ComboFix 11-04-15.05 - Mariusz 2011-04-16 12:35:18.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2939.1722 [GMT 2:00] Uruchomiony z: c:\users\Mariusz\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Mariusz\AppData\Roaming\EurekaLog c:\users\Mariusz\AppData\Roaming\EurekaLog\EurekaLog.ini c:\windows\system32\swsystem.dll . . ((((((((((((((((((((((((( Pliki utworzone od 2011-03-16 do 2011-04-16 ))))))))))))))))))))))))))))))) . . 2011-04-16 10:41 . 2011-04-16 10:41 -------- d-----w- c:\users\Mariusz\AppData\Local\temp 2011-04-16 10:41 . 2011-04-16 10:41 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-04-16 10:41 . 2011-04-16 10:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-15 13:53 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-15 13:53 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-15 13:53 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-15 13:53 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-04-15 13:53 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll 2011-04-15 13:53 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll 2011-04-15 13:53 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-15 13:53 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-15 13:53 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-15 13:53 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-15 13:53 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-15 13:50 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-04-15 13:39 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3D51CC8-D376-4BAA-9BFF-CCD62B63C0A5}\mpengine.dll 2011-04-15 12:12 . 2011-04-16 06:17 -------- d-----w- c:\users\Mariusz\AppData\Roaming\.minecraft 2011-04-06 13:01 . 2011-04-06 13:01 -------- d-----w- c:\programdata\DAEMON Tools Lite 2011-04-06 13:01 . 2011-04-06 13:01 -------- d-----w- c:\users\Mariusz\AppData\Roaming\DAEMON Tools Lite 2011-04-06 11:56 . 2011-04-06 12:02 -------- d-----w- c:\program files\Woodcutter Simulator 2011-04-05 10:54 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2011-04-05 10:37 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2011-04-05 10:37 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2011-04-05 10:37 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2011-04-05 10:37 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2011-04-05 10:37 . 2011-04-05 10:37 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2011-04-05 10:37 . 2011-04-05 10:37 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2011-03-30 11:27 . 2011-03-30 11:27 -------- d-----w- C:\Temp 2011-03-30 07:11 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2011-03-30 07:11 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2011-03-30 07:11 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2011-03-30 07:11 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2011-03-30 07:11 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2011-03-30 07:11 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2011-03-30 06:53 . 2011-03-30 06:53 -------- d-----w- c:\program files\SimTractor 3.5 2011-03-30 06:52 . 2011-03-30 06:52 -------- d-----w- c:\windows\Downloaded Installations 2011-03-30 06:01 . 2011-03-30 08:36 -------- d-----w- c:\programdata\Bagger-Simulator 2011 2011-03-30 05:54 . 2011-03-30 05:54 -------- d-----w- c:\program files\AGEIA Technologies 2011-03-30 05:54 . 2011-03-30 05:54 -------- d-----w- c:\windows\system32\AGEIA 2011-03-30 05:53 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2011-03-30 05:53 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-03-30 05:53 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2011-03-23 14:27 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-03-23 14:27 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-03-23 14:27 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-03-21 13:29 . 2011-03-21 13:29 -------- d-----w- c:\users\Mariusz\AppData\Local\GIANTS Editor 4.1.7 2011-03-21 13:19 . 2011-03-21 13:19 -------- d-----w- c:\users\Mariusz\AppData\Local\GIANTS Editor 4.1.2 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 13:01 . 2010-11-24 14:09 431672 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-03-01 07:49 . 2011-03-01 07:49 86016 ----a-w- c:\windows\system32\frapsvid.dll 2011-02-23 15:04 . 2011-03-04 17:44 40648 ----a-w- c:\windows\avastSS.scr 2011-02-23 15:04 . 2011-03-04 17:44 190016 ----a-w- c:\windows\system32\aswBoot.exe 2011-02-23 14:56 . 2011-03-04 17:45 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-02-23 14:56 . 2011-03-04 17:45 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-02-23 14:55 . 2011-03-04 17:45 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-02-23 14:55 . 2011-03-04 17:45 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-02-23 14:55 . 2011-03-04 17:45 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-02-23 14:54 . 2011-03-04 17:45 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-02-02 20:40 . 2010-04-28 09:49 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 17:11 . 2009-10-03 11:08 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-20 16:37 . 2011-02-09 06:21 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-01-20 16:08 . 2011-02-09 06:21 478720 ----a-w- c:\windows\system32\dxgi.dll 2011-01-20 16:08 . 2011-02-09 06:21 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-01-20 16:08 . 2011-02-09 06:21 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2011-01-20 16:08 . 2011-02-09 06:21 1029120 ----a-w- c:\windows\system32\d3d10.dll 2011-01-20 16:08 . 2011-02-09 06:21 189952 ----a-w- c:\windows\system32\d3d10core.dll 2011-01-20 16:07 . 2011-02-09 06:21 37376 ----a-w- c:\windows\system32\cdd.dll 2011-01-20 16:07 . 2011-02-09 06:21 258048 ----a-w- c:\windows\system32\winspool.drv 2011-01-20 16:07 . 2011-02-09 06:21 586240 ----a-w- c:\windows\system32\stobject.dll 2011-01-20 16:06 . 2011-02-09 06:21 2873344 ----a-w- c:\windows\system32\mf.dll 2011-01-20 16:06 . 2011-02-09 06:21 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2011-01-20 16:04 . 2011-02-09 06:21 209920 ----a-w- c:\windows\system32\mfplat.dll 2011-01-20 16:04 . 2011-02-09 06:21 98816 ----a-w- c:\windows\system32\mfps.dll 2011-01-20 14:28 . 2011-02-09 06:21 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2011-01-20 14:27 . 2011-02-09 06:21 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-20 14:26 . 2011-02-09 06:21 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2011-01-20 14:25 . 2011-02-09 06:21 847360 ----a-w- c:\windows\system32\OpcServices.dll 2011-01-20 14:24 . 2011-02-09 06:21 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2011-01-20 14:15 . 2011-02-09 06:21 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2011-01-20 14:14 . 2011-02-09 06:21 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll 2011-01-20 14:14 . 2011-02-09 06:21 302592 ----a-w- c:\windows\system32\mfmp4src.dll 2011-01-20 14:14 . 2011-02-09 06:21 261632 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-01-20 14:12 . 2011-02-09 06:21 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2011-01-20 14:11 . 2011-02-09 06:21 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2011-01-20 13:47 . 2011-02-09 06:21 683008 ----a-w- c:\windows\system32\d2d1.dll 2011-01-19 08:41 . 2011-01-19 08:41 0 ----a-w- c:\windows\system32\ConduitEngine.tmp . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792] "HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "Skytel"="Skytel.exe" [2007-11-20 1826816] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . c:\users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] 2009-06-04 21:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2010-07-10 12:56 1015808 ----a-w- c:\program files\Ares\Ares.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher] 2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] 2007-07-10 07:24 581632 ----a-w- c:\program files\Toshiba\Toshiba Online Product Information\TOPI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO] 2008-04-24 08:22 103824 ----a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [2008-09-12 107008] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960] S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128] S3 NETw5v32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Zawartość folderu 'Zaplanowane zadania' . . ------- Skan uzupełniający ------- . uLocal Page = c:\program files\Microsoft Games\Microsoft Flight Simulator X\Uires\blank.htm uStart Page = hxxp://searchhub.eu/?ih=&hl=pl uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.bigseekpro.com/hypercam/{D91D1C34-5C74-49BE-8D19-A5E580DB1419} mLocal Page = c:\program files\Microsoft Games\Microsoft Flight Simulator X\Uires\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.27\AMVConverter\grab.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Translate this web page with Babylon IE: Translate with Babylon FF - ProfilePath - c:\users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\t9yt8kxw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Softonic-Polska Community Toolbar: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - %profile%\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} FF - Ext: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - %profile%\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF . - - - - USUNIĘTO PUSTE WPISY - - - - . URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file) URLSearchHooks-{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - (no file) URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file) WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file) WebBrowser-{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - (no file) WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file) AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe AddRemove-Counter-Strike 1.6 - c:\users\Mariusz\Desktop\METRO45\Uninstal.exe AddRemove-save2pc_is1 - d:\programs\save2pc\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-16 12:41 Windows 6.0.6002 Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . . C:\## aswSnx private storage . skanowanie pomyślnie ukończone ukryte pliki: 1 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Czas ukończenia: 2011-04-16 12:45:13 ComboFix-quarantined-files.txt 2011-04-16 10:45 . Przed: 49 792 856 064 bajtów wolnych Po: 49 585 721 344 bajtów wolnych . Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - 166431C27BF8A1A48BABCC2BBF47D03A