ComboFix 12-10-31.03 - prezes 2012-10-31 15:32:57.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.132 [GMT 1:00] Uruchomiony z: c:\documents and settings\prezes\Moje dokumenty\Pobieranie\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\documents and settings\prezes\Dane aplikacji\12.exe c:\documents and settings\prezes\Dane aplikacji\13.exe c:\documents and settings\prezes\Dane aplikacji\3D.exe c:\documents and settings\prezes\Dane aplikacji\3E.exe c:\documents and settings\prezes\Dane aplikacji\40.exe c:\documents and settings\prezes\Dane aplikacji\92.exe c:\documents and settings\prezes\Dane aplikacji\E.exe c:\documents and settings\prezes\Dane aplikacji\F.exe c:\documents and settings\prezes\Moje dokumenty\~WRL0742.tmp c:\documents and settings\prezes\Moje dokumenty\~WRL1137.tmp c:\documents and settings\prezes\Moje dokumenty\~WRL3630.tmp c:\documents and settings\prezes\Ustawienia lokalne\Dane aplikacji\I Want This c:\documents and settings\prezes\Ustawienia lokalne\Dane aplikacji\I Want This\Chrome\I Want This.crx c:\documents and settings\prezes\Ustawienia lokalne\Dane aplikacji\unins000.exe c:\documents and settings\prezes\WINDOWS c:\program files\I Want This c:\program files\I Want This\I Want This.dll c:\program files\I Want This\I Want This.exe c:\program files\I Want This\I Want This.ico c:\program files\I Want This\I Want This.ini c:\program files\I Want This\I Want ThisGui.exe c:\program files\I Want This\I Want ThisInstaller.log c:\program files\I Want This\Uninstall.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll F:\autorun.inf . . ((((((((((((((((((((((((( Pliki utworzone od 2012-09-28 do 2012-10-31 ))))))))))))))))))))))))))))))) . . 2012-10-28 22:18 . 2012-10-28 23:54 98168 ----a-w- c:\windows\system32\drivers\klick.dat 2012-10-28 22:18 . 2012-10-28 23:54 116189 ----a-w- c:\windows\system32\drivers\klin.dat 2012-10-28 22:16 . 2012-10-31 14:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2012-10-28 22:16 . 2012-10-28 22:16 -------- d-----w- c:\program files\Kaspersky Lab 2012-10-26 19:08 . 2012-10-26 19:08 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-10-26 17:24 . 2004-08-03 22:44 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2012-10-26 17:24 . 2004-08-03 22:44 21504 ----a-w- c:\windows\system32\hidserv.dll 2012-10-26 17:24 . 2004-08-03 22:38 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2012-10-26 17:24 . 2004-08-03 22:38 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2012-10-26 17:24 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2012-10-26 17:24 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2012-10-18 11:29 . 2012-10-19 11:22 -------- d-----w- c:\documents and settings\prezes\Dane aplikacji\DivX 2012-10-18 11:29 . 2011-11-29 02:28 126448 ------w- c:\windows\system32\pxinsi64.exe 2012-10-18 11:29 . 2011-11-29 02:28 123888 ------w- c:\windows\system32\pxcpyi64.exe 2012-10-18 11:28 . 2012-10-18 11:29 -------- d-----w- c:\program files\Common Files\DivX Shared 2012-10-18 11:21 . 2012-10-18 11:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DivX 2012-10-17 21:27 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2012-10-17 21:27 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2012-10-17 21:27 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-10-17 21:27 . 2012-10-17 21:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\CanonIJMSetup 2012-10-17 21:26 . 2010-08-25 03:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAA.DLL 2012-10-17 21:26 . 2010-08-25 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAA.DLL 2012-10-17 21:26 . 2010-08-25 03:00 290816 ----a-w- c:\windows\system32\CNMLMAA.DLL 2012-10-17 21:24 . 2012-10-17 21:58 -------- d-----w- c:\program files\Canon 2012-10-16 21:34 . 2012-10-16 21:34 -------- d-----w- c:\program files\Mirillis . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 21:06 . 2012-04-05 02:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 21:06 . 2012-04-05 02:41 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-23 10:30 . 2012-09-23 10:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-23 10:30 . 2012-09-23 10:30 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-23 10:30 . 2012-07-08 18:58 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-23 10:30 . 2011-11-01 16:47 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-11 01:05 . 2012-10-24 18:22 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-07-04 130904] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-06-06 19:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2012-07-04 13:03 1310040 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000] "IPLA!"="c:\program files\ipla\ipla.exe" [2011-04-11 19811832] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 239616] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-12 2223985] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "Resume copy"="copyfstq.exe" [2002-03-24 46080] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2012-1-19 950272] Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2011-5-12 339968] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableTaskMgr"= 1 (0x1) "EnableRegistryTools"= 1 (0x1) "DisableChangePassword"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [HKLM\~\startupfolder\C:^Documents and Settings^prezes^Menu Start^Programy^Autostart^setup_9.0.0.722_23.12.2010_18-27.lnk] path=c:\documents and settings\prezes\Menu Start\Programy\Autostart\setup_9.0.0.722_23.12.2010_18-27.lnk backup=c:\windows\pss\setup_9.0.0.722_23.12.2010_18-27.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\nvraidservice.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\Program Files\\Winamp\\winampa.exe"= "c:\\WINDOWS\\system32\\WISPTIS.EXE"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R0 34048432;34048432 Boot Guard Driver;c:\windows\system32\drivers\34048432.sys [2010-12-24 37392] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2012-05-16 57312] R0 pe3apasb;Made Man Environment Driver (pe3apasb);c:\windows\system32\drivers\pe3apasb.sys [2007-11-13 65136] R0 ps7apasb;Made Man Synchronization Driver (ps7apasb);c:\windows\system32\drivers\ps7apasb.sys [2007-11-13 68728] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-12-13 691696] R1 34048431;34048431;c:\windows\system32\drivers\34048431.sys [2010-12-24 128016] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-03-04 11352] R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-07-22 814344] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-03-10 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-02 19472] R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2012-01-19 450560] S0 76437892;76437892 Boot Guard Driver;c:\windows\system32\drivers\76437892.sys [2011-04-23 37392] S0 79249332;79249332 Boot Guard Driver;c:\windows\system32\drivers\79249332.sys [2011-11-01 37392] S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2012-05-04 149376] S1 76437891;76437891;c:\windows\system32\drivers\76437891.sys [2011-04-23 128016] S1 79249331;79249331;c:\windows\system32\drivers\79249331.sys [2011-11-01 128016] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 136176] S2 pr2apasb;Made Man Drivers Auto Removal (pr2apasb);c:\windows\system32\pr2apasb.exe svc --> c:\windows\system32\pr2apasb.exe svc [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 250808] S3 ATICDSDr;ATICDSDr;c:\ati\SUPPORT\7-1_xp_dd_ccc_wdm_enu_40211\BIN\atiicdxx.sys [2006-12-21 6144] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-05-16 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-05-16 8456] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-26 115168] . Zawartość folderu 'Zaplanowane zadania' . 2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 21:06] . 2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 20:12] . 2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 20:12] . 2012-10-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-06-06 19:33] . 2012-10-29 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job - c:\program files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2012-05-17 16:29] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://home.sweetim.com/?st=6&barid={D97D90B2-BEE4-11E1-89ED-0060B38F8567} mStart Page = hxxp://home.sweetim.com/?st=6&barid={D97D90B2-BEE4-11E1-89ED-0060B38F8567} uInternet Connection Wizard,ShellNext = iexplore IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\prezes\Dane aplikacji\Mozilla\Firefox\Profiles\z0gg7q90.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl FF - ExtSQL: 2012-09-24 23:58; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\documents and settings\prezes\Dane aplikacji\Mozilla\Firefox\Profiles\z0gg7q90.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: 2012-10-17 00:32; addon@defaulttab.com; c:\documents and settings\prezes\Dane aplikacji\Mozilla\Firefox\Profiles\z0gg7q90.default\extensions\addon@defaulttab.com.xpi FF - ExtSQL: 2012-10-18 13:29; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - ExtSQL: 2012-10-28 23:16; KavAntiBanner@Kaspersky.ru; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru FF - ExtSQL: 2012-10-28 23:17; virtualKeyboard@kaspersky.ru; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - ExtSQL: 2012-10-28 23:17; linkfilter@kaspersky.ru; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-SoundMan - SOUNDMAN.EXE HKLM-Run-WINSXS32 - c:\documents and settings\prezes\Dane aplikacji\F.exe AddRemove-I Want This - c:\program files\I Want This\Uninstall.exe AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\documents and settings\prezes\Ustawienia lokalne\Dane aplikacji\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-31 15:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1960408961-115176313-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(1056) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2012-10-31 15:48:36 ComboFix-quarantined-files.txt 2012-10-31 14:48 . Przed: 4 363 423 744 bajtów wolnych Po: 5 686 231 040 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut . - - End Of File - - A23C4CB22E6B25A22E6E311C0B7A697D