ComboFix 12-11-06.03 - Marta Holc 2012-11-07 20:04:18.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.3067.2538 [GMT 1:00] Uruchomiony z: H:\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Utworzono nowy punkt przywracania . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\auth.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\burnlib.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\dsp_sps.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\enc_fhgaac.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\enc_flac.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\enc_lame.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\enc_vorbis.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\enc_wav.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\enc_wma.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_classicart.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_crasher.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_ff.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_find_on_disk.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_hotkeys.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_jumpex.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_ml.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_nopro.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_orgler.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_skinmanager.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_timerestore.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_tray.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\gen_undo.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_avi.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_cdda.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_dshow.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_flac.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_flv.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_linein.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_midi.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_mkv.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_mod.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_mp3.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_mp4.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_nsv.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_swf.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_vorbis.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_wav.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_wave.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_wm.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\in_wv.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_addons.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_autotag.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_bookmarks.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_devices.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_disc.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_downloads.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_enqplay.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_history.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_impex.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_local.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_nowplaying.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_online.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_orb.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_playlists.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_plg.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_pmp.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_rg.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_transcode.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ml_wire.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\ombrowser.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\out_disk.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\out_ds.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\out_wave.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\playlist.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\pmp_activesync.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\pmp_android.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\pmp_ipod.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\pmp_njb.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\pmp_p4s.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\pmp_usb.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\pmp_wifi.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\tagz.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\vis_avs.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\vis_milk2.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\vis_nsfs.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\winamp.lng c:\docume~1\MARTAH~1\USTAWI~1\Temp\WLZBFC3.tmp\winampa.lng c:\documents and settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad c:\documents and settings\All Users\Dane aplikacji\lsass.exe c:\documents and settings\Marta Holc\Dane aplikacji\Uguca c:\documents and settings\Marta Holc\Dane aplikacji\Uguca\ryhei.exe c:\documents and settings\Marta Holc\Menu Start\Programy\Autostart\ctfmon.lnk c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\auth.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\burnlib.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\dsp_sps.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\enc_fhgaac.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\enc_flac.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\enc_lame.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\enc_vorbis.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\enc_wav.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\enc_wma.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_classicart.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_crasher.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_ff.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_find_on_disk.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_hotkeys.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_jumpex.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_ml.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_nopro.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_orgler.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_skinmanager.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_timerestore.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_tray.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\gen_undo.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_avi.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_cdda.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_dshow.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_flac.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_flv.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_linein.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_midi.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_mkv.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_mod.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_mp3.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_mp4.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_nsv.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_swf.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_vorbis.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_wav.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_wave.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_wm.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\in_wv.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_addons.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_autotag.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_bookmarks.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_devices.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_disc.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_downloads.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_enqplay.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_history.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_impex.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_local.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_nowplaying.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_online.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_orb.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_playlists.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_plg.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_pmp.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_rg.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_transcode.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ml_wire.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\ombrowser.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\out_disk.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\out_ds.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\out_wave.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\playlist.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\pmp_activesync.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\pmp_android.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\pmp_ipod.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\pmp_njb.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\pmp_p4s.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\pmp_usb.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\pmp_wifi.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\tagz.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\vis_avs.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\vis_milk2.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\vis_nsfs.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\winamp.lng c:\documents and settings\Marta Holc\Ustawienia lokalne\Temp\WLZBFC3.tmp\winampa.lng c:\windows\system32\Desktop_.ini . . ((((((((((((((((((((((((( Pliki utworzone od 2012-10-07 do 2012-11-07 ))))))))))))))))))))))))))))))) . . 2012-11-06 16:05 . 2012-11-06 16:05 -------- d-s---w- c:\documents and settings\Marta Holc\UserData 2012-10-10 12:51 . 2008-09-26 16:01 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys 2012-10-10 12:51 . 2008-09-26 16:01 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2012-10-10 12:51 . 2008-09-26 16:01 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2012-10-10 12:51 . 2008-09-26 16:00 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-08 18:49 . 2012-10-02 21:09 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll 2012-10-08 18:49 . 2012-07-11 13:15 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll 2012-10-02 21:17 . 2012-10-02 21:17 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-02 21:17 . 2012-10-02 21:17 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-02 21:17 . 2012-08-15 20:00 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-02 21:17 . 2012-08-15 20:00 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 22:19 . 2012-07-10 16:54 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-05-04 13:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248] "RTHDCPL"="RTHDCPL.EXE" [2009-02-13 17508864] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-01-27 61440] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= . R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2012-07-03 186880] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-08-13 721000] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-07-03 1684736] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?] S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys --> c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [?] S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?] S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows\system32\DRIVERS\ew_jucdcecm.sys [?] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?] S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys --> c:\windows\system32\DRIVERS\ew_juextctrl.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 20:05] . 2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 20:05] . 2012-11-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-05-04 13:43] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.3.254 FF - ProfilePath - c:\documents and settings\Marta Holc\Dane aplikacji\Mozilla\Firefox\Profiles\gg1uw6s7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.pl FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=A1B225D5-7058-41AB-ABD4-57DFDB32E057&apn_ptnrs=&apn_sauid=4F550EA2-DA9E-42A2-9617-C7FF86D6A6C5&apn_dtid=OSJ000&&q= FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - USUNIĘTO PUSTE WPISY - - - - . ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) HKCU-Run-Nivyilom - c:\documents and settings\Marta Holc\Dane aplikacji\Uguca\ryhei.exe AddRemove-LSI Soft Modem - c:\windows\agrsmdel . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-07 20:10 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(912) c:\windows\system32\Ati2evxx.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\RTHDCPL.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Czas ukończenia: 2012-11-07 20:11:48 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-11-07 19:11 . Przed: 67 994 550 272 bajtów wolnych Po: 69 214 236 672 bajtów wolnych . - - End Of File - - A6FF2783ED9F3A6098BA41CA095DB32C