[code]ComboFix 09-08-10.06 - Maggies 2009-08-16 17:10.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.2047.1036 [GMT 2:00]
Uruchomiony z: c:\users\Maggies\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cleanup.exe
c:\windows\Installer\26dd5.msi
c:\windows\PGMonitor.exe
c:\windows\system32\acovcnt.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-07-16 do 2009-08-16 )))))))))))))))))))))))))))))))
.
2009-08-16 15:21 . 2009-08-16 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-16 14:50 . 2009-08-16 14:50 -------- d-----w- c:\program files\Trend Micro
2009-08-15 20:33 . 2009-08-15 20:33 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-08-15 20:33 . 2009-08-15 20:33 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-15 20:33 . 2009-08-15 20:33 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-08-15 20:30 . 2009-08-15 20:30 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-08-15 19:37 . 2009-08-15 20:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-15 19:37 . 2009-08-15 20:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 19:02 . 2009-08-15 19:02 716 ----a-w- c:\windows\unins000.dat
2009-08-12 05:05 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 05:05 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 05:05 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 05:05 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 05:05 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 05:05 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 05:04 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 05:04 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-03 16:52 . 2009-08-03 16:52 -------- d-----w- c:\programdata\WindowsSearch
2009-07-29 04:01 . 2009-07-18 16:06 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-29 04:01 . 2009-07-18 09:46 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-29 04:01 . 2009-07-18 16:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-21 13:33 . 2009-07-15 11:35 62760 ----a-w- c:\users\Maggies\AppData\Roaming\Mozilla\Firefox\Profiles\75hugn0y.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 14:45 . 2009-01-02 15:03 -------- d-----w- c:\users\Maggies\AppData\Roaming\Skype
2009-08-16 14:06 . 2009-01-02 15:04 -------- d-----w- c:\users\Maggies\AppData\Roaming\skypePM
2009-08-16 11:18 . 2008-04-18 00:01 662056 ----a-w- c:\windows\system32\perfh015.dat
2009-08-16 11:18 . 2008-04-18 00:01 126908 ----a-w- c:\windows\system32\perfc015.dat
2009-08-16 11:11 . 2008-11-13 03:42 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-15 18:51 . 2008-11-13 03:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 17:26 . 2009-01-02 12:32 99864 ----a-w- c:\users\Maggies\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-12 16:04 . 2008-11-13 03:46 -------- d-----w- c:\programdata\Microsoft Help
2009-08-12 16:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-08 20:03 . 2009-01-02 17:55 28029 ----a-w- c:\programdata\nvModes.dat
2009-07-29 18:02 . 2009-02-13 17:03 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-07-16 10:15 . 2009-01-03 14:38 -------- d-----w- c:\program files\Winamp
2009-07-16 10:14 . 2009-01-03 14:38 -------- d-----w- c:\users\Maggies\AppData\Roaming\Winamp
2009-07-13 16:22 . 2009-07-13 16:22 -------- d-----w- c:\program files\Grupa33
2009-07-12 18:31 . 2009-07-12 13:50 -------- d-----w- c:\programdata\OpenFM
2009-05-28 09:23 . 2009-05-28 09:23 42088 ----a-w- c:\users\Maggies\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2009-05-28 08:34 . 2009-05-28 08:34 11264 ----a-w- c:\users\Maggies\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
2008-11-13 04:51 . 2009-01-02 15:53 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-07-27 10719848]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-13 30192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 92704]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-11-13 47672]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-13 33136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"issch"="c:\windows\system32\issch.exe" [2009-06-14 142336]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-12 6265376]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C7CD4AE9-6CD9-4EFC-A4D7-84A0D70253CF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3C485373-4DF7-4928-A8C0-59F1FA188C7D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2D8E10C4-849A-4F97-8D4D-1C70DEFB29D7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{366822AE-3EEA-4DB7-82CE-C48713C84D9A}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"UDP Query User{78302042-45FF-424E-B7B6-40253B4A94CA}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"{12AC0A01-5CE0-4815-A5C5-50EEB9B5DF87}"= UDP:c:\program files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe:Sims3Launcher
"{FA669C83-CB4C-471D-B9ED-2626FF1AA728}"= TCP:c:\program files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe:Sims3Launcher
"TCP Query User{393AD2C3-1AD8-43CA-9563-EC62749D70AF}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"UDP Query User{7A9AC526-8A50-4770-934C-0588FD8D6009}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [2008-11-13 15416]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-28 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-28 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-08-15 1153368]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2007-11-16 48128]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-11-13 29736]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-13 30192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'
2009-08-16 c:\windows\Tasks\User_Feed_Synchronization-{19AD3F35-CC32-4605-A9D5-78FE7532CC03}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-CorelDRAW Graphics Suite 11b - c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.szybko-szukaj.pl
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Maggies\AppData\Roaming\Mozilla\Firefox\Profiles\75hugn0y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Maggies\AppData\Roaming\Mozilla\Firefox\Profiles\75hugn0y.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Maggies\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\users\Maggies\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 17:21
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
C:\ADSM_PData_0150
skanowanie pomyślnie ukończone
ukryte pliki: 1
**************************************************************************
.
Czas ukończenia: 2009-08-16 17:27
ComboFix-quarantined-files.txt 2009-08-16 15:27
Przed: 73 068 519 424 bajtów wolnych
Po: 73 330 360 320 bajtów wolnych
314 --- E O F --- 2009-08-16 10:42
To mało groźna infekcja i nie ma sensu tego usuwać ComboFix’em, wklej log z OTL na to.
Logi wklej na wklej.to a tutaj tylko link do wklejki.
poradziłam sobie z tym szybko-szukaj(usunęłam z rejestru) po przeszperaniu różnych forów, ale nie wiem czy to wszystko, więc na wszelki wypadek zrobię, co napisałeś
Faktycznie usunięte. Wklej taki tekst w OTL
Kliknij Run Fix. Po restarcie klikasz CleanUp.
Wyłącz na chwilę przywracanie systemu - XP/Vista
Wykonaj pełny skan Malwarebytes Anti-Malware, jeśli coś znajdzie - usuń i wklej log.
Przeczyść dysk i rejestr CCleaner’em.
Możesz usunąć bonjour wg tej instrukcji
Proszę zmienić temat na konkretny, opcja EDYTUJ i popraw.JNJN
Byłeś o coś proszony, następnej prośby nie będzie i temat poleci do kosza.JNJN