ComboFix 11-01-25.05 - Carol 2011-01-27 1:46.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1033.18.3002.2172 [GMT 0:00] Uruchomiony z: c:\users\Carol\Desktop\Programy\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Pliki utworzone od 2010-12-27 do 2011-01-27 ))))))))))))))))))))))))))))))) . 2011-01-27 01:50 . 2011-01-27 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-21 15:07 . 2011-01-21 15:07 -------- d-----w- C:\$AVG 2011-01-21 14:36 . 2011-01-21 14:36 -------- d-----w- c:\users\Carol\AppData\Roaming\AVG10 2011-01-21 14:35 . 2011-01-21 14:35 -------- d--h--w- c:\programdata\Common Files 2011-01-21 14:34 . 2011-01-27 01:38 -------- d-----w- c:\programdata\AVG10 2011-01-21 14:29 . 2011-01-21 14:29 -------- d-----w- c:\program files (x86)\AVG 2011-01-21 11:34 . 2011-01-21 14:29 -------- d-----w- c:\programdata\MFAData 2011-01-19 04:04 . 2011-01-19 04:04 -------- d-----w- c:\users\Carol\AppData\Roaming\Nero 2011-01-15 23:27 . 2011-01-15 23:36 -------- d-----w- c:\users\Carol\AppData\Roaming\Tibia 2011-01-15 23:27 . 2011-01-24 22:33 -------- d-----w- c:\program files (x86)\Tibia 2011-01-15 08:44 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll 2011-01-15 08:44 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-01-15 08:44 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll 2011-01-15 08:44 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-01-15 08:44 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-01-15 08:44 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-01-15 08:44 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2011-01-15 08:44 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2011-01-15 08:44 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2011-01-15 08:44 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2011-01-06 05:22 . 2011-01-06 05:22 -------- d-----w- c:\users\Carol\AppData\Roaming\Gamelab 2011-01-06 05:14 . 2011-01-06 05:14 -------- d-----w- c:\programdata\InterAction studios . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-12 18:53 . 2010-11-01 23:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2010-11-07 17:09 . 2010-11-07 17:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2010-11-07 17:09 . 2010-11-07 17:09 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2010-11-07 17:09 . 2010-11-07 17:09 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2010-11-04 06:35 . 2010-12-15 23:31 1194496 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 06:31 . 2010-12-15 23:31 57856 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 05:52 . 2010-12-15 23:31 978944 ----a-w- c:\windows\SysWow64\wininet.dll 2010-11-04 05:48 . 2010-12-15 23:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2010-11-04 05:16 . 2010-12-15 23:31 482816 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:41 . 2010-12-15 23:31 386048 ----a-w- c:\windows\SysWow64\html.iec 2010-11-04 04:35 . 2010-12-15 23:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-04 04:08 . 2010-12-15 23:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2010-11-02 05:18 . 2010-12-15 23:31 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-02 05:17 . 2010-12-15 23:31 1169408 ----a-w- c:\windows\system32\taskschd.dll 2010-11-02 05:17 . 2010-12-15 23:31 473600 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-02 05:16 . 2010-12-15 23:31 1114624 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-02 05:10 . 2010-12-15 23:31 464384 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 05:10 . 2010-12-15 23:31 285696 ----a-w- c:\windows\system32\schtasks.exe 2010-11-02 04:40 . 2010-12-15 23:31 496128 ----a-w- c:\windows\SysWow64\taskschd.dll 2010-11-02 04:40 . 2010-12-15 23:31 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll 2010-11-02 04:34 . 2010-12-15 23:31 192000 ----a-w- c:\windows\SysWow64\taskeng.exe 2010-11-02 04:34 . 2010-12-15 23:31 179712 ----a-w- c:\windows\SysWow64\schtasks.exe 2010-10-30 22:05 . 2010-04-14 11:28 6 ----a-w- c:\windows\system32\PLD_Framework.cmd . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592] "IPLA!"="c:\program files (x86)\ipla\ipla.exe" [2010-11-15 18633728] "Gadu-Gadu 10"="c:\program files (x86)\Gadu-Gadu 10\gg.exe" [2010-12-16 12984928] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-14 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-03-08 258560] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-04-14 600688] "DataCardMonitor"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-11-01 253952] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 135664] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-02 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-16 503352] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-03-17 866336] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-03-08 250368] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304] . Zawartość folderu 'Zaplanowane zadania' 2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 01:47] 2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 01:47] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-15 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-15 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-15 365592] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-02-26 206208] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-03-17 860704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Skan uzupełniający ------- . uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_th36&r=27361110l255l0484z175f4672e44r uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_th36&r=27361110l255l0484z175f4672e44r mLocal Page = c:\windows\SysWOW64\blank.htm IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html FF - ProfilePath - c:\users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\hstxpyc4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d3999a5&v=6.011.025.001&i=23&tp=ab&iy=&ychte=uk&lng=pl&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} . - - - - USUNIĘTO PUSTE WPISY - - - - URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-Locked - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Wow6432Node-HKCU-Run-FreeCall - c:\program files (x86)\FreeCall.com\FreeCall\FreeCall.exe Toolbar-Locked - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2011-01-27 01:52:33 ComboFix-quarantined-files.txt 2011-01-27 01:52 Przed: 145 470 382 080 bytes free Po: 145 201 856 512 bytes free - - End Of File - - EED4D5165C9F101DAF9E764C399BE706