ComboFix 12-07-07.04 - user 2012-07-07 20:22:28.3.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1786 [GMT 2:00] Uruchomiony z: c:\documents and settings\user\Pulpit\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-07 do 2012-07-07 ))))))))))))))))))))))))))))))) . . 2012-07-07 18:17 . 2012-07-07 18:17 -------- d-----w- c:\windows\LastGood.Tmp 2012-07-07 17:45 . 2012-07-07 17:53 -------- d-----w- c:\documents and settings\Administrator 2012-07-07 17:32 . 2012-02-22 03:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-07-07 17:32 . 2011-12-23 11:32 41040 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-07-07 17:32 . 2011-12-23 11:32 17232 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2012-07-07 17:32 . 2011-12-23 11:32 24144 ----a-w- c:\windows\system32\drivers\avgidsfilterx.sys 2012-07-07 17:32 . 2011-12-23 11:32 139856 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2012-07-07 17:32 . 2012-01-31 02:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-07-06 18:19 . 2012-07-06 18:19 -------- d-----w- c:\documents and settings\user\Dane aplikacji\hellomoto 2012-06-18 19:33 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll 2012-06-18 19:33 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll 2012-06-18 19:33 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll 2012-06-18 19:33 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll 2012-06-18 19:33 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe 2012-06-18 19:33 . 2005-04-03 20:57 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-06-18 19:33 . 2012-06-18 19:33 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll 2012-06-18 19:33 . 2012-06-18 19:33 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll 2012-06-17 11:59 . 2012-06-17 11:59 -------- d-----w- c:\program files\Winamp Toolbar 2012-06-17 11:59 . 2012-06-17 11:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar 2012-06-17 11:59 . 2012-06-27 20:41 -------- d-----w- c:\documents and settings\user\Dane aplikacji\Winamp 2012-06-15 13:13 . 2009-11-19 13:06 25456 ----a-w- c:\windows\system32\drivers\s1039nd5.sys 2012-06-15 13:13 . 2009-11-19 13:06 10992 ----a-w- c:\windows\system32\drivers\s1039cr.sys 2012-06-15 13:13 . 2009-11-19 13:06 123504 ----a-w- c:\windows\system32\drivers\s1039unic.sys 2012-06-15 13:13 . 2009-11-19 13:06 12528 ----a-w- c:\windows\system32\drivers\s1039cmnt.sys 2012-06-15 13:13 . 2009-11-19 13:06 12528 ----a-w- c:\windows\system32\drivers\s1039cm.sys 2012-06-15 13:13 . 2009-11-19 13:06 124016 ----a-w- c:\windows\system32\drivers\s1039mdm.sys 2012-06-15 13:13 . 2009-11-19 13:06 117872 ----a-w- c:\windows\system32\drivers\s1039mgmt.sys 2012-06-15 13:13 . 2009-11-19 13:06 113904 ----a-w- c:\windows\system32\drivers\s1039obex.sys 2012-06-15 13:13 . 2009-11-19 13:06 14960 ----a-w- c:\windows\system32\drivers\s1039mdfl.sys 2012-06-15 13:13 . 2009-11-19 13:06 98672 ----a-w- c:\windows\system32\drivers\s1039bus.sys 2012-06-15 13:13 . 2009-11-19 13:06 12400 ----a-w- c:\windows\system32\drivers\s1039whnt.sys 2012-06-15 13:13 . 2009-11-19 13:06 12400 ----a-w- c:\windows\system32\drivers\s1039wh.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 15:45 . 2012-04-14 06:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 15:45 . 2011-11-15 10:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-04 15:39 . 2012-06-04 15:24 21840 ----atw- c:\windows\system32\SIntfNT.dll 2012-06-04 15:39 . 2012-06-04 15:24 17212 ----atw- c:\windows\system32\SIntf32.dll 2012-06-04 15:39 . 2012-06-04 15:24 12067 ----atw- c:\windows\system32\SIntf16.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2012-07-07_17.38.36 ))))))))))))))))))))))))))))))))))))))))) . + 2001-10-26 16:15 . 2012-07-07 18:23 83660 c:\windows\system32\perfc015.dat - 2001-10-26 16:15 . 2012-07-07 17:27 83660 c:\windows\system32\perfc015.dat + 2001-08-17 21:30 . 2012-07-07 18:23 67312 c:\windows\system32\perfc009.dat - 2001-08-17 21:30 . 2012-07-07 17:27 67312 c:\windows\system32\perfc009.dat + 2012-07-07 18:17 . 2012-04-19 02:50 24896 c:\windows\LastGood.Tmp\system32\DRIVERS\avgidshx.sys + 2001-10-26 16:15 . 2012-07-07 18:23 490284 c:\windows\system32\perfh015.dat - 2001-10-26 16:15 . 2012-07-07 17:27 490284 c:\windows\system32\perfh015.dat + 2001-08-17 21:30 . 2012-07-07 18:23 432356 c:\windows\system32\perfh009.dat - 2001-08-17 21:30 . 2012-07-07 17:27 432356 c:\windows\system32\perfh009.dat + 2012-07-07 18:17 . 2012-03-19 03:17 301248 c:\windows\LastGood.Tmp\system32\DRIVERS\avgtdix.sys + 2012-07-07 17:53 . 2012-07-07 17:54 1112996 c:\windows\system32\Restore\rstrlog.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2012-03-19 1937736] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864] . [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-04-09 15:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2011-08-24 17:21 1299248 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2012-06-02 880528] "AQQ"="d:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2012-05-04 10591232] "Steam"="d:\program files\Steam\Steam.exe" [2012-04-08 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "sqlncli"="c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\2575\sqlncli.exe" [2012-07-06 49664] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2011-12-12 22:20 3305760 ----a-w- c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] 2012-04-09 15:43 1557160 ----a-w- c:\program files\Ask.com\Updater\Updater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] 2012-05-04 08:12 10591232 ----a-w- d:\progra~1\WapSter\WAPSTE~1\AQQ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2010-05-04 15:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 20:51 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2011-11-10 09:17 3514176 ----a-w- d:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-01-11 19:56 136176 ----atw- c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck] 2010-08-11 03:31 40983152 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2011-01-04 20:36 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] 2011-08-01 13:35 114992 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2012-06-02 16:52 880528 ----a-w- d:\program files\uTorrent\uTorrent.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\user\\Ustawienia lokalne\\Dane aplikacji\\Akamai\\netsession_win.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Program Files\\Steam\\Steam.exe"= "d:\\Program Files\\Steam\\steamapps\\klaas95\\counter-strike\\hl.exe"= "e:\\Program Files\\Winamp\\winamp.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1047:TCP"= 1047:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-26 239168] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2008-04-14 14336] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 250056] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-11-15 100368] S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-11-15 50176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-13 129976] S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2012-06-15 98672] S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2012-06-15 14960] S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2012-06-15 124016] S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2012-06-15 117872] S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2012-06-15 25456] S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2012-06-15 113904] S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2012-06-15 123504] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-11-15 2127728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Zawartość folderu 'Zaplanowane zadania' . 2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 15:45] . 2012-07-03 c:\windows\Tasks\At1.job - c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16 20:12] . 2012-07-03 c:\windows\Tasks\At2.job - c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16 20:12] . 2012-07-06 c:\windows\Tasks\At3.job - c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16 20:12] . 2012-07-06 c:\windows\Tasks\At4.job - c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16 20:12] . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261903793-682003330-1003Core.job - c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-01-11 19:56] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261903793-682003330-1003UA.job - c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-01-11 19:56] . 2012-07-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-04-09 15:43] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678 mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=ins IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\sodqofeh.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.v9.com/?utm_source=b&utm_medium=ins FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=111252&babsrc=adbartrp&mntrId=64e564690000000000008c89a574c98d&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111252 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 64e564690000000000008c89a574c98d FF - user.js: extensions.BabylonToolbar_i.hardId - 64e564690000000000008c89a574c98d FF - user.js: extensions.BabylonToolbar_i.instlDay - 15409 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:01 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extentions.y2layers.installId - 0266cb10-5b9a-4a0b-8263-1db24ce5468a FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube FF - user.js: extensions.autoDisableScopes - 14 . - - - - USUNIĘTO PUSTE WPISY - - - - . MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-07 20:28 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(236) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Czas ukończenia: 2012-07-07 20:29:42 ComboFix-quarantined-files.txt 2012-07-07 18:29 ComboFix2.txt 2012-07-07 17:53 ComboFix3.txt 2012-07-07 17:39 . Przed: 17 564 684 288 bajtów wolnych Po: 17 568 227 328 bajtów wolnych . - - End Of File - - A300B6035F1968DDBB5F21CECA5F7B1D