Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:16:41, on 2009-08-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2012 bytes

ComboFix 09-08-08.04 - m 2009-08-09 15:06.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.2047.1664 [GMT 2:00]
Uruchomiony z: f:\kolin\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ktly.exe
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf
E:\autorun.inf
F:\autorun.inf

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-07-09 do 2009-08-09  )))))))))))))))))))))))))))))))
.

2009-08-09 12:24 . 2009-08-09 12:24	--------	d-----w-	C:\totalcmd
2009-08-09 12:24 . 2006-02-16 04:54	545	----a-w-	c:\windows\UC.PIF
2009-08-09 12:24 . 2006-02-16 04:54	545	----a-w-	c:\windows\RAR.PIF
2009-08-09 12:24 . 2006-02-16 04:54	545	----a-w-	c:\windows\PKZIP.PIF
2009-08-09 12:24 . 2006-02-16 04:54	545	----a-w-	c:\windows\PKUNZIP.PIF
2009-08-09 12:24 . 2006-02-16 04:54	545	----a-w-	c:\windows\NOCLOSE.PIF
2009-08-09 12:24 . 2006-02-16 04:54	545	----a-w-	c:\windows\LHA.PIF
2009-08-09 12:24 . 2006-02-16 04:54	545	----a-w-	c:\windows\ARJ.PIF
2009-08-09 11:25 . 2009-08-09 12:45	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-08-09 11:25 . 2009-08-09 11:49	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-08-08 20:19 . 2009-08-08 20:19	33808	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-08-08 20:19 . 2009-08-08 20:19	208616	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-08-08 20:19 . 2009-08-08 20:19	226832	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-08-08 20:06 . 2009-08-08 20:19	94643	----a-w-	c:\windows\system32\drivers\klick.dat
2009-08-08 20:06 . 2009-08-08 20:19	105395	----a-w-	c:\windows\system32\drivers\klin.dat
2009-08-08 20:06 . 2009-08-09 12:46	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-08-08 20:06 . 2009-08-09 12:44	213024	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-08-08 20:06 . 2009-08-09 12:44	1451552	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-08-08 20:06 . 2009-08-08 20:06	--------	d-----w-	c:\program files\Kaspersky Lab
2009-08-08 19:42 . 2009-08-08 19:42	--------	d-----w-	c:\program files\Trend Micro
2009-08-06 20:37 . 2008-06-14 18:01	273024	-c----w-	c:\windows\system32\dllcache\bthport.sys
2009-08-06 20:33 . 2008-10-24 11:10	453632	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2009-08-06 20:33 . 2008-12-11 11:57	333184	-c----w-	c:\windows\system32\dllcache\srv.sys
2009-08-06 20:32 . 2008-05-01 14:33	331776	-c----w-	c:\windows\system32\dllcache\msadce.dll
2009-08-06 20:30 . 2008-10-03 10:17	247326	-c----w-	c:\windows\system32\dllcache\strmdll.dll
2009-08-06 20:30 . 2008-10-15 17:00	332800	-c----w-	c:\windows\system32\dllcache\netapi32.dll
2009-08-06 20:30 . 2008-09-04 16:46	1106944	-c----w-	c:\windows\system32\dllcache\msxml3.dll
2009-08-06 20:30 . 2008-04-21 21:28	218112	-c----w-	c:\windows\system32\dllcache\wordpad.exe
2009-08-06 20:27 . 2009-08-06 23:11	--------	d--h--w-	c:\windows\$hf_mig$
2009-08-06 20:25 . 2009-08-06 20:25	--------	d-s---w-	c:\documents and settings\m\UserData
2009-08-06 17:46 . 2009-08-06 17:46	--------	d-----w-	c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
2009-08-06 17:41 . 2009-08-06 17:41	--------	d-----w-	c:\documents and settings\m\Ustawienia lokalne\Dane aplikacji\Temp
2009-08-06 17:41 . 2009-08-06 17:41	--------	d-----w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
2009-08-06 17:41 . 2009-08-06 20:25	--------	d-----w-	c:\documents and settings\m\Ustawienia lokalne\Dane aplikacji\Google
2009-08-06 17:41 . 2009-08-06 17:41	--------	d-----w-	c:\program files\Google
2009-08-03 10:49 . 2009-08-03 11:07	--------	d-----w-	c:\program files\Warkeys
2009-08-01 21:50 . 2009-08-01 21:50	--------	d-----w-	c:\program files\NVIDIA Corporation
2009-08-01 21:50 . 2009-08-01 21:50	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation
2009-08-01 21:50 . 2009-07-14 18:54	485920	----a-w-	c:\windows\system32\nvudisp.exe
2009-08-01 21:49 . 2009-07-10 05:01	485920	----a-w-	c:\windows\system32\NVUNINST.EXE
2009-08-01 21:49 . 2009-07-14 18:54	868352	----a-w-	c:\windows\system32\nvapi.dll
2009-08-01 21:49 . 2009-07-14 18:54	2189856	----a-w-	c:\windows\system32\nvcuvid.dll
2009-08-01 21:49 . 2009-07-14 18:54	2002944	----a-w-	c:\windows\system32\nvcuda.dll
2009-08-01 21:49 . 2009-07-14 18:54	1706528	----a-w-	c:\windows\system32\nvcuvenc.dll
2009-08-01 21:49 . 2009-07-14 18:54	151552	----a-w-	c:\windows\system32\nvcodins.dll
2009-08-01 21:49 . 2009-07-14 18:54	151552	----a-w-	c:\windows\system32\nvcod.dll
2009-08-01 21:49 . 2009-07-14 18:54	10457088	----a-w-	c:\windows\system32\nvoglnt.dll
2009-08-01 21:49 . 2009-07-14 18:54	1597690	----a-w-	c:\windows\system32\nvdata.bin
2009-08-01 21:19 . 2009-08-01 21:19	--------	d-----w-	c:\documents and settings\m\SystemRequirementsLab
2009-07-19 12:29 . 2009-08-08 22:09	--------	d-----w-	c:\program files\Garena
2009-07-18 16:21 . 2009-07-18 16:21	1506304	-c----w-	c:\windows\system32\dllcache\shdocvw.dll
2009-07-18 16:21 . 2009-07-18 16:21	3083264	-c----w-	c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:28 . 2009-07-17 14:28	--------	d-----w-	c:\documents and settings\m\Ustawienia lokalne\Dane aplikacji\Identities
2009-07-14 11:34 . 2009-07-14 11:34	86016	----a-w-	c:\windows\system32\nvmctray.dll
2009-07-14 11:34 . 2009-07-14 11:34	8085504	----a-w-	c:\windows\system32\nvdispsr.dll
2009-07-14 11:34 . 2009-07-14 11:34	4923392	----a-w-	c:\windows\system32\nvdisps.dll
2009-07-14 11:34 . 2009-07-14 11:34	4640768	----a-w-	c:\windows\system32\nvgamesr.dll
2009-07-14 11:34 . 2009-07-14 11:34	458752	----a-w-	c:\windows\system32\nvmccssr.dll
2009-07-14 11:34 . 2009-07-14 11:34	3547136	----a-w-	c:\windows\system32\nvgames.dll
2009-07-14 11:34 . 2009-07-14 11:34	2854912	----a-w-	c:\windows\system32\nvmoblsr.dll
2009-07-14 11:34 . 2009-07-14 11:34	188416	----a-w-	c:\windows\system32\nvmccss.dll
2009-07-14 11:34 . 2009-07-14 11:34	168004	----a-w-	c:\windows\system32\nvsvc32.exe
2009-07-14 11:34 . 2009-07-14 11:34	143360	----a-w-	c:\windows\system32\nvcolor.exe
2009-07-14 11:34 . 2009-07-14 11:34	13877248	----a-w-	c:\windows\system32\nvcpl.dll
2009-07-14 11:34 . 2009-07-14 11:34	1286144	----a-w-	c:\windows\system32\nvmobls.dll
2009-07-14 11:34 . 2009-07-14 11:34	229376	----a-w-	c:\windows\system32\nvmccs.dll
2009-07-13 16:55 . 2009-07-13 16:55	142976	-c--a-w-	c:\windows\system32\dllcache\usbport.sys
2009-07-11 16:55 . 2009-07-11 16:55	55808	----a-w-	c:\windows\devcon.exe
2009-07-10 13:22 . 2009-07-10 13:22	--------	d-----w-	c:\documents and settings\m\Ustawienia lokalne\Dane aplikacji\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 12:44 . 2009-08-08 20:06	4952	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-08-09 12:44 . 2009-08-08 20:06	15564	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-08-09 11:06 . 2009-07-08 11:31	--------	d-----w-	c:\documents and settings\m\Dane aplikacji\uTorrent
2009-08-08 20:19 . 2008-01-29 15:29	33808	----a-w-	c:\windows\system32\drivers\klbg.sys
2009-08-08 20:04 . 2009-07-05 18:47	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-08-06 21:03 . 2009-07-05 18:44	--------	d-----w-	c:\documents and settings\m\Dane aplikacji\HLSW
2009-08-05 18:16 . 2009-07-08 11:32	--------	d-----w-	c:\program files\AskBarDis
2009-08-03 21:04 . 2009-07-07 00:10	--------	d-----w-	c:\documents and settings\m\Dane aplikacji\Skype
2009-08-03 18:42 . 2009-07-07 00:12	--------	d-----w-	c:\documents and settings\m\Dane aplikacji\skypePM
2009-07-20 09:09 . 2009-07-20 09:09	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\TrackMania
2009-07-20 09:09 . 2009-07-20 09:06	--------	d-----w-	c:\program files\TmNationsForever
2009-07-15 00:21 . 2009-07-05 21:24	--------	d-----w-	c:\program files\Gadu-Gadu
2009-07-14 18:54 . 2007-12-04 23:41	7741664	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2007-12-04 23:41	5842816	----a-w-	c:\windows\system32\nv4_disp.dll
2009-07-13 16:55 . 2001-08-17 22:03	142976	----a-w-	c:\windows\system32\drivers\usbport.sys
2009-07-12 14:12 . 2009-07-07 13:29	--------	d-----w-	c:\program files\PartyGaming
2009-07-10 13:22 . 2009-07-05 18:44	--------	d-----w-	c:\program files\Common Files\Adobe
2009-07-08 11:32 . 2009-07-08 11:32	--------	d-----w-	c:\program files\AskSearch
2009-07-08 11:31 . 2009-07-08 11:31	--------	d-----w-	c:\program files\uTorrent
2009-07-08 11:24 . 2009-07-08 11:24	--------	d-----w-	c:\program files\InstallShield Installation Information
2009-07-08 11:24 . 2009-07-08 11:24	--------	d-----w-	c:\program files\Ontrack
2009-07-08 11:24 . 2009-07-05 18:42	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-07-07 23:13 . 2009-07-05 18:45	--------	d-----w-	c:\program files\NAPI-PROJEKT
2009-07-07 20:35 . 2009-07-07 20:35	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\NVIDIA
2009-07-07 00:12 . 2009-07-07 00:12	56	---ha-w-	c:\windows\system32\ezsidmv.dat
2009-07-07 00:09 . 2009-07-07 00:09	--------	d-----r-	c:\program files\Skype
2009-07-07 00:09 . 2009-07-07 00:09	--------	d-----w-	c:\program files\Common Files\Skype
2009-07-07 00:09 . 2009-07-07 00:09	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype
2009-07-06 14:46 . 2009-07-06 14:46	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-07-06 14:46 . 2009-07-06 14:46	--------	d-----w-	c:\program files\Java
2009-07-06 14:46 . 2009-07-06 14:46	152576	----a-w-	c:\documents and settings\m\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-06 14:39 . 2009-07-06 14:39	--------	d-----w-	c:\program files\SystemRequirementsLab
2009-07-06 12:43 . 2009-07-06 12:43	--------	d-----w-	c:\documents and settings\m\Dane aplikacji\Media Player Classic
2009-07-05 21:24 . 2009-07-05 21:24	--------	d-----w-	c:\documents and settings\m\Dane aplikacji\Gadu-Gadu
2009-07-05 21:20 . 2001-10-26 16:15	49712	----a-w-	c:\windows\system32\perfc015.dat
2009-07-05 21:20 . 2001-10-26 16:15	355830	----a-w-	c:\windows\system32\perfh015.dat
2009-07-05 19:53 . 2009-07-05 19:00	--------	d-----w-	c:\documents and settings\m\Dane aplikacji\Ventrilo
2009-07-05 19:52 . 2009-07-05 19:52	13104	----a-w-	c:\documents and settings\m\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-07-05 19:48 . 2009-07-05 19:05	--------	d-----w-	c:\documents and settings\m\Dane aplikacji\Nowe Gadu-Gadu
2009-07-05 19:16 . 2009-07-05 18:26	86327	----a-w-	c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-07-05 18:52 . 2009-07-05 18:52	0	----a-w-	c:\windows\nsreg.dat
2009-07-05 18:46 . 2009-07-05 18:46	--------	d-----w-	c:\program files\Winamp
2009-07-05 18:46 . 2009-07-05 18:46	--------	d-----w-	c:\program files\VentriloMIX
2009-07-05 18:45 . 2009-07-05 18:45	--------	d-----w-	c:\program files\K-Lite Codec Pack
2009-07-05 18:45 . 2009-07-05 18:44	--------	d-s---w-	c:\program files\HLSW
2009-07-05 18:27 . 2009-07-05 18:27	--------	d-----w-	c:\program files\microsoft frontpage
2009-07-05 18:23 . 2009-07-05 18:23	21856	----a-w-	c:\windows\system32\emptyregdb.dat
2009-07-05 18:23 . 2009-07-05 18:23	--------	d-----w-	c:\program files\Usługi online
2009-06-26 16:19 . 2001-10-26 17:29	662016	----a-w-	c:\windows\system32\wininet.dll
2009-06-26 16:19 . 2009-07-05 19:14	81920	------w-	c:\windows\system32\ieencode.dll
2009-06-16 14:55 . 2001-10-26 17:29	119808	----a-w-	c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2001-10-26 17:29	82432	----a-w-	c:\windows\system32\fontsub.dll
2009-06-03 19:27 . 2001-10-26 17:29	1294336	----a-w-	c:\windows\system32\quartz.dll
2009-05-28 09:23 . 2009-05-28 09:23	42088	----a-w-	c:\documents and settings\m\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2009-05-28 08:34 . 2009-05-28 08:34	11264	----a-w-	c:\documents and settings\m\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-04-17 2113536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-08-08 208616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Steam\\steamapps\\cs_rom@op.pl\\counter-strike\\hl.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"f:\\Steam\\Steam.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 133104]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\m\USTAWI~1\Temp\QTL82.tmp --> c:\docume~1\m\USTAWI~1\Temp\QTL82.tmp [?]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-07-08 234888]
.
Zawartość folderu 'Zaplanowane zadania'

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 17:41]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 17:41]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll


.
------- Skan uzupełniający -------
.
FF - ProfilePath - c:\documents and settings\m\Dane aplikacji\Mozilla\Firefox\Profiles\5rk90e4w.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - wp.pl
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\m\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 15:09
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\m\USTAWI~1\Temp\QTL82.tmp"
.
Czas ukończenia: 2009-08-09 15:10
ComboFix-quarantined-files.txt  2009-08-09 13:10

Przed: 6*402*293*760 bajtów wolnych
Po: 6*398*660*608 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

275	--- E O F ---	2009-08-06 23:11

File::
c:\Program Files\Garena\Garena.exe

Folder::
c:\docume~1\m\USTAWI~1\Temp
c:\program files\AskBarDis

Driver::
ASKUpgrade
GarenaPEngine

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKU\S-1-5-21-1417001333-1972579041-1801674531-1003\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.

:Files
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

:Commands
[emptytemp]
[start explorer]
[Reboot]