Prośba o sprawdzenie loga


(system) #1
[code]ComboFix 09-08-10.06 - Maggies 2009-08-16 17:10.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.2047.1036 [GMT 2:00]

Uruchomiony z: c:\users\Maggies\Desktop\ComboFix.exe

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\cleanup.exe

c:\windows\Installer\26dd5.msi

c:\windows\PGMonitor.exe

c:\windows\system32\acovcnt.exe



.

((((((((((((((((((((((((( Pliki utworzone od 2009-07-16 do 2009-08-16 )))))))))))))))))))))))))))))))

.


2009-08-16 15:21 . 2009-08-16 15:21	--------	d-----w-	c:\users\Default\AppData\Local\temp

2009-08-16 14:50 . 2009-08-16 14:50	--------	d-----w-	c:\program files\Trend Micro

2009-08-15 20:33 . 2009-08-15 20:33	--------	d-----w-	c:\program files\TeaTimer (Spybot - Search & Destroy)

2009-08-15 20:33 . 2009-08-15 20:33	--------	d-----w-	c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2009-08-15 20:33 . 2009-08-15 20:33	--------	d-----w-	c:\program files\SDHelper (Spybot - Search & Destroy)

2009-08-15 20:30 . 2009-08-15 20:30	--------	d-----w-	c:\program files\File Scanner Library (Spybot - Search & Destroy)

2009-08-15 19:37 . 2009-08-15 20:59	--------	d-----w-	c:\programdata\Spybot - Search & Destroy

2009-08-15 19:37 . 2009-08-15 20:58	--------	d-----w-	c:\program files\Spybot - Search & Destroy

2009-08-15 19:02 . 2009-08-15 19:02	716	----a-w-	c:\windows\unins000.dat

2009-08-12 05:05 . 2009-06-04 12:34	2066432	----a-w-	c:\windows\system32\mstscax.dll

2009-08-12 05:05 . 2009-06-10 12:12	160256	----a-w-	c:\windows\system32\wkssvc.dll

2009-08-12 05:05 . 2009-07-17 14:35	71680	----a-w-	c:\windows\system32\atl.dll

2009-08-12 05:05 . 2009-06-10 12:07	91136	----a-w-	c:\windows\system32\avifil32.dll

2009-08-12 05:05 . 2009-07-14 13:00	313344	----a-w-	c:\windows\system32\wmpdxm.dll

2009-08-12 05:05 . 2009-07-14 12:58	7680	----a-w-	c:\windows\system32\spwmp.dll

2009-08-12 05:04 . 2009-07-14 12:59	4096	----a-w-	c:\windows\system32\dxmasf.dll

2009-08-12 05:04 . 2009-07-14 10:59	8147456	----a-w-	c:\windows\system32\wmploc.DLL

2009-08-03 16:52 . 2009-08-03 16:52	--------	d-----w-	c:\programdata\WindowsSearch

2009-07-29 04:01 . 2009-07-18 16:06	827904	----a-w-	c:\windows\system32\wininet.dll

2009-07-29 04:01 . 2009-07-18 09:46	26624	----a-w-	c:\windows\system32\ieUnatt.exe

2009-07-29 04:01 . 2009-07-18 16:01	78336	----a-w-	c:\windows\system32\ieencode.dll

2009-07-21 13:33 . 2009-07-15 11:35	62760	----a-w-	c:\users\Maggies\AppData\Roaming\Mozilla\Firefox\Profiles\75hugn0y.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-16 14:45 . 2009-01-02 15:03	--------	d-----w-	c:\users\Maggies\AppData\Roaming\Skype

2009-08-16 14:06 . 2009-01-02 15:04	--------	d-----w-	c:\users\Maggies\AppData\Roaming\skypePM

2009-08-16 11:18 . 2008-04-18 00:01	662056	----a-w-	c:\windows\system32\perfh015.dat

2009-08-16 11:18 . 2008-04-18 00:01	126908	----a-w-	c:\windows\system32\perfc015.dat

2009-08-16 11:11 . 2008-11-13 03:42	12	----a-w-	c:\windows\bthservsdp.dat

2009-08-15 18:51 . 2008-11-13 03:57	--------	d--h--w-	c:\program files\InstallShield Installation Information

2009-08-12 17:26 . 2009-01-02 12:32	99864	----a-w-	c:\users\Maggies\AppData\Local\GDIPFONTCACHEV1.DAT

2009-08-12 16:04 . 2008-11-13 03:46	--------	d-----w-	c:\programdata\Microsoft Help

2009-08-12 16:03 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail

2009-08-08 20:03 . 2009-01-02 17:55	28029	----a-w-	c:\programdata\nvModes.dat

2009-07-29 18:02 . 2009-02-13 17:03	--------	d-----w-	c:\program files\Nowe Gadu-Gadu

2009-07-16 10:15 . 2009-01-03 14:38	--------	d-----w-	c:\program files\Winamp

2009-07-16 10:14 . 2009-01-03 14:38	--------	d-----w-	c:\users\Maggies\AppData\Roaming\Winamp

2009-07-13 16:22 . 2009-07-13 16:22	--------	d-----w-	c:\program files\Grupa33

2009-07-12 18:31 . 2009-07-12 13:50	--------	d-----w-	c:\programdata\OpenFM

2009-05-28 09:23 . 2009-05-28 09:23	42088	----a-w-	c:\users\Maggies\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

2009-05-28 08:34 . 2009-05-28 08:34	11264	----a-w-	c:\users\Maggies\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll

2008-07-02 03:28 . 2008-07-02 03:28	61440	----a-w-	c:\program files\Common Files\CPInstallAction.dll

2008-05-22 17:35 . 2008-05-22 17:35	51962	----a-w-	c:\program files\Common Files\banner.jpg

2007-06-12 18:34 . 2007-06-12 18:34	35822	----a-w-	c:\program files\Common Files\ASPG_icon.ico

2008-11-13 04:51 . 2009-01-02 15:53	122880	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 01:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-07-27 10719848]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]

"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-13 30192]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13543968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 92704]

"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]

"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]

"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-11-13 47672]

"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-13 33136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"issch"="c:\windows\system32\issch.exe" [2009-06-14 142336]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-12 6265376]


c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C7CD4AE9-6CD9-4EFC-A4D7-84A0D70253CF}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{3C485373-4DF7-4928-A8C0-59F1FA188C7D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{2D8E10C4-849A-4F97-8D4D-1C70DEFB29D7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{366822AE-3EEA-4DB7-82CE-C48713C84D9A}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"UDP Query User{78302042-45FF-424E-B7B6-40253B4A94CA}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"{12AC0A01-5CE0-4815-A5C5-50EEB9B5DF87}"= UDP:c:\program files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe:Sims3Launcher

"{FA669C83-CB4C-471D-B9ED-2626FF1AA728}"= TCP:c:\program files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe:Sims3Launcher

"TCP Query User{393AD2C3-1AD8-43CA-9563-EC62749D70AF}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"UDP Query User{7A9AC526-8A50-4770-934C-0588FD8D6009}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)


R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [2008-11-13 15416]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-28 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-28 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-28 51792]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-08-15 1153368]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2007-11-16 48128]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-11-13 29736]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-13 30192]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs	REG_MULTI_SZ BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Zawartość folderu 'Zaplanowane zadania'


2009-08-16 c:\windows\Tasks\User_Feed_Synchronization-{19AD3F35-CC32-4605-A9D5-78FE7532CC03}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

- - - - USUNIĘTO PUSTE WPISY - - - -


URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

HKLM-Run-CorelDRAW Graphics Suite 11b - c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe



.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.szybko-szukaj.pl

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Maggies\AppData\Roaming\Mozilla\Firefox\Profiles\75hugn0y.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - prefs.js: browser.startup.homepage - hxxp://www.szybko-szukaj.pl

FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\users\Maggies\AppData\Roaming\Mozilla\Firefox\Profiles\75hugn0y.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\users\Maggies\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: c:\users\Maggies\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-16 17:21

Windows 6.0.6001 Service Pack 1 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  



C:\ADSM_PData_0150


skanowanie pomyślnie ukończone

ukryte pliki: 1


**************************************************************************

.

Czas ukończenia: 2009-08-16 17:27

ComboFix-quarantined-files.txt 2009-08-16 15:27


Przed: 73 068 519 424 bajtów wolnych

Po: 73 330 360 320 bajtów wolnych


314	--- E O F ---	2009-08-16 10:42

(Henio Mazurek) #2

To mało groźna infekcja i nie ma sensu tego usuwać ComboFix'em, wklej log z OTL na to.

Logi wklej na wklej.to a tutaj tylko link do wklejki.


(system) #3

poradziłam sobie z tym szybko-szukaj(usunęłam z rejestru) po przeszperaniu różnych forów, ale nie wiem czy to wszystko, więc na wszelki wypadek zrobię, co napisałeś

http://wklej.to/orj6


(Henio Mazurek) #4

Faktycznie usunięte. Wklej taki tekst w OTL

Kliknij Run Fix. Po restarcie klikasz CleanUp.

Wyłącz na chwilę przywracanie systemu - XP/Vista

Wykonaj pełny skan Malwarebytes Anti-Malware, jeśli coś znajdzie - usuń i wklej log.

Przeczyść dysk i rejestr CCleaner'em.

Możesz usunąć bonjour wg tej instrukcji

http://www.searchengines.pl/Jak-usunac- ... 03177.html


(JNJN) #5

Proszę zmienić temat na konkretny, opcja EDYTUJ i popraw.JNJN


(system) #6

http://wklej.to/A4JP

zaraz odpalam CCleaner'a


(JNJN) #7

Byłeś o coś proszony, następnej prośby nie będzie i temat poleci do kosza.JNJN