ComboFix 10-10-09.01 - Admin 2010-10-09 19:02:29.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.683 [GMT 2:00] Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt . ((((((((((((((((((((((((( Pliki utworzone od 2010-09-09 do 2010-10-09 ))))))))))))))))))))))))))))))) . 2010-10-09 10:51 . 2010-10-09 10:51 -------- d-----w- c:\program files\Common Files\Adobe 2010-10-07 14:34 . 2008-09-26 16:01 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys 2010-10-07 14:34 . 2008-09-26 16:01 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2010-10-07 14:34 . 2008-09-26 16:01 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2010-10-07 14:34 . 2008-09-26 16:00 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2010-09-30 14:36 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-09-30 14:30 . 2004-08-03 22:44 25600 ----a-w- c:\documents and settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2010-09-30 13:22 . 2010-09-30 14:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software 2010-09-30 13:22 . 2010-09-30 13:22 -------- d-----w- c:\program files\Alwil Software 2010-09-30 13:11 . 2010-09-30 13:11 0 ----a-w- c:\windows\nsreg.dat 2010-09-30 13:11 . 2010-09-30 13:11 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Mozilla 2010-09-26 09:39 . 2010-10-07 14:34 -------- d-----w- c:\program files\PLAY ONLINE 2010-09-23 07:49 . 2010-09-29 12:38 -------- d-----w- c:\documents and settings\Gość 2010-09-14 16:17 . 2010-09-14 16:17 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\blueconnect 2010-09-14 16:17 . 2009-06-30 09:52 983040 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\LiveUpdate.exe 2010-09-14 16:17 . 2009-06-30 09:52 151552 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\XMessageBox.dll 2010-09-14 16:17 . 2009-06-23 14:43 110592 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\ouc.exe 2010-09-14 16:17 . 2008-10-11 08:39 927504 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\mfc40u.dll 2010-09-14 16:17 . 2006-12-28 03:34 499712 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\msvcp71.dll 2010-09-14 16:17 . 2006-12-28 03:34 1047552 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\MFC71u.dll 2010-09-14 16:17 . 2006-12-28 03:34 348160 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\msvcr71.dll 2010-09-14 16:17 . 2006-12-28 03:34 1060864 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\mfc71.dll 2010-09-14 16:17 . 2005-08-10 06:19 401462 ----a-w- c:\documents and settings\Admin\Dane aplikacji\blueconnect\msvcp60.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-30 15:03 . 2001-10-26 17:15 74346 ----a-w- c:\windows\system32\perfc015.dat 2010-09-30 15:03 . 2001-10-26 17:15 448338 ----a-w- c:\windows\system32\perfh015.dat 2010-09-09 12:13 . 2010-01-03 12:45 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Skype 2010-09-09 10:02 . 2010-05-24 11:22 -------- d-----w- c:\program files\Common Files\SmartCom . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-02-14 2825088] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-06-04 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-06-04 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-06-04 72728] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-01-03 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-06-04 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-06-04 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-06-04 72728] S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys --> c:\windows\system32\drivers\ewfiltertdidriver.sys [?] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?] S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-10-05 468768] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=101 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\u41ll8e7.default\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(1144) c:\windows\system32\nview.dll c:\windows\system32\NVWRSPL.DLL c:\windows\system32\nvwddi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Czas ukończenia: 2010-10-09 19:05:36 ComboFix-quarantined-files.txt 2010-10-09 17:05 ComboFix2.txt 2010-09-30 14:15 Przed: 97 598 140 416 bajtów wolnych Po: 97 579 700 224 bajtów wolnych - - End Of File - - C238BB462908E81C85E54910362DEB8D