ComboFix 11-10-24.02 - WWW 2011-10-23 19:37:49.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1791.1151 [GMT 2:00] Uruchomiony z: f:\nowy folder\ComboFix.exe AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Panda Global Protection 2012 *Enabled/Updated* {8BF935E7-731F-4115-B7A5-789FF5087595} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} FW: Panda Personal Firewall 2012 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} . . ((((((((((((((((((((((((( Pliki utworzone od 2011-09-24 do 2011-10-24 ))))))))))))))))))))))))))))))) . . 2011-10-16 16:36 . 2011-10-19 07:20 -------- d-----w- C:\Downloads 2011-10-16 16:16 . 2011-10-23 14:46 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2011-10-16 16:11 . 2011-10-22 20:09 252280 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2011-10-16 16:11 . 2010-09-09 14:23 193864 ----a-w- c:\windows\system32\drivers\idsflt.sys 2011-10-16 16:11 . 2009-09-25 12:54 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys 2011-10-16 16:11 . 2009-09-25 12:54 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys 2011-10-16 16:10 . 2011-01-31 14:41 83528 ----a-w- c:\windows\system32\drivers\APPFLT.SYS 2011-10-16 16:10 . 2009-09-25 12:54 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS 2011-10-16 16:10 . 2009-09-25 12:54 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys 2011-10-16 16:10 . 2010-06-22 16:13 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys 2011-10-16 16:10 . 2007-03-15 17:38 54832 ----a-w- c:\windows\system32\pavcpl.cpl 2011-10-16 16:10 . 2003-10-22 16:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll 2011-10-16 16:10 . 2010-06-21 15:02 193344 ----a-w- c:\windows\system32\TpUtil.dll 2011-10-16 16:10 . 2010-06-21 15:01 87360 ----a-w- c:\windows\system32\PavLspHook.dll 2011-10-16 16:10 . 2010-06-21 15:01 55616 ----a-w- c:\windows\system32\pavipc.dll 2011-10-16 16:10 . 2007-02-08 08:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL 2011-10-16 16:10 . 2010-06-21 15:01 520000 ----a-w- c:\windows\system32\PavSHook.dll 2011-10-16 16:09 . 2010-09-01 09:09 201032 ----a-w- c:\windows\system32\drivers\neti1644.sys 2011-10-16 16:09 . 2011-10-16 16:09 -------- d-----w- c:\windows\system32\PAV 2011-10-16 16:09 . 2010-05-21 11:50 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys 2011-10-16 16:09 . 2010-03-24 10:55 55552 ----a-w- c:\windows\system32\avldr.dll 2011-10-16 16:09 . 2011-02-21 12:38 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2011-10-16 16:09 . 2010-05-06 15:11 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys 2011-10-16 16:09 . 2011-10-16 16:09 -------- d-----w- c:\program files\Common Files\Panda Security 2011-10-09 23:53 . 2011-10-09 23:53 -------- d-----w- c:\documents and settings\WWW\Dane aplikacji\UltimateZip 2011-10-09 23:53 . 2011-10-23 17:29 -------- d-----w- c:\program files\UltimateZip 2011-10-09 18:19 . 2010-09-16 09:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2011-10-09 18:19 . 2008-04-02 13:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2011-10-09 18:19 . 2008-04-02 13:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2011-10-09 18:19 . 2008-04-02 13:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2011-10-09 18:18 . 2011-10-09 18:18 -------- d-----w- c:\program files\Common Files\PC Tools 2011-09-29 14:07 . 2008-04-14 20:51 28672 ------w- c:\windows\system32\vidcap.ax 2011-09-29 14:05 . 2008-04-14 20:50 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll 2011-09-29 14:04 . 2006-12-28 22:31 19569 ----a-w- c:\windows\000001_.tmp 2011-09-28 22:53 . 2011-09-29 00:04 -------- d-----w- c:\documents and settings\WWW\Dane aplikacji\Sammsoft 2011-09-28 20:49 . 2011-09-28 20:49 -------- d-----w- c:\documents and settings\TEMP.OK 2011-09-28 08:34 . 2011-09-28 08:34 -------- d-----w- c:\documents and settings\WWW\Ustawienia lokalne\Dane aplikacji\Innovative Solutions 2011-09-28 08:34 . 2011-09-28 08:34 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Innovative Solutions 2011-09-27 02:17 . 2011-10-19 07:35 -------- d-----w- c:\documents and settings\WWW\.VirtualBox 2011-09-27 02:16 . 2011-09-27 02:16 -------- d-----w- c:\program files\SweetIM 2011-09-27 02:16 . 2011-09-27 02:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SweetIM 2011-09-27 02:03 . 2011-09-27 02:03 -------- d-----w- C:\ManageEngine 2011-09-26 09:41 . 2011-09-26 09:41 23040 ------w- c:\windows\system32\dllcache\oleaccrc.dll 2011-09-26 09:41 . 2011-09-26 09:41 220160 ------w- c:\windows\system32\dllcache\oleacc.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-23 17:24 . 2010-06-22 14:10 98304 ----a-w- c:\windows\DUMP5515.tmp 2011-10-22 13:55 . 2010-06-22 14:10 98304 ----a-w- c:\windows\DUMP55f0.tmp 2011-10-19 06:43 . 2010-06-22 14:10 98304 ----a-w- c:\windows\DUMP54f6.tmp 2011-10-19 00:54 . 2010-06-22 14:10 98304 ----a-w- c:\windows\DUMP4cb8.tmp 2011-10-18 20:42 . 2010-06-22 14:10 98304 ----a-w- c:\windows\DUMP510e.tmp 2011-10-18 20:41 . 2010-06-22 14:10 98304 ----a-w- c:\windows\DUMP5cc6.tmp 2011-10-11 00:45 . 2010-06-22 14:10 98304 ----a-w- c:\windows\DUMP4ab5.tmp 2011-10-07 08:22 . 2010-06-22 14:10 98304 ----a-w- c:\windows\DUMP5c49.tmp 2011-10-07 03:26 . 2010-06-22 14:10 98304 ----a-w- c:\windows\DUMP4a76.tmp 2011-09-26 09:41 . 2008-07-29 17:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2001-10-26 17:28 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2001-10-26 17:29 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-14 19:46 . 2010-06-22 14:10 98304 ----a-w- c:\windows\DUMP5d91.tmp 2011-09-09 09:12 . 2008-04-14 20:50 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-07 15:05 . 2010-06-22 14:10 98304 ----a-w- c:\windows\DUMP4cf7.tmp 2011-09-06 14:10 . 2008-04-14 19:35 1859200 ----a-w- c:\windows\system32\win32k.sys 2011-09-03 13:31 . 2011-03-06 19:05 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp 2011-08-22 23:40 . 2008-03-01 14:02 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:40 . 2008-05-02 06:47 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:40 . 2008-03-01 14:02 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:58 . 2008-05-02 06:47 385024 ----a-w- c:\windows\system32\html.iec 2011-08-17 13:49 . 2008-04-13 22:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-07-28 16:27 . 2011-07-28 16:27 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2010-04-20 18:05 . 2010-01-21 12:52 858 ----a-w- c:\program files\Common Files\userInit.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbInc0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] 2011-05-30 13:35 89008 ----a-w- c:\progra~1\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2011-06-24 17:37 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}] 2011-01-17 14:54 175912 ----a-w- c:\program files\NCH\prxtbNC2.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] 2011-01-17 14:54 175912 ----a-w- c:\program files\IncrediMail_MediaBar_2\prxtbInc0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2011-08-24 16:21 1299248 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}"= "c:\program files\NCH\prxtbNC2.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312] "{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbInc0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "DATAMNGR"="c:\progra~1\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe" [2011-08-09 1599920] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-09-17 273528] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992] "APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" [2011-04-13 1000768] "SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2012\Inicio.exe" [2011-02-02 70464] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\WWW\Menu Start\Programy\Autostart\ UltimateZip Quick Start.lnk - c:\program files\UltimateZip\uzqkst.exe [2011-10-10 1614336] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 10:55 55552 ----a-w- c:\windows\system32\avldr.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^Kaczek_2^Menu Start^Programy^Autostart^Ubisoft register.lnk] path=c:\documents and settings\Kaczek_2\Menu Start\Programy\Autostart\Ubisoft register.lnk backup=c:\windows\pss\Ubisoft register.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2010-07-10 12:56 1015808 ----a-w- e:\ares\Ares.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-12-08 12:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!] 2011-05-30 14:21 19764728 ----a-w- c:\program files\ipla\ipla.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper] 2011-06-24 13:54 941968 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] 2011-06-24 13:54 20880 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] 2011-06-24 13:54 3373968 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-03-20 12:32 1312256 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2003-09-11 11:32 958464 ----a-w- e:\cs 1.6\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"= "c:\\Program Files\\iMesh Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9023:TCP"= 9023:TCP:BitComet 9023 TCP "9023:UDP"= 9023:UDP:BitComet 9023 UDP . R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2011-10-16 26696] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-06-25 717296] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2011-10-16 83528] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2011-10-16 53256] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2011-10-16 22024] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2011-10-16 193864] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2011-10-16 18:10 159112] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2011-10-16 37448] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2011-09-19 123856] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2011-09-19 41680] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2011-10-16 46856] R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2011-10-16 59080] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2011-10-16 163848] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-10-09 632792] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2012\psksvc.exe [2011-10-16 28992] R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?] R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [2011-10-16 201032] R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-05-09 99728] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-05-09 110608] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 dlgx1;dlgx1;c:\windows\system32\dlg.exe --> c:\windows\system32\dlg.exe [?] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 136176] S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2011-10-16 13880] S3 EraserUtilDrv11113;EraserUtilDrv11113;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [2011-10-14 105592] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 136176] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-09-15 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-09-15 8320] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-05-03 98432] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-05-03 14848] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-05-03 123648] S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2011-05-03 100224] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] . Zawartość folderu 'Zaplanowane zadania' . 2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 08:01] . 2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 08:01] . 2011-10-16 c:\windows\Tasks\Podstawowe porządkowanie.job - c:\program files\Panda Security\Panda Global Protection 2012\PlaTasks.exe [2011-10-16 12:23] . 2011-10-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-854245398-682003330-1010.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22] . 2011-10-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-854245398-682003330-1010.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22] . 2011-10-21 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2011-10-09 08:02] . 2011-10-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-05-17 11:29] . 2010-10-29 c:\windows\Tasks\tonegenSevenDays.job - c:\program files\NCH Software\ToneGen\tonegen.exe [2010-10-29 12:39] . 2010-10-29 c:\windows\Tasks\tonegenShakeIcon.job - c:\program files\NCH Software\ToneGen\tonegen.exe [2010-10-29 12:39] . 2011-10-23 c:\windows\Tasks\User_Feed_Synchronization-{3EFB033F-EF17-4CB7-9F6A-329781CC9565}.job - c:\windows\system32\msfeedssync.exe [2008-05-02 02:31] . . ------- Skan uzupełniający ------- . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.google.pl/ig?hl=pl mStart Page = hxxp://startsear.ch uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm TCP: DhcpNameServer = 91.192.167.4 91.189.216.9 DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx FF - ProfilePath - c:\documents and settings\WWW\Dane aplikacji\Mozilla\Firefox\Profiles\l8pxaxsz.default\ FF - prefs.js: browser.search.selectedEngine - qooqlle FF - prefs.js: browser.startup.homepage - hxxp://www.qooqlle.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q= FF - prefs.js: network.proxy.ftp - 127.0.0.1 FF - prefs.js: network.proxy.ftp_port - 9666 FF - prefs.js: network.proxy.gopher - 127.0.0.1 FF - prefs.js: network.proxy.gopher_port - 9666 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 9666 FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 9666 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 9666 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - USUNIĘTO PUSTE WPISY - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) URLSearchHooks-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file) WebBrowser-{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - (no file) HKCU-Run-Nowe Gadu-Gadu - e:\nowe gadu-gadu\gg.exe HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKLM-Run-csrs - c:\documents and settings\All Users\csrs.exe HKLM-Run-svhost - c:\program files\Common Files\svhost.exe HKLM-Run-winloqon - c:\documents and settings\All Users\winloqon.exe Notify-LogonInit - logonInit.dll SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-ALLUpdate - e:\allplayer\ALLUpdate.exe MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe MSConfigStartUp-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe MSConfigStartUp-DrvIcon - c:\program files\Vista Drive Icon\DrvIcon.exe MSConfigStartUp-PrzyspieszKomputer - c:\program files\Przyspiesz Komputer\przyspieszkomputer.exe MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe MSConfigStartUp-SpeedBitVideoAccelerator - c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe MSConfigStartUp-STYLEXP - c:\program files\TGTSoft\StyleXP\StyleXP.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe AddRemove-Icy Tower_is1 - c:\games\icytower1.2\unins000.exe AddRemove-QuickStores-Toolbar_is1 - c:\documents and settings\Kaczek_2\Dane aplikacji\QuickStoresToolbar\unins000.exe AddRemove-Searchqu 0 MediaBar - c:\program files\Windows Searchqu Toolbar\uninstall.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe AddRemove-FoxTab PDF Converter - c:\program files\FoxTabPDFConverter\Uninstall\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-24 19:44 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Lada2112 Police Mod] "Install Dir"="e:\\NFSMW~1" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(1692) c:\windows\system32\Ati2evxx.dll c:\windows\system32\avldr.dll . - - - - - - - > 'explorer.exe'(28336) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\pl-pl\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\pl-pl\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\msi.dll c:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL c:\program files\Tracker Software\Shell Extensions\XCShInfo.dll . Czas ukończenia: 2011-10-24 19:47:18 ComboFix-quarantined-files.txt 2011-10-24 17:47 . Przed: 5 831 462 912 bajtów wolnych Po: 5 843 132 416 bajtów wolnych . Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - E5F4E38B7EC7317AF6CD0AE9AF9FEE71