ComboFix 10-02-03.04 - mody 2010-02-03 21:10:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2046.1256 [GMT 0:00]
Uruchomiony z: c:\users\mody\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090618-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1335 [VPS 090618-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:$recycle.bin\S-1-5-21-1044340984-3374458352-3868366472-500
c:$recycle.bin\S-1-5-21-1700653990-396368735-3127266353-500
c:$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:$recycle.bin\S-1-5-21-2163039684-3843062516-95695863-1006
c:$recycle.bin\S-1-5-21-3723424155-2836419890-3711988-500
c:$recycle.bin\S-1-5-21-4275756875-3957324713-4263332724-500
c:\programdata\hpe1738.dll
c:\recycler\S-1-5-21-1448396476-6486811264-207531212-9070
.
((((((((((((((((((((((((( Pliki utworzone od 2010-01-03 do 2010-02-03 )))))))))))))))))))))))))))))))
.
2010-02-03 21:03 . 2010-02-03 21:05 -------- d-----w- C:\32788R22FWJFW
2010-01-29 19:32 . 2010-01-29 19:32 -------- d-----w- c:\program files\ALLConverter
2010-01-29 19:32 . 2009-06-11 22:52 892928 ----a-w- c:\programdata\ALLPlayer\LIVE\DOLBY\iconv.dll
2010-01-29 19:32 . 2009-05-29 22:31 881664 ----a-w- c:\programdata\ALLPlayer\LIVE\XVID\xvidcore.dll
2010-01-29 19:32 . 2008-04-14 22:50 1291776 ----a-w- c:\programdata\ALLPlayer\LIVE\QUARTZ\quartzXP.dll
2010-01-29 19:32 . 2009-05-29 22:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-01-29 19:32 . 2008-11-13 04:25 740442 ----a-w- c:\programdata\ALLPlayer\LIVE\DIVX\DivX.dll
2010-01-29 19:32 . 2009-06-11 22:52 892928 ----a-w- c:\windows\system32\iconv.dll
2010-01-28 21:00 . 2010-01-28 21:00 -------- d-----w- c:\users\mody\AppData\Local\Mozilla
2010-01-23 18:27 . 2010-02-03 21:05 -------- d-----w- c:\users\mody\AppData\Roaming\Skype
2010-01-23 18:26 . 2010-01-23 18:26 -------- d-----w- c:\program files\Common Files\Skype
2010-01-23 15:59 . 2010-01-23 15:59 -------- d-----w- c:\program files\SkanerOnline
2010-01-16 20:37 . 2010-01-16 20:37 -------- d-----w- c:\users\mody\AppData\Roaming\PhotoFiltre
2010-01-13 18:21 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 18:21 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-11 17:51 . 2010-01-11 17:51 -------- d-----w- c:\programdata\Avanquest Bluetooth SDK
2010-01-11 17:50 . 2010-01-11 17:50 -------- d-----w- c:\programdata\BVRP Software
2010-01-11 17:50 . 2010-01-11 17:50 -------- d-----w- c:\users\mody\AppData\Local\Sony Ericsson
2010-01-11 17:41 . 2010-01-11 17:41 -------- d-sh–we c:\windows\system32\config\systemprofile\Ustawienia lokalne
2010-01-07 11:30 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-01-05 17:58 . 2010-01-05 18:00 66 ----a-w- c:\windows\hcs.dat
2010-01-05 17:58 . 2010-01-05 17:58 15872 ----a-w- c:\windows\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys
2010-01-05 17:58 . 2004-08-04 00:56 11776 ----a-w- c:\windows\system32\reghmf.exe
2010-01-05 17:58 . 2007-02-12 16:55 692224 ----a-w- c:\windows\system32\hsys30.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 21:14 . 2009-06-18 13:16 9724 ----a-w- c:\windows\system32\perfc015.dat
2010-02-03 21:14 . 2009-06-18 13:16 30234 ----a-w- c:\windows\system32\perfh015.dat
2010-02-03 21:05 . 2009-06-16 20:24 -------- d-----w- c:\users\mody\AppData\Roaming\uTorrent
2010-02-03 19:15 . 2009-06-16 20:46 -------- d-----w- c:\users\mody\AppData\Roaming\skypePM
2010-01-29 19:32 . 2009-10-15 16:40 -------- d-----w- c:\programdata\ALLPlayer
2010-01-29 19:32 . 2009-06-16 21:10 -------- d-----w- c:\program files\NAPI-PROJEKT
2010-01-23 18:26 . 2009-06-16 20:44 -------- d-----w- c:\programdata\Skype
2010-01-14 11:12 . 2009-10-07 08:45 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 23:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-11 17:48 . 2010-01-11 17:48 -------- d-----w- c:\programdata\Sony Ericsson
2010-01-11 17:48 . 2007-04-13 15:34 -------- d–h--w- c:\program files\InstallShield Installation Information
2010-01-05 12:47 . 2009-11-22 14:13 -------- d-----w- c:\users\mody\AppData\Roaming\Any Video Converter
2010-01-04 19:24 . 2010-01-04 19:24 -------- d-----w- c:\programdata\TrueCrypt
2010-01-02 06:38 . 2010-01-22 19:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 19:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 19:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 19:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-24 22:08 . 2009-12-24 22:08 -------- d-----w- c:\users\mody\AppData\Roaming\Switchball
2009-12-24 22:08 . 2009-12-24 22:08 -------- d-----w- c:\programdata\Trymedia
2009-12-23 13:50 . 2009-12-23 13:47 -------- d-----w- c:\users\mody\AppData\Roaming\dp3d
2009-12-22 17:45 . 2009-07-01 10:56 -------- d-----w- c:\programdata\OpenFM
2009-12-21 09:12 . 2009-06-28 07:41 -------- d-----w- c:\program files\Google
2009-12-14 14:49 . 2009-12-14 14:49 -------- d-----w- c:\users\mody\AppData\Roaming\Fit3DLive
2009-11-24 23:54 . 2009-06-16 19:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2009-06-16 19:32 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-06-16 19:32 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-06-16 19:32 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2009-06-16 19:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-06-16 19:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-06-16 19:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 15:30 . 2009-06-16 05:38 113184 ----a-w- c:\users\mody\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-18 02:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-09 18:00 . 2009-11-24 17:12 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-09 12:31 . 2009-12-10 02:02 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 02:02 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 02:02 411648 ----a-w- c:\windows\system32\drivers\http.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920]
“TOSCDSPD”=“c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe” [2006-11-13 413696]
“uTorrent”=“c:\users\mody\Desktop\utorrent.exe” [2010-01-17 289584]
“Nowe Gadu-Gadu”=“e:\programy\GaduGadu\Nowe Gadu-Gadu\gg.exe” [2009-08-31 11391592]
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” [2009-04-23 691656]
“TomTomHOME.exe”=“e:\programy\TomTom\TomTom HOME 2\TomTomHOMERunner.exe” [2009-11-13 247144]
“Sony Ericsson PC Suite”=“e:\programy\sony ericsson\SEPCSuite.exe” [2009-09-24 434176]
“Skype”=“e:\programy\Phone\Skype.exe” [2009-10-09 25623336]
“ALLUpdate”=“e:\programy\ALLPlayer\ALLUpdate.exe” [2009-11-11 870400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“HWSetup”="\HWSetup.exe hwSetUP" [X]
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe” [2008-01-19 1008184]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2007-04-03 154392]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2007-04-03 133912]
“KeNotify”=“c:\program files\TOSHIBA\Utilities\KeNotify.exe” [2006-11-06 34352]
“SVPWUTIL”=“c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe” [2006-03-22 438272]
“topi”=“c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe” [2007-04-02 577536]
“RtHDVCpl”=“RtHDVCpl.exe” [2007-06-13 4489216]
“TPwrMain”=“c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE” [2007-03-29 411192]
“HSON”=“c:\program files\TOSHIBA\TBS\HSON.exe” [2006-12-07 55416]
“SmoothView”=“c:\program files\Toshiba\SmoothView\SmoothView.exe” [2007-05-23 509496]
“00TCrdMain”=“c:\program files\TOSHIBA\FlashCards\TCrdMain.exe” [2007-05-22 538744]
“NDSTray.exe”=“NDSTray.exe” [bU]
“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 90112]
“Camera Assistant Software”=“c:\program files\Camera Assistant Software for Toshiba\traybar.exe” [2007-04-10 413696]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2009-03-20 1451304]
“Toshiba Registration”=“c:\program files\Toshiba\Registration\ToshibaRegistration.exe” [2007-02-19 571024]
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2007-02-12 174872]
“avast!”=“e:\programy\Avast\ashDisp.exe” [2009-11-24 81000]
“GrooveMonitor”=“e:\programy\Office 2007\Office12\GrooveMonitor.exe” [2006-10-26 31016]
“Skytel”=“Skytel.exe” [2007-05-28 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-27 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=“Service”
[HKLM~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- e:\programy\TomTom\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- e:\programy\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“VistaSp2”=hex(b):8b,d0,c0,90,cf,39,ca,01
R0 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [2007-03-06 14848]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-06-16 114768]
R1 HMFAxCore56d706f6725c732df006697fd5ec3381;HMFAxCore56d706f6725c732df006697fd5ec3381;c:\windows\System32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys [2010-01-05 15872]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-06-16 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-06-16 53328]
R2 TomTomHOMEService;TomTomHOMEService;e:\programy\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [2010-01-11 27632]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-07-06 721904]
S2 gupdate1c9f7c3e725fe40;Usługa Google Update (gupdate1c9f7c3e725fe40);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 133104]
S2 OMSI download service;Sony Ericsson OMSI download service;e:\programy\sony ericsson\SupServ.exe [2010-01-11 90112]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\gry\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-11-14 25832]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-06-17 21504]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\System32\drivers\libusb0.sys [2009-09-20 33792]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\System32\drivers\PPJoyBus.sys [2004-01-23 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\System32\drivers\PPortJoy.sys [2004-01-23 28800]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [2010-01-11 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [2010-01-11 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [2010-01-11 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [2010-01-11 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [2010-01-11 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [2010-01-11 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [2010-01-11 115752]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [2009-03-27 23064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Zawartość folderu ‘Zaplanowane zadania’
2010-02-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-28 07:41]
2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 07:41]
2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 07:41]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
mStart Page = hxxp://alawar.pl
IE: E&ksportuj do programu Microsoft Excel - e:\programy\OFFICE~1\Office12\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
FF - ProfilePath - c:\users\mody\AppData\Roaming\Mozilla\Firefox\Profiles\l76ocu7f.default\
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: e:\programy\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: e:\programy\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_colors”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_popup_windows”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.enable_click_image_resizing”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“accessibility.browsewithcaret_shortcut.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.high_water_mark”, 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.gc_frequency”, 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“svg.smil.enabled”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.trackpoint_hack.enabled”, -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.debug”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.agedWeight”, 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.bucketSize”, 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.maxTimeGroupings”, 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.timeGroupingSize”, 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.boundaryWeight”, 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.prefixWeight”, 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“html5.enable”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.download.backgroundInterval”, 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.url.manual”, “http://www.firefox.com”);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-ja”, “mozff”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add”, “addons.mozilla.org”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add.36”, “getpersonas.com”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“lightweightThemes.update.enabled”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.allTabs.previews”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.hide_infobar_for_outdated_plugin”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“toolbar.customization.usesheet”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.enable”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.max”, 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.cachetime”, 20);
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
MSConfigStartUp-ALLUpdate - e:\programy\ALLPlayer\ALLPlayer\ALLUpdate.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 21:19
Windows 6.0.6002 Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???[W ???8?9?`?9???9???9??
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
“ImagePath”=“c:\windows\system32\GameMon.des -service”
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-2163039684-3843062516-95695863-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{86E8CA8F-5434-EF10-0568-3DD5960EC679}*]
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2163039684-3843062516-95695863-1000\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
“??”=hex:f5,17,ab,2e,91,47,f9,68,c8,11,36,7b,58,59,32,22,61,62,89,04,27,ca,06,
2f,07,77,59,92,26,1a,33,7a,47,8a,1a,d6,25,aa,19,0c,1b,47,0d,3b,f3,d1,24,92,\
“??”=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
[HKEY_USERS\S-1-5-21-2163039684-3843062516-95695863-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
“datasecu”=hex:b7,dc,a6,84,64,61,f9,51,0b,49,44,49,ad,da,b1,54,da,ac,29,a5,12,
12,35,ea,83,5a,e2,1d,d0,41,22,34,70,9e,b0,b3,c9,6d,81,57,bb,35,a5,bb,39,3b,\
“rkeysecu”=hex:e3,4a,90,7a,fc,64,54,3a,d3,d8,4a,a4,f7,8b,12,e2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Czas ukończenia: 2010-02-03 21:23:43
ComboFix-quarantined-files.txt 2010-02-03 21:23
Przed: 22 869 504 000 bajtów wolnych
Po: 29 997 977 600 bajtów wolnych
-
- End Of File - - E3138EAC6DB3AB2421539778F4944703