ComboFix 10-08-24.0C - jackob 2010-08-25 18:16:32.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1535.1103 [GMT 2:00] Uruchomiony z: c:\documents and settings\jackob\Pulpit\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: avast! antivirus 4.8.1229 [VPS 081212-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Kerio Personal Firewall *enabled* {333BECA0-DED8-4139-A516-8D9E44E22669} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dane aplikacji\hpe1B9.dll c:\documents and settings\All Users\Dane aplikacji\hpe207.dll c:\documents and settings\All Users\Dane aplikacji\hpe669.dll c:\documents and settings\jackob\Dane aplikacji\Dealio c:\documents and settings\jackob\Dane aplikacji\Dealio\res\widgets.xml c:\documents and settings\jackob\Dane aplikacji\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml c:\documents and settings\jackob\Dane aplikacji\EurekaLog c:\documents and settings\jackob\Dane aplikacji\EurekaLog\EurekaLog.ini c:\documents and settings\jackob\Dane aplikacji\inst.exe c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\FF\chrome.manifest c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul c:\program files\Dealio Toolbar\FF\chrome\content\login.js c:\program files\Dealio Toolbar\FF\chrome\content\login.xul c:\program files\Dealio Toolbar\FF\chrome\content\parser.js c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css c:\program files\Dealio Toolbar\FF\components\config.ini c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt c:\program files\Dealio Toolbar\FF\install.rdf c:\program files\Dealio Toolbar\IE\4.0.2\config.ini c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\SearchSettings.exe c:\program files\Dealio Toolbar\SearchSettingsRes409.dll c:\program files\Dealio Toolbar\sscfg.ini c:\program files\Dealio Toolbar\SSFF\chrome.manifest c:\program files\Dealio Toolbar\SSFF\chrome\content\plugin.js c:\program files\Dealio Toolbar\SSFF\chrome\content\plugin.xul c:\program files\Dealio Toolbar\SSFF\chrome\content\protection.js c:\program files\Dealio Toolbar\SSFF\chrome\content\utils.js c:\program files\Dealio Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.dtd c:\program files\Dealio Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.properties c:\program files\Dealio Toolbar\SSFF\chrome\skin\yahoo.xml c:\program files\Dealio Toolbar\SSFF\components\IFBHOSearch.xpt c:\program files\Dealio Toolbar\SSFF\components\IFBHOSearchHelperEngine.xpt c:\program files\Dealio Toolbar\SSFF\components\IFHelperPreferences.xpt c:\program files\Dealio Toolbar\SSFF\components\SearchSettingsFF.dll c:\program files\Dealio Toolbar\SSFF\components\sscfg.ini c:\program files\Dealio Toolbar\SSFF\install.rdf c:\program files\Dealio Toolbar\WidgiHelper.exe c:\program files\myglobalsearch c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL c:\program files\myglobalsearch\bar\Cache\00465484 c:\program files\myglobalsearch\bar\Cache\00465AAE.bin c:\program files\myglobalsearch\bar\Cache\00465D2F.bin c:\program files\myglobalsearch\bar\Cache\00465E57.bin c:\program files\myglobalsearch\bar\Cache\files.ini c:\program files\myglobalsearch\bar\History\search c:\program files\myglobalsearch\bar\Settings\prevcfg.htm c:\windows\jestertb.dll c:\windows\system32\NeroCheck.exe c:\windows\system32\SYSTem~1.dll c:\windows\wc98pp.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS -------\Service_SSHNAS ((((((((((((((((((((((((( Pliki utworzone od 2010-07-25 do 2010-08-25 ))))))))))))))))))))))))))))))) . 2010-08-25 14:22 . 2010-08-25 14:22 -------- d-----w- c:\program files\Odkurzacz 2010-08-25 12:49 . 2010-06-15 12:06 30536 ----a-w- c:\windows\system32\TURegOpt.exe 2010-08-25 12:49 . 2010-06-15 12:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2010-08-25 12:49 . 2010-08-25 12:49 -------- d-----w- c:\documents and settings\jackob\Dane aplikacji\TuneUp Software 2010-08-25 12:48 . 2010-08-25 14:13 -------- d-----w- c:\program files\TuneUp Utilities 2010 2010-08-25 12:48 . 2010-08-25 12:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software 2010-08-25 12:48 . 2010-08-25 12:48 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-08-25 11:20 . 2010-08-25 11:20 -------- d-----w- C:\found.000 2010-08-24 11:55 . 2010-08-24 12:28 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-08-24 11:38 . 2010-08-24 11:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment.temp 2010-08-24 11:38 . 2010-08-24 11:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Blizzard Entertainment.temp 2010-08-21 19:30 . 2010-08-21 19:30 -------- d-----w- c:\documents and settings\jackob\Dane aplikacji\RayV 2010-08-21 19:30 . 2010-08-21 19:30 -------- d-----w- c:\program files\RayV 2010-08-19 10:53 . 2010-08-19 10:53 -------- d-----w- c:\documents and settings\jackob\Ustawienia lokalne\Dane aplikacji\LucasArts 2010-08-12 06:32 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-11 10:20 . 2010-08-11 10:32 -------- d-----w- c:\documents and settings\jackob\Dane aplikacji\TS3Client 2010-08-11 10:08 . 2010-08-11 10:08 -------- d-----w- c:\program files\TeamSpeak 3 Client 2010-08-10 09:34 . 2010-08-10 09:34 -------- d-----w- c:\documents and settings\jackob\Ustawienia lokalne\Dane aplikacji\2K Games 2010-08-06 14:29 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-08-05 07:44 . 2002-07-19 03:07 319488 ----a-w- c:\windows\system32\CTDEVCON.DLL 2010-08-05 07:44 . 2002-07-19 02:54 106496 ----a-w- c:\windows\system32\CTASIO.DLL 2010-08-05 07:44 . 2002-07-19 02:53 106496 ----a-w- c:\windows\system32\CTDPROXY.DLL 2010-08-05 07:44 . 2002-07-19 02:43 65536 -c--a-w- c:\windows\system32\dllcache\a3d.dll 2010-08-05 07:44 . 2002-07-19 02:43 65536 ----a-w- c:\windows\system32\a3d.dll 2010-08-05 07:41 . 2001-09-12 23:12 73728 ------w- c:\windows\system32\CTDrmRes.dll 2010-08-05 07:41 . 2001-05-04 08:29 28672 ------w- c:\windows\system32\CTIntRes.dll 2010-08-05 07:41 . 2000-04-19 23:00 24576 ------w- c:\windows\system32\CTMERes.DLL 2010-08-05 07:41 . 2010-08-05 07:41 -------- d-----w- C:\Media 2010-08-05 07:40 . 2001-05-28 11:47 12288 ----a-w- c:\windows\system32\AHQCpURes.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-25 16:40 . 2009-11-21 18:25 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-08-25 16:29 . 2010-08-05 07:45 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000B-00001102-00000002-80651102}.dat 2010-08-25 16:29 . 2010-08-05 07:45 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000B-00001102-00000002-80651102}.dat 2010-08-25 15:39 . 2007-03-17 16:42 -------- d-----w- c:\program files\eMule 2010-08-25 15:39 . 2006-01-27 14:06 -------- d-----w- c:\program files\DC++ 2010-08-25 15:39 . 2007-11-07 17:16 -------- d-----w- c:\program files\MultiTranse 2010-08-25 15:39 . 2006-03-20 15:19 -------- d-----w- c:\program files\Opera 2010-08-25 15:39 . 2009-01-04 17:50 -------- d-----w- c:\program files\PDFCreator 2010-08-25 15:39 . 2007-04-11 16:56 -------- d-----w- c:\program files\PowerISO 2010-08-25 15:39 . 2008-10-04 20:20 -------- d-----w- c:\program files\SopCast 2010-08-25 15:39 . 2008-07-23 12:53 -------- d-----w- c:\program files\WinHTTrack 2010-08-25 15:39 . 2006-11-28 14:41 -------- d-----w- c:\program files\StrongDC++ 2.03 2010-08-25 15:22 . 2007-11-27 09:24 -------- d-----w- c:\documents and settings\jackob\Dane aplikacji\BitTorrent 2010-08-25 15:22 . 2006-04-01 16:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NFS Underground 2010-08-25 15:22 . 2008-03-08 13:11 -------- d-----w- c:\documents and settings\jackob\Dane aplikacji\skypePM 2010-08-25 15:22 . 2007-03-17 12:11 -------- d-----w- c:\program files\7-Zip 2010-08-25 08:23 . 2005-12-11 20:21 -------- d-----w- c:\program files\Winamp 2010-08-24 10:48 . 2005-12-11 13:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-23 07:53 . 2007-10-30 09:12 -------- d-----w- c:\documents and settings\jackob\Dane aplikacji\MegauploadToolbar 2010-08-20 12:59 . 2005-12-23 13:04 -------- d-----w- c:\documents and settings\jackob\Dane aplikacji\Skype 2010-08-19 08:29 . 2010-07-16 13:03 452104 ----a-w- c:\documents and settings\jackob\Dane aplikacji\Real\Update\setup3.12\setup.exe 2010-08-15 07:34 . 2009-11-21 18:29 95744 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SpeedBit\DAP\SDCondition.dll 2010-08-14 19:56 . 2008-10-04 20:12 -------- d-----w- c:\program files\Veetle 2010-08-12 06:33 . 2005-12-24 10:15 -------- d-----w- c:\program files\Common Files\Java 2010-08-12 06:32 . 2005-12-24 10:22 -------- d-----w- c:\program files\Java 2010-08-10 11:11 . 2010-06-09 19:11 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-08-10 11:10 . 2010-03-07 15:58 219128 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-08-10 09:34 . 2010-06-18 13:58 -------- d-----w- c:\program files\NVIDIA Corporation 2010-08-08 13:32 . 2010-03-07 15:58 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-08-08 10:05 . 2008-11-10 14:10 22328 ----a-w- c:\documents and settings\jackob\Dane aplikacji\PnkBstrK.sys 2010-08-08 10:05 . 2008-11-10 14:10 22328 ----a-w- c:\documents and settings\jackob\Dane aplikacji\PnkBstrK.sys 2010-08-06 14:35 . 2009-09-09 18:14 -------- d-----w- c:\program files\StrDC++ 2010-08-06 14:31 . 2010-06-19 08:47 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin 2010-08-06 14:31 . 2010-06-19 08:37 1 ----a-w- c:\windows\system32\nvdrssel.bin 2010-08-06 14:31 . 2010-06-19 08:37 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin 2010-08-06 14:03 . 2010-03-12 19:54 -------- d-----w- c:\program files\Common Files\BioWare 2010-08-06 13:55 . 2009-12-18 15:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-08-06 10:52 . 2009-01-17 16:37 -------- d-----w- c:\documents and settings\jackob\Dane aplikacji\Bioshock 2010-08-06 08:39 . 2010-08-06 08:39 61440 ----a-w- c:\documents and settings\jackob\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31056dc2-n\decora-sse.dll 2010-08-06 08:39 . 2010-08-06 08:39 503808 ----a-w- c:\documents and settings\jackob\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6be81275-n\msvcp71.dll 2010-08-06 08:39 . 2010-08-06 08:39 499712 ----a-w- c:\documents and settings\jackob\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6be81275-n\jmc.dll 2010-08-06 08:39 . 2010-08-06 08:39 348160 ----a-w- c:\documents and settings\jackob\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6be81275-n\msvcr71.dll 2010-08-06 08:39 . 2010-08-06 08:39 12800 ----a-w- c:\documents and settings\jackob\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31056dc2-n\decora-d3d.dll 2010-08-05 07:41 . 2005-12-11 13:47 -------- d-----w- c:\program files\Creative 2010-07-17 18:06 . 2007-08-20 06:10 -------- d-----w- c:\documents and settings\jackob\Dane aplikacji\Vso 2010-07-16 15:11 . 2007-08-20 06:10 47360 -c--a-w- c:\documents and settings\jackob\Dane aplikacji\pcouffin.sys 2010-07-16 15:11 . 2007-08-20 06:10 47360 -c--a-w- c:\documents and settings\jackob\Dane aplikacji\pcouffin.sys 2010-07-16 15:11 . 2006-08-28 12:09 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-07-16 15:10 . 2006-08-28 12:09 -------- d-----w- c:\program files\vso 2010-07-16 13:28 . 2010-07-16 12:23 -------- d-----w- c:\documents and settings\jackob\Dane aplikacji\Gzegzolka XP 2010-07-16 12:26 . 2010-07-16 12:04 -------- d-----w- c:\program files\Avi2Dvd 2010-07-16 12:10 . 2010-07-16 12:10 -------- d-----w- c:\program files\Gżegżółka XP 2010-07-16 12:10 . 2010-07-16 12:10 -------- d-----w- c:\program files\Xvid 2010-07-16 12:08 . 2010-07-16 12:08 -------- d-----w- c:\program files\Haali 2010-07-16 12:06 . 2010-07-16 12:06 33019 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe 2010-07-16 12:06 . 2010-07-16 12:06 -------- d-----w- c:\program files\AC3Filter 2010-07-16 12:05 . 2006-02-04 12:21 -------- d-----w- c:\program files\AviSynth 2.5 2010-07-16 11:50 . 2010-07-16 11:50 -------- d-----w- c:\program files\Trend Micro 2010-07-09 22:38 . 2010-06-19 08:27 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-07-09 22:38 . 2010-06-19 08:27 2195030 ----a-w- c:\windows\system32\nvdata.bin 2010-07-09 22:38 . 2010-06-19 08:27 10260480 ----a-w- c:\windows\system32\nvcompiler.dll 2010-07-09 22:38 . 2009-02-18 13:44 4595712 ----a-w- c:\windows\system32\nvcuda.dll 2010-07-09 22:38 . 2009-02-18 13:44 2914408 ----a-w- c:\windows\system32\nvcuvid.dll 2010-07-09 22:38 . 2009-02-18 13:44 236136 ----a-w- c:\windows\system32\nvcodins.dll 2010-07-09 22:38 . 2009-02-18 13:44 236136 ----a-w- c:\windows\system32\nvcod.dll 2010-07-09 22:38 . 2009-02-18 13:44 1388544 ----a-w- c:\windows\system32\nvapi.dll 2010-07-09 22:38 . 2009-02-18 13:44 13549568 ----a-w- c:\windows\system32\nvoglnt.dll 2010-07-09 22:38 . 2008-11-02 19:07 604776 ----a-w- c:\windows\system32\nvudisp.exe 2010-07-09 22:38 . 2008-11-02 19:06 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-07-09 22:38 . 2008-11-02 19:05 6343040 ----a-w- c:\windows\system32\nv4_disp.dll 2010-07-09 14:29 . 2006-12-31 17:11 -------- d-----w- c:\documents and settings\jackob\Dane aplikacji\temp 2010-07-09 13:16 . 2010-02-06 11:53 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-07-07 11:46 . 2008-11-02 19:06 604776 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-07-02 10:10 . 2008-03-13 15:22 -------- d-----w- c:\program files\NAPI PROJEKT 2010-06-27 12:44 . 2010-04-07 12:39 439816 ----a-w- c:\documents and settings\jackob\Dane aplikacji\Real\Update\setup3.10\setup.exe 2010-06-18 20:04 . 2009-04-06 13:15 1224584 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2010-06-18 13:59 . 2010-06-18 13:59 4358144 ----a-w- c:\windows\system32\SET27E.tmp 2010-06-07 23:57 . 2010-06-18 13:52 6300544 ----a-w- c:\windows\system32\SET272.tmp 2010-06-04 09:25 . 2010-06-04 09:25 503808 ----a-w- c:\documents and settings\jackob\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-79b60247-n\msvcp71.dll 2010-06-04 09:25 . 2010-06-04 09:25 499712 ----a-w- c:\documents and settings\jackob\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-79b60247-n\jmc.dll 2010-06-04 09:25 . 2010-06-04 09:25 61440 ----a-w- c:\documents and settings\jackob\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-408c8a65-n\decora-sse.dll 2010-06-04 09:25 . 2010-06-04 09:25 348160 ----a-w- c:\documents and settings\jackob\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-79b60247-n\msvcr71.dll 2010-06-04 09:25 . 2010-06-04 09:25 12800 ----a-w- c:\documents and settings\jackob\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-408c8a65-n\decora-d3d.dll 2010-06-02 02:55 . 2010-06-18 14:19 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-06-02 02:55 . 2010-06-18 14:19 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-06-02 02:55 . 2010-06-18 14:19 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2009-01-04 17:51 . 2009-01-04 17:51 14290 -c--a-w- c:\program files\settings.dat 2007-11-07 17:59 . 2007-11-07 17:59 0 -c--a-w- c:\program files\MultiTransefind.ini 2009-11-21 18:25 . 2009-11-21 18:26 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112] "Google Update"="c:\documents and settings\jackob\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-10-15 133104] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176] "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-11-21 2803200] "RayV"="c:\program files\RayV\RayV\RayV.exe" [2010-06-28 2561320] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-16 185896] "Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86099] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "CTHelper"="CTHELPER.EXE" [2002-07-02 24576] "CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672] "Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-25 191488] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^jackob^Menu Start^Programy^Autostart^Skrót do licence.lnk] path=c:\documents and settings\jackob\Menu Start\Programy\Autostart\Skrót do licence.lnk backup=c:\windows\pss\Skrót do licence.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] 2009-11-21 18:25 2803200 ----a-w- c:\program files\DAP\DAP.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Gadu-Gadu\\ggphone\\ggphone.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Opera\\Opera.exe"= "c:\\Program Files\\StrongDC++12\\StrongDC.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\TVAnts\\Tvants.exe"= "c:\\Program Files\\StrongDC++ 2.03\\StrongDC.exe"= "e:\\Program Files\\Steam\\SteamApps\\sirkubus\\team fortress 2\\hl2.exe"= "e:\\Program Files\\Steam\\steam.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "e:\\Program Files\\Steam\\SteamApps\\common\\football manager 2010\\fm.exe"= "e:\\Program Files\\HEROES3\\Death\\Heroes3.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\jackob\\Ustawienia lokalne\\Dane aplikacji\\Google\\Chrome\\Application\\chrome.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\RayV\\RayV\\RayV.exe"= "c:\\Program Files\\RayV\\RayV\\RayV.dll"= "e:\\Program Files\\Steam\\SteamApps\\common\\mafia ii - public demo\\launcher.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-07 78416] R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-09-26 286720] R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-09-26 81920] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-14 108289] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-07 20560] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-12-17 90112] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-06-15 1051976] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-12-16 27632] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-12-17 13224] S3 pfsvgae;pfsvgae;\??\e:\tmp\pfsvgae.sys --> e:\tmp\pfsvgae.sys [?] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-12-15 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-12-17 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-12-17 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-12-17 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-12-17 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-12-17 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-12-17 115752] S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-07-14 223128] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-11-12 685816] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Zawartość folderu 'Zaplanowane zadania' 2010-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-926492609-839522115-1003Core.job - c:\documents and settings\jackob\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-10-15 15:02] 2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-926492609-839522115-1003UA.job - c:\documents and settings\jackob\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-10-15 15:02] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.pl/ uInternet Connection Wizard,ShellNext = iexplore IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - FF - ProfilePath - c:\documents and settings\jackob\Dane aplikacji\Mozilla\Firefox\Profiles\v5rpwq5v.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p= FF - prefs.js: network.proxy.http - 174.142.24.201 FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.type - 1 FF - component: c:\documents and settings\jackob\Dane aplikacji\Mozilla\Firefox\Profiles\v5rpwq5v.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll FF - plugin: c:\documents and settings\jackob\Dane aplikacji\Mozilla\Firefox\Profiles\v5rpwq5v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\jackob\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll FF - plugin: c:\program files\Opera\program\plugins\npalnn.dll FF - plugin: c:\program files\Opera\program\plugins\npganymedenet.dll FF - plugin: c:\program files\Opera\program\plugins\NPSWF32_back.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe HKLM-Run-NeroCheck - c:\windows\system32\NeroCheck.exe HKLM-Run-Cmaudio - cmicnfg.cpl HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe AddRemove-Scooby-Doo™, Muzealna draka z powodu Robaka - e:\program files\The Learning Company\Scooby-Doo™ AddRemove-Scooby-Doo™, Piramidalna zagadka™ - c:\program files\giery\Scooby-Doo™ AddRemove-axis first browse - c:\docume~1\jackob\DANEAP~1\POLLUP~1\ScrObjSeek.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-25 18:41 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????:8???6~??6~????????\???\???????????U?6~??6~\???\?????????a??????C@?\???\??????s????\??????s\????:8?A??s?:8??C@?x???`|?w\?????@ Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A?P ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?p ????B???@?????P?????@? ????????6~??????????@???$???????????????B?????| ??????????????????????????r?B skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(2800) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\windows\system32\CTsvcCDA.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\windows\system32\MsPMSPSv.exe c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe c:\windows\system32\wscntfy.exe c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe c:\program files\Lexmark X5100 Series\lxbabmon.exe c:\program files\Creative\ShareDLL\MediaDet.exe c:\windows\system32\RUNDLL32.EXE c:\documents and settings\jackob\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.29\GoogleCrashHandler.exe . ************************************************************************** . Czas ukończenia: 2010-08-25 18:50:17 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-08-25 16:50 Przed: 175 587 328 bajtów wolnych Po: 73 539 584 bajtów wolnych Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 65717FF5273457FDC1FBBAEBCA0AD541