ComboFix 10-11-09.01 - Buki 2010-11-10 14:30:35.2.4 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3326.2538 [GMT 1:00] Uruchomiony z: d:\download\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Buki\Pulpit\CFScript.txt AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * Utworzono nowy punkt przywracania FILE :: "H:\autorun.0nf" "H:\autorun.1nf" "H:\autorun.2nf" "H:\autorun.3nf" "H:\autorun.4nf" "H:\autorun.5nf" "H:\autorun.6nf" "H:\autorun.7nf" "H:\autorun.8nf" "H:\autorun.9nf" "H:\autorun.inf" "H:\lpl.exe" . ((((((((((((((((((((((((( Pliki utworzone od 2010-10-10 do 2010-11-10 ))))))))))))))))))))))))))))))) . 2010-11-08 20:06 . 2010-11-08 20:06 -------- d-----w- c:\documents and settings\Buki\Ustawienia lokalne\Dane aplikacji\VS Revo Group 2010-11-08 20:06 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys 2010-11-07 20:58 . 2010-11-07 21:12 -------- d-----w- c:\documents and settings\Buki\Ustawienia lokalne\Dane aplikacji\2K Games 2010-11-07 20:57 . 2010-11-07 20:57 -------- d-----w- c:\program files\NVIDIA Corporation 2010-11-07 20:55 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-11-07 20:55 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-11-07 20:55 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-11-07 20:55 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-11-07 20:55 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2010-11-07 20:55 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2010-11-07 20:55 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-11-07 20:55 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-11-07 20:55 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-11-07 20:55 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2010-11-07 20:55 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2010-11-07 20:55 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2010-11-07 20:13 . 2010-11-07 20:13 -------- d-----w- C:\UsbFix 2010-10-26 07:12 . 2010-10-26 07:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-10-26 07:11 . 2010-10-26 07:11 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-10-16 15:27 . 2010-10-16 15:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Synetic 2010-10-16 15:26 . 2010-04-05 11:31 241664 ----a-w- c:\windows\system32\mp4sds32.ax 2010-10-16 15:26 . 2009-04-07 01:59 424960 ----a-w- c:\windows\system32\wmavds32.ax 2010-10-16 15:26 . 2001-05-16 14:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll 2010-10-13 08:37 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 08:37 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 08:37 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-10 13:21 . 2009-04-14 11:51 16608 ----a-w- c:\windows\gdrv.sys 2010-10-27 14:18 . 2009-04-14 12:16 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-10-27 14:17 . 2009-04-14 14:54 233960 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-10-27 14:17 . 2009-04-14 12:16 233960 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-09-18 10:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 13:10 . 2009-04-14 12:16 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-09-10 05:52 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:52 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:52 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-09-01 11:52 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:57 . 2004-08-04 12:00 1853056 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:03 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:54 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((( SnapShot@2010-11-09_18.54.43 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-10 13:21 . 2010-11-10 13:21 16384 c:\windows\Temp\Perflib_Perfdata_2cc.dat + 2010-11-10 13:21 . 2010-11-10 13:21 16384 c:\windows\Temp\Perflib_Perfdata_250.dat - 2010-10-13 11:23 . 2010-10-13 11:23 34632 c:\windows\Installer\{90120000-0020-0415-0000-0000000FF1CE}\O12ConvIcon.exe + 2010-11-10 13:19 . 2010-11-10 13:19 34632 c:\windows\Installer\{90120000-0020-0415-0000-0000000FF1CE}\O12ConvIcon.exe + 2009-04-16 20:23 . 2010-11-10 13:17 23040 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2009-04-16 20:23 . 2010-10-13 11:22 23040 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2009-04-16 20:23 . 2010-10-13 11:22 61440 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2009-04-16 20:23 . 2010-11-10 13:17 61440 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2009-04-16 20:23 . 2010-10-13 11:22 27136 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2009-04-16 20:23 . 2010-11-10 13:17 27136 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2009-04-16 20:23 . 2010-10-13 11:22 11264 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2009-04-16 20:23 . 2010-11-10 13:17 11264 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2009-04-16 20:23 . 2010-10-13 11:22 86016 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-04-16 20:23 . 2010-11-10 13:17 86016 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-04-16 20:23 . 2010-11-10 13:17 12288 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-04-16 20:23 . 2010-10-13 11:22 12288 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2009-04-16 20:23 . 2010-11-10 13:17 4096 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2009-04-16 20:23 . 2010-10-13 11:22 4096 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2010-11-09 19:13 . 2010-11-09 19:13 196608 c:\windows\Installer\{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}\Shortcut_SETTINGS__E16DFE45D7AC4FBF87BBB412D05EFC15.exe + 2010-11-09 19:13 . 2010-11-09 19:13 204800 c:\windows\Installer\{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}\Shortcut_PES2011_E_19E2C126E9A346458082E1106EC36033.exe + 2010-11-09 19:13 . 2010-11-09 19:13 204800 c:\windows\Installer\{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}\ARPPRODUCTICON.exe + 2009-04-16 20:23 . 2010-11-10 13:17 409600 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2009-04-16 20:23 . 2010-10-13 11:22 409600 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2009-04-16 20:23 . 2010-11-10 13:17 286720 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2009-04-16 20:23 . 2010-10-13 11:22 286720 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-04-16 20:23 . 2010-11-10 13:17 249856 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2009-04-16 20:23 . 2010-10-13 11:22 249856 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2009-04-16 20:23 . 2010-11-10 13:17 794624 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2009-04-16 20:23 . 2010-10-13 11:22 794624 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2009-04-16 20:23 . 2010-10-13 11:22 135168 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\misc.exe + 2009-04-16 20:23 . 2010-11-10 13:17 135168 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\misc.exe + 2009-04-16 20:23 . 2010-11-10 13:17 593920 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2009-04-16 20:23 . 2010-10-13 11:22 593920 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2010-09-17 05:04 . 2010-09-17 05:04 9401856 c:\windows\Installer\160fe3.msp + 2010-10-22 12:25 . 2010-10-22 12:25 5521408 c:\windows\Installer\160fd9.msp + 2010-11-09 19:13 . 2010-11-09 19:13 2054656 c:\windows\Installer\12ad79d.msi + 2009-04-18 16:30 . 2010-11-10 13:17 35758536 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-11-11 870400] "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "IVONA ControlCenter"="c:\program files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" [2010-05-28 1576960] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [BU] "GameTracker"="c:\program files\GameTracker\GTLite.exe" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "nwiz"="nwiz.exe" [2009-03-27 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016] "RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008] "SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824] "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Buki\Menu Start\Programy\Autostart\ CurseClientStartup.ccip [2010-2-26 0] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Program Files\\Xfire\\Xfire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "d:\\Program Files\\Electronic Arts\\Bitwa o Śródziemie II\\game.dat"= "e:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "d:\\PES 2010\\pes 2010\\program files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"= "d:\\PES 2010\\pes 2010\\Crack\\pes2010.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "d:\\Program Files\\Ubisoft\\Assassins Creed II\\AssassinsCreedIIGame.exe"= "d:\\Program Files\\Mozilla Firefox\\firefox.exe"= "e:\\Program Files\\Ubisoft\\AssassinsCreedIIGame.exe"= "e:\\Program Files\\Ubisoft\\AssassinsCreedII.exe"= "e:\\Program Files\\Ubisoft\\UPlayBrowser.exe"= "d:\\Download\\PDFReader_Setup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "e:\\PES11\\Crack\\PES2011.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-07-17 721904] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 114984] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-04-14 80392] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 135664] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 MemStPCI;Kontroler modułów pamięci Memory Stick Sony (PCI);c:\windows\system32\drivers\MemStPCI.SYS [2009-08-04 26112] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-11-08 27064] . Zawartość folderu 'Zaplanowane zadania' 2010-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 20:31] 2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 20:31] 2010-11-09 c:\windows\Tasks\Norton Security Scan for Buki.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-31 04:32] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ uInternet Settings,ProxyOverride = ;*.local IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Buki\Dane aplikacji\Mozilla\Firefox\Profiles\jiuz4mqy.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.4.dll FF - plugin: c:\documents and settings\Buki\Dane aplikacji\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Buki\Dane aplikacji\Mozilla\Firefox\Profiles\jiuz4mqy.default\extensions\cctvplayer-plugin@www.cctv.com\plugins\npCCTVplayer.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - USUNIĘTO PUSTE WPISY - - - - Toolbar-{511131f1-4629-4254-a85f-ed7b6d75dd3c} - (no file) Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-10 14:34 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-854245398-1214440339-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:97,a5,3c,0d,2e,81,fe,fd,e7,d6,06,f4,1d,7f,95,ed,67,91,e5,6e,20,da,2f, 78,b6,cf,ca,c3,ac,d4,95,e3,05,9a,04,34,47,c7,60,78,26,f2,8b,32,39,3d,57,1a,\ "??"=hex:67,91,6e,36,74,e9,30,d3,34,26,41,8d,80,10,56,12 [HKEY_USERS\S-1-5-21-854245398-1214440339-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:b8,3a,81,0f,15,c6,9e,7b,94,44,69,0e,67,2a,c9,e1,a1,2b,93,5f,e3, 63,79,3b,cc,dc,94,55,8a,6d,f1,7d,a3,74,ba,17,c7,f9,32,bb,ac,e1,0d,43,bd,bf,\ "rkeysecu"=hex:73,74,53,ff,4b,e9,3c,af,45,22,5f,1d,b2,fa,b7,ae . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(2816) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Czas ukończenia: 2010-11-10 14:35:24 ComboFix-quarantined-files.txt 2010-11-10 13:35 ComboFix2.txt 2010-11-09 18:55 Przed: 81 017 495 552 bajtów wolnych Po: 81 028 640 768 bajtów wolnych - - End Of File - - 0FD02A6BE610C9B48A206260390F9690