ComboFix 12-05-17.05 - kkkk 2012-05-17 17:50:17.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3069.2553 [GMT 2:00] Uruchomiony z: f:\documents and settings\kkkk\Pulpit\Bezpiecze˝stwo\ComboFix.exe AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . f:\documents and settings\All Users\0AbGgQ1q.exe f:\documents and settings\All Users\0kajb9U0.exe f:\documents and settings\All Users\10oC30l7.exe f:\documents and settings\All Users\2dB8c0hb.exe f:\documents and settings\All Users\3e9OE30p.exe f:\documents and settings\All Users\3QO7oQN5.exe f:\documents and settings\All Users\5mHE2gU6.exe f:\documents and settings\All Users\6foJq5D2.lnk f:\documents and settings\All Users\7N6MAl3i.exe f:\documents and settings\All Users\7Uo3oOmh.exe f:\documents and settings\All Users\9fB4a9Zj.exe f:\documents and settings\All Users\by905YvN.exe f:\documents and settings\All Users\Dane aplikacji\TEMP f:\documents and settings\All Users\F27qB02v.exe f:\documents and settings\All Users\g870n8ns.exe f:\documents and settings\All Users\jR3aQ4c1.exe f:\documents and settings\All Users\kLd412qM.exe f:\documents and settings\All Users\Menu Start\Programy\Windows Debug Center.lnk f:\documents and settings\All Users\NzTdCo1t.lnk f:\documents and settings\All Users\wWQ0onN3.exe f:\documents and settings\All Users\X0Uw5ESe.exe f:\documents and settings\All Users\x96My7AP.exe f:\documents and settings\All Users\YEf15CNP.exe f:\documents and settings\All Users\YvQyU0cC.exe f:\documents and settings\All Users\ZgKesuKu.exe f:\documents and settings\All Users\zoOX0RKW.exe f:\documents and settings\kkkk\Dane aplikacji\.# f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf f:\documents and settings\kkkk\Dane aplikacji\result.db f:\program files\pity2011ngsetup.exe f:\program files\StartNow Toolbar f:\program files\StartNow Toolbar\ReactivateFF.exe f:\program files\StartNow Toolbar\ReactivateIE.exe f:\program files\StartNow Toolbar\Resources\images\engine_images.png f:\program files\StartNow Toolbar\Resources\images\engine_maps.png f:\program files\StartNow Toolbar\Resources\images\engine_news.png f:\program files\StartNow Toolbar\Resources\images\engine_videos.png f:\program files\StartNow Toolbar\Resources\images\engine_web.png f:\program files\StartNow Toolbar\Resources\images\icon_amazon.png f:\program files\StartNow Toolbar\Resources\images\icon_ebay.png f:\program files\StartNow Toolbar\Resources\images\icon_facebook.png f:\program files\StartNow Toolbar\Resources\images\icon_games.png f:\program files\StartNow Toolbar\Resources\images\icon_msn.png f:\program files\StartNow Toolbar\Resources\images\icon_shopping.png f:\program files\StartNow Toolbar\Resources\images\icon_travel.png f:\program files\StartNow Toolbar\Resources\images\icon_twitter.png f:\program files\StartNow Toolbar\Resources\images\startnow_logo.png f:\program files\StartNow Toolbar\Resources\installer.xml f:\program files\StartNow Toolbar\Resources\skin\chevron_button.png f:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png f:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png f:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png f:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png f:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png f:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png f:\program files\StartNow Toolbar\Resources\skin\separator.png f:\program files\StartNow Toolbar\Resources\skin\splitter.png f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png f:\program files\StartNow Toolbar\Resources\toolbar.xml f:\program files\StartNow Toolbar\Resources\update.xml f:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe f:\program files\StartNow Toolbar\ToolbarBroker.exe f:\program files\StartNow Toolbar\uninstall.dat f:\windows\$NtUninstallKB40381$ f:\windows\$NtUninstallKB40381$\1812074048\@ f:\windows\$NtUninstallKB40381$\1812074048\L\hwbsimna f:\windows\$NtUninstallKB40381$\1812074048\loader.tlb f:\windows\$NtUninstallKB40381$\1812074048\U\@00000001 f:\windows\$NtUninstallKB40381$\1812074048\U\@000000c0 f:\windows\$NtUninstallKB40381$\1812074048\U\@000000cb f:\windows\$NtUninstallKB40381$\1812074048\U\@000000cf f:\windows\$NtUninstallKB40381$\1812074048\U\@80000000 f:\windows\$NtUninstallKB40381$\1812074048\U\@800000c0 f:\windows\$NtUninstallKB40381$\1812074048\U\@800000cb f:\windows\$NtUninstallKB40381$\1812074048\U\@800000cf f:\windows\$NtUninstallKB40381$\3745817364 f:\windows\IsUn0415.exe f:\windows\system32\dds_log_trash.cmd f:\windows\system32\dllcache\dlimport.exe f:\windows\system32\drivers\npf.sys f:\windows\system32\Packet.dll f:\windows\system32\wpcap.dll f:\windows\wc98pp.dll G:\install.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Pliki utworzone od 2012-04-17 do 2012-05-17 ))))))))))))))))))))))))))))))) . . 2012-05-17 15:53 . 2012-05-17 15:53 -------- d-----w- f:\documents and settings\NetworkService\Pulpit 2012-05-17 15:53 . 2012-05-17 15:53 -------- d-----w- f:\documents and settings\NetworkService\Menu Start 2012-05-17 15:48 . 2008-04-14 19:24 188544 ----a-w- f:\windows\system32\drivers\acpi.sys 2012-05-04 16:42 . 2012-05-04 16:42 -------- d-----w- F:\Temp 2012-05-04 12:57 . 2012-05-04 12:57 -------- d-----w- f:\program files\Mozilla Maintenance Service 2012-05-04 12:57 . 2012-05-04 12:57 157352 ----a-w- f:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-04 12:57 . 2012-05-04 12:57 129976 ----a-w- f:\program files\Mozilla Firefox\maintenanceservice.exe 2012-04-28 19:21 . 2012-04-28 19:21 -------- d-----w- f:\documents and settings\kkkk\dwhelper . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 18:26 . 2012-04-11 14:10 419488 ----a-w- f:\windows\system32\FlashPlayerApp.exe 2012-05-05 18:26 . 2011-06-19 06:42 70304 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-12 16:26 . 2012-04-12 16:27 73728 ----a-w- f:\windows\system32\javacpl.cpl 2012-04-12 16:26 . 2011-04-09 12:08 472808 ----a-w- f:\windows\system32\deployJava1.dll 2012-04-04 13:56 . 2012-03-27 17:46 22344 ----a-w- f:\windows\system32\drivers\mbam.sys 2011-12-01 18:03 . 2011-12-01 18:03 2738105 ----a-w- f:\program files\FotoPrezentSetup.exe 2011-11-09 15:34 . 2011-11-09 15:34 1624525 ----a-w- f:\program files\OutCooklite1.2.exe 2012-05-04 12:57 . 2011-04-08 16:46 97208 ----a-w- f:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-09 39408] "Odkurzacz-MCD"="f:\program files\Odkurzacz\odk_mcd.exe" [2011-02-20 370688] "Sony Ericsson PC Companion"="f:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872] "Steam"="f:\program files\Steam\Steam.exe" [2011-08-02 1242448] "Skype"="f:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCU"="f:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320] "RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920] "Sunkist2k"="f:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 139264] "avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768] "Family Tree Builder Update"="f:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376] "LVCOMSX"="f:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="f:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . f:\documents and settings\kkkk\Menu Start\Programy\Autostart\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk - f:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712] . f:\documents and settings\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - f:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "f:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "f:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "f:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "f:\\Program Files\\Sony\\Media Go\\MediaGo.exe"= "f:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"= "f:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "f:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "f:\\Program Files\\Skype\\Phone\\Skype.exe"= "f:\\Program Files\\Steam\\Steam.exe"= "f:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Companion\\PCCompanion.exe"= "f:\\Program Files\\Mozilla Firefox\\firefox.exe"= "f:\\Program Files\\MyHeritage\\Bin\\FTBCheckUpdates.exe"= "f:\\Program Files\\Avira\\AntiVir Desktop\\update.exe"= "f:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "53:UDP"= 53:UDP:Promo . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-09 136360] R2 BCUService;Browser Configuration Utility Service;f:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2011-04-08 219360] R2 HitmanProScheduler;HitmanPro Scheduler;f:\program files\HitmanPro\hmpsched.exe [2012-03-27 105288] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Usługa Google Update (gupdate);f:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 257696] S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [2011-04-08 1691480] S3 gupdatem;Usługa Google Update (gupdatem);f:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;f:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 MozillaMaintenance;Mozilla Maintenance Service;f:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976] S3 osppsvc;Office Software Protection Platform;f:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);f:\windows\system32\drivers\s1039bus.sys [2011-04-12 98672] S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;f:\windows\system32\drivers\s1039mdfl.sys [2011-04-12 14960] S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;f:\windows\system32\drivers\s1039mdm.sys [2011-04-12 124016] S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);f:\windows\system32\drivers\s1039mgmt.sys [2011-04-12 117872] S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);f:\windows\system32\drivers\s1039nd5.sys [2011-04-12 25456] S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;f:\windows\system32\drivers\s1039obex.sys [2011-04-12 113904] S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);f:\windows\system32\drivers\s1039unic.sys [2011-04-12 123504] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;f:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-12 155344] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs websensewfreportserver . Zawartość folderu 'Zaplanowane zadania' . 2012-05-17 f:\windows\Tasks\Adobe Flash Player Updater.job - f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:26] . 2012-01-13 f:\windows\Tasks\AppleSoftwareUpdate.job - f:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-05-17 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job - f:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 11:53] . 2012-05-17 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job - f:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 11:53] . 2012-05-17 f:\windows\Tasks\WGASetup.job - f:\windows\system32\KB905474\wgasetup.exe [2011-10-01 20:18] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - f:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - f:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 84.38.95.199 84.38.95.225 FF - ProfilePath - f:\documents and settings\kkkk\Dane aplikacji\Mozilla\Firefox\Profiles\3nimo9d0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20111230&user_guid=8BF313813AF94F2189866BA497C52AC5&machine_id=44dc27552c4bd0c1ed116710abac99ca&browser=FF&os=win&os_version=5.1-x86-SP3&q= FF - prefs.js: network.proxy.type - 0 . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-Excel 2007 - praktyczny kurs obsługi (poziom podstawowy i średni) - f:\windows\IsUn0415.exe AddRemove-Excel 2007 - praktyczny kurs obsługi (poziom zaawansowany) - f:\windows\IsUn0415.exe AddRemove-JumpStart Advanced Sing-Along Time - f:\program files\Common Files\Knowledge Adventure\Uninstall\SingAlongUn.exe AddRemove-Multimedialne słowniki obcojęzyczne PWN - f:\windows\IsUn0415.exe AddRemove-StartNow Toolbar - f:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe AddRemove-SuperMemo UX - Niemiecki. Kein Problem!+ cz.3 - f:\windows\IsUn0415.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-17 17:59 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(884) f:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3384) f:\windows\system32\msi.dll f:\windows\system32\WPDShServiceObj.dll f:\windows\system32\PortableDeviceTypes.dll f:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . f:\windows\system32\Ati2evxx.exe f:\windows\system32\Ati2evxx.exe f:\windows\system32\rundll32.exe f:\program files\Avira\AntiVir Desktop\avguard.exe f:\program files\Java\jre6\bin\jqs.exe f:\program files\Avira\AntiVir Desktop\avshadow.exe f:\windows\RTHDCPL.EXE f:\windows\system32\wbem\wmiapsrv.exe f:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2012-05-17 18:01:59 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-05-17 16:01 . Przed: 66 167 189 504 bajtów wolnych Po: 67 005 521 920 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe ; ;Warning: Boot.ini is used on Windows XP and earlier operating systems. ;Warning: Use BCDEDIT.exe to modify Windows Vista boot options. ; [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT /USEPMTIMER . - - End Of File - - E29C66E59E008E75965D85A2E0AEBBA0