ComboFix 11-10-28.04 - W³odek 28.10.2011 23:44:27.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.2046.1357 [GMT 2:00] Uruchomiony z: c:\users\W-odek\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usuniêto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\W³odek\AppData\Local\005565f5\U\800000cb.@ c:\users\W³odek\AppData\Local\005565f5\X c:\users\W³odek\AppData\Roaming\Microsoft\Windows\Recent\Turbo kamera - Turbo kamera - S03E11 - Onet Vod.url c:\users\W³odek\AppData\Roaming\Microsoft\Windows\Recent\Turbo kamera - Turbo kamera - S04E08 - VoD w Onet.pl.url c:\windows\ c:\windows\$NtUninstallKB39519$\104842882 c:\windows\$NtUninstallKB39519$\5596661\@ c:\windows\$NtUninstallKB39519$\5596661\L\xadqgnnk c:\windows\4117058816 c:\windows\IsUn0415.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\ c:\windows\system32\c_55526.nls c:\windows\system32\Dvbpws.dll c:\windows\UA000088.DLL c:\windows\XSxS c:\windows\$NtUninstallKB39519$ . . . . nie uda³o siê usun¹æ . Zainfekowana kopia c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe zosta³a znaleziona. Problem naprawiono Plik odzyskano z - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ . Zainfekowana kopia c:\program files\Avira\AntiVir Desktop\sched.exe zosta³a znaleziona. Problem naprawiono Plik odzyskano z - c:\program files\Avira\AntiVir Desktop\ . Zainfekowana kopia c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe zosta³a znaleziona. Problem naprawiono Plik odzyskano z - c:\program files\Common Files\InterVideo\DeviceService\ . Zainfekowana kopia c:\program files\Google\Update\GoogleUpdate.exe zosta³a znaleziona. Problem naprawiono Plik odzyskano z - c:\program files\Google\Update\ . c:\windows\system32\srvany.exe . . . jest zainfekowany!! c:\windows\system32\srvany.exe . . . was deleted!! You should re-install the program it pertains to . c:\windows\system32\nvvsvc.exe . . . jest zainfekowany!! c:\windows\system32\nvvsvc.exe . . . was deleted!! You should re-install the program it pertains to . Zainfekowana kopia c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe zosta³a znaleziona. Problem naprawiono Plik odzyskano z - c:\program files\NVIDIA Corporation\3D Vision\ . Zainfekowana kopia c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe zosta³a znaleziona. Problem naprawiono Plik odzyskano z - c:\program files\Common Files\Ulead Systems\DVD\ . Zainfekowana kopia c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE zosta³a znaleziona. Problem naprawiono Plik odzyskano z - c:\program files\Common Files\microsoft shared\Windows Live\ . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Us³ugi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF . . ((((((((((((((((((((((((( Pliki utworzone od 2011-09-28 do 2011-10-28 ))))))))))))))))))))))))))))))) . . 2011-10-28 21:53 . 2011-10-28 21:53 -------- d-----w- c:\users\W³odek\AppData\Local\temp 2011-10-28 21:53 . 2011-10-28 21:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-10-28 21:53 . 2011-10-28 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-28 21:46 . 2011-10-28 21:46 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01636DC4-4A9D-43E6-91EB-14A9B3141D17}\offreg.dll 2011-10-28 21:42 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-10-27 23:52 . 2011-10-28 20:49 48016 --sha-w- c:\windows\system32\c_55526.nl_ 2011-10-27 23:30 . 2011-10-27 23:30 -------- d-----w- c:\users\W³odek\AppData\Roaming\Avira 2011-10-27 23:29 . 2011-10-27 23:29 -------- d-----w- c:\programdata\Avira 2011-10-27 23:29 . 2011-10-27 23:29 -------- d-----w- c:\program files\Avira 2011-10-27 23:29 . 2011-09-18 06:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-10-27 23:29 . 2011-09-15 21:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-10-27 23:29 . 2011-09-15 21:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-10-27 22:46 . 2011-10-27 23:23 -------- d-----w- c:\programdata\AVAST Software 2011-10-27 22:05 . 2011-10-27 22:05 -------- d-----w- c:\program files\Ulead Systems 2011-10-26 22:07 . 2011-10-26 22:07 -------- d-----w- c:\windows\ulead.dat 2011-10-26 21:26 . 2011-10-26 21:26 -------- d-----w- c:\users\W³odek\AppData\Local\Programs 2011-10-26 21:26 . 2011-10-26 21:26 -------- d-----w- c:\users\W³odek\AppData\Local\ArcSoft 2011-10-26 21:25 . 2011-10-26 22:07 -------- d-----w- c:\users\W³odek\AppData\Roaming\ArcSoft 2011-10-26 21:25 . 2011-10-26 22:07 -------- d--h--w- c:\programdata\ArcSoft 2011-10-26 21:24 . 2005-07-16 00:35 245408 ----a-w- c:\windows\system32\unicows.dll 2011-10-26 21:24 . 2011-10-26 21:24 -------- d-----w- c:\program files\Common Files\ArcSoft 2011-10-26 21:24 . 2011-10-27 22:06 -------- d-----w- c:\program files\Common Files\Ulead Systems 2011-10-26 21:24 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2011-10-26 21:24 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2011-10-26 21:24 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2011-10-26 21:24 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2011-10-26 21:24 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2011-10-26 21:24 . 2011-10-26 21:24 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2011-10-26 21:24 . 2011-10-26 21:24 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2011-10-26 21:24 . 2008-08-13 07:35 20480 ----a-w- c:\program files\Windows Sidebar\Gadgets\PVR2Remote.Gadget\ClassLibrary1.dll 2011-10-26 21:23 . 2011-10-26 21:24 -------- d-----w- c:\program files\WinFast 2011-10-26 21:23 . 2011-10-26 21:23 -------- d-----w- c:\users\W³odek\AppData\Roaming\InstallShield Installation Information 2011-10-26 21:19 . 2011-10-26 21:20 -------- d-----w- c:\windows\system32\WinFast 2011-10-26 21:19 . 2010-03-23 15:25 342528 ----a-w- c:\windows\system32\drivers\wfsonora.sys 2011-10-26 21:19 . 2006-08-08 18:19 49152 ----a-w- c:\windows\system32\encprxypage.ax 2011-10-25 20:14 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01636DC4-4A9D-43E6-91EB-14A9B3141D17}\mpengine.dll 2011-10-21 20:38 . 2011-10-21 20:38 -------- d-----w- c:\program files\Common Files\Java 2011-10-20 22:10 . 2004-11-29 17:10 167936 ----a-w- c:\windows\system32\MSTMON_Q.EXE 2011-10-20 22:10 . 2004-09-01 00:23 1490944 ----a-w- c:\windows\system32\MSTMON_Q.DLL 2011-10-19 21:44 . 2011-10-19 21:44 -------- d-----w- c:\program files\Common Files\Steam 2011-10-18 20:35 . 2011-10-18 20:35 -------- d-----w- c:\users\W³odek\AppData\Local\VS Revo Group 2011-10-18 20:35 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2011-10-15 22:40 . 2011-10-15 22:40 -------- d-----w- c:\program files\Complitly 2011-10-15 22:40 . 2011-10-15 22:40 -------- d-----w- c:\users\W³odek\AppData\Roaming\Complitly 2011-10-15 22:36 . 2011-10-16 19:47 -------- d-----w- c:\program files\ChrisTV PVR 2011-10-15 22:36 . 2011-07-16 04:27 1376 ----a-w- c:\windows\system32\zipfapy.dll 2011-10-11 21:14 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-11 21:14 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-11 21:14 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys 2011-10-11 21:14 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-11 21:14 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-09 22:14 . 2011-10-09 22:14 -------- d-----w- c:\users\W³odek\AppData\Roaming\Auslogics 2011-10-06 20:58 . 2011-10-06 20:58 -------- d-----w- c:\program files\2BrightSparks 2011-10-04 22:49 . 2010-11-20 12:19 296448 ----a-w- c:\windows\system32\mfds.dll.bak 2011-10-04 22:49 . 2009-07-14 01:15 970240 ----a-w- c:\windows\system32\msmpeg2adec.dll.bak 2011-09-30 19:31 . 2011-09-30 19:42 -------- d-----w- c:\users\W³odek\AppData\Roaming\vlc 2011-09-30 19:29 . 2011-09-30 19:29 -------- d-----w- c:\program files\VideoLAN 2011-09-29 22:05 . 2011-09-30 19:44 -------- d-----w- c:\users\W³odek\AppData\Local\JockerSoft . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-28 20:49 . 2011-02-23 19:29 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys 2011-10-27 23:54 . 2011-10-27 23:51 338944 ----a-w- c:\windows\system32\drivers\afd.sys.org 2011-10-17 20:05 . 2011-05-17 11:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2011-01-05 19:43 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-03 22:57 . 2011-04-25 21:52 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-09-03 22:57 . 2011-04-25 21:52 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-08-31 21:40 . 2011-08-31 21:46 58696 ----a-w- c:\windows\system32\AOLParconLink.exe 2011-08-03 11:50 . 2011-08-09 22:44 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-08-03 11:50 . 2011-08-09 22:44 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-08-03 11:50 . 2011-08-09 22:44 16595560 ----a-w- c:\windows\system32\nvoglv32.dll 2011-08-03 11:50 . 2011-08-09 22:44 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-08-03 11:50 . 2011-08-09 22:44 914024 ----a-w- c:\windows\system32\nvdispco32.dll 2011-08-03 11:50 . 2011-08-09 22:44 875112 ----a-w- c:\windows\system32\nvgenco32.dll 2011-08-03 11:50 . 2011-08-09 22:44 5404776 ----a-w- c:\windows\system32\nvcuda.dll 2011-08-03 11:50 . 2011-08-09 22:44 2391656 ----a-w- c:\windows\system32\nvcuvid.dll 2011-08-03 11:50 . 2011-08-09 22:44 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-08-03 11:50 . 2011-08-09 22:44 17193576 ----a-w- c:\windows\system32\nvcompiler.dll 2011-08-03 11:50 . 2011-08-09 22:44 12636776 ----a-w- c:\windows\system32\nvd3dum.dll 2011-08-03 11:50 . 2011-08-09 22:07 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-08-03 11:50 . 2010-07-09 15:20 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-08-03 11:50 . 2010-07-09 15:20 3730024 ----a-w- c:\windows\system32\nvcpl.dll 2011-08-03 11:50 . 2010-07-09 15:20 2560616 ----a-w- c:\windows\system32\nvsvcr.dll 2011-08-03 11:50 . 2010-07-09 15:20 2558568 ----a-w- c:\windows\system32\nvsvc.dll 2011-08-03 11:50 . 2009-06-10 17:33 2412136 ----a-w- c:\windows\system32\nvapi.dll 2011-08-03 11:50 . 2009-06-10 07:34 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe 2011-09-30 20:52 . 2011-03-21 18:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay] @="{594D4122-1F87-41E2-96C7-825FB4796516}" [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}] 2010-10-30 11:09 478208 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "Nexus"="c:\program files\Winstep\Nexus.exe" [2011-07-05 13283456] "WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-08-11 2920448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-10-30 91648] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-24 10025576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-09-03 273528] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-29 167936] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2011-06-08 101888] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-09-12 340136] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2011-01-24 10:42 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe . R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Us³uga Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-28 136176] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] R3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528] R3 gupdatem;Us³uga Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-28 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 NRKCTL32;NRKCTL32;d:\programy\Wcpuid\NRKCTL32.SYS [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys [x] R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2002-01-12 3567] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 98672] R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 14960] R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 124016] R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 117872] R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 25456] R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 113904] R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 123504] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vpcuxd;Us³uga procedury wejœcia wirtualizacji USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 12800] R3 WatAdminSvc;Us³uga Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-25 1343400] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000] S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [2003-07-22 18848] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-28 379496] S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856] S3 WFSONORA;WinFast PxPVR2200 (XC2028);c:\windows\system32\drivers\wfsonora.sys [2010-03-23 342528] . . Zawartoœæ folderu 'Zaplanowane zadania' . 2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 21:52] . 2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 21:52] . . ------- Skan uzupe³niaj¹cy ------- . uStart Page = hxxp://www.google.pl/ uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10182&home=1 mStart Page = hxxp://www.microsoft.com IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 TCP: Interfaces\{35953D82-4DB7-473F-B8C9-ABE1274FBC4D}: NameServer = 194.204.159.1,194.204.152.34 FF - ProfilePath - c:\users\W³odek\AppData\Roaming\Mozilla\Firefox\Profiles\zgj8uaad.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://search.searchcompletion.com/?bs=1&si=10182&q= . - - - - USUNIÊTO PUSTE WPISY - - - - . SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file) SafeBoot-53778211.sys . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service] "ImagePath"="c:\program files\Winstep\WsxService" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-287265340-2162033715-3200400593-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-287265340-2162033715-3200400593-1001) @Denied: (2) (LocalSystem) "Progid"="Microsoft Internet Mail Message" . [HKEY_USERS\S-1-5-21-287265340-2162033715-3200400593-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-287265340-2162033715-3200400593-1001) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-287265340-2162033715-3200400593-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):8a,2c,3b,2b,02,ee,93,db,d1,c2,54,cd,4f,41,d7,e2,2a,a8,b3,22,6f, 70,ad,50,0f,67,f0,72,b9,3b,b1,66,42,41,3d,f1,3b,12,b4,bb,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-287265340-2162033715-3200400593-1001_Classes\CLSID\{cd05d35d-8240-4476-a65c-1fb43cd2c6e3}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000010c "Therad"=dword:00000019 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozosta³e uruchomione procesy ------------------------ . c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\windows\system32\conhost.exe c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Winstep\WsxService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Czas ukoñczenia: 2011-10-28 23:58:08 - komputer zosta³ uruchomiony ponownie ComboFix-quarantined-files.txt 2011-10-28 21:58 . Przed: 2 811 039 744 bajtów wolnych Po: 4 849 455 104 bajtów wolnych . - - End Of File - - B7A85874AF72B000B87D6522B2297E65