ComboFix 11-05-08.04 - michał 2011-05-09 14:29:33.1.2 - x86 MicrosoftŽ Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2939.1870 [GMT 2:00] Uruchomiony z: c:\users\michał\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\FunWebProducts c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\NetPumper c:\program files\Uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition c:\programdata\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition \TikGames' Games.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition \Uninstall Monopoly Here & Now Edition.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition \UNWISE.lnk c:\users\michał\AppData\Local\.# c:\users\michał\AppData\Local\hkf.exe c:\windows\system32\drivers\str.sys c:\windows\system32\SysInfo.dll . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Boonty Games . . ((((((((((((((((((((((((( Pliki utworzone od 2011-04-09 do 2011-05-09 ))))))))))))))))))))))))))))))) . . 2011-05-09 12:36 . 2011-05-09 12:36 -------- d-----w- c:\users\Goœć\AppData\Local\temp 2011-05-09 12:36 . 2011-05-09 12:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-08 23:59 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C52172C-C37A-401E-BFDD-F690B714B8A9}\mpengine.dll 2011-05-03 13:58 . 2011-05-03 13:58 -------- d-----w- c:\users\michał\AppData\Roaming\Avira 2011-05-03 13:58 . 2011-05-03 13:58 -------- d-----w- c:\programdata\Avira 2011-05-03 13:58 . 2011-04-01 15:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-03 13:58 . 2011-04-01 15:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-05-03 13:58 . 2011-05-03 13:58 -------- d-----w- c:\program files\Avira 2011-04-29 21:18 . 2011-04-29 21:20 -------- d-----w- c:\program files\Pity Format 2010 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyœlne, prawidłowe wpisy nie sš pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\users\michał\Alcohol 120\axcmd.exe" [2007-08-01 222592] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-06-13 323392] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NDSTray.exe"="NDSTray.exe" [BU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768] . c:\users\Go˜†\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-29 113664] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher] 2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-03-25 02:28 144784 ----a-w- c:\program files\Java\jre1.6.0_06\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] 2007-07-10 07:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO] 2008-04-24 08:22 103824 ----a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1078948069-3716353027-1494674652-1000] "EnableNotificationsRef"=dword:00000003 . R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2009-11-19 98672] R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2009-11-19 14960] R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2009-11-19 124016] R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2009-11-19 117872] R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2009-11-19 25456] R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2009-11-19 113904] R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2009-11-19 123504] R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208] R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112] R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680] R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488] R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-24 691696] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 RTL8187B;Realtek RTL8187B bezprzewodowe 802.11b/g 54Mbps USB 2.0 karta sieciowa ;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304] S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Zawartoœć folderu 'Zaplanowane zadania' . 2011-05-08 c:\windows\Tasks\User_Feed_Synchronization-{DEB57BA6-3A2C-49A1-AE52-7AABDEF5E74C}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Skan uzupełniajšcy ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392 mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\michał\AppData\Roaming\Mozilla\Firefox\Profiles\mdfiwcvj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: bab.la dictionary toolbar: info@bab.la - %profile%\extensions\info@bab.la FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ------- Skojarzenia plików ------- . .scr=AutoCADScriptFile . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-DAEMON Tools Lite - e:\program files\DAEMON Tools Lite\DTLite.exe HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe AddRemove-foobar2000 - e:\michal\foobar2000\uninstall.exe AddRemove-Guitar Pro 5_is1 - e:\michal\Guitarpro\Guitar Pro 5\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-09 14:41 Windows 6.0.6002 Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyœlnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\PnkBstrA.exe c:\users\michał\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\conime.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\RtHDVCpl.exe c:\windows\system32\igfxsrvc.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\igfxext.exe . ************************************************************************** . Czas ukończenia: 2011-05-09 14:44:55 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-05-09 12:44 . Przed: 12 473 163 776 bajtów wolnych Po: 16 459 358 208 bajtów wolnych . - - End Of File - - 7239AA82C1E939F673288C5901E3F8CA