ComboFix 10-10-19.04 - Krystian 2010-10-20 20:35:10.3.2 - FAT32x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.717 [GMT 2:00] Uruchomiony z: c:\documents and settings\Krystian\Pulpit\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 101020-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Krystian\Dane aplikacji\AD ON Multimedia c:\documents and settings\Krystian\Dane aplikacji\AD ON Multimedia\eBay Shortcuts\config.ini c:\documents and settings\Krystian\Dane aplikacji\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe c:\documents and settings\Krystian\Dane aplikacji\BITS c:\documents and settings\Krystian\Dane aplikacji\BITS\BITS.ini c:\documents and settings\Krystian\Dane aplikacji\BITS\DHTTable.dat c:\documents and settings\Krystian\Dane aplikacji\BITS\ProxyList.ini c:\documents and settings\Krystian\Dane aplikacji\BITS\UPnP.ini c:\recycled\Recycled c:\windows\svchost.exe c:\windows\system32\kernel1.exe c:\windows\system32\muzapp.exe c:\windows\system32\Thumbs.db c:\windows\xcopy.exe Zainfekowana kopia c:\windows\system32\midimap.dll została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\VistaMizer\old\midimap.dll . ((((((((((((((((((((((((( Pliki utworzone od 2010-09-20 do 2010-10-20 ))))))))))))))))))))))))))))))) . 2010-10-20 18:04 . 2010-10-20 18:04 -------- d-----w- C:\FOUND.002 2010-10-20 16:04 . 2004-08-03 22:44 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-10-20 15:30 . 2010-10-20 15:30 -------- d-----w- C:\UsbFix 2010-10-20 15:21 . 2010-10-20 15:21 -------- d-----w- C:\_OTL 2010-10-19 17:17 . 2010-10-19 17:17 -------- d-----w- c:\documents and settings\Administrator 2010-10-19 17:10 . 2010-10-19 17:10 -------- d-----w- C:\FOUND.001 2010-10-19 17:01 . 2010-10-19 17:01 -------- d-----w- C:\FOUND.000 2010-10-19 16:16 . 2006-08-01 07:02 49152 ------r- c:\windows\system32\ChCfg.exe 2010-10-19 16:15 . 2006-07-21 08:14 86016 ------r- c:\windows\SoundMan.exe 2010-10-19 16:15 . 2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe 2010-10-19 16:15 . 2007-01-16 02:39 1191936 ------r- c:\windows\RtlUpd.exe 2010-10-19 16:15 . 2006-08-17 22:58 282624 ------r- c:\windows\system32\RTSndMgr.cpl 2010-10-19 16:15 . 2006-05-04 08:35 9709568 ------r- c:\windows\RTLCPL.exe 2010-10-19 16:15 . 2007-02-26 07:03 16125440 ------r- c:\windows\RTHDCPL.exe 2010-10-19 16:15 . 2006-10-11 09:42 2157568 ------r- c:\windows\MicCal.exe 2010-10-19 16:15 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe 2010-10-19 16:15 . 2006-05-04 08:26 2808832 ------r- c:\windows\alcwzrd.exe 2010-10-19 16:15 . 2005-09-21 02:25 299008 ------r- c:\windows\system32\ALSndMgr.cpl 2010-10-19 16:15 . 2010-10-19 16:15 -------- d-----w- c:\program files\Realtek 2010-10-19 16:13 . 2007-01-12 08:54 520192 ------r- c:\windows\RtlExUpd.dll 2010-10-09 16:58 . 2010-10-09 16:58 14808 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2010-10-09 16:58 . 2010-10-09 16:58 718296 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll 2010-09-26 15:54 . 2010-09-26 15:54 407552 ----a-w- c:\program files\Mozilla Firefox\midas.dll 2010-09-21 18:16 . 2010-09-21 18:16 -------- d-----w- c:\documents and settings\Krystian\Ustawienia lokalne\Dane aplikacji\Autodesk 2010-09-21 18:16 . 2010-09-21 18:16 -------- d-----w- c:\documents and settings\Krystian\Dane aplikacji\Autodesk 2010-09-21 18:16 . 2010-09-21 18:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Autodesk 2010-09-21 17:09 . 2010-09-21 17:09 -------- d-----w- c:\program files\Common Files\Akamai . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2004-08-03 . 87D414EBA254E42649F4D0A00BB653C6 . 544256 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2004-08-03 . 87D414EBA254E42649F4D0A00BB653C6 . 544256 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe [7] 2004-08-03 . 0344407089B08548D4FEBA62BB0F32D0 . 504832 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\winlogon.exe [-] 2006-08-25 . E317E355CE3065C38A3A576517404D1A . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2006-08-25 . E317E355CE3065C38A3A576517404D1A . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [7] 2006-08-25 . 19CDC3435A7C6DA3117F4E0B2C79AC5F . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll [7] 2006-08-25 . 6944354E1163DE1E6BB63F9E59B36E61 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [7] 2004-08-03 . 492C2DB83085130A993EE3E12D0FD0E1 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [7] 2001-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [7] 2008-08-14 . DCDD970025463DFC9676EBE18ABD6A86 . 2190464 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [7] 2008-08-14 . 1E808411607A060AD7C582B7556C9AFA . 2181632 . . [5.1.2600.3427] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2008-08-14 . 62BD2C5058552F733A0B31CD4AFF1424 . 2394624 . . [5.1.2600.3427] . . c:\windows\system32\ntoskrnl.exe [-] 2008-08-14 . 62BD2C5058552F733A0B31CD4AFF1424 . 2394624 . . [5.1.2600.3427] . . c:\windows\system32\dllcache\ntoskrnl.exe [7] 2008-08-14 . 595F2A04930D3916A3AED48F1C9E2957 . 2137600 . . [5.1.2600.3427] . . c:\windows\system32\VITrans\ntoskrnl.exe [7] 2008-08-14 . 595F2A04930D3916A3AED48F1C9E2957 . 2137600 . . [5.1.2600.3427] . . c:\windows\VistaMizer\old\ntoskrnl.exe [7] 2008-08-14 . 8EAC2F887F5E093186A6B2E548F719BA . 2187264 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe [7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe [7] 2007-02-28 . C450518EF9ACC02A2D799698021E31A8 . 2183424 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [7] 2006-12-19 . 745C1A081AA663EA324E87432C244F70 . 2183296 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe [7] 2006-10-30 . DA47E147BC4628588E82FD7509FE2033 . 2183296 . . [5.1.2600.3023] . . c:\windows\$hf_mig$\KB896256\SP2QFE\ntoskrnl.exe [7] 2005-03-02 . DBA3E4215279C8012B37D2135B531258 . 2180864 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [-] 2007-06-13 . 720C3C73FC4748C58CDC0A94C4808A6B . 1552896 . . [6.00.2900.3156] . . c:\windows\explorer.exe [-] 2007-06-13 . 720C3C73FC4748C58CDC0A94C4808A6B . 1552896 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe [7] 2007-06-13 . 029A562E81BBEE088C61D418BF408F44 . 1034752 . . [6.00.2900.3156] . . c:\windows\system32\VITrans\explorer.exe [7] 2007-06-13 . 029A562E81BBEE088C61D418BF408F44 . 1034752 . . [6.00.2900.3156] . . c:\windows\VistaMizer\old\explorer.exe [7] 2007-06-13 . 8DB0650B211425B9CDB7D1C4A8F6B482 . 1034752 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2004-08-03 . 36EAB91FFD244D3202830E417C45E0A5 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe [-] 2004-08-03 . 36EAB91FFD244D3202830E417C45E0A5 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe [7] 2004-08-03 . CBFA30492D70CE3938D8A7783D0C0436 . 15360 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\ctfmon.exe [7] 2008-08-14 . 638346856E53887B0C3DA62A9AB2C203 . 2067328 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [7] 2008-08-14 . 740D5209CE5EC76BB99923A710CD0A53 . 2059008 . . [5.1.2600.3427] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2008-08-14 . AA172936E997EEBB485DDC691C20B115 . 2274304 . . [5.1.2600.3427] . . c:\windows\system32\ntkrnlpa.exe [-] 2008-08-14 . AA172936E997EEBB485DDC691C20B115 . 2274304 . . [5.1.2600.3427] . . c:\windows\system32\dllcache\ntkrnlpa.exe [7] 2008-08-14 . 6E5D9063406D99644BA489503E3D7B71 . 2017280 . . [5.1.2600.3427] . . c:\windows\system32\VITrans\ntkrnlpa.exe [7] 2008-08-14 . 6E5D9063406D99644BA489503E3D7B71 . 2017280 . . [5.1.2600.3427] . . c:\windows\VistaMizer\old\ntkrnlpa.exe [7] 2008-08-14 . BD1C2093733023E5AFC1520C095C2195 . 2064256 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe [7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe [7] 2007-02-28 . 2F4A36B1B03D64FB176CB0F3EB597118 . 2060672 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [7] 2006-12-19 . 4A447A38F3D164BB634D20D0A2C6833B . 2060672 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe [7] 2006-10-30 . F1B0AB04F3893688735E77DD8C79D8F4 . 2060544 . . [5.1.2600.3023] . . c:\windows\$hf_mig$\KB896256\SP2QFE\ntkrnlpa.exe [7] 2005-03-02 . 35D11FDC381536AB95E3005489131F44 . 2058240 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesTrayAgent"="c:\program files\Samsung\Kies\" [X] "STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160] "ALLUpdate"="d:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 25088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776] "nwiz"="nwiz.exe" [2007-12-04 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 185896] "HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "DrvIcon"="c:\program files\Vista Icon\DrvIcon.exe" [2007-07-04 45056] "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 25088] c:\documents and settings\Krystian\Menu Start\Programy\Autostart\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-15 3450608] Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Program Files\\Ares\\Ares.exe"= "d:\\Program Files\\LimeWire\\LimeWire.exe"= "e:\\Program Files\\THQ\\MotoGP 2007\\motogp.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\WINDOWS\\System32\\dplaysvr.exe"= "e:\\Program Files\\Insane\\Game.exe"= "c:\\Documents and Settings\\Krystian\\temp\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1036:TCP"= 1036:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 114768] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2004-08-03 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-01 20560] R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-12-22 95568] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-27 217088] R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 18136] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-05-27 36640] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-08 135664] S3 FXDrv32;FXDrv32;F:\FXDrv32.sys [2006-08-07 16352] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-05-27 98432] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-05-27 14848] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-05-27 123648] S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2010-05-27 100224] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-03-07 691696] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - FSUSBEXDISK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . Zawartość folderu 'Zaplanowane zadania' 2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-08 18:19] 2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-08 18:19] 2010-10-17 c:\windows\Tasks\SmartDefrag.job - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-09-20 07:22] . . ------- Skan uzupełniający ------- . uStart Page = uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Krystian\Dane aplikacji\Mozilla\Firefox\Profiles\buch6skk.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/firefox FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.3.dll FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin.dll FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin2.dll FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin3.dll FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin4.dll FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin5.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: d:\program files\Picasa3\npPicasa3.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - USUNIĘTO PUSTE WPISY - - - - AddRemove-Euro Truck Simulator_is1 - e:\program files\Euro Truck Simulator\unins000.exe AddRemove-ffdshow_is1 - c:\program files\Video Convert Master\codec\ffdshow\unins000.exe AddRemove-Gadu-Gadu - c:\program files\Gadu-Gadu\Setup.exe AddRemove-GT Interactive - Driver - d:\Uninst.isu AddRemove-Icy Tower v1.3.1_is1 - e:\program files\Nowy folder\icytower1.3\unins000.exe AddRemove-Nowe Gadu-Gadu - d:\program files\Nowe Gadu-Gadu\Uninstall.exe AddRemove-OpenAL - c:\program files\OpenAL\oalinst.exe AddRemove-QuicktimeAlt_is1 - c:\program files\Video Convert Master\codec\quicktime\unins000.exe AddRemove-RealAlt_is1 - c:\program files\Video Convert Master\codec\real\unins000.exe AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-117609710-484763869-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{03E9EA53-40C9-D937-A20D-DD4F0A6CE196}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oagnicdbgeingdpmkfcjgfbplgplao"=hex:61,69,6d,70,68,6b,66,67,6f,62,70,6e,6c,62, 70,69,6d,67,61,6d,64,68,6b,61,64,61,61,6a,6d,70,64,61,68,6d,6d,64,61,69,67,\ "ianmgmmckodeidelfk"=hex:6a,61,6f,70,65,70,66,6e,64,65,69,66,61,6e,63,64,67,63, 70,63,00,48 "hadnmapkgdpbolpe"=hex:6b,61,6f,70,6b,6e,64,62,6b,68,6b,6b,69,64,69,63,6c,63, 6c,6f,6c,6b,00,00 [HKEY_USERS\S-1-5-21-117609710-484763869-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:1b,b1,bf,8c,f8,ef,48,ea,d8,8e,89,df,cd,fb,93,63,7b,c0,8a,54,58,f9,c2, 3d,70,dd,6f,7a,10,5d,58,9f,54,61,08,f8,5f,f2,3c,c3,e1,46,2a,bb,bf,fe,0c,d9,\ "??"=hex:ba,a9,28,76,1b,b2,c8,a7,94,60,b1,53,9d,5e,b3,97 [HKEY_USERS\S-1-5-21-117609710-484763869-682003330-1003\Software\SecuROM\License information*] "datasecu"=hex:16,30,84,5a,86,f7,ab,cb,81,21,31,a7,2c,49,5b,1d,08,7b,62,32,03, c7,93,4f,62,97,c9,8f,96,7b,2a,ff,6a,33,38,02,be,31,73,64,88,e0,c9,67,f3,e1,\ "rkeysecu"=hex:24,78,58,d2,03,c0,08,66,9b,3f,ff,69,16,7f,6a,e7 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(592) c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll - - - - - - - > 'explorer.exe'(3976) c:\windows\system32\SHDOCVW.dll c:\program files\Stardock\ObjectDock\DockShellHook.dll c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\LINKINFO.dll c:\windows\system32\ntshrui.dll c:\windows\system32\msi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\TGTSoft\StyleXP\StyleXPService.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Samsung\Kies\KiesTrayAgent.exe c:\windows\system32\nvsvc32.exe c:\program files\TeamViewer\Version5\TeamViewer.exe c:\program files\Common Files\Teleca Shared\Generic.exe d:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wbem\wmiapsrv.exe d:\program files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************** . Czas ukończenia: 2010-10-20 20:45:51 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-10-20 18:45 Przed: 7 888 109 568 bajtów wolnych Po: 7 819 362 304 bajtów wolnych - - End Of File - - 84186B69CE09A93EF7E479D39CA103B9