ComboFix 10-08-14.06 - Gobi18 2010-08-15 19:34:25.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1451 [GMT 2:00] Uruchomiony z: c:\documents and settings\Gobi18\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Gobi18\Pulpit\CFScript.txt FILE :: "c:\windows\POJEBALO\System32\scfbg.dll" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\POJEBALO\System32\scfbg.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GNGOEDQWQ -------\Legacy_WPFCT -------\Service_gngoedqwq -------\Service_wpfct ((((((((((((((((((((((((( Pliki utworzone od 2010-07-15 do 2010-08-15 ))))))))))))))))))))))))))))))) . 2010-08-13 15:43 . 2010-08-13 15:43 -------- d-sh--w- c:\documents and settings\All Users.POJEBALO\Dane aplikacji\SecuROM 2010-08-13 15:05 . 2010-08-13 15:07 -------- d-----w- c:\documents and settings\Gobi18\Ustawienia lokalne\Dane aplikacji\Rockstar Games 2010-08-13 14:24 . 2010-08-13 14:24 -------- d-----w- c:\program files\MSBuild 2010-08-13 14:22 . 2010-08-13 14:22 -------- d-----w- c:\windows\POJEBALO\system32\XPSViewer 2010-08-13 14:21 . 2010-08-13 14:21 -------- d-----w- c:\program files\Reference Assemblies 2010-08-13 14:21 . 2006-10-14 14:43 27648 ----a-w- c:\windows\POJEBALO\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-08-13 14:21 . 2006-06-29 11:07 14048 ------w- c:\windows\POJEBALO\system32\spmsg2.dll 2010-08-13 14:21 . 2006-05-16 16:11 22752 ----a-w- c:\windows\POJEBALO\system32\spupdsvc.exe 2010-08-12 16:28 . 2010-08-12 16:28 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2010-08-12 16:28 . 2010-08-12 16:28 -------- d-----w- c:\windows\POJEBALO\system32\xlive 2010-08-12 13:53 . 2006-06-20 08:56 225280 ----a-w- c:\windows\POJEBALO\system32\rewire.dll 2010-08-12 13:53 . 2010-08-12 13:53 -------- d-----w- c:\program files\Image-Line 2010-08-12 13:53 . 2010-08-12 13:53 -------- d-----w- c:\program files\Outsim 2010-08-11 17:51 . 2010-08-11 17:51 -------- d-----w- c:\program files\thriXXX 2010-08-11 01:37 . 2010-08-11 01:37 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\Malwarebytes 2010-08-11 01:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\POJEBALO\system32\drivers\mbamswissarmy.sys 2010-08-11 01:37 . 2010-08-11 01:37 -------- d-----w- C:\Malwarebytes' Anti-Malware 2010-08-11 01:37 . 2010-08-11 01:37 -------- d-----w- c:\documents and settings\All Users.POJEBALO\Dane aplikacji\Malwarebytes 2010-08-11 01:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\POJEBALO\system32\drivers\mbam.sys 2010-08-10 13:18 . 2010-08-10 13:18 -------- d-----w- c:\documents and settings\All Users.POJEBALO\Dane aplikacji\TEMP 2010-08-09 14:38 . 2010-08-13 16:00 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\uTorrent 2010-08-02 17:05 . 2010-08-02 17:06 -------- d-----w- C:\heroes 2010-08-02 12:47 . 2010-08-02 12:47 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\OpenFM 2010-07-27 18:26 . 2010-07-27 18:26 -------- d-----w- c:\documents and settings\All Users.POJEBALO\Dane aplikacji\Adobe Systems 2010-07-17 23:31 . 2010-07-29 12:37 138384 ----a-w- c:\windows\POJEBALO\system32\drivers\PnkBstrK.sys 2010-07-17 23:31 . 2010-07-29 12:37 215128 ----a-w- c:\windows\POJEBALO\system32\PnkBstrB.exe 2010-07-17 16:58 . 2010-07-17 16:58 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\Media Player Classic 2010-07-17 16:57 . 2010-03-15 09:31 165376 ----a-w- c:\windows\POJEBALO\system32\unrar.dll 2010-07-17 16:57 . 2004-01-25 16:18 217088 ----a-w- c:\windows\POJEBALO\system32\yv12vfw.dll 2010-07-17 16:57 . 2010-07-14 08:00 108032 ----a-w- c:\windows\POJEBALO\system32\ff_vfw.dll 2010-07-17 16:57 . 2010-06-08 16:10 790528 ----a-w- c:\windows\POJEBALO\system32\xvidcore.dll 2010-07-17 16:57 . 2010-06-08 16:10 134144 ----a-w- c:\windows\POJEBALO\system32\xvidvfw.dll 2010-07-17 16:57 . 2010-07-17 16:57 -------- d-----w- C:\K-Lite Codec Pack 2010-07-17 12:08 . 2010-08-02 18:09 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\Hamachi 2010-07-17 12:08 . 2010-08-13 20:08 -------- d-----w- C:\Hamachi . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-15 17:39 . 2010-07-01 20:20 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\Skype 2010-08-15 17:08 . 2010-07-05 10:40 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\skypePM 2010-08-13 23:24 . 2010-07-03 12:35 -------- d-----w- c:\documents and settings\All Users.POJEBALO\Dane aplikacji\Test Drive Unlimited 2010-08-13 22:48 . 2010-07-26 10:55 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\Winamp 2010-08-13 15:42 . 2008-02-14 13:16 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-13 15:04 . 2010-07-02 22:01 107888 ----a-w- c:\windows\POJEBALO\system32\CmdLineExt.dll 2010-08-13 14:52 . 2010-07-02 05:14 482 ----a-w- c:\program files\Common Files\userInit.dll 2010-08-13 14:24 . 2001-10-26 16:15 82230 ----a-w- c:\windows\POJEBALO\system32\perfc015.dat 2010-08-13 14:24 . 2001-10-26 16:15 484978 ----a-w- c:\windows\POJEBALO\system32\perfh015.dat 2010-08-08 18:50 . 2008-01-01 09:19 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\Tibia 2010-08-02 19:10 . 2010-07-01 18:32 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\Gadu-Gadu 10 2010-08-02 17:13 . 2010-02-03 13:56 25280 ----a-w- c:\windows\POJEBALO\system32\drivers\hamachi.sys 2010-08-02 17:00 . 2010-07-10 23:47 16600 ----a-w- c:\documents and settings\Gobi18\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-08-02 12:46 . 2010-07-04 19:24 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\Nowe Gadu-Gadu 2010-07-16 19:46 . 2010-07-16 15:32 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\Xfire 2010-07-14 13:50 . 2010-07-12 12:45 75064 ----a-w- c:\windows\POJEBALO\system32\PnkBstrA.exe 2010-07-13 12:14 . 2010-07-12 18:29 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\DAEMON Tools Lite 2010-07-12 18:47 . 2010-07-12 18:45 -------- d-----w- c:\program files\DAEMON Tools Litelooooooooool 2010-07-12 18:45 . 2010-07-12 18:29 691696 ----a-w- c:\windows\POJEBALO\system32\drivers\sptd.sys 2010-07-12 18:29 . 2010-07-12 18:26 -------- d-----w- c:\documents and settings\All Users.POJEBALO\Dane aplikacji\DAEMON Tools Lite 2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\POJEBALO\system32\xfcodec.dll 2010-07-05 10:40 . 2010-07-05 10:40 56 ---ha-w- c:\windows\POJEBALO\system32\ezsidmv.dat 2010-07-05 10:40 . 2010-07-05 10:40 -------- d-----w- c:\program files\Common Files\Skype 2010-07-05 10:40 . 2010-07-02 16:58 -------- d-----w- c:\documents and settings\All Users.POJEBALO\Dane aplikacji\Skype 2010-07-02 22:01 . 2010-07-02 22:01 -------- d--h--r- c:\documents and settings\Gobi18\Dane aplikacji\SecuROM 2010-07-02 05:09 . 2010-07-01 12:24 -------- d-----w- c:\documents and settings\All Users.POJEBALO\Dane aplikacji\NOS 2010-07-01 19:12 . 2010-07-01 19:12 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\Thunderbird 2010-07-01 18:32 . 2010-07-01 18:32 -------- d-----w- c:\documents and settings\All Users.POJEBALO\Dane aplikacji\Gadu-Gadu 10 2010-07-01 18:31 . 2010-07-01 18:31 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-07-01 18:11 . 2010-07-01 18:11 -------- d-----w- c:\documents and settings\Gobi18\Dane aplikacji\Gadu-Gadu 2010-07-01 13:07 . 2010-07-01 13:07 -------- d-----w- c:\program files\OSCAR Editor X7 2010-07-01 13:07 . 2010-07-01 13:06 -------- d-----w- c:\program files\OscarX7 2010-07-01 12:48 . 2008-01-01 09:14 86381 ----a-w- c:\windows\POJEBALO\PCHealth\HelpCtr\OfflineCache\index.dat 2010-07-01 12:45 . 2010-07-01 12:45 27958 ----a-w- c:\program files\Common Files\logonInit.dll 2010-07-01 12:24 . 2010-07-01 12:24 2568656 ----a-w- c:\documents and settings\All Users.POJEBALO\Dane aplikacji\NOS\Adobe_Downloads\install_flash_player.exe 2010-06-30 11:39 . 2010-06-30 11:39 393216 ----a-w- c:\documents and settings\All Users.POJEBALO\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.3.dll 2010-06-30 11:39 . 2010-06-30 11:39 364544 ----a-w- c:\documents and settings\All Users.POJEBALO\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.3.dll 2010-06-07 16:35 . 2010-06-07 16:35 81920 ----a-w- c:\windows\POJEBALO\system32\nvwddi.dll 2010-05-28 11:58 . 2008-01-01 10:16 600680 ----a-w- c:\windows\POJEBALO\system32\NVUNINST.EXE . ------- Sigcheck ------- [-] 2008-05-08 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\POJEBALO\system32\drivers\tcpip.sys [-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\POJEBALO\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-08-13_16.38.45 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2010-08-13 17:53 . 2010-08-13 17:53 219648 c:\windows\POJEBALO\Installer\11dd23.msi + 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\POJEBALO\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OscarEditor"="c:\program files\OSCAR Editor X7\OscarEditor.exe" [2010-06-24 2625536] "Gadu-Gadu"="c:\gadu-gadu\gg.exe" [2008-03-20 2127296] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-06-30 12374624] "Skype"="d:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Litelooooooooool\DTLite.exe" [2010-04-01 357696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\POJEBALO\JM\JMInsIDE.exe" [2006-10-30 36864] "36X Raid Configurer"="c:\windows\POJEBALO\System32\JMRaidSetup.exe" [2007-02-06 1953792] "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-02 1753192] "NvMediaCenter"="c:\windows\POJEBALO\system32\NvMcTray.dll" [2010-06-07 110696] "NvCplDaemon"="c:\windows\POJEBALO\system32\NvCpl.dll" [2010-06-07 13902440] "WinampAgent"="c:\winamp\winampa.exe" [2010-07-12 74752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\POJEBALO\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] c:\documents and settings\Gobi18\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogonInit] logonInit.dll [BU] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "d:\\Documents and Settings\\-Gobi-\\Pulpit\\PEJA\\StrongDC.exe"= "d:\\GRY\\TDU\\TestDriveUnlimited.exe"= "d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"= "d:\\stteeee\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"= "d:\\stteeee\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"= "c:\\WINDOWS\\POJEBALO\\system32\\dplaysvr.exe"= "d:\\GRY\\AOE2\\age2_x1\\age2_x1.exe"= "d:\\GRY\\AOE2\\empires2.exe"= "d:\\GRY\\AOE2\\age2_x1\\aoc.exe"= "d:\\Programy\\Xfire\\xfire.exe"= "d:\\GRY\\Battlefield2+jednostki\\BF2.exe"= "d:\\Stronghold Crusader\\Stronghold Crusader.exe"= "d:\\stteeee\\SteamApps\\common\\alien swarm\\srcds.exe"= "d:\\stteeee\\SteamApps\\gobi1992\\counter-strike\\hl.exe"= "d:\\stteeee\\SteamApps\\common\\alien swarm\\swarm.exe"= "d:\\Utorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Gobi18\\Pulpit\\utorrent.exe"= "d:\\GRY\\GTA Liberty city\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "d:\\GRY\\GTA Liberty city\\Grand Theft Auto IV\\GTAIV.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\POJEBALO\system32\drivers\mbamswissarmy.sys [2010-08-11 38224] S4 sptd;sptd;c:\windows\POJEBALO\system32\drivers\sptd.sys [2010-07-12 691696] . . ------- Skan uzupełniający ------- . DPF: DirectAnimation Java Classes - file://c:\windows\POJEBALO\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\POJEBALO\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Gobi18\Dane aplikacji\Mozilla\Firefox\Profiles\63eylwco.default\ FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\documents and settings\All Users.POJEBALO\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.3.dll FF - plugin: c:\documents and settings\Gobi18\Dane aplikacji\Mozilla\Firefox\Profiles\63eylwco.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}\plugins\npOggX.dll FF - plugin: c:\mozilla firefox\plugins\npwachk.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - USUNIĘTO PUSTE WPISY - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-15 19:38 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1214440339-220523388-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:67,61,68,59,65,70,57,39,9e,09,d6,89,d0,80,bd,d9,3b,96,f0,0c,e4,ed,a8, 16,74,ac,04,e2,9b,68,5d,c5,e9,40,60,99,56,29,2b,75,bb,b7,1e,65,07,c4,44,db,\ "??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c [HKEY_USERS\S-1-5-21-1214440339-220523388-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:c3,b3,f7,e5,fe,47,50,c2,b4,9d,76,b9,0d,ac,f4,71,f2,52,e0,09,8d, f9,1f,57,6a,3f,43,8a,4b,35,a0,c4,ae,2a,8d,e6,f3,92,cd,5a,7b,aa,cc,28,68,cc,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(3100) c:\windows\POJEBALO\system32\ieframe.dll c:\windows\POJEBALO\system32\WPDShServiceObj.dll c:\windows\POJEBALO\system32\PortableDeviceTypes.dll c:\windows\POJEBALO\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\POJEBALO\system32\nvsvc32.exe c:\windows\POJEBALO\RTHDCPL.EXE c:\windows\POJEBALO\system32\RUNDLL32.EXE c:\windows\POJEBALO\system32\PnkBstrA.exe c:\windows\POJEBALO\system32\PnkBstrB.exe d:\program files\Skype\Phone\Skype.exe c:\windows\POJEBALO\system32\wscntfy.exe c:\windows\POJEBALO\system32\wbem\wmiapsrv.exe d:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Czas ukończenia: 2010-08-15 19:40:42 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-08-15 17:40 ComboFix2.txt 2010-08-13 16:48 ComboFix3.txt 2010-08-13 16:40 Przed: 4 262 375 424 bajtów wolnych Po: 4 202 229 760 bajtów wolnych Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - F6DB35E916F7902134EA8FA9CC0E2C17