 2011-05-14 21:19 . 2006-10-30 22:10 71840 ----a-w- c:\windows\system32\EPPicMgr.dll 2011-05-14 21:05 . 2004-09-10 18:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL 2011-05-14 21:05 . 2007-12-07 00:08 86528 ----a-w- c:\windows\system32\E_FLBCDE.DLL 2011-05-14 21:05 . 2007-12-07 00:01 78848 ----a-w- c:\windows\system32\E_FD4BCDE.DLL 2011-05-14 18:24 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-05-14 18:24 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-05-14 18:21 . 2011-05-14 18:21 -------- d-----w- c:\program files\epson 2011-05-14 18:21 . 2007-03-26 22:00 67072 ----a-w- c:\windows\system32\escwiad.dll 2011-05-14 18:14 . 2011-05-14 21:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\EPSON 2011-05-14 17:55 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-05-14 17:55 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-05-02 13:58 . 2011-05-02 13:58 -------- d-----w- c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\IVONA_INST 2011-05-02 13:58 . 2011-05-02 13:58 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\IVONA ControlCenter 2011-05-02 13:57 . 2011-05-02 15:13 -------- d-----w- c:\program files\IVONA . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-04-08 05:14 . 2011-02-24 21:27 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-04-08 05:14 . 2011-02-24 21:27 2770536 ----a-w- c:\windows\system32\nvcuvid.dll 2011-04-08 05:14 . 2011-02-24 21:27 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-04-08 05:14 . 2011-02-24 21:27 5210112 ----a-w- c:\windows\system32\nvcuda.dll 2011-04-08 05:14 . 2011-02-24 21:27 13000704 ----a-w- c:\windows\system32\nvcompiler.dll 2011-04-08 05:14 . 2006-06-01 09:22 4111232 ----a-w- c:\windows\system32\nv4_disp.dll 2011-04-08 05:14 . 2006-06-01 09:22 2027008 ----a-w- c:\windows\system32\nvapi.dll 2011-04-07 20:16 . 2011-04-07 20:16 81920 ----a-w- c:\windows\system32\nvwddi.dll 2011-04-07 20:16 . 2011-04-07 20:16 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-04-07 20:16 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrsel.dll 2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsth.dll 2011-04-07 20:16 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrseng.dll 2011-04-07 20:16 . 2011-04-07 20:16 126976 ----a-w- c:\windows\system32\nvrszht.dll 2011-04-07 20:16 . 2011-04-07 20:16 331776 ----a-w- c:\windows\system32\nvrshe.dll 2011-04-07 20:16 . 2011-04-07 20:16 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2011-04-07 20:16 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2011-04-07 20:16 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2011-04-07 20:16 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsru.dll 2011-04-07 20:16 . 2011-04-07 20:16 262144 ----a-w- c:\windows\system32\nvrshu.dll 2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrstr.dll 2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrssl.dll 2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsda.dll 2011-04-07 20:16 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2011-04-07 20:16 . 2011-04-07 20:16 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2011-04-07 20:16 . 2011-04-07 20:16 335872 ----a-w- c:\windows\system32\nvrsar.dll 2011-04-07 20:16 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrsit.dll 2011-04-07 20:16 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrses.dll 2011-04-07 20:16 . 2011-04-07 20:16 278528 ----a-w- c:\windows\system32\nvrsde.dll 2011-04-07 20:16 . 2011-04-07 20:16 277608 ----a-w- c:\windows\system32\nvmccs.dll 2011-04-07 20:16 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrspt.dll 2011-04-07 20:16 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2011-04-07 20:16 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsja.dll 2011-04-07 20:16 . 2011-04-07 20:16 266240 ----a-w- c:\windows\system32\nvrsko.dll 2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrssk.dll 2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrspl.dll 2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrssv.dll 2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsno.dll 2011-04-07 20:16 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrscs.dll 2011-04-07 20:16 . 2011-04-07 20:16 13891176 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-07 20:16 . 2011-04-07 20:16 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-07 20:16 . 2011-04-07 20:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe 2011-04-07 20:16 . 2011-04-07 20:16 145000 ----a-w- c:\windows\system32\nvcolor.exe 2011-03-26 18:56 . 2010-08-04 20:28 15600 ----a-w- c:\windows\gdrv.sys 2011-03-04 19:44 . 2011-02-24 19:45 59888 ------w- c:\windows\system32\pxwma.dll 2011-03-04 19:44 . 2010-03-17 13:40 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys 2011-03-04 19:44 . 2010-03-17 13:40 133616 ------w- c:\windows\system32\pxafs.dll 2011-03-04 19:44 . 2011-02-24 19:45 123888 ------w- c:\windows\system32\pxcpyi64.exe 2011-03-04 19:44 . 2011-02-24 19:45 126448 ------w- c:\windows\system32\pxinsi64.exe . . ((((((((((((((((((((((((((((( SnapShot_2011-05-20_23.58.38 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-03 23:44 . 2004-08-03 22:44 504832 c:\windows\system32\winlogon.exe - 2004-08-03 23:44 . 2004-08-03 23:44 504832 c:\windows\system32\winlogon.exe + 2000-07-14 22:00 . 2000-07-14 22:00 101888 c:\windows\system32\VB6STKIT.DLL + 2011-02-24 21:28 . 2011-05-27 21:21 259604 c:\windows\system32\nvdrsdb1.bin + 2011-02-24 21:28 . 2011-05-27 21:21 259604 c:\windows\system32\nvdrsdb0.bin + 2008-01-24 09:43 . 2004-08-03 23:44 1548288 c:\windows\system32\sfcfiles.dll - 2008-01-24 09:43 . 2008-01-24 09:43 1548288 c:\windows\system32\sfcfiles.dll + 2011-02-24 21:27 . 2011-04-08 05:14 2116894 c:\windows\system32\nvdata.bin + 2004-08-03 23:44 . 2004-02-22 22:00 1386496 c:\windows\system32\msvbvm60.dll + 2006-06-01 09:22 . 2011-04-08 05:14 4111232 c:\windows\system32\dllcache\nv4_disp.dll + 2008-01-24 09:59 . 2004-08-03 23:44 1033728 c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [BU] . [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-05-05 13345376] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-02-07 1362944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BearShare"="c:\program files\BearShare\BearShare.exe" [2006-08-01 3313664] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-17 74752] "RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-01-24 124928] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2010-3-16 262144] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1045 /KBD:2 /dir:C:\Program . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-05-30 307928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-05-30 19544] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-27 2218600] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-05-30 441176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-03-26 1691480] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2010-03-23 98488] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - AAVMKER4 *NewlyCreated* - ASWMON2 *NewlyCreated* - ASWTDI *NewlyCreated* - AVAST!_ANTIVIRUS . Zawartość folderu 'Zaplanowane zadania' . 2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1177238915-1801674531-1003Core.job - c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-12-14 18:24] . 2011-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1177238915-1801674531-1003UA.job - c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-12-14 18:24] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.yahoo.com uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:25462 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.20 FF - ProfilePath - c:\documents and settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\ttr74es4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110224194650156&tb_oid=24-02-2011&tb_mrud=24-02-2011&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110224194650156&tb_oid=24-02-2011&tb_mrud=24-02-2011&query= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Iplex to ALLPlayer: IplextoALL@ALLPlayer.org - %profile%\extensions\IplextoALL@ALLPlayer.org FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-31 01:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(2428) c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Czas ukończenia: 2011-05-31 01:17:58 ComboFix-quarantined-files.txt 2011-05-30 23:17 ComboFix2.txt 2011-05-30 21:28 ComboFix3.txt 2011-05-30 19:05 ComboFix4.txt 2011-05-30 16:50 ComboFix5.txt 2011-05-30 23:12 . Przed: 7 854 845 952 bajtów wolnych Po: 7 844 085 760 bajtów wolnych . - - End Of File - - 894F1BFCC829839FB8FB3902764C2840