ComboFix 11-02-12.02 - ewa 2011-02-13 19:28:49.3.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1250.48.1033.18.2039.1361 [GMT 1:00] Uruchomiony z: c:\users\ewa\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Poprzednie uruchomienie ------- . c:\program files\DoubleD c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Cache\248d6576afce4ee94af42d7350131106.gif c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Cache\24a70fb875fab686b6b3c217612bc07c.gif c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Cache\default1.dat c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Cache\loading.dat c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Cache\loading.gif c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Cursor.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_DailyVideo.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Game.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Glitter.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Logo.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Option.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Recipe.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Ringtone.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Screensaver.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Search.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Smiley.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Smiley_Config.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Smiley_TellAFriend.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Wallpaper.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\Module_Web.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\pixel.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\ProductInfo.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\profile.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\SearchEngineList.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\tbcore.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\ToolbarLayout.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\UpdateCentre.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\UpdateCentreBk.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\URLDynamic.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Data\URLStatic.mx c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\FFToolbar\chrome.manifest c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\FFToolbar\chrome\GamingHarborToolbar.jar c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\FFToolbar\chrome\locale\en-US\global.dtd c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\FFToolbar\components\DDAutoComplete.js c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\FFToolbar\components\ISmileyCore.xpt c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\FFToolbar\components\TBFFHelper.js c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\FFToolbar\components\TBFFHelper.xpt c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\FFToolbar\install.rdf c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\FFToolbar\searchplugins\gamingharborsearchplugins.xml c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\gdiplus.dll c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\About.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Component_ComboBox.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Cursor.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Cursor.png c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_DailyVideo.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Game.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Glitter.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Glitter.png c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Logo.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Option.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Recipe.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Ringtone.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Screensaver.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Search.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Smiley.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Smiley.png c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Wallpaper.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\Module_Web.mg c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnDefault.png c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnDisplay.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnDisplay.png c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnDisplay18.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnDisplay20.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnGlitters.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnGlitters.png c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnGlitters18.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnGlitters20.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnOption.png c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnSmiley.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnSmiley.png c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnSmiley18.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnSmiley20.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnTellFd.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnTellFd.png c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnTellFd18.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnTellFd20.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnWink.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnWink.png c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnWink18.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Icons\TBBtnWink20.bmp c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\mfc80.dll c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Microsoft.VC80.CRT.manifest c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Microsoft.VC80.MFC.manifest c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\msvcr80.dll c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\OEActiveXDLL.dll c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\SkinCrafterDll.dll c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Skins\myskin1.skf c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Skins\myskin2.skf c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Skins\myskin3.skf c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Skins\myskin4.skf c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Skins\TellafriendSkin.skf c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Skins\TellafriendSkin_s.skf c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\Skins\ToastSkin.skf c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stbAol.dll c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stbIE.dll c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stbMsn.dll c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stbOL.dll c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stbOLEX.dll c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stbYahoo8.dll c:\program files\System Search Dispatcher c:\program files\System Search Dispatcher\1.3.0.840\Data\eacore.mx c:\program files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx c:\program files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx c:\program files\System Search Dispatcher\1.3.0.840\unins000.dat c:\program files\System Search Dispatcher\1.3.0.840\unins000.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SfX ((((((((((((((((((((((((( Pliki utworzone od 2011-01-13 do 2011-02-13 ))))))))))))))))))))))))))))))) . 2011-02-13 18:39 . 2011-02-13 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-11 16:34 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D7F5DE7-071A-4559-BC35-E8D18C0AF346}\mpengine.dll 2011-02-09 18:58 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys 2011-02-09 18:58 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-02-09 18:58 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-02-09 18:58 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll 2011-02-09 18:56 . 2010-12-18 06:28 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2011-02-09 18:56 . 2010-12-18 06:27 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-09 18:56 . 2010-12-18 06:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-09 18:56 . 2010-12-18 06:22 247808 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2011-02-09 18:56 . 2010-12-18 06:22 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2011-02-09 18:56 . 2010-12-18 05:25 385024 ----a-w- c:\windows\system32\html.iec 2011-02-08 20:53 . 2011-02-08 20:53 -------- d-----w- c:\program files\iPod 2011-02-08 20:43 . 2011-02-08 20:43 -------- d-----w- c:\program files\Safari . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-13 08:47 . 2010-11-11 12:56 38848 ----a-w- c:\windows\avastSS.scr 2011-01-13 08:47 . 2009-09-14 12:49 188216 ----a-w- c:\windows\system32\aswBoot.exe 2011-01-13 08:41 . 2009-09-14 12:49 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-01-13 08:40 . 2009-09-14 12:49 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-01-13 08:37 . 2009-09-14 12:49 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-01-13 08:37 . 2009-09-14 12:49 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-01-13 08:37 . 2009-09-14 12:49 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-12-28 15:55 . 2011-01-12 16:03 413696 ----a-w- c:\windows\system32\odbc32.dll 2010-12-14 14:49 . 2011-01-12 16:03 1169408 ----a-w- c:\windows\system32\sdclt.exe 2010-12-13 19:08 . 2010-12-13 19:08 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2010-12-13 19:08 . 2010-12-13 19:08 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-12-05 22:07 . 2010-12-05 22:07 2395047 ------w- C:\UsbFix_Upload_Me_EWA-PC.zip 2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-07-21 2215960] "{8532a8b7-c06a-41bb-936a-8ce73e4711ed}"= "c:\program files\gry\tbgry.dll" [2009-10-01 2166296] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CLASSES_ROOT\clsid\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}] 2009-10-01 16:29 2166296 ----a-w- c:\program files\gry\tbgry.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-05-19 12:37 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2009-07-21 16:55 2215960 ----a-w- c:\program files\free-downloads.net\tbfre1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-07-21 2215960] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712] "{8532a8b7-c06a-41bb-936a-8ce73e4711ed}"= "c:\program files\gry\tbgry.dll" [2009-10-01 2166296] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-07-21 2215960] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712] "{8532A8B7-C06A-41BB-936A-8CE73E4711ED}"= "c:\program files\gry\tbgry.dll" [2009-10-01 2166296] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-14 149280] "QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [BU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 137752] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-20 113664] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-18 727592] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-27 197904] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2007-06-08 16:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 135664] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131] R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-11 717296] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [2007-12-11 65536] S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-05-08 540448] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [2007-12-11 1531989] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 bthsvcs REG_MULTI_SZ BthServ ddnsfilter REG_MULTI_SZ ddnsfilter LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' 2011-02-13 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-07-24 07:55] 2011-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 19:25] 2011-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 19:25] 2011-02-06 c:\windows\Tasks\HPCeeScheduleForewa.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-06-27 22:07] 2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{96C8F695-45FB-444B-AF70-2A6EC7D858B6}.job - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47] . . ------- Skan uzupełniający ------- . uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: {73A75A19-2F09-49A4-A229-E505C115CA35} = 10.1.1.1,10.2.1.1 FF - ProfilePath - c:\users\ewa\AppData\Roaming\Mozilla\Firefox\Profiles\hkpwjpno.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://hotspot.rdi.pl/login?dst=http%3A%2F%2Fnasza-klasa.pl%2F FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - prefs.js: network.proxy.type - 2 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-13 19:39 Windows 6.0.6002 Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1401543007-970258375-478083647-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%ô*y*] @Class="Shell" @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1401543007-970258375-478083647-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%ô*y*\OpenWithList] @Class="Shell" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'Explorer.exe'(4680) c:\windows\system32\btmmhook.dll . Czas ukończenia: 2011-02-13 19:43:57 ComboFix-quarantined-files.txt 2011-02-13 18:43 Przed: 15 910 064 128 bytes free Po: 15 901 720 576 bytes free Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11 - - End Of File - - 0ADE61549AAD24AD037EE7A08B1BC4E3