ComboFix 12-07-14.01 - Zbyszek 2012-07-15 15:10:34.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.8102.6515 [GMT 2:00] Uruchomiony z: c:\users\Zbyszek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GZ8PT5Y\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\BrowserCompanion c:\program files (x86)\BrowserCompanion\BCHelper.exe c:\program files (x86)\BrowserCompanion\blabbers-ch.crx c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi c:\program files (x86)\BrowserCompanion\jsloader.dll c:\program files (x86)\BrowserCompanion\logo.ico c:\program files (x86)\BrowserCompanion\sqlite3.dll c:\program files (x86)\BrowserCompanion\tdataprotocol.dll c:\program files (x86)\BrowserCompanion\toolbar.dll c:\program files (x86)\BrowserCompanion\uninstall.exe c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll c:\program files (x86)\BrowserCompanion\updater.ini c:\program files (x86)\BrowserCompanion\widgetserv.exe c:\program files (x86)\FilmFanaticEI c:\program files (x86)\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll c:\program files (x86)\FilmFanaticEI\Installr\1.bin\paEIPlug.dll c:\program files (x86)\FilmFanaticEI\Installr\1.bin\paEZSETP.dll c:\programdata\hjjyrvjlvypsxuf c:\users\Zbyszek\0.6485366757110392.exe c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossrider.js c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossriderapi.js c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\lib\faye-browser-min.js c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\manage-apps-style.css c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\manage-apps.html c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\messaging.js c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\push.html c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\update.html c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\install.rdf c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\popup.css c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\popup_binding.xml c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\extensions\crossriderapp4479@crossrider.com\skin\update.css c:\windows\IsUn0415.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-15 do 2012-07-15 ))))))))))))))))))))))))))))))) . . 2012-07-15 13:13 . 2012-07-15 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-15 12:56 . 2012-07-15 12:56 -------- d-----w- c:\program files\Google 2012-07-15 12:53 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-07-15 12:41 . 2012-07-15 12:41 -------- d-----w- c:\users\Zbyszek\AppData\Roaming\SumatraPDF 2012-07-15 12:40 . 2012-07-15 12:40 -------- d-----w- c:\users\Zbyszek\AppData\Roaming\BabylonToolbar 2012-07-15 12:40 . 2012-07-15 12:40 -------- d-----w- c:\program files (x86)\BabylonToolbar 2012-07-15 12:40 . 2012-07-15 12:40 -------- d-----w- c:\users\Zbyszek\AppData\Local\Giant Savings 2012-07-15 12:40 . 2012-07-15 12:40 -------- d-----w- c:\program files (x86)\Giant Savings 2012-07-15 12:40 . 2012-07-15 12:47 -------- d-----w- c:\program files (x86)\PDFReader 2012-07-13 20:13 . 2012-07-13 20:13 -------- d-----w- c:\programdata\ernhculgdhknyxx 2012-07-13 06:11 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1F18B7B-F460-4AE5-9C31-1C1490A09D62}\mpengine.dll 2012-07-11 14:01 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 12:22 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-05 22:09 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2012-07-04 19:47 . 2012-07-04 19:47 -------- d-----w- c:\users\Zbyszek\intraterm.data 2012-07-02 20:33 . 2012-07-02 20:33 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-07-02 20:33 . 2012-07-02 20:33 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-30 19:42 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-30 19:42 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-21 11:45 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 11:45 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 11:45 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 11:45 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 11:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 11:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 11:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 11:45 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 11:45 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-20 15:46 . 2012-06-20 15:46 -------- d-----w- c:\program files (x86)\Softonic 2012-06-20 15:43 . 2012-06-20 15:43 -------- d-----w- C:\gry . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-03 16:21 . 2011-10-30 16:58 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2011-10-30 16:58 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2011-10-30 16:58 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2011-10-30 16:58 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2011-10-30 16:58 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2011-10-30 16:58 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2011-10-30 16:58 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-07-03 16:21 . 2011-10-30 16:58 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-03 15:43 . 2012-06-03 15:43 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin 2012-05-13 22:01 . 2012-05-13 22:01 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-13 22:01 . 2011-09-02 21:30 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-13 11:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 11:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 11:50 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 11:50 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 11:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 11:50 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 11:50 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 11:50 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 11:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 11:50 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 11:50 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 11:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 11:50 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 11:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-23 11:51 . 2012-04-23 11:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2012-04-21 22:44 . 2012-04-21 22:44 47616 ----a-r- c:\users\Zbyszek\AppData\Roaming\Microsoft\Installer\{DE220B73-DE13-423F-ABE2-037B8F58BECD}\Icon8C23A9EF.exe 2012-04-21 22:44 . 2012-04-21 22:44 47616 ----a-r- c:\users\Zbyszek\AppData\Roaming\Microsoft\Installer\{DE220B73-DE13-423F-ABE2-037B8F58BECD}\Icon62D45BB91.exe 2012-04-21 22:39 . 2012-04-21 22:39 92160 ----a-r- c:\users\Zbyszek\AppData\Roaming\Microsoft\Installer\{EF7DCBFC-D122-4B61-B46A-61458FCAEF24}\Icon02B93D01.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 14:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}] 2012-05-29 07:05 244840 ----a-w- c:\program files (x86)\Softonic\Softonic\1.5.24.3\bh\Softonic.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] "{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll" [2012-05-29 253032] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}] [HKEY_CLASSES_ROOT\Softonic.dskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\Softonic.dskBnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-19 284440] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 136176] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-02 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-31 1255736] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-19 13592] S2 KMService;KMService;c:\windows\system32\srvany.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608] S3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Zawartość folderu 'Zaplanowane zadania' . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 13:53] . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 13:53] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=b8249c59000000000000f2ec38debb08 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Zbyszek\AppData\Roaming\Mozilla\Firefox\Profiles\bot5yxv5.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=b8249c59000000000000f2ec38debb08 FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=b8249c59000000000000f2ec38debb08&q= FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic_i.newTab - false FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.Softonic.id - b8249c59000000000000f2ec38debb08 FF - user.js: extensions.Softonic.instlDay - 15511 FF - user.js: extensions.Softonic.vrsn - 1.5.24.3 FF - user.js: extensions.Softonic.vrsni - 1.5.24.3 FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.24.317:47 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - orgnl FF - user.js: extensions.Softonic_i.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - base FF - user.js: extensions.Softonic.instlRef - MON00001 FF - user.js: extensions.Softonic.dfltLng - FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - b8249c59000000000000f2ec38debb08 FF - user.js: extensions.BabylonToolbar_i.hardId - b8249c59000000000000f2ec38debb08 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15536 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:40 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - USUNIĘTO PUSTE WPISY - - - - . BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll Wow6432Node-HKLM-Run-SweetIM - c:\program files (x86)\SweetIM\Messenger\SweetIM.exe Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe Wow6432Node-HKLM-Run-Browser companion helper - c:\program files (x86)\BrowserCompanion\BCHelper.exe WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe AddRemove-Szkoła podstawowa klasa 5 - Tajemnice przyrody - c:\windows\IsUn0415.exe AddRemove-Smart Fortress 2012 - c:\programdata\B7E858A7000E428E0000010EB4EB2367\B7E858A7000E428E0000010EB4EB2367.exe AddRemove-Sweet Home 3D - c:\windows\system32\javaws.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\SysWOW64\srvany.exe c:\windows\KMService.exe . ************************************************************************** . Czas ukończenia: 2012-07-15 15:18:01 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-07-15 13:18 . Przed: 33 399 349 248 bajtów wolnych Po: 37 271 445 504 bajtów wolnych . - - End Of File - - 02811CA93197CC9001F91ECCA235446B