ComboFix 10-07-11.07 - Agnieszka 2010-07-12 21:37:43.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.48.1045.18.2046.1212 [GMT 2:00] Uruchomiony z: c:\users\Agnieszka\Desktop\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\gaopdxcounter c:\windows\xpsp1hfm.log . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_gaopdxserv.sys -------\Service_gaopdxserv.sys ((((((((((((((((((((((((( Pliki utworzone od 2010-06-12 do 2010-07-12 ))))))))))))))))))))))))))))))) . 2010-07-13 01:06 . 2010-07-13 01:06 -------- d-----w- C:\_OTL 2010-07-12 19:46 . 2010-07-12 19:51 -------- d-----w- c:\users\Agnieszka\AppData\Local\temp 2010-07-12 18:59 . 2010-07-12 18:59 -------- d-----w- c:\users\Agnieszka\AppData\Roaming\Vidalia 2010-07-12 18:56 . 2010-07-12 18:58 -------- d-----w- C:\OTLPE 2010-07-11 13:30 . 2010-07-11 13:30 -------- d-----w- C:\found.004 2010-07-10 16:47 . 2010-07-10 16:47 -------- d-----w- C:\found.003 2010-07-09 20:04 . 2010-07-09 20:04 -------- d-----w- C:\found.002 2010-07-09 19:38 . 2010-07-09 19:38 -------- d-----w- C:\found.001 2010-06-23 16:58 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-23 16:58 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-06-23 16:58 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-06-23 16:58 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-06-23 16:58 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-06-23 10:48 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-06-23 10:48 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-06-22 18:17 . 2010-06-22 18:17 -------- d-----w- c:\program files\Microsoft Synchronization Services 2010-06-22 18:16 . 2010-06-22 18:16 -------- d-----w- c:\windows\PCHEALTH 2010-06-22 18:16 . 2010-06-22 18:16 -------- d-----w- c:\program files\Microsoft.NET 2010-06-22 18:16 . 2010-06-22 18:16 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-06-22 18:16 . 2010-06-22 18:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-06-22 18:13 . 2010-06-22 18:13 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-06-22 18:12 . 2010-06-22 18:12 -------- d-----w- c:\program files\Microsoft Analysis Services 2010-06-21 16:25 . 2010-06-21 16:25 -------- d-----w- c:\users\Agnieszka\AppData\Roaming\Flircik 2010-06-21 16:25 . 2010-06-21 16:25 -------- d-----w- c:\users\Agnieszka\AppData\Roaming\AutoUpdate 2010-06-21 16:25 . 2010-06-21 16:25 -------- d-----w- c:\program files\Onet 2010-06-17 19:04 . 2010-06-17 19:17 -------- d-----w- c:\programdata\NOS . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-12 19:51 . 2008-11-12 18:51 42427 ----a-w- c:\programdata\nvModes.dat 2010-07-12 19:47 . 2008-11-05 17:20 12 ----a-w- c:\windows\bthservsdp.dat 2010-07-12 19:40 . 2008-01-21 06:20 662056 ----a-w- c:\windows\system32\perfh015.dat 2010-07-12 19:40 . 2008-01-21 06:20 126908 ----a-w- c:\windows\system32\perfc015.dat 2010-07-12 18:59 . 2009-12-14 10:41 -------- d-----w- c:\users\Agnieszka\AppData\Roaming\Tor 2010-07-12 17:37 . 2009-11-23 19:48 -------- d-----w- c:\users\Agnieszka\AppData\Roaming\Gadu-Gadu 10 2010-06-28 20:16 . 2009-03-24 20:44 1 ----a-w- c:\users\Agnieszka\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-06-23 10:35 . 2008-11-14 16:07 106960 ----a-w- c:\users\Hania.Agnieszka-PC\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-22 19:46 . 2009-04-10 18:45 -------- d-----w- c:\programdata\Microsoft Help 2010-06-22 18:39 . 2008-11-12 18:52 106960 ----a-w- c:\users\Agnieszka\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-22 18:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild 2010-06-17 16:08 . 2009-04-15 17:01 117760 ----a-w- c:\users\Agnieszka\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-14 18:12 . 2008-11-23 12:49 -------- d-----w- c:\users\Agnieszka\AppData\Roaming\BESTplayer 2010-06-09 21:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-02 14:40 . 2009-03-16 17:31 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-02 14:40 . 2008-11-12 19:13 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-26 17:06 . 2010-06-09 09:44 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-09 09:44 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-19 18:08 . 2009-12-20 17:04 -------- d-----w- c:\program files\Norton Security Scan 2010-05-19 18:08 . 2009-09-28 16:55 -------- d-----w- c:\programdata\Norton 2010-05-19 18:08 . 2009-09-28 16:55 -------- d-----w- c:\programdata\Symantec 2010-05-17 17:09 . 2010-03-27 19:00 -------- d-----w- c:\programdata\Gadu-Gadu 10 2010-05-17 17:09 . 2009-11-23 19:48 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-05-16 10:56 . 2010-05-16 10:56 -------- d-----w- c:\program files\IKEA HomePlanner 2010-05-16 10:56 . 2009-03-03 19:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-06 19:40 . 2010-05-06 19:40 52224 ----a-w- c:\users\Agnieszka\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-05-06 17:11 . 2008-11-12 19:27 7592 ----a-w- c:\users\Agnieszka\AppData\Local\d3d9caps.dat 2010-05-04 19:15 . 2010-06-09 09:44 834048 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 18:37 . 2010-06-09 09:44 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 14:05 . 2010-05-04 14:05 42080 ----a-w- c:\programdata\Gadu-Gadu 10\_userdata\ggbho.2.dll 2010-05-01 14:13 . 2010-06-09 09:34 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-04-23 14:13 . 2010-05-26 17:39 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-16 16:43 . 2010-06-23 10:48 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-04-16 16:43 . 2010-06-23 10:48 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-04-16 16:43 . 2010-06-23 10:48 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-04-16 16:43 . 2010-06-23 10:48 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2008-11-05 17:22 . 2008-11-05 17:22 76 --sh--r- c:\windows\CT4CET.bin 2008-11-06 01:52 . 2008-11-06 01:51 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] 2009-11-03 19:12 556432 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-05 1994480] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-05-04 11981408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-22 159744] "RtHDVCpl"="RtHDVCpl.exe" [2008-02-22 4907008] "OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-07-17 36864] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-15 13543968] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-15 92704] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-08-15 96800] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] c:\users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ USDownloader - skr˘t.lnk - c:\users\Agnieszka\Desktop\USDownloader135\USDownloader.exe [2010-6-3 530432] USDownloader.exe.manifest [2010-6-5 506] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-05 07:57 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2009-09-26 21:32 83312 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2008-07-03 12:29 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager] 2007-07-27 15:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-02-24 19:04 135664 ----atw- c:\users\Agnieszka\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] 2007-06-18 13:10 271360 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2008-05-23 13:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-04-13 17:32 98304 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-12-04 13:49 146432 ----a-w- c:\program files\Common Files\Real\Update_OB\evntsvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center] 2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):00,d4,36,85,c9,3e,ca,01 R3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\system32\DRIVERS\BthAvrcp.sys [2007-05-05 12800] R3 BTHFILT;Filtr poleceń Bluetooth;c:\windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824] R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-10 691696] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-03-11 216200] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-02 242896] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-27 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-07 74480] S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-22 77824] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-11 916760] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-11 308064] S2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488] S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-08-27 51288] S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-08-27 43608] S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2008-07-17 7424] S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-07-17 235840] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Zawartość folderu 'Zaplanowane zadania' 2010-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3961302634-3636888386-4244122120-1000Core.job - c:\users\Agnieszka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-24 19:04] 2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3961302634-3636888386-4244122120-1000UA.job - c:\users\Agnieszka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-24 19:04] 2010-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3961302634-3636888386-4244122120-1001Core.job - c:\users\Hania.Agnieszka-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 09:32] 2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3961302634-3636888386-4244122120-1001UA.job - c:\users\Hania.Agnieszka-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 09:32] 2010-07-12 c:\windows\Tasks\User_Feed_Synchronization-{A6BEAA12-DC8A-4E23-9EF3-1A0E932E31E5}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:34] 2010-07-12 c:\windows\Tasks\User_Feed_Synchronization-{AF1DA70D-F52D-40EE-B124-3883F1E4D88A}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:34] . . ------- Skan uzupełniający ------- . uStart Page = google.pl IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - /105 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\ndq29pun.default\ FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpverplug.dll FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\users\Agnieszka\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\users\Agnieszka\AppData\Roaming\Gadu-Gadu 10\_userdata\npgg.2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - USUNIĘTO PUSTE WPISY - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKCU-Run-Twoje TVN24 - (no file) HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe MSConfigStartUp-Onet - c:\program files\Common Files\Onet.pl\AutoUpdate.exe AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Ahead\nero\uninstall\UNNERO.exe ************************************************************************** skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-3961302634-3636888386-4244122120-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E678BED1-7824-B728-950F-75CB7F739694}*] @Allowed: (Read) (RestrictedCode) "oalngiicamdpmpelcpnomnmejleccm"=hex:61,69,6a,62,70,61,6d,6e,65,6f,70,6c,64,63, 65,67,69,6f,61,67,6c,69,6c,68,66,6c,6a,65,6e,6a,64,6a,61,6b,6d,68,6f,6c,69,\ "iaimcmgbhimlpmhoai"=hex:6a,61,66,62,62,70,6f,70,6a,64,64,68,65,65,68,61,65,6d, 69,6b,00,04 "haommjdlgekmpoeo"=hex:6a,61,66,62,62,70,6f,70,6a,64,64,68,65,65,68,61,65,6d, 69,6b,00,01 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'Explorer.exe'(3208) c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_pol.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\WLANExt.exe c:\windows\system32\DRIVERS\o2flash.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\system32\rundll32.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\AVG\AVG9\avgtray.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Czas ukończenia: 2010-07-12 21:58:22 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-07-12 19:58 Przed: 125 802 926 080 bajtów wolnych Po: 127 710 527 488 bajtów wolnych - - End Of File - - 71DC5EB72220D3FC25BF393E3B073AA6