ComboFix.txt

Win32/Kryptik.DNT proszę o sprawdzenie loga

w załaczniku log

ComboFix 10-04-08.02 - M & J 2010-04-09 15:22:32.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.3071.2223 [GMT 2:00]
Uruchomiony z: c:\users\M & J\Desktop\ComboFix.exe
* Rezydentny antywirus jest aktywny

.

((((((((((((((((((((((((((((((((((((((( Usuni?to )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\users\M & J\AppData\Roaming\BITS
c:\users\M & J\AppData\Roaming\BITS\BITS.ini
c:\users\M & J\AppData\Roaming\BITS\DHTTable.dat
c:\users\M & J\AppData\Roaming\BITS\ProxyList.ini
c:\users\M & J\AppData\Roaming\BITS\UPnP.ini
c:\users\M & J\AppData\Roaming\EurekaLog
c:\users\M & J\AppData\Roaming\FlashGetBHO
c:\windows\system32\secustat.dat

.
((((((((((((((((((((((((( Pliki utworzone od 2010-03-09 do 2010-04-09 )))))))))))))))))))))))))))))))
.

2010-04-09 13:28 . 2010-04-09 13:29 -------- d-----w- c:\users\M & J\AppData\Local\temp
2010-04-09 13:28 . 2010-04-09 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-09 13:15 . 2010-04-09 13:15 -------- d-----w- C:\_OTL
2010-04-07 18:37 . 2010-04-07 18:37 -------- d-----w- c:\users\M & J\AppData\Roaming\Malwarebytes
2010-04-07 18:36 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 18:36 . 2010-04-07 18:36 -------- d-----w- c:\programdata\Malwarebytes
2010-04-07 18:36 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 18:36 . 2010-04-07 18:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 16:58 . 2010-04-08 17:20 -------- d-----w- c:\program files\Kyodai
2010-04-06 12:57 . 2010-04-06 12:57 -------- d-----w- c:\users\M & J\AppData\Roaming\HEXelon
2010-04-06 12:04 . 2010-04-06 12:04 -------- d-----w- c:\programdata\HP Product Assistant
2010-04-06 12:02 . 2010-04-06 12:02 -------- d-----w- c:\program files\Common Files\HP
2010-04-06 11:54 . 2010-04-06 12:07 172091 ----a-w- c:\windows\hpoins29.dat
2010-04-06 11:54 . 2009-10-08 01:26 457 ------w- c:\windows\hpomdl29.dat
2010-04-06 11:06 . 2010-04-06 11:06 -------- d-----w- c:\users\M & J\AppData\Local\ESET
2010-04-06 10:52 . 2010-04-06 10:52 -------- d-----w- c:\program files\ESET
2010-04-06 10:43 . 2010-04-06 19:37 -------- d-----w- c:\program files\SkanerOnline
2010-04-06 10:29 . 2009-05-22 05:12 121344 ----a-w- c:\programdata\HP\Installer\Temp\hpqrrx08.exe
2010-04-06 09:45 . 2010-04-06 09:45 -------- d-----w- c:\program files\Foxit Software
2010-04-06 08:03 . 2010-04-06 08:03 -------- d-----w- C:\profiles
2010-04-05 13:03 . 2010-04-05 13:03 0 ----a-w- c:\windows\nsreg.dat
2010-04-05 13:03 . 2010-04-05 13:03 -------- d-----w- c:\users\M & J\AppData\Local\Mozilla
2010-04-05 09:22 . 2010-04-05 09:22 -------- d-----w- c:\users\M & J\AppData\Roaming\Nero
2010-04-05 09:19 . 2010-04-05 09:19 -------- d-----w- c:\users\M & J\AppData\Local\Ahead
2010-04-05 09:18 . 2010-04-05 09:18 -------- d-----w- c:\program files\Common Files\Nero
2010-04-05 09:18 . 2010-04-05 09:18 -------- d-----w- c:\programdata\Nero
2010-04-05 09:18 . 2010-04-05 09:18 -------- d-----w- c:\program files\Nero
2010-04-03 19:17 . 2010-04-09 13:19 -------- d-----w- c:\users\M & J\AppData\Roaming\AIMP
2010-04-03 19:17 . 2010-04-03 19:17 -------- d-----w- c:\program files\AIMP2
2010-04-02 20:17 . 2010-04-02 20:17 -------- d-----w- c:\programdata\FLEXnet
2010-04-02 20:01 . 2010-04-02 20:01 -------- d-----w- c:\program files\Common Files\Control Panels
2010-04-02 20:00 . 2010-04-02 20:00 -------- d-----w- c:\program files\Bonjour
2010-04-02 19:54 . 2010-04-02 19:54 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-02 19:53 . 2010-04-02 19:53 -------- d-----w- c:\users\M & J\AppData\Roaming\Media Player Classic
2010-04-02 19:51 . 2009-07-31 22:02 1639224 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.EXE
2010-04-02 19:51 . 2009-07-31 22:02 1710392 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-04-02 19:38 . 2010-04-02 19:38 -------- d-----w- c:\programdata\Solidshield
2010-04-02 19:35 . 2007-10-12 13:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-04-02 17:02 . 2010-04-02 17:02 -------- d-----w- c:\program files\MarkAny
2010-04-02 16:54 . 2007-07-03 15:00 9256 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-04-02 16:54 . 2007-07-03 15:00 9256 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-04-02 16:54 . 2007-07-03 14:58 106792 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-04-02 16:54 . 2007-07-03 14:57 11944 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-04-02 16:54 . 2007-07-03 14:56 9256 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-04-02 16:54 . 2007-07-03 14:56 9256 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-04-02 16:54 . 2007-07-03 14:54 80552 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-04-02 16:53 . 2010-04-02 16:55 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-04-02 16:52 . 2009-05-11 08:04 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-04-02 16:52 . 2009-05-11 08:04 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-04-02 16:52 . 2009-05-11 08:04 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2010-04-02 16:52 . 2010-04-02 16:52 -------- d-----w- c:\users\M & J\AppData\Roaming\Samsung
2010-04-02 16:51 . 2010-04-02 17:03 -------- d-----w- c:\program files\Samsung
2010-04-02 16:50 . 2010-04-02 16:50 -------- d-----w- c:\users\M & J\AppData\Local\Downloaded Installations
2010-04-01 17:38 . 2010-04-07 19:33 -------- d-----w- c:\program files\JDownloader
2010-04-01 17:38 . 2010-04-01 17:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-01 17:38 . 2010-04-01 17:38 -------- d-----w- c:\program files\Java
2010-03-31 16:11 . 2010-03-31 16:11 -------- d-----w- c:\program files\MSXML 4.0
2010-03-31 16:11 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-30 16:17 . 2010-04-06 12:57 -------- d-----w- c:\program files\HEXelon MAX 6
2010-03-30 10:33 . 2010-04-03 20:46 -------- d-----w- c:\users\M & J\AppData\Local\ElevatedDiagnostics
2010-03-30 10:21 . 2005-11-25 12:01 36352 ----a-w- c:\users\M & J\AppData\Roaming\Gadu-Gadu\backup\Kenio\imgcache\Tumblebugs.dll
2010-03-30 10:21 . 2006-06-13 18:40 62885 ----a-w- c:\users\M & J\AppData\Roaming\Gadu-Gadu\backup\Kenio\imgcache\data.exe
2010-03-29 20:41 . 2010-04-03 20:44 -------- d-----w- c:\users\M & J\AppData\Local\Microsoft Games
2010-03-29 20:32 . 2010-04-06 12:26 -------- d-----w- c:\program files\Cobian Backup 10
2010-03-29 19:11 . 2010-03-29 19:11 -------- d-----w- c:\users\M & J\AppData\Roaming\URSoft
2010-03-29 19:11 . 2010-03-29 19:11 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-03-29 16:54 . 2010-03-29 19:15 -------- d-----w- c:\program files\Winamp Toolbar
2010-03-29 16:53 . 2010-03-29 16:53 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-29 16:53 . 2010-04-06 12:26 -------- d-----w- c:\program files\Winamp
2010-03-29 16:42 . 2010-03-29 16:42 -------- d-----w- c:\users\M & J\AppData\Roaming\Gadu-Gadu
2010-03-29 16:42 . 2010-03-29 16:42 -------- d-----w- c:\program files\Gadu-Gadu
2010-03-29 16:39 . 2010-04-06 07:12 1770 ----a-w- c:\windows\system32\secushr.dat
2010-03-29 16:39 . 2010-04-08 18:26 -------- d-----w- C:\Downloads
2010-03-29 16:24 . 2010-03-29 16:24 -------- d-----w- c:\users\M & J\AppData\Roaming\FlashGet
2010-03-29 16:24 . 2010-03-29 16:24 -------- d-----w- c:\program files\IKEA HomePlanner
2010-03-29 16:23 . 2010-03-29 16:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-29 15:59 . 2010-03-29 15:59 -------- d-----w- c:\program files\DC++
2010-03-28 22:04 . 2010-03-28 22:04 -------- d-----w- c:\program files\P4G
2010-03-28 22:04 . 2010-03-28 22:04 -------- d-----w- c:\programdata\P4G
2010-03-28 21:54 . 2010-03-28 21:54 75264 ----a-w- c:\programdata\ALLPlayer\LIVE\APE\MACDec.dll
2010-03-28 21:54 . 2010-03-28 21:54 1633202 ----a-w- c:\programdata\ALLPlayer\LIVE\FFDSHOW\ffmpegmt.dll
2010-03-28 21:54 . 2010-03-28 21:54 612342 ----a-w- c:\programdata\ALLPlayer\LIVE\FFDSHOW\libmplayer.dll
2010-03-28 21:54 . 2010-03-28 21:54 145408 ----a-w- c:\programdata\ALLPlayer\LIVE\FFDSHOW\libmpeg2_ff.dll
2010-03-28 21:54 . 2010-03-28 21:54 4844283 ----a-w- c:\programdata\ALLPlayer\LIVE\FFDSHOW\libavcodec.dll
2010-03-28 21:52 . 2010-03-03 18:52 163840 ----a-w- c:\programdata\ALLPlayer\LIVE\HAALI\ts.dll
2010-03-28 21:50 . 2010-02-10 17:13 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-28 21:50 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-28 21:50 . 2010-03-28 21:54 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-28 21:50 . 2010-03-28 21:54 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-28 21:50 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-03-28 21:50 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-03-28 21:50 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-03-28 21:50 . 2010-03-14 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-28 21:50 . 2010-03-28 21:51 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-28 21:47 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-28 21:45 . 2010-03-28 21:45 -------- d-----w- c:\users\M & J\AppData\Local\Apps
2010-03-28 21:35 . 2010-04-02 20:17 -------- d-----w- c:\users\M & J\AppData\Local\Adobe
2010-03-28 21:34 . 2010-04-02 20:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-28 21:29 . 2010-03-28 21:30 -------- d-----w- c:\users\M & J\AppData\Roaming\PC Suite
2010-03-28 21:29 . 2010-03-28 21:30 -------- d-----w- c:\users\M & J\AppData\Roaming\Nokia
2010-03-28 21:29 . 2010-03-28 21:30 -------- d-----w- c:\programdata\PC Suite
2010-03-28 21:29 . 2010-03-28 21:29 -------- d-----w- c:\program files\Common Files\PCSuite
2010-03-28 21:29 . 2010-03-28 21:29 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-28 21:29 . 2010-03-28 21:29 -------- d-----w- c:\program files\DIFX
2010-03-28 21:29 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-28 21:29 . 2010-03-28 21:29 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-28 21:28 . 2010-04-02 17:02 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-28 21:28 . 2010-03-28 21:29 -------- d-----w- c:\program files\Nokia
2010-03-28 21:28 . 2007-05-02 14:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-03-28 21:28 . 2010-03-28 21:26 34760920 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_pol_web.exe
2010-03-28 21:28 . 2010-03-28 21:28 95232 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-28 21:28 . 2010-03-28 21:28 8192 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-28 21:28 . 2010-03-28 21:28 61440 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-28 21:28 . 2010-03-28 21:28 10240 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-28 21:26 . 2010-03-28 21:26 -------- d-----w- c:\programdata\Installations
2010-03-28 21:09 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-03-28 21:09 . 2010-03-28 21:20 -------- d-----w- c:\program files\PDFCreator
2010-03-28 21:09 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-03-28 20:52 . 2006-10-26 17:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-03-28 20:52 . 2006-10-26 17:58 30512 ----a-w- c:\windows\system32\mdimon.dll
2010-03-28 20:51 . 2010-03-28 20:51 -------- d-----w- c:\program files\Microsoft Works
2010-03-28 20:51 . 2010-03-28 20:51 -------- d-----w- c:\windows\PCHEALTH
2010-03-28 20:51 . 2010-03-28 20:51 -------- d-----w- c:\program files\Microsoft.NET
2010-03-28 20:49 . 2010-03-28 20:49 -------- d-----w- c:\users\M & J\AppData\Local\Microsoft Help
2010-03-28 20:49 . 2010-03-28 20:58 -------- d-----w- c:\programdata\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 13:26 . 2009-07-14 08:07 687828 ----a-w- c:\windows\system32\perfh015.dat
2010-04-09 13:26 . 2009-07-14 08:07 131382 ----a-w- c:\windows\system32\perfc015.dat
2010-04-06 12:01 . 2010-03-28 21:52 -------- d-----w- c:\program files\ALLPlayer
2010-04-05 12:02 . 2010-03-28 21:52 -------- d-----w- c:\program files\NAPI-PROJEKT
2010-03-28 21:55 . 2010-03-28 21:52 -------- d-----w- c:\programdata\ALLPlayer
2010-03-28 21:54 . 2010-03-28 21:52 258048 ----a-w- c:\windows\system32\libFLAC.dll
2010-03-28 21:30 . 2010-03-28 21:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-28 20:13 . 2010-03-28 20:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-03-28 19:49 . 2010-03-28 19:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-03-28 19:01 . 2010-03-28 19:01 -------- d-sh--we c:\programdata\Ulubione
2010-03-28 19:01 . 2010-03-28 19:01 -------- d-sh--we c:\programdata\Pulpit
2010-03-28 19:01 . 2010-03-28 19:01 -------- d-sh--we c:\programdata\Menu Start
2010-03-28 19:01 . 2010-03-28 19:01 -------- d-sh--we c:\programdata\Dokumenty
2010-03-28 19:01 . 2010-03-28 19:01 -------- d-sh--we c:\programdata\Dane aplikacji
2010-03-03 18:52 . 2010-03-28 21:52 246784 ----a-w- c:\programdata\ALLPlayer\LIVE\HAALI\dxr.dll
2010-03-03 18:52 . 2010-03-28 21:52 108032 ----a-w- c:\programdata\ALLPlayer\LIVE\HAALI\avi.dll
2010-03-03 18:52 . 2010-03-28 21:52 159744 ----a-w- c:\programdata\ALLPlayer\LIVE\HAALI\mmfinfo.dll
2010-03-03 18:52 . 2010-03-28 21:52 148480 ----a-w- c:\programdata\ALLPlayer\LIVE\HAALI\mkx.dll
2010-03-03 18:52 . 2010-03-28 21:52 141312 ----a-w- c:\programdata\ALLPlayer\LIVE\HAALI\mp4.dll
2010-03-03 18:52 . 2010-03-28 21:52 120832 ----a-w- c:\programdata\ALLPlayer\LIVE\HAALI\ogm.dll
2010-02-07 11:08 . 2010-03-28 21:52 202240 ----a-w- c:\programdata\ALLPlayer\LIVE\ALLCodec\swscale-0.dll
2010-02-07 11:08 . 2010-03-28 21:52 78336 ----a-w- c:\programdata\ALLPlayer\LIVE\ALLCodec\avutil-50.dll
2010-02-07 11:08 . 2010-03-28 21:52 8570368 ----a-w- c:\programdata\ALLPlayer\LIVE\ALLCodec\avcodec-52.dll
2010-02-07 11:08 . 2010-03-28 21:52 761344 ----a-w- c:\programdata\ALLPlayer\LIVE\ALLCodec\avformat-52.dll
2010-02-07 11:08 . 2010-03-28 21:52 71680 ----a-w- c:\programdata\ALLPlayer\LIVE\ALLCodec\avfilter-1.dll
2010-02-07 11:08 . 2010-03-28 21:52 11264 ----a-w- c:\programdata\ALLPlayer\LIVE\ALLCodec\avdevice-52.dll
2010-02-02 07:45 . 2010-03-28 19:28 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
[code] & lt; pre & gt;
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Alcohol Soft\Alcohol 52\axautomntsrv .exe
c:\program files\ALLPlayer\allupdate .exe
c:\program files\ASUS\ATK Hotkey\hcontroluser .exe
c:\program files\ASUS\ATK Media\dmedia .exe
c:\program files\ASUS\ATKOSD2\atkosd2 .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\Cobian Backup 10\cbinterface .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Common Files\Nero\Lib\nerocheck .exe
c:\program files\Common Files\Nero\Lib\nmindexstoresvr .exe
c:\program files\HP\Digital Imaging\bin\hpqsrmon .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\program files\Nokia\Nokia PC Suite 7\pcsuite .exe
c:\program files\Samsung\Samsung New PC Studio\npsagent .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
& lt; /pre & gt; [/code]

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawid?owe wpisy nie s? pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" HP Software Update " = " c:\program files\HP\HP Software Update\HPWuSchd2.exe " [2007-05-08 54840]
" egui " = " c:\program files\ESET\ESET NOD32 Antivirus\egui.exe " [2009-11-16 2054360]
" Malwarebytes' Anti-Malware " = " c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe " [2010-03-29 437584]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
" ConsentPromptBehaviorAdmin " = 0 (0x0)
" ConsentPromptBehaviorUser " = 3 (0x3)
" EnableLUA " = 0 (0x0)
" EnableUIADesktopToggle " = 0 (0x0)
" PromptOnSecureDesktop " = 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
" aux1 " =wdmaud.drv

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-28 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-13 172032]
S2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [2010-03-25 1125376]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-11 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-03-29 303952]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-11 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-03-29 20824]
S3 netw5v32;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 32-bitowej;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

--- Inne Us?ugi/Sterowniki w Pami?ci ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Skan uzupe?niaj?cy -------
.
uStart Page = hxxp://www.onet.pl/
uInternet Settings,ProxyOverride = *.local
IE: & Pobierz wszystko przez FlashGet - c:\program files\flashget network\flashget universal\ComDlls\Bhoall.htm
IE: & Pobrane przez FlashGet - c:\program files\flashget network\flashget universal\ComDlls\Bholink.htm
IE: Download all by FlashGet3 - c:\users\M & J\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\M & J\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E & ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ??Ó????u3?ÂÔ? - c:\users\M & J\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ??Ó????u3?ÂÔ??<<??Á´ 1/2 Ó - c:\users\M & J\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\users\M & J\AppData\Roaming\Mozilla\Firefox\Profiles\l5i42g1w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX - SPOSÓB POST?POWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " ui.use_native_colors " , true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " ui.use_native_popup_windows " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.enable_click_image_resizing " , true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " accessibility.browsewithcaret_shortcut.enabled " , true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " javascript.options.mem.high_water_mark " , 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " javascript.options.mem.gc_frequency " , 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.auth.force-generic-ntlm " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " svg.smil.enabled " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " ui.trackpoint_hack.enabled " , -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.debug " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.agedWeight " , 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.bucketSize " , 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.maxTimeGroupings " , 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.timeGroupingSize " , 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.boundaryWeight " , 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.prefixWeight " , 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " html5.enable " , false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( " security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref " , true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( " security.ssl.renego_unrestricted_hosts " , " " );
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( " security.ssl.treat_unsafe_negotiation_as_broken " , false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( " security.ssl.require_safe_negotiation " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( " app.update.download.backgroundInterval " , 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( " app.update.url.manual " , " http://www.firefox.com " );
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( " browser.search.param.yahoo-fr-ja " , " mozff " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name " , " chrome://browser/locale/browser.properties " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description " , " chrome://browser/locale/browser.properties " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " xpinstall.whitelist.add " , " addons.mozilla.org " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " xpinstall.whitelist.add.36 " , " getpersonas.com " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " lightweightThemes.update.enabled " , true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.allTabs.previews " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " plugins.hide_infobar_for_outdated_plugin " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " plugins.update.notifyUser " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " toolbar.customization.usesheet " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.taskbar.previews.enable " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.taskbar.previews.max " , 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.taskbar.previews.cachetime " , 20);
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
" 88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 " =hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,f2,a5,3b,ff,c3,60,44,ac,5d,d4,\
" 2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 " =hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,f2,a5,3b,ff,c3,60,44,ac,5d,d4,\

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
" Progid " = " IE.AssocFile.HTM "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
" Progid " = " IE.AssocFile.HTM "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
" Progid " = " IE.AssocFile.MHT "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
" Progid " = " IE.AssocFile.MHT "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
" Progid " = " IE.AssocFile.URL "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
" MSCurrentCountry " =dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas uko?czenia: 2010-04-09 15:31:19
ComboFix-quarantined-files.txt 2010-04-09 13:31

Przed: 45 012 987 904 bajtów wolnych
Po: 44 987 899 904 bajtów wolnych

- - End Of File - - 7E0E625342784C60BA220A08866B8B49

Download file - link to post