"Podwójny pulpit"

Dix · 17 Maj 2010 15:46

Witam!

Mój pulpit się “zdublował”, wszystkie ikonki z pulpitu zostały przeniesione do jednego folderu o atrakcyjnej nazwie:“ufoporno”. Działają tylko systemowe ikony, reszta wygląda jakbym zrobił prinscreen’a z mojego dawnego pulpitu. Z góry serdecznie dziękuję.

Oto logi:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:41:36, on 2010-05-17

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal


Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\WapSter\WapSter AQQ\AQQ.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

D:\Program Files\Last.fm\LastFM.exe

C:\Windows\system32\wuauclt.exe

D:\Program Files\Opera\opera.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvdirect.iamwired.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe


--

End of file - 4460 bytes

ComboFix 10-05-16.02 - Administrator 2010-05-17 17:08:31.2.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1250.48.1045.18.3582.2675 [GMT 2:00]

Uruchomiony z: c:\users\Mafia\Desktop\ComboFix.exe

.


((((((((((((((((((((((((( Pliki utworzone od 2010-04-17 do 2010-05-17 )))))))))))))))))))))))))))))))

.


2010-05-17 15:12 . 2010-05-17 15:12	--------	d-----w-	c:\users\Administrator\AppData\Local\temp

2010-05-17 15:12 . 2010-05-17 15:12	--------	d-----w-	c:\users\Public\AppData\Local\temp

2010-05-17 15:12 . 2010-05-17 15:12	--------	d-----w-	c:\users\Mafia\AppData\Local\temp

2010-05-17 15:12 . 2010-05-17 15:12	--------	d-----w-	c:\users\Default\AppData\Local\temp

2010-05-17 14:57 . 2010-05-17 14:57	388096	----a-r-	c:\users\Mafia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-17 14:57 . 2010-05-17 14:57	--------	d-----w-	c:\program files\Trend Micro

2010-05-17 14:26 . 2010-05-17 14:26	--------	d-----w-	c:\program files\SkanerOnline

2010-05-17 14:14 . 2010-05-17 14:14	109208	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT

2010-05-17 14:14 . 2010-05-17 14:14	--------	d-----w-	c:\users\Administrator\AppData\Roaming\ATI

2010-05-17 14:14 . 2010-05-17 14:14	--------	d-----w-	c:\users\Administrator\AppData\Local\ATI

2010-05-04 21:02 . 2010-05-04 21:02	--------	d-----w-	c:\programdata\ATI

2010-05-04 21:00 . 2010-05-04 21:00	10134	----a-r-	c:\users\Mafia\AppData\Roaming\Microsoft\Installer\{6387EC83-B90B-3E84-3DBF-95FF7503EC51}\ARPPRODUCTICON.exe

2010-05-04 21:00 . 2010-05-04 21:00	--------	d-----w-	c:\program files\ATI

2010-05-04 20:46 . 2010-05-04 20:46	--------	d-----w-	c:\program files\Driver Cleaner Pro

2010-05-02 20:21 . 2010-05-05 10:34	111735	----a-w-	c:\windows\system32\--yTvk1DK-_X2_u.exe

2010-04-23 05:17 . 2010-04-23 05:17	0	----a-w-	c:\windows\PowerReg.dat

2010-04-20 06:13 . 2010-04-20 14:26	23189	----a-w-	c:\windows\hpqins15.dat


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-17 15:11 . 2009-07-14 08:07	687828	----a-w-	c:\windows\system32\perfh015.dat

2010-05-17 15:11 . 2009-07-14 08:07	131382	----a-w-	c:\windows\system32\perfc015.dat

2010-05-17 14:43 . 2010-04-05 23:36	--------	d-----w-	c:\program files\pdfforge Toolbar

2010-05-17 14:20 . 2010-03-23 10:30	--------	d-----w-	c:\program files\CCleaner

2010-05-17 14:04 . 2010-03-22 20:28	--------	d-----w-	c:\users\Mafia\AppData\Roaming\uTorrent

2010-05-10 17:53 . 2010-03-22 20:15	--------	d-----w-	c:\programdata\avg9

2010-05-10 12:44 . 2010-03-22 20:10	--------	d--h--w-	c:\program files\InstallShield Installation Information

2010-05-04 22:45 . 2010-03-22 21:15	--------	d-----w-	c:\users\Mafia\AppData\Roaming\BESTplayer

2010-05-04 21:01 . 2010-05-04 20:59	--------	d-----w-	c:\program files\ATI Technologies

2010-04-23 05:21 . 2010-03-22 20:36	--------	d-----w-	c:\program files\Common Files\InstallShield

2010-04-21 08:03 . 2010-03-22 20:16	242896	----a-w-	c:\windows\system32\drivers\avgtdix.sys

2010-04-20 14:28 . 2010-03-22 23:57	--------	d-----w-	c:\program files\HP

2010-04-19 11:22 . 2010-03-23 10:31	--------	d-----w-	c:\program files\TC UP

2010-04-16 14:29 . 2010-04-16 14:20	--------	d-----w-	c:\program files\Ubisoft

2010-04-16 14:23 . 2010-04-16 14:23	--------	d-----w-	c:\users\Mafia\AppData\Roaming\Ubisoft

2010-04-16 14:23 . 2010-04-16 14:23	--------	d-----w-	c:\programdata\Ubisoft

2010-04-05 23:37 . 2010-04-05 23:36	--------	d-----w-	c:\program files\PDFCreator

2010-04-05 23:37 . 2010-04-05 23:37	--------	d-----w-	c:\program files\Application Updater

2010-04-03 21:58 . 2010-04-03 21:47	--------	d-----w-	c:\program files\NAPI-PROJEKT

2010-04-03 21:57 . 2010-04-03 21:57	--------	d-----w-	c:\program files\3ivx

2010-04-03 21:47 . 2010-04-03 21:47	--------	d-----w-	c:\program files\ALLPlayer

2010-04-03 21:47 . 2010-04-03 21:47	--------	d-----w-	c:\programdata\ALLPlayer

2010-04-03 21:39 . 2010-04-03 21:39	--------	d-----w-	c:\users\Mafia\AppData\Roaming\Apple Computer

2010-04-03 21:38 . 2010-04-03 21:38	--------	d-----w-	c:\program files\QuickTime

2010-04-03 21:38 . 2010-04-03 21:38	--------	d-----w-	c:\programdata\Apple Computer

2010-04-03 21:37 . 2010-04-03 21:37	--------	d-----w-	c:\program files\Common Files\Apple

2010-04-03 21:37 . 2010-04-03 21:37	--------	d-----w-	c:\program files\Apple Software Update

2010-04-03 21:37 . 2010-04-03 21:37	--------	d-----w-	c:\programdata\Apple

2010-03-31 13:03 . 2010-03-22 21:21	--------	d-----w-	c:\program files\Common Files\Adobe

2010-03-30 18:40 . 2010-03-22 21:10	--------	d-----w-	c:\program files\SopCast

2010-03-28 13:51 . 2010-03-28 13:17	--------	d-----w-	c:\users\Mafia\AppData\Roaming\Mp3tag

2010-03-28 13:17 . 2010-03-28 13:17	--------	d-----w-	c:\program files\Mp3tag

2010-03-27 17:41 . 2010-03-22 21:10	--------	d-----w-	c:\users\Mafia\AppData\Roaming\SopCast

2010-03-25 19:07 . 2010-03-25 19:07	138504	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys

2010-03-25 19:07 . 2010-03-25 18:48	214488	----a-w-	c:\windows\system32\PnkBstrB.exe

2010-03-25 18:48 . 2010-03-25 18:48	75064	----a-w-	c:\windows\system32\PnkBstrA.exe

2010-03-25 18:48 . 2010-03-25 18:48	2373712	----a-w-	c:\windows\system32\pbsvc.exe

2010-03-25 18:48 . 2010-03-25 18:48	--------	d-----w-	c:\programdata\id Software

2010-03-24 20:11 . 2010-03-23 00:02	--------	d-----w-	c:\users\Mafia\AppData\Roaming\HP

2010-03-23 11:18 . 2010-03-23 11:18	--------	d-----w-	c:\program files\CDisplay

2010-03-23 10:32 . 2010-03-23 10:32	--------	d-----w-	c:\users\Mafia\AppData\Roaming\HEXelon

2010-03-23 10:12 . 2010-03-23 10:12	12464	----a-w-	c:\windows\system32\avgrsstx.dll

2010-03-23 10:12 . 2010-03-22 20:15	29512	----a-w-	c:\windows\system32\drivers\avgmfx86.sys

2010-03-23 10:11 . 2010-03-22 20:15	216200	----a-w-	c:\windows\system32\drivers\avgldx86.sys

2010-03-23 00:02 . 2010-03-22 20:05	109208	----a-w-	c:\users\Mafia\AppData\Local\GDIPFONTCACHEV1.DAT

2010-03-23 00:02 . 2010-03-23 00:02	--------	d-----w-	c:\programdata\WEBREG

2010-03-23 00:02 . 2010-03-22 23:57	--------	d-----w-	c:\programdata\HP

2010-03-23 00:01 . 2010-03-22 23:57	171963	----a-w-	c:\windows\hpoins27.dat

2010-03-23 00:01 . 2010-03-23 00:01	--------	d-----w-	c:\programdata\Hewlett-Packard

2010-03-22 23:59 . 2010-03-22 23:59	--------	d-----w-	c:\programdata\HP Product Assistant

2010-03-22 23:58 . 2010-03-22 23:58	--------	d-----w-	c:\program files\Common Files\HP

2010-03-22 23:58 . 2010-03-22 23:58	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard

2010-03-22 23:56 . 2010-03-22 23:56	683801	----a-w-	c:\programdata\Last.fm\Client\UninstFoo3\unins000.exe

2010-03-22 23:56 . 2010-03-22 23:56	55	----a-w-	c:\programdata\Last.fm\Client\uninst2.bat

2010-03-22 23:56 . 2010-03-22 23:56	--------	d-----w-	c:\programdata\Last.fm

2010-03-22 23:53 . 2010-03-22 23:53	--------	d-----w-	c:\users\Mafia\AppData\Roaming\GlarySoft

2010-03-22 23:53 . 2010-03-22 23:53	--------	d-----w-	c:\program files\Absolute Uninstaller

2010-03-22 23:40 . 2010-03-22 23:40	--------	d-----w-	c:\users\Mafia\AppData\Roaming\Nero

2010-03-22 23:39 . 2010-03-22 23:37	--------	d-----w-	c:\program files\Common Files\Nero

2010-03-22 23:37 . 2010-03-22 23:37	--------	d-----w-	c:\programdata\Nero

2010-03-22 23:37 . 2010-03-22 23:37	--------	d-----w-	c:\program files\Nero

2010-03-22 22:14 . 2010-03-22 22:11	--------	d-----w-	c:\programdata\Microsoft Help

2010-03-22 22:14 . 2010-03-22 22:14	--------	d-----w-	c:\program files\Microsoft Works

2010-03-22 22:13 . 2009-07-14 04:52	--------	d-----w-	c:\program files\MSBuild

2010-03-22 22:13 . 2010-03-22 22:13	--------	d-----w-	c:\program files\Microsoft.NET

2010-03-22 22:12 . 2010-03-22 22:12	--------	d-----w-	c:\program files\Microsoft Visual Studio 8

2010-03-22 22:09 . 2010-03-22 21:33	--------	d-----w-	c:\users\Mafia\AppData\Roaming\DAEMON Tools Lite

2010-03-22 21:35 . 2010-03-22 21:33	--------	d-----w-	c:\program files\Windows Live

2010-03-22 21:34 . 2010-03-22 21:34	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition

2010-03-22 21:34 . 2010-03-22 21:34	--------	d-----w-	c:\program files\Microsoft

2010-03-22 21:34 . 2010-03-22 21:33	--------	d-----w-	c:\program files\DAEMON Tools Lite

2010-03-22 21:34 . 2010-03-22 21:34	691696	----a-w-	c:\windows\system32\drivers\sptd.sys

2010-03-22 21:33 . 2010-03-22 21:33	--------	d-----w-	c:\program files\Windows Live SkyDrive

2010-03-22 21:33 . 2010-03-22 21:33	--------	d-----w-	c:\programdata\DAEMON Tools Lite

2010-03-22 21:32 . 2010-03-22 21:32	--------	d-----w-	c:\program files\Common Files\Windows Live

2010-03-22 21:12 . 2010-03-22 21:11	--------	d-----w-	c:\program files\Sunrise Seven

2010-03-22 20:55 . 2010-03-22 20:55	--------	d-----w-	c:\program files\WapSter

2010-03-22 20:51 . 2010-03-22 20:51	--------	d-----w-	c:\programdata\TrueSuite

2010-03-22 20:51 . 2010-03-22 20:51	--------	d-----w-	c:\program files\TrueSuite

2010-03-22 20:51 . 2010-03-22 20:51	--------	d-----w-	c:\programdata\Downloaded Installations

2010-03-22 20:51 . 2010-03-22 20:51	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ATSwpWDF_01009.Wdf

2010-03-22 20:49 . 2010-03-22 20:49	--------	d-----w-	c:\program files\Common Files\Steam

2010-03-22 20:47 . 2010-03-22 20:47	--------	d-----w-	c:\program files\Dell

2010-03-22 20:46 . 2010-03-22 20:46	--------	d-----w-	c:\program files\Broadcom

2010-03-22 20:40 . 2010-03-22 20:40	--------	d-----w-	c:\users\Mafia\AppData\Roaming\ATI

2010-03-22 20:33 . 2010-03-22 20:33	--------	d-----w-	c:\program files\DIFX

2010-03-22 20:33 . 2010-03-22 20:33	--------	d-----w-	c:\users\Mafia\AppData\Roaming\InstallShield

2010-03-22 20:24 . 2010-03-22 20:24	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2010-03-22 20:24 . 2010-03-22 20:24	--------	d-----w-	c:\program files\DellTPad

2010-03-22 20:17 . 2010-03-22 20:16	--------	d-----w-	c:\program files\IDT

2010-03-22 20:15 . 2010-03-22 20:15	--------	d-----w-	c:\program files\AVG

2010-03-22 20:09 . 2010-03-22 20:09	--------	d-----w-	c:\program files\Intel

2010-03-22 19:59 . 2010-03-22 19:59	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-03-22 19:58 . 2010-03-22 19:58	--------	d-sh--we	c:\programdata\Ulubione

2010-03-22 19:58 . 2010-03-22 19:58	--------	d-sh--we	c:\programdata\Szablony

2010-03-22 19:58 . 2010-03-22 19:58	--------	d-sh--we	c:\programdata\Pulpit

2010-03-22 19:58 . 2010-03-22 19:58	--------	d-sh--we	c:\programdata\Menu Start

2010-03-22 19:58 . 2010-03-22 19:58	--------	d-sh--we	c:\programdata\Dokumenty

2010-03-22 19:58 . 2010-03-22 19:58	--------	d-sh--we	c:\programdata\Dane aplikacji

2010-03-22 19:54 . 2010-03-22 19:54	0	----a-w-	c:\windows\ativpsrm.bin

2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.


((((((((((((((((((((((((((((( SnapShot@2010-05-17_14.48.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-22 21:56 . 2010-05-17 15:08	29658 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2010-05-17 15:08	32174 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-03-22 19:56 . 2010-05-17 15:09	16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-22 19:56 . 2010-05-17 14:46	16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-22 19:56 . 2010-05-17 14:46	32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-22 19:56 . 2010-05-17 15:09	32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:41 . 2010-05-17 14:46	16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:41 . 2010-05-17 15:09	16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-03-22 19:59 . 2010-05-17 15:09	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-22 19:59 . 2010-05-17 14:47	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-22 19:59 . 2010-05-17 15:09	32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-22 19:59 . 2010-05-17 14:47	32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-22 19:59 . 2010-05-17 15:09	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-03-22 19:59 . 2010-05-17 14:47	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-03-22 20:35 . 2010-05-17 15:10	16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-22 20:35 . 2010-05-17 14:47	16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-04-02 12:21 . 2010-05-17 15:02	32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2010-04-02 12:21 . 2010-05-17 14:20	32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2010-04-02 12:21 . 2010-05-17 15:02	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat

- 2010-04-02 12:21 . 2010-05-17 14:20	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2010-04-02 12:21 . 2010-05-17 15:02	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat

- 2010-04-02 12:21 . 2010-05-17 14:20	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat

- 2010-03-22 20:35 . 2010-05-17 14:47	32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-22 20:35 . 2010-05-17 15:10	32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-22 20:35 . 2010-05-17 14:47	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-03-22 20:35 . 2010-05-17 15:10	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-17 15:07 . 2010-05-17 15:07	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-05-17 14:38 . 2010-05-17 14:45	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-05-17 14:38 . 2010-05-17 14:45	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-05-17 15:07 . 2010-05-17 15:07	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:05 . 2010-05-17 14:43	607190 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2010-05-17 15:11	607190 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2010-05-17 15:11	103568 c:\windows\System32\perfc009.dat

- 2009-07-14 02:05 . 2010-05-17 14:43	103568 c:\windows\System32\perfc009.dat

- 2010-03-22 19:59 . 2010-05-17 14:46	245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-03-22 19:59 . 2010-05-17 15:09	245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 02:03 . 2010-05-11 04:32	6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:03 . 2010-05-17 14:57	6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2010-05-17 14:57 . 2010-05-17 14:57	1402880 c:\windows\Installer\b89da.msi

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"


[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup


[HKLM\~\startupfolder\C:^Users^Mafia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]

path=c:\users\Mafia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk

backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup

backupExtension=.Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17	952768	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42	36272	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]

2010-03-23 22:23	1432064	----a-w-	c:\program files\ALLPlayer\ALLUpdate.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2008-04-30 15:26	196608	----a-w-	c:\program files\DellTPad\Apoint.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]

2010-05-11 15:38	6644736	----a-w-	c:\progra~1\WapSter\WAPSTE~1\AQQ.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-08-03 11:51	202024	----a-w-	c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57	369200	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-03-26 13:33	136176	----atw-	c:\users\Mafia\AppData\Local\Google\Update\GoogleUpdate.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-26 23:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 15:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-07-22 17:33	150528	----a-w-	c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2007-08-08 08:25	1828136	----a-w-	c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 14:57	153136	----a-w-	c:\program files\Common Files\Nero\Lib\NeroCheck.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

2010-01-07 23:36	974848	----a-w-	c:\program files\pdfforge Toolbar\SearchSettings.exe


R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-22 691696]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-23 216200]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]

S1 VD_FileDisk;VD_FileDisk; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-23 916760]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-23 308064]

S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]

S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-01-29 203264]

S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]

S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-09 280096]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Zawartość folderu 'Zaplanowane zadania'


2010-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3452197404-981069477-1584283398-1000Core.job

- c:\users\Mafia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 13:33]


2010-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3452197404-981069477-1584283398-1000UA.job

- c:\users\Mafia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 13:33]

.

.

------- Skan uzupełniający -------

.

FF - ProfilePath - 


---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - USUNIĘTO PUSTE WPISY - - - -


Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)



.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Czas ukończenia: 2010-05-17 17:13:49

ComboFix-quarantined-files.txt 2010-05-17 15:13

ComboFix2.txt 2010-05-17 14:50


Przed: 20 501 528 576 bajtów wolnych

Po: 20 322 598 912 bajtów wolnych


- - End Of File - - 744BCFB1A33B5798FCCF2051F00509EF

jessica · 17 Maj 2010 17:18

Wklej do Notatnika :

File::

C:\windows\system32\--yTvk1DK-_X2_u.exe


Folder::

c:\program files\pdfforge Toolbar


Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

>>Plik>>Zapisz jako… >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-------->

Ma się rozpocząć usuwanie. (i powstanie log).

Daj ten log, który powstanie w trakcie usuwania.

jessi

Dix · 17 Maj 2010 17:30

http://wklej.to/hG3t

Proszę bardzo.

jessica · 17 Maj 2010 17:47

Ja tu nic więcej podejrzanego nie widzę.

Czy problem ustąpił?

jessi

Dix · 17 Maj 2010 18:08

Tak, dziękuję serdecznie za pomoc ;- )