
Mannie
Użytkownik-
Postów
2 -
Dołączył
-
Ostatnia wizyta
Osiągnięcia Mannie
Newbie (1/14)
0
Reputacja
-
Wielkie dzięki za pomoc! 8O
-
Cześć! Proszę o sprawdzenie loga. Będę wdzięczny 8O. » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Dzięki!" ComboFix 09-02-12.03 - Nowy 2009-02-13 16:22:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.3327.2713 [GMT 1:00] Uruchomiony z: c:\documents and settings\Nowy\Pulpit\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 081127-0] *On-access scanning disabled* (Outdated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1gk8ha.bat C:\1utbfd.bat C:\8.bat C:\Autorun.inf C:\gfqgq.cmd C:\iky.bat C:\iqe68o.bat C:\j60osk9.cmd C:\p1y2.cmd C:\uvsqfgwd.cmd c:\windows\system32\_004546_.tmp.dll c:\windows\system32\_004547_.tmp.dll c:\windows\system32\_004548_.tmp.dll c:\windows\system32\_004549_.tmp.dll c:\windows\system32\_004555_.tmp.dll c:\windows\system32\_004556_.tmp.dll c:\windows\system32\_004557_.tmp.dll c:\windows\system32\_004558_.tmp.dll c:\windows\system32\_004559_.tmp.dll c:\windows\system32\_004561_.tmp.dll c:\windows\system32\_004562_.tmp.dll c:\windows\system32\_004565_.tmp.dll c:\windows\system32\_004566_.tmp.dll c:\windows\system32\_004568_.tmp.dll c:\windows\system32\_004569_.tmp.dll c:\windows\system32\_004570_.tmp.dll c:\windows\system32\_004572_.tmp.dll c:\windows\system32\_004575_.tmp.dll c:\windows\system32\_004576_.tmp.dll c:\windows\system32\_004577_.tmp.dll c:\windows\system32\_004580_.tmp.dll c:\windows\system32\_004581_.tmp.dll c:\windows\system32\_004583_.tmp.dll c:\windows\system32\_004586_.tmp.dll c:\windows\system32\_004588_.tmp.dll c:\windows\system32\_004589_.tmp.dll c:\windows\system32\_004590_.tmp.dll c:\windows\system32\_004591_.tmp.dll c:\windows\system32\_004592_.tmp.dll c:\windows\system32\_004595_.tmp.dll c:\windows\system32\_004596_.tmp.dll c:\windows\system32\_004597_.tmp.dll c:\windows\system32\_004598_.tmp.dll c:\windows\system32\_004599_.tmp.dll c:\windows\system32\_004604_.tmp.dll c:\windows\system32\gasretyw0.dll c:\windows\system32\gasretyw1.dll c:\windows\system32\kamsoft.exe c:\windows\system32\nmdfgds0.dll c:\windows\system32\nmdfgds1.dll c:\windows\system32\nmdfgds2.dll c:\windows\system32\olhrwef.exe c:\windows\system32\vamsoft.exe D:\1gk8ha.bat D:\1utbfd.bat D:\8.bat D:\Autorun.inf D:\gfqgq.cmd D:\iky.bat D:\iqe68o.bat D:\j60osk9.cmd D:\p1y2.cmd D:\uvsqfgwd.cmd E:\1gk8ha.bat E:\1utbfd.bat E:\8.bat E:\Autorun.inf E:\gfqgq.cmd E:\iky.bat E:\iqe68o.bat E:\j60osk9.cmd E:\p1y2.cmd E:\uvsqfgwd.cmd F:\1gk8ha.bat F:\1utbfd.bat F:\8.bat F:\Autorun.inf F:\gfqgq.cmd F:\iky.bat F:\iqe68o.bat F:\j60osk9.cmd F:\p1y2.cmd F:\uvsqfgwd.cmd G:\1gk8ha.bat G:\1utbfd.bat G:\8.bat G:\Autorun.inf G:\gfqgq.cmd G:\iky.bat G:\iqe68o.bat G:\j60osk9.cmd G:\p1y2.cmd G:\uvsqfgwd.cmd . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-13 do 2009-02-13 ))))))))))))))))))))))))))))))) . 2009-02-13 16:11 . 2009-02-13 16:11 <DIR> d-------- c:\documents and settings\Nowy\Dane aplikacji\Media Player Classic 2009-02-13 16:07 . 2009-02-13 16:07 108,565 -r-hs---- C:\ur0.com 2009-02-13 15:59 . 2009-02-13 15:59 <DIR> d-------- c:\program files\Combined Community Codec Pack 2009-02-13 15:51 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\is-MR45T.tmp 2009-02-13 15:51 . 2009-02-13 15:51 823,296 --a------ c:\windows\isRS-000.tmp 2009-02-12 14:08 . 2009-02-12 14:08 108,067 -r-hs---- C:\opgde.exe 2009-02-08 12:36 . 2009-02-08 12:36 <DIR> d-------- C:\Logs 2009-02-08 11:18 . 2009-02-08 11:18 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment 2009-02-08 09:29 . 2009-02-08 09:29 <DIR> d-------- c:\program files\Bethesda Softworks 2009-02-08 09:29 . 2009-02-08 09:29 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Fallout3 2009-01-28 18:24 . 2009-01-28 18:24 <DIR> d-------- c:\windows\system32\pl 2009-01-28 18:23 . 2006-12-29 00:31 19,569 --a------ c:\windows\002921_.tmp 2009-01-28 15:08 . 2009-01-28 15:08 <DIR> dr-h----- c:\documents and settings\Nowy\Dane aplikacji\SecuROM 2009-01-28 15:06 . 2009-01-28 15:06 <DIR> d-------- c:\windows\system32\drivers\umdf 2009-01-28 15:06 . 2006-10-04 15:06 1,197,294 --a--c--- c:\windows\system32\dllcache\SETD9.tmp 2009-01-28 15:05 . 2009-01-28 15:05 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE 2009-01-22 14:56 . 2009-01-22 20:53 107,882 -r-hs---- C:\w98.com 2009-01-21 00:43 . 2009-01-21 00:43 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Yahoo! Companion 2009-01-21 00:37 . 2009-01-21 00:36 108,869 -r-hs---- C:\gy.exe 2009-01-21 00:24 . 2009-01-21 00:24 <DIR> d-------- c:\program files\Yahoo! 2009-01-21 00:24 . 2009-01-21 00:24 <DIR> d-------- c:\program files\CCleaner 2009-01-17 17:58 . 2009-01-17 18:05 110,834 -r-hs---- C:\x2csvg.exe 2009-01-17 17:23 . 2008-12-08 20:34 107,045 -r-hs---- C:\m9ma.exe 2009-01-15 20:27 . 2004-08-03 23:44 70,144 --a------ c:\windows\AhnRpta.exe 2009-01-15 20:13 . 2009-01-15 20:13 <DIR> d-------- C:\ProgramData 2009-01-15 20:13 . 2009-01-29 01:34 <DIR> d-------- c:\program files\Electronic Arts 2009-01-15 20:08 . 2009-01-29 01:34 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Electronic Arts . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-13 15:25 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\Skype 2009-02-13 15:07 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\skypePM 2009-02-11 23:59 --------- d-----w c:\program files\ALLPlayer 2009-02-11 17:00 --------- d-----w c:\program files\Norton Security Scan 2009-02-08 17:01 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-08 08:29 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-09 18:21 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\TigerPlayer 2009-01-03 16:39 --------- d-----w c:\program files\NAPI-PROJEKT 2009-01-02 12:53 --------- d-----w c:\program files\Common Files\Adobe 2009-01-01 19:05 --------- d-----w c:\program files\Google 2008-12-29 22:54 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\Tibia 2008-12-29 10:09 --------- d-----w c:\program files\Gadu-Gadu 2008-12-28 21:39 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\ArcSoft 2008-12-28 21:38 --------- d-----w c:\program files\VGA USB Camera 2008-12-28 21:38 --------- d-----w c:\program files\directx 2008-12-28 21:38 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-27 21:12 --------- d-----w c:\program files\SubEdit-Player 2008-12-26 18:02 --------- d-----w c:\program files\Skype 2008-12-26 18:02 --------- d-----w c:\program files\Common Files\Skype 2008-12-26 18:02 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype 2008-12-26 11:58 --------- d-----w c:\program files\DAEMON Tools Lite 2008-12-26 11:32 --------- d-----w c:\program files\DAEMON Tools Toolbar 2008-12-26 11:30 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-12-26 11:30 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\DAEMON Tools 2008-12-24 18:16 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-24 18:16 22,328 ----a-w c:\documents and settings\Nowy\Dane aplikacji\PnkBstrK.sys 2008-12-24 11:46 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\Microsoft Games 2008-12-23 22:17 --------- d-----w c:\program files\Microsoft Games 2008-12-21 20:32 --------- d-----w c:\program files\Nowe Gadu-Gadu 2008-12-21 11:06 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\fizzy 2008-12-20 23:05 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\GlarySoft 2008-12-20 23:04 --------- d-----w c:\program files\AskSearch 2008-12-20 23:04 --------- d-----w c:\program files\AskBarDis 2008-12-20 02:21 --------- d-----w c:\program files\Reference Assemblies 2008-12-20 02:21 --------- d-----w c:\program files\MSBuild 2008-12-20 02:20 --------- d-----w c:\program files\MSXML 6.0 2008-12-19 15:20 --------- d-----w c:\program files\Alcohol Soft 2008-12-19 12:12 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\Nowe Gadu-Gadu 2008-12-18 22:38 --------- d-----w c:\program files\Common Files\Stardock 2008-12-18 22:35 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\IconTweaker 2008-12-18 22:35 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\IconTweaker 2008-12-18 22:31 163,456 ----a-w c:\windows\system32\drivers\vidstub.sys 2008-12-18 22:02 --------- d-----w c:\program files\HP 2008-12-18 22:02 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard 2008-12-18 21:54 --------- d-----w c:\program files\Bonjour 2008-12-18 21:49 --------- d-----w c:\program files\Common Files\Macrovision Shared 2008-12-18 19:40 --------- d-----w c:\program files\Hewlett-Packard 2008-12-18 19:37 --------- d--h--w c:\program files\Agilent-HP 2008-12-18 18:11 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\Gadu-Gadu 2008-12-18 16:16 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\HP 2008-12-17 22:10 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\InterTrust 2008-12-17 18:05 271,360 ----a-w c:\windows\system32\drivers\atksgt.sys 2008-12-17 18:05 18,048 ----a-w c:\windows\system32\drivers\lirsgt.sys 2008-12-17 18:05 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\Xfire 2008-12-17 16:54 --------- d-----w c:\program files\Common Files\Ahead 2008-12-17 16:54 --------- d-----w c:\program files\Alwil Software 2008-12-17 16:54 --------- d-----w c:\program files\Ahead 2008-12-17 16:52 --------- d-----w c:\program files\Winamp 2008-12-17 16:52 --------- d-----w c:\documents and settings\Nowy\Dane aplikacji\Winamp 2008-12-17 16:50 --------- d-----w c:\program files\Microsoft.NET 2008-12-17 16:50 --------- d-----w c:\program files\Microsoft Works 2008-12-17 16:10 --------- d-----w c:\program files\EXPERTool 2008-12-17 16:04 15,600 ----a-w c:\windows\gdrv.sys 2008-12-17 16:00 315,392 ----a-w c:\windows\HideWin.exe 2008-12-17 16:00 --------- d-----w c:\program files\Realtek 2008-12-17 15:54 --------- d-----w c:\program files\microsoft frontpage 2008-12-17 15:53 --------- d-----w c:\program files\Usługi online . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-07-17 17:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-07-03 2177576] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-12-19 4608] "BitComet"="g:\program files\Programy\BitComet\BitComet.exe" [2008-12-03 2514744] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-12-12 8966760] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Steam"="g:\steam\steam.exe" [2009-01-21 1410296] "RGSC"="g:\gry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-29 306088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-12-27 98304] "HP OrderReminder Cleaner"="c:\windows\hporclnr.exe" [2006-12-27 104960] "RTHDCPL"="RTHDCPL.EXE" [2007-09-03 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-02 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain1.dll" [2004-08-03 78848] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1005MC.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\gry\\Dead Space\\Dead Space.exe"= "c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "g:\\Gry\\Left.4.Dead.Full-Rip.Skullptura\\Left 4 Dead\\left4dead.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "g:\\Gry\\Metin2_PL\\metin2.bin"= "g:\\Gry\\Legendary\\Binaries\\Legendary.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "g:\\Gry\\Mirrors Edge\\Binaries\\MirrorsEdge.exe"= "g:\\Steam\\steamapps\\halaster511\\team fortress 2\\hl2.exe"= "g:\\Gry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7817:TCP"= 7817:TCP:BitComet 7817 TCP "7817:UDP"= 7817:UDP:BitComet 7817 UDP "19358:TCP"= 19358:TCP:BitComet 19358 TCP "19358:UDP"= 19358:UDP:BitComet 19358 UDP "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?] R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-17 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-17 20560] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{512cb147-f49f-11dd-8961-001d7d02b504}] \Shell\AutoRun\command - Q:\w98.com \Shell\open\Command - Q:\w98.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{512cb148-f49f-11dd-8961-001d7d02b504}] \Shell\AutoRun\command - R:\8.bat \Shell\open\Command - R:\8.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56dbaf8b-cc5a-11dd-891a-001d7d02b504}] \Shell\AutoRun\command - N:\m9ma.exe \Shell\explore\Command - N:\m9ma.exe \Shell\open\Command - N:\m9ma.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90a6f298-cddb-11dd-8930-001d7d02b504}] \Shell\AutoRun\command - N:\iky.bat \Shell\explore\Command - N:\iky.bat \Shell\open\Command - N:\iky.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c559c8b4-cfe6-11dd-8940-001d7d02b504}] \Shell\AutoRun\command - N:\1gk8ha.bat \Shell\explore\Command - N:\1gk8ha.bat \Shell\open\Command - N:\1gk8ha.bat . Zawartość folderu 'Zaplanowane zadania' 2009-02-11 c:\windows\Tasks\Norton Security Scan for Nowy.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-vamsoft - c:\windows\system32\vamsoft.exe HKCU-Run-Comrade.exe - c:\program files\GameSpy\Comrade\Comrade.exe HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe HKLM-Run-cFosSpeed - g:\downloads\CfosSpeed\cFosSpeed.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.pl/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Pobierz wszystkie VIdeo za pomocą BitComet - g:\program files\Programy\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocą BitComet - g:\program files\Programy\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz za pomocą BitComet - g:\program files\Programy\BitComet\BitComet.exe/AddLink.htm Trusted Zone: pekaobiznes24.pl\www TCP: {5393A701-152D-4575-AD30-D1CA444ADAEB} = 194.204.159.1,194.204.152.34 DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} - hxxps://www.pekaobiznes24.pl/sme/static/components/SignActivXPEKAO.cab FF - ProfilePath - c:\documents and settings\Nowy\Dane aplikacji\Mozilla\Firefox\Profiles\e2yntvw7.default\ FF - prefs.js: browser.search.selectedEngine - Allegro FF - prefs.js: browser.startup.homepage - www.google.pl FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q= FF - component: c:\documents and settings\Nowy\Dane aplikacji\Mozilla\Firefox\Profiles\e2yntvw7.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Nowy\Dane aplikacji\Mozilla\Firefox\Profiles\e2yntvw7.default\extensions\SignPlugin@pekao.pl\plugins\NPSignPluginPEKAO.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-13 16:25:23 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1659004503-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_USERS\S-1-5-21-1659004503-1708537768-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:51,0d,93,f0,62,6c,ab,11,26,1b,32,e7,3c,58,b7,65,e4,c3,b5,75,54, ae,0e,85,e7,77,25,25,80,b2,a4,fe,3c,3d,06,c2,c7,26,af,52,98,f8,81,8c,f8,80,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\rundll32.exe c:\windows\system32\spool\drivers\w32x86\3\HP1005MC.EXE c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe . ************************************************************************** . Czas ukończenia: 2009-02-13 16:28:08 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-02-13 15:28:06 Przed: 29 955 104 768 bajtów wolnych Po: 30,226,927,616 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 375