ComboFix 12-03-22.01 - lnowicki 2012-03-24   0:19.1.4 - x86
Microsoft Windows 7 Enterprise   6.1.7600.0.1250.48.1045.18.2991.1848 [GMT 1:00]
Uruchomiony z: c:\users\lnowicki\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\UwxaptaPmipm.dll
c:\users\lnowicki\AppData\Local\3ed53f72
c:\users\lnowicki\AppData\Local\3ed53f72\@
c:\users\lnowicki\AppData\Local\3ed53f72\U\00000001.$
c:\users\lnowicki\AppData\Local\3ed53f72\U\000000cb.@
c:\users\lnowicki\AppData\Local\3ed53f72\U\000000cf.@
c:\users\lnowicki\AppData\Local\3ed53f72\U\80000000.$
c:\users\lnowicki\AppData\Local\3ed53f72\U\800000cb.$
c:\users\lnowicki\AppData\Local\3ed53f72\U\800000cf.$
c:\users\lnowicki\AppData\Local\3ed53f72\X
c:\users\lnowicki\AppData\Roaming\cacaoweb
c:\users\lnowicki\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\lnowicki\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\lnowicki\AppData\Roaming\cacaoweb\storage.db
c:\windows\$NtUninstallKB65112$
c:\windows\$NtUninstallKB65112$\1054162802\@
c:\windows\$NtUninstallKB65112$\1054162802\L\xadqgnnk
c:\windows\$NtUninstallKB65112$\1054162802\loader.tlb
c:\windows\$NtUninstallKB65112$\1054162802\U\@00000001
c:\windows\$NtUninstallKB65112$\1054162802\U\@000000c0
c:\windows\$NtUninstallKB65112$\1054162802\U\@000000cb
c:\windows\$NtUninstallKB65112$\1054162802\U\@000000cf
c:\windows\$NtUninstallKB65112$\1054162802\U\@80000000
c:\windows\$NtUninstallKB65112$\1054162802\U\@800000c0
c:\windows\$NtUninstallKB65112$\1054162802\U\@800000cb
c:\windows\$NtUninstallKB65112$\1054162802\U\@800000cf
c:\windows\$NtUninstallKB65112$\987813714
c:\windows\system32\dds_log_ad13.cmd
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-02-23 do 2012-03-23  )))))))))))))))))))))))))))))))
.
.
2012-03-13 18:59 . 2012-03-13 18:59	--------	d-----w-	c:\users\agnszot\AppData\Local\Opera
2012-03-12 13:24 . 2012-03-12 13:24	--------	d-----w-	c:\users\jukiejda\AppData\Local\Adobe
2012-02-28 11:52 . 2012-02-28 11:52	--------	d-----w-	c:\users\awiosna\AppData\Local\Microsoft Help
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 10:55 . 2011-06-17 10:52	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-14 19:59 . 2011-08-29 07:10	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-13 23:12 . A0B4432E896A82740A21AB387C48F421 . 74240 . . [------] . . c:\windows\System32\drivers\tdx.sys
[-] 2009-07-13 23:12 . A0B4432E896A82740A21AB387C48F421 . 74240 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WMAllKey]
@="{5028CECA-A6C3-4D9C-BA25-6C04D8C3ED80}"
[HKEY_CLASSES_ROOT\CLSID\{5028CECA-A6C3-4D9C-BA25-6C04D8C3ED80}]
2010-07-05 11:59	291912	----a-w-	c:\program files\WinMagic\SecureDoc-NT\SDContext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WMNoKey]
@="{2659CB3D-3D6E-42CE-AD9D-FE41C3617CC1}"
[HKEY_CLASSES_ROOT\CLSID\{2659CB3D-3D6E-42CE-AD9D-FE41C3617CC1}]
2010-07-05 11:59	291912	----a-w-	c:\program files\WinMagic\SecureDoc-NT\SDContext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WMNotTransformed]
@="{01DBDE7E-2D13-4495-BE04-12AA56CC2751}"
[HKEY_CLASSES_ROOT\CLSID\{01DBDE7E-2D13-4495-BE04-12AA56CC2751}]
2010-07-05 11:59	291912	----a-w-	c:\program files\WinMagic\SecureDoc-NT\SDContext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WMPartialKey]
@="{5133E633-CFED-4043-9971-38936512E6D4}"
[HKEY_CLASSES_ROOT\CLSID\{5133E633-CFED-4043-9971-38936512E6D4}]
2010-07-05 11:59	291912	----a-w-	c:\program files\WinMagic\SecureDoc-NT\SDContext.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-19 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-19 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-19 170520]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-01-18 115560]
"DsmSxplog"="c:\program files\CA\DSM\Bin\sxpstub.exe" [2010-04-26 25352]
"CAF_SystemTray"="c:\program files\CA\DSM\bin\cfSysTray.exe" [2010-04-26 84232]
"StartSecurDoc"="c:\program files\WinMagic\SecureDoc-NT\SDPin.exe" [2010-07-05 2184264]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2011-2-21 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 4 (0x4)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-28729\Scripts\Logon\0\0]
"Script"=Logon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-35293\Scripts\Logon\0\0]
"Script"=Logon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-35297\Scripts\Logon\0\0]
"Script"=Logon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-36692\Scripts\Logon\0\0]
"Script"=Logon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-36692\Scripts\Logon\1\0]
"Script"=Map_BlueCO_Printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-36692\Scripts\Logon\2\0]
"Script"=Dell_All_MFP_Printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-37424\Scripts\Logon\0\0]
"Script"=Logon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-41657\Scripts\Logon\0\0]
"Script"=Logon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-41657\Scripts\Logon\1\0]
"Script"=Map_mono_A3_Printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-41657\Scripts\Logon\2\0]
"Script"=Map_color_A3_Printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-41657\Scripts\Logon\3\0]
"Script"=Map_BlueAN_Kolor_Printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-41657\Scripts\Logon\4\0]
"Script"=Map_BlueAN_Printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-41657\Scripts\Logon\5\0]
"Script"=Dell_All_MFP_Printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-53388\Scripts\Logon\0\0]
"Script"=Logon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-71028\Scripts\Logon\0\0]
"Script"=Map_BlueAN_Kolor_Printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-71028\Scripts\Logon\1\0]
"Script"=Dell_All_MFP_Printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-71028\Scripts\Logon\2\0]
"Script"=Logon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-73580\Scripts\Logon\0\0]
"Script"=Logon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-117609710-682003330-83381\Scripts\Logon\0\0]
"Script"=Logon.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 dc21x4vm;dc21x4vm;c:\windows\system32\DRIVERS\dc21x4vm.sys [2009-07-13 52224]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-01-07 215208]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-06-05 87424]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-09 1343400]
S0 PinFile;PinFile;c:\windows\system32\DRIVERS\PinFile.sys [2009-09-28 20224]
S0 SDDisk2K;SDDisk2K;c:\windows\system32\DRIVERS\SDDisk2K.sys [2010-01-20 182016]
S0 SDDToki;SDDToki;c:\windows\system32\DRIVERS\SDDToki.sys [2010-01-20 117120]
S0 SDDVD;SDDVD;c:\windows\system32\DRIVERS\SDDVD.sys [2009-09-25 75520]
S0 SDUPC;SDUPC;c:\windows\system32\DRIVERS\SDUPC.sys [2009-03-05 16512]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-01 81920]
S2 CA-SAM-Pmux;CA Connection Broker;c:\program files\CA\SC\Csam\SockAdapter\bin\csampmux.exe [2010-03-05 169224]
S2 caf;CA DSM r12 Common Application Framework;c:\program files\CA\DSM\bin\caf.exe service [x]
S2 CASPLiteAgent;CA Systems Performance LiteAgent;c:\program files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe [2009-02-12 135168]
S2 ComarchCardServer;ComarchCardServer;c:\program files\Comarch\ComarchSmartCard\CardServer.exe [2010-05-12 151552]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-28 47616]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-12-11 38912]
S2 WinMagic SecureDoc Service;WinMagic SecureDoc Service;c:\program files\WinMagic\SecureDoc-NT\SDService.exe [2010-07-05 693320]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-09 106104]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 246272]
S3 NETw5s32;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-04-05 6758912]
S3 rcSmCard;rcSmCard;c:\windows\system32\DRIVERS\rcSmCard.sys [2010-04-26 26128]
S3 rcVidCap;rcVidCap;c:\windows\system32\DRIVERS\rcVidMpt.sys [2010-04-26 9872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
NETSVCS WYMAGA NAPRAWY - pokazano aktualnie istniejące wpisy
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
roxwatch
EPOWER
winachsf
cisvc
s117obex
Nsynas32
NdisFilt
forcewarewebinterface
_iomega_active_disk_service_
djsnetcn
merakcontrol
ANC
cxlpt
GTPTSER
mcsysmon
websensecpmcommunicationagent
aspnet_state
kpfwsvc
cxusb
comhost
fix
ACDaemon
lmimaint
Spsmqvsm
clmtomcatstartersvc
earthlinksafeconnectagent
acrotray
GENERICDRV
se44bus
kmixer
atalk
retroexplauncher
vmauthdservice
alcxsens
maxbackserviceint
smbusp
ibmfilter
yukonwxp
bdfdll
SE2Ebus
TVALG
amsint
vaiomediaplatform-integratedserver-appserver
lbtserv
wmdmpmsn
lvuvc
patrol_scheduler
ups
GT680x
avgmfx86
p1131vid
roxmediadb9
cdmservice
btnetfilter
se45mdm
giveio
inspect
tavsvc
MMRTKRNL
antivirservice
datunidr
fsbwsys
CAMFLT
kavsvc
drvmcdb
pcandis5
BUFADPT
Tablet2k
ip6fw
sfilter
idechndr
w29n51
igateway
s125mdm
symids
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PinOfficeToStartMenu]
2010-05-20 09:14	1488	----a-w-	c:\windows\Setup\Active Setup\PinOfficeToStartMenu.vbs
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-117609710-682003330-71028Core.job
- c:\users\lnowicki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 14:14]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-117609710-682003330-71028UA.job
- c:\users\lnowicki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 14:14]
.
.
------- Skan uzupełniający -------
.
uStart Page = pl.v9.com/ins/ins_1332543244_119391
mStart Page = pl.v9.com/ins/ins_1332543244_119391
uInternet Settings,ProxyServer = proxy1:80
uInternet Settings,ProxyOverride = 10.*;200.*;155.128.*;*.cn.in.pekao.com.pl;*.br.in.pekao.com.pl;*.in.pekao.com.pl;*.session.rservices.com;branchmcp.br.in.pekao.com.pl;*.intra-dm.pekao.com.pl;*.erp.pekao.com.pl;*.cdm;*.cbc.pekao.com.pl;*.intra.net;*.lan.at;sapp07ssl.intranet.hypovereinsbank.de;etltstn.in.pekao.com.pl;trandb.in.pekao.com.pl;genproxyexcep;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.179.1.62 62.179.1.63
TCP: Interfaces\{2E09335E-03FA-4447-B0CD-799502ADED73}: NameServer = 62.179.1.62,62.179.1.63
TCP: Interfaces\{7B802E6B-1962-4380-8224-74F3608A5280}: NameServer = 62.179.1.62,62.179.1.63
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} - hxxps://www.pekaobiznes24.pl/sme/static/components/1,3,0,82/SignActivXPEKAO.cab
FF - ProfilePath - c:\users\lnowicki\AppData\Roaming\Mozilla\Firefox\Profiles\jh8pxdxt.default\
FF - prefs.js: browser.startup.homepage - pl.v9.com/ins/ins_1332543244_119391
FF - prefs.js: network.proxy.ftp - proxy1
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - proxy1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - proxy1
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - proxy1
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
.
------- Skojarzenia plików -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-cacaoweb - c:\users\lnowicki\AppData\Roaming\cacaoweb\cacaoweb.exe
HKCU-Run-Windows Time - c:\programdata\UwxaptaPmipm.dll
SafeBoot-Symantec Antvirus
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD25 rev.03.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
sectors 488397166 (+255): user != kernel
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'Explorer.exe'(4360)
c:\windows\SYSTEM32\SYSFER.DLL
c:\program files\WinMagic\SecureDoc-NT\SDContext.dll
c:\windows\system32\sdd.dll
c:\windows\system32\sddisk.dll
c:\windows\system32\SDToki.dll
c:\windows\system32\sdck.dll
c:\windows\system32\WMServiceHlper.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\CA\SC\CAM\bin\cam.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\CA\DSM\bin\caf.exe
c:\windows\system32\taskhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\CA\DSM\Bin\cfsmsmd.exe
c:\program files\CA\DSM\Bin\ccnfagent.exe
c:\program files\CA\DSM\Bin\cfnotsrvd.exe
c:\program files\CA\DSM\Bin\ccsmagtd.exe
c:\program files\CA\DSM\Bin\rcHost.exe
c:\program files\CA\DSM\Bin\amswmagt.exe
c:\program files\CA\DSM\Bin\cfftplugin.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Czas ukończenia: 2012-03-24  00:32:02 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-03-23 23:32
.
Przed: 212 298 334 208 bajtów wolnych
Po: 212 368 736 256 bajtów wolnych
.
- - End Of File - - 2F74D30112F7FB8A820339E692B65187