- Kod: Zaznacz wszystko
ComboFix 09-12-26.01 - gabi 2009-12-27 21:45:21.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.48.1045.18.2008.1000 [GMT 1:00]
Uruchomiony z: c:\users\gabi\Documents\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Pliki utworzone od 2009-11-27 do 2009-12-27 )))))))))))))))))))))))))))))))
.
2009-12-27 20:52 . 2009-12-27 20:52 -------- d-----w- c:\users\gabi\AppData\Local\temp
2009-12-27 20:52 . 2009-12-27 20:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-27 20:52 . 2009-12-27 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-26 00:19 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-14 21:16 . 2009-12-27 17:04 304160 ----a-w- C:\PA207.DAT
2009-12-13 16:01 . 2009-12-13 16:02 -------- d--h--w- c:\users\gabi\PP_MOTION.TMP
2009-12-13 16:01 . 2009-12-13 16:01 -------- d-----w- c:\users\gabi\CyberLink
2009-12-13 16:01 . 2009-12-13 16:01 -------- d--h--w- c:\users\gabi\PP_ROTATE_SLIDE.TMP
2009-12-11 22:22 . 2006-11-03 09:59 48128 ----a-w- c:\windows\system32\Remove.exe
2009-12-11 21:44 . 2009-12-11 21:44 -------- d-----w- c:\windows\PixArt
2009-12-11 21:24 . 2009-12-11 22:22 -------- d-----w- c:\program files\Common Files\PAC207
2009-12-10 21:49 . 2009-12-10 21:49 -------- d-----w- c:\programdata\Electronic Arts
2009-12-10 21:49 . 2009-12-10 21:49 10134 ----a-r- c:\users\gabi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-12-10 21:49 . 2009-12-10 21:49 -------- d-----w- c:\program files\Microsoft WSE
2009-12-10 21:48 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-12-10 21:17 . 2009-12-10 21:49 -------- d-----w- c:\program files\Electronic Arts
2009-12-09 22:31 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 22:31 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 22:31 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 18:42 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 18:32 . 2009-12-09 18:32 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbFB8F.tmp.exe
2009-12-08 15:44 . 2009-12-08 15:44 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbBE70.tmp.exe
2009-12-07 14:49 . 2009-12-07 14:49 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7198.tmp.exe
2009-12-06 09:53 . 2009-12-06 09:53 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb64CD.tmp.exe
2009-12-05 11:47 . 2009-12-20 19:03 -------- d-----w- c:\users\gabi\AppData\Local\Microsoft Games
2009-11-28 02:33 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 11:37 . 2009-08-27 08:50 708764 ----a-w- c:\windows\system32\perfh015.dat
2009-12-27 11:37 . 2009-08-27 08:50 144430 ----a-w- c:\windows\system32\perfc015.dat
2009-12-26 00:20 . 2009-08-27 10:35 -------- d-----w- c:\programdata\McAfee
2009-12-22 18:32 . 2009-10-31 22:18 -------- d-----w- c:\users\gabi\AppData\Roaming\Nowe Gadu-Gadu
2009-12-22 17:56 . 2009-11-03 16:33 -------- d-----w- c:\programdata\OpenFM
2009-12-13 16:02 . 2009-11-09 17:12 -------- d-----w- c:\users\gabi\AppData\Roaming\CyberLink
2009-12-13 16:01 . 2009-08-27 10:24 -------- d-----w- c:\programdata\CyberLink
2009-12-11 22:22 . 2009-08-27 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-11 21:31 . 2009-11-01 09:06 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-11 21:23 . 2009-08-27 10:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-11 16:51 . 2009-11-01 04:58 -------- d-----w- c:\programdata\NortonInstaller
2009-12-10 07:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-24 16:42 . 2009-11-24 16:42 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-09 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 18:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 18:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 18:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 11:58 . 2009-11-18 11:56 -------- d-----w- c:\users\gabi\AppData\Roaming\ipla
2009-11-18 11:56 . 2009-11-18 11:56 -------- d-----w- c:\programdata\ipla
2009-11-18 09:34 . 2009-11-18 09:34 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 09:34 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 09:34 . 2009-11-18 09:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 09:34 . 2009-11-18 09:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-12 17:35 . 2009-11-12 16:33 -------- d-----w- c:\program files\PhotoScape
2009-11-11 14:42 . 2009-11-11 14:42 -------- d-----w- c:\programdata\Sony Ericsson
2009-11-11 14:02 . 2009-11-11 14:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-08 10:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-11-08 10:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-11-08 10:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-11-08 10:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-08 10:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-11-05 21:47 . 2009-11-05 21:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-05 21:47 . 2009-11-05 21:47 -------- d-----w- c:\program files\Java
2009-11-03 16:33 . 2009-11-03 16:33 -------- d-----w- c:\users\gabi\AppData\Roaming\OpenFM
2009-11-02 14:47 . 2009-08-27 10:24 53319 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-11-01 11:10 . 2009-08-27 10:51 -------- d-----w- c:\programdata\WinClon
2009-11-01 09:06 . 2009-11-01 09:05 -------- d-----w- c:\program files\Common Files\Real
2009-11-01 09:05 . 2009-11-01 09:05 -------- d-----w- c:\program files\Real
2009-11-01 08:51 . 2009-11-01 08:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-01 05:10 . 2009-11-01 05:06 -------- d-----w- c:\program files\PLAY ONLINE
2009-11-01 05:02 . 2009-11-01 05:01 -------- d-----w- c:\program files\Symantec
2009-11-01 05:01 . 2009-11-01 05:02 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-01 05:01 . 2009-11-01 05:02 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-01 05:01 . 2009-11-01 05:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-01 05:01 . 2009-11-01 05:01 -------- d-----w- c:\program files\Norton Internet Security
2009-10-31 22:19 . 2009-10-31 22:18 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-10-27 18:00 . 2009-11-01 08:50 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-09 21:38 . 2009-10-09 21:38 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHRules.dll
2009-10-09 21:38 . 2009-10-09 21:38 1412496 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHEngine.dll
2009-10-09 21:38 . 2009-10-09 21:38 643632 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx64.sys
2009-10-09 21:38 . 2009-10-09 21:38 508976 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx86.sys
2009-10-09 21:38 . 2009-10-09 21:38 590736 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\bbRGen.dll
2009-10-08 21:08 . 2009-11-18 09:13 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 09:13 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 09:13 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 01:02 . 2009-11-18 09:16 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 09:17 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 09:16 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 09:16 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 09:17 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 09:16 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 09:16 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 09:16 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 09:16 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 09:16 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 09:16 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 09:17 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 09:16 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 09:16 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 09:16 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-10-01 01:01 . 2009-11-18 09:16 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2006-11-20 08:01 . 2006-11-20 08:01 163840 ----a-w- c:\program files\Common Files\AMCap.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592]
"Google Update"="c:\users\gabi\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-31 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-19 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-19 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-19 145944]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-21 7420448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-03-12 210216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-01 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-05 149280]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-21 1833504]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a9,3a,b6,0d,5f,60,ca,01
R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1100000.088\SymDS.sys [2009-11-01 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1100000.088\SymEFA.sys [2009-11-01 169008]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx86.sys [2009-10-09 508976]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1100000.088\ccHPx86.sys [2009-11-01 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091107.001\IDSvix86.sys [2009-11-11 343088]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1100000.088\Ironx86.sys [2009-11-01 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1100000.088\symtdiv.sys [2009-11-01 338480]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [2009-08-27 13312]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-11-01 126392]
R3 PAC207C Camera;c:\windows\System32\drivers\PFC027.SYS [2007-10-25 616064]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-10-31 102448]
S3 FontCache;Usług systemu Windows buforowania czcionek;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-01-21 21504]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [2009-11-11 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [2009-11-11 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [2009-11-11 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [2009-11-11 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [2009-11-11 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [2009-11-11 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [2009-11-11 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [2009-11-11 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [2009-11-11 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [2009-11-11 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [2009-11-11 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [2009-11-11 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [2009-11-11 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [2009-11-11 109736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = hxxp/www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyServer = 8088:80
uInternet Settings,ProxyOverride = <local>
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\be6psb16.default\
FF - prefs.js: network.proxy.type - 4
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http/www.gmer.net
Rootkit scan 2009-12-27 21:52
Windows 6.0.6002 Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2009-12-27 21:54:16
ComboFix-quarantined-files.txt 2009-12-27 20:54
ComboFix2.txt 2009-12-26 21:49
Przed: 28 725 919 744 bajtów wolnych
Po: 28 696 616 960 bajtów wolnych
- - End Of File - - 9E23871EE5205177FFFCBFE979A21588
2009-12-27 22:06:55
ComboFix 09-12-26.01 - gabi 2009-12-27 21:45:21.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.48.1045.18.2008.1000 [GMT 1:00]
Uruchomiony z: c:\users\gabi\Documents\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Pliki utworzone od 2009-11-27 do 2009-12-27 )))))))))))))))))))))))))))))))
.
2009-12-27 20:52 . 2009-12-27 20:52 -------- d-----w- c:\users\gabi\AppData\Local\temp
2009-12-27 20:52 . 2009-12-27 20:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-27 20:52 . 2009-12-27 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-26 00:19 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-14 21:16 . 2009-12-27 17:04 304160 ----a-w- C:\PA207.DAT
2009-12-13 16:01 . 2009-12-13 16:02 -------- d--h--w- c:\users\gabi\PP_MOTION.TMP
2009-12-13 16:01 . 2009-12-13 16:01 -------- d-----w- c:\users\gabi\CyberLink
2009-12-13 16:01 . 2009-12-13 16:01 -------- d--h--w- c:\users\gabi\PP_ROTATE_SLIDE.TMP
2009-12-11 22:22 . 2006-11-03 09:59 48128 ----a-w- c:\windows\system32\Remove.exe
2009-12-11 21:44 . 2009-12-11 21:44 -------- d-----w- c:\windows\PixArt
2009-12-11 21:24 . 2009-12-11 22:22 -------- d-----w- c:\program files\Common Files\PAC207
2009-12-10 21:49 . 2009-12-10 21:49 -------- d-----w- c:\programdata\Electronic Arts
2009-12-10 21:49 . 2009-12-10 21:49 10134 ----a-r- c:\users\gabi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-12-10 21:49 . 2009-12-10 21:49 -------- d-----w- c:\program files\Microsoft WSE
2009-12-10 21:48 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-12-10 21:17 . 2009-12-10 21:49 -------- d-----w- c:\program files\Electronic Arts
2009-12-09 22:31 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 22:31 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 22:31 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 18:42 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 18:32 . 2009-12-09 18:32 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbFB8F.tmp.exe
2009-12-08 15:44 . 2009-12-08 15:44 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbBE70.tmp.exe
2009-12-07 14:49 . 2009-12-07 14:49 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7198.tmp.exe
2009-12-06 09:53 . 2009-12-06 09:53 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb64CD.tmp.exe
2009-12-05 11:47 . 2009-12-20 19:03 -------- d-----w- c:\users\gabi\AppData\Local\Microsoft Games
2009-11-28 02:33 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 11:37 . 2009-08-27 08:50 708764 ----a-w- c:\windows\system32\perfh015.dat
2009-12-27 11:37 . 2009-08-27 08:50 144430 ----a-w- c:\windows\system32\perfc015.dat
2009-12-26 00:20 . 2009-08-27 10:35 -------- d-----w- c:\programdata\McAfee
2009-12-22 18:32 . 2009-10-31 22:18 -------- d-----w- c:\users\gabi\AppData\Roaming\Nowe Gadu-Gadu
2009-12-22 17:56 . 2009-11-03 16:33 -------- d-----w- c:\programdata\OpenFM
2009-12-13 16:02 . 2009-11-09 17:12 -------- d-----w- c:\users\gabi\AppData\Roaming\CyberLink
2009-12-13 16:01 . 2009-08-27 10:24 -------- d-----w- c:\programdata\CyberLink
2009-12-11 22:22 . 2009-08-27 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-11 21:31 . 2009-11-01 09:06 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-11 21:23 . 2009-08-27 10:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-11 16:51 . 2009-11-01 04:58 -------- d-----w- c:\programdata\NortonInstaller
2009-12-10 07:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-24 16:42 . 2009-11-24 16:42 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-09 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 18:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 18:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 18:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 11:58 . 2009-11-18 11:56 -------- d-----w- c:\users\gabi\AppData\Roaming\ipla
2009-11-18 11:56 . 2009-11-18 11:56 -------- d-----w- c:\programdata\ipla
2009-11-18 09:34 . 2009-11-18 09:34 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 09:34 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 09:34 . 2009-11-18 09:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 09:34 . 2009-11-18 09:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-12 17:35 . 2009-11-12 16:33 -------- d-----w- c:\program files\PhotoScape
2009-11-11 14:42 . 2009-11-11 14:42 -------- d-----w- c:\programdata\Sony Ericsson
2009-11-11 14:02 . 2009-11-11 14:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-08 10:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-11-08 10:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-11-08 10:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-11-08 10:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-08 10:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-11-05 21:47 . 2009-11-05 21:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-05 21:47 . 2009-11-05 21:47 -------- d-----w- c:\program files\Java
2009-11-03 16:33 . 2009-11-03 16:33 -------- d-----w- c:\users\gabi\AppData\Roaming\OpenFM
2009-11-02 14:47 . 2009-08-27 10:24 53319 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-11-01 11:10 . 2009-08-27 10:51 -------- d-----w- c:\programdata\WinClon
2009-11-01 09:06 . 2009-11-01 09:05 -------- d-----w- c:\program files\Common Files\Real
2009-11-01 09:05 . 2009-11-01 09:05 -------- d-----w- c:\program files\Real
2009-11-01 08:51 . 2009-11-01 08:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-01 05:10 . 2009-11-01 05:06 -------- d-----w- c:\program files\PLAY ONLINE
2009-11-01 05:02 . 2009-11-01 05:01 -------- d-----w- c:\program files\Symantec
2009-11-01 05:01 . 2009-11-01 05:02 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-01 05:01 . 2009-11-01 05:02 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-01 05:01 . 2009-11-01 05:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-01 05:01 . 2009-11-01 05:01 -------- d-----w- c:\program files\Norton Internet Security
2009-10-31 22:19 . 2009-10-31 22:18 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-10-27 18:00 . 2009-11-01 08:50 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-09 21:38 . 2009-10-09 21:38 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHRules.dll
2009-10-09 21:38 . 2009-10-09 21:38 1412496 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHEngine.dll
2009-10-09 21:38 . 2009-10-09 21:38 643632 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx64.sys
2009-10-09 21:38 . 2009-10-09 21:38 508976 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx86.sys
2009-10-09 21:38 . 2009-10-09 21:38 590736 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\bbRGen.dll
2009-10-08 21:08 . 2009-11-18 09:13 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 09:13 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 09:13 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 01:02 . 2009-11-18 09:16 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 09:17 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 09:16 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 09:16 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 09:17 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 09:16 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 09:16 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 09:16 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 09:16 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 09:16 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 09:16 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 09:17 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 09:16 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 09:16 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 09:16 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-10-01 01:01 . 2009-11-18 09:16 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2006-11-20 08:01 . 2006-11-20 08:01 163840 ----a-w- c:\program files\Common Files\AMCap.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592]
"Google Update"="c:\users\gabi\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-31 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-19 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-19 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-19 145944]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-21 7420448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-03-12 210216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-01 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-05 149280]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-21 1833504]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a9,3a,b6,0d,5f,60,ca,01
R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1100000.088\SymDS.sys [2009-11-01 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1100000.088\SymEFA.sys [2009-11-01 169008]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx86.sys [2009-10-09 508976]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1100000.088\ccHPx86.sys [2009-11-01 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091107.001\IDSvix86.sys [2009-11-11 343088]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1100000.088\Ironx86.sys [2009-11-01 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1100000.088\symtdiv.sys [2009-11-01 338480]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [2009-08-27 13312]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-11-01 126392]
R3 PAC207C Camera;c:\windows\System32\drivers\PFC027.SYS [2007-10-25 616064]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-10-31 102448]
S3 FontCache;Usług systemu Windows buforowania czcionek;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-01-21 21504]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [2009-11-11 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [2009-11-11 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [2009-11-11 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [2009-11-11 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [2009-11-11 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [2009-11-11 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [2009-11-11 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [2009-11-11 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [2009-11-11 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [2009-11-11 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [2009-11-11 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [2009-11-11 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [2009-11-11 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [2009-11-11 109736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = hxxp/www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyServer = 8088:80
uInternet Settings,ProxyOverride = <local>
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\be6psb16.default\
FF - prefs.js: network.proxy.type - 4
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http/www.gmer.net
Rootkit scan 2009-12-27 21:52
Windows 6.0.6002 Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2009-12-27 21:54:16
ComboFix-quarantined-files.txt 2009-12-27 20:54
ComboFix2.txt 2009-12-26 21:49
Przed: 28 725 919 744 bajtów wolnych
Po: 28 696 616 960 bajtów wolnych
- - End Of File - - 9E23871EE5205177FFFCBFE979A21588