ComboFix 11-10-24.05 - Administrator 2011-10-25 7:42.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2038.1411 [GMT 2:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\COM+.log c:\windows\msmqinst.log c:\windows\system32\Cache . . ((((((((((((((((((((((((( Pliki utworzone od 2011-09-25 do 2011-10-25 ))))))))))))))))))))))))))))))) . . 2011-10-20 12:38 . 2011-10-20 12:38 -------- d-----w- C:\!!! 2011-10-17 07:38 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-10-17 07:38 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-10-17 07:38 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-10-17 07:38 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-10-17 07:38 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-10-17 07:38 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-10-17 07:38 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-10-17 07:38 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-10-17 07:38 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr 2011-10-17 07:38 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-10-17 07:38 . 2011-10-17 07:38 -------- d-----w- c:\program files\AVAST Software 2011-10-17 07:38 . 2011-10-17 07:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AVAST Software 2011-10-17 07:37 . 2011-10-17 07:37 -------- d-----w- C:\___Avast_licencja 2011-10-10 11:35 . 2006-03-02 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe 2011-10-10 11:02 . 2005-01-04 09:54 50176 ----a-w- c:\windows\system32\WolCmd.exe 2011-10-10 10:24 . 2011-10-10 10:25 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\WoLEX 2011-10-07 15:05 . 2011-10-07 15:05 323624 ----a-w- c:\windows\system32\wiaaut.dll 2011-10-07 08:00 . 2011-10-07 08:00 -------- d-----w- c:\program files\Reference Assemblies 2011-10-06 10:10 . 2010-04-03 18:51 47456 ----a-w- c:\windows\system32\perf-MSSQL10_50.BAZATESTOWA-sqlagtctr.dll 2011-10-06 10:10 . 2010-04-03 18:51 73568 ----a-w- c:\windows\system32\perf-MSSQL$BAZATESTOWA-sqlctr10.50.1600.1.dll 2011-10-06 10:09 . 2011-10-06 10:09 -------- d-----w- c:\program files\Microsoft SQL Server Testy 2011-10-06 08:33 . 2011-10-06 08:33 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\iTALC . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-19 05:24 . 2011-05-17 06:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-26 09:41 . 2007-10-09 11:03 614400 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2004-08-04 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-15 10:53 . 2011-09-15 10:53 8892928 ----a-w- c:\documents and settings\All Users\Dane aplikacji\atscie.msi 2011-09-14 12:06 . 2011-09-14 12:06 724992 ----a-w- c:\windows\iun6002.exe 2011-09-09 09:12 . 2004-08-04 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 14:10 . 2004-08-04 12:00 1859200 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:40 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:40 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:40 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:58 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-10-06 08:48 . 2011-04-01 07:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768] "Zoiper.exe"="c:\program files\Attractel\Zoiper\Zoiper.exe" [2011-02-22 1031680] "Tlen.pl"="c:\program files\Tlen7\tlen7.exe" [2010-08-24 80384] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . c:\documents and settings\Administrator\Menu Start\Programy\Autostart\ Wake.bat [2011-10-19 54] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk] backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^OpenOffice.org 3.3.lnk] path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk] backup=c:\windows\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Service Manager.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-06 10:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 21:51 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-07-14 07:26 136176 ----atw- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 12:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX] 2007-06-28 19:44 2816512 ----a-w- c:\program files\HEXelon MAX 6\hexelon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2006-03-23 18:13 77824 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2006-03-23 18:17 118784 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2006-03-23 18:17 94208 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] 2008-04-14 20:51 171520 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2010-12-21 09:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-14 12:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "HASPSrv"=3 (0x3) "SolidWorks Licensing Service"=3 (0x3) "SQLWriter"=2 (0x2) "SQLBrowser"=2 (0x2) "NMSAccess"=2 (0x2) "MySql"=2 (0x2) "MSSQL$SQLEXPRESS"=2 (0x2) "MSSQL$BAZATESTOWA"=2 (0x2) "npggsvc"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Tlen7\\tlen7.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-17 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-17 320856] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-17 20568] R2 MSSQL$FIRMATEC;MSSQL$FIRMATEC;c:\program files\Microsoft SQL Server\MSSQL$FIRMATEC\Binn\sqlservr.exe -sFIRMATEC --> c:\program files\Microsoft SQL Server\MSSQL$FIRMATEC\Binn\sqlservr.exe -sFIRMATEC [?] R2 MySQLS1;MySQLS1;c:\!!!\UniServer\usr\local\mysql\bin\mysqld-opt.exe --defaults-file=C:/!!!/UniServer/usr/local/mysql/my.ini MySQLS1 --> c:\!!!\UniServer\usr\local\mysql\bin\mysqld-opt.exe --defaults-file=C:/!!!/UniServer/usr/local/mysql/my.ini MySQLS1 [?] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 cpuz134;cpuz134;\??\c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys --> c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-05-13 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-05-13 8576] S3 PORTMON;PORTMON;\??\c:\docume~1\ADMINI~1\USTAWI~1\Temp\_wsicc\PORTMSYS.SYS --> c:\docume~1\ADMINI~1\USTAWI~1\Temp\_wsicc\PORTMSYS.SYS [?] S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\drivers\qcusbmdm.sys [2009-02-19 59632] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2011-03-23 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2011-03-23 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2011-03-23 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2011-03-23 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2011-03-23 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2011-03-23 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2011-03-23 115752] S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-03-23 98672] S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-03-23 14960] S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-03-23 124016] S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-03-23 117872] S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-03-23 25456] S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-03-23 113904] S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-03-23 123504] S3 SliceDisk5;SliceDisk5;\??\c:\docume~1\ADMINI~1\USTAWI~1\Temp\FindAndMount\slicedisk.sys --> c:\docume~1\ADMINI~1\USTAWI~1\Temp\FindAndMount\slicedisk.sys [?] S3 SQLAgent$FIRMATEC;SQLAgent$FIRMATEC;c:\program files\Microsoft SQL Server\MSSQL$FIRMATEC\Binn\sqlagent.EXE -i FIRMATEC --> c:\program files\Microsoft SQL Server\MSSQL$FIRMATEC\Binn\sqlagent.EXE -i FIRMATEC [?] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-09 25088] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-02-12 111152] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2011-02-24 33712] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 HASPSrv;HASPSrv;c:\windows\system32\HASPSrv.exe [2009-03-31 696320] S4 MSSQL$BAZATESTOWA;SQL Server (BAZATESTOWA);c:\program files\Microsoft SQL Server Testy\MSSQL10_50.BAZATESTOWA\MSSQL\Binn\sqlservr.exe [2010-04-03 42884448] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-04-03 44896] S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712] S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-04-03 240608] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-03-27 691696] S4 SQLAgent$BAZATESTOWA;SQL Server Agent (BAZATESTOWA);c:\program files\Microsoft SQL Server Testy\MSSQL10_50.BAZATESTOWA\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688] . Zawartość folderu 'Zaplanowane zadania' . 2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1284227242-725345543-500Core1cc720a7cd19090.job - c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-14 07:26] . 2010-07-13 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-11-02 20:18] . . ------- Skan uzupełniający ------- . uInternet Connection Wizard,ShellNext = iexplore TCP: Interfaces\{C23D2DC8-0ED9-4ADB-BE05-2F1908E9FBAC}: NameServer = 62.233.233.233,87.204.204.204 DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cab FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y8j2qger.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.tech-art.com.pl/admin FF - prefs.js: network.proxy.type - 2 . . ------- Skojarzenia plików ------- . .scr=DWGTrueViewScriptFile . - - - - USUNIĘTO PUSTE WPISY - - - - . MSConfigStartUp-AllerCalc - c:\program files\AllerCalc\AllerCalc.exe MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-25 07:53 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQLS1] "ImagePath"="c:\!!!\UniServer\usr\local\mysql\bin\mysqld-opt.exe --defaults-file=C:/!!!/UniServer/usr/local/mysql/my.ini MySQLS1" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql] "ImagePath"="c:\usr/MYSQL/bin/mysqld.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1229272821-1284227242-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,f7,fe,29,ff,00,e6,41,90,d6,d3,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,f7,1a,ec,7c,08,dc,46,bf,55,39,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,f7,fe,29,ff,00,e6,41,90,d6,d3,\ . [HKEY_USERS\S-1-5-21-1229272821-1284227242-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{399B4C2C-E7F3-14DF-6959-778F4EB3C713}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iaabkmffiengmbbncp"=hex:63,61,6b,70,65,64,00,00 . Czas ukończenia: 2011-10-25 07:58:25 ComboFix-quarantined-files.txt 2011-10-25 05:58 . Przed: 8 566 898 688 bajtów wolnych Po: 8 900 665 344 bajtów wolnych . - - End Of File - - 6222D0F704BAEA5AABA8AAC5B502D183