ComboFix 12-07-08.01 - Piotruś 2012-07-09 12:31:46.1.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.2047.1358 [GMT 2:00] Uruchomiony z: c:\users\Piotruť\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\facemoods.com c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe C:\Recycle.Bin c:\recycle.bin\B6232F3A521.exe c:\users\Piotrusia\AppData\Roaming\Fawef c:\users\Piotrusia\AppData\Roaming\Fawef\quuw.ufv c:\users\Piotrusia\AppData\Roaming\Ilpux c:\users\Piotrusia\AppData\Roaming\Ilpux\fuagg.yqc c:\users\Piotrusia\AppData\Roaming\Yldoho c:\users\Piotrusia\AppData\Roaming\Yldoho\asaxo.exe c:\windows\PFRO.log c:\windows\reinfo c:\windows\reinfo\date.obo c:\windows\reinfo\engine\connect.obo c:\windows\reinfo\engine\connect2.obo c:\windows\reinfo\engine\connect3.obo c:\windows\reinfo\engine\rnd_var.obo c:\windows\reinfo\wm_player.exe c:\windows\system32\launcher.exe c:\windows\system32\tmpD88E.tmp c:\windows\system32\tmpD88F.tmp . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-09 do 2012-07-09 ))))))))))))))))))))))))))))))) . . 2012-07-09 10:39 . 2012-07-09 10:39 -------- d-----w- c:\users\Piotruś\AppData\Local\temp 2012-07-09 10:39 . 2012-07-09 10:39 -------- d-----w- c:\users\Piotrusia\AppData\Local\temp 2012-07-09 10:38 . 2012-07-09 10:38 -------- d-----w- c:\users\Gry\AppData\Local\temp 2012-07-09 10:38 . 2012-07-09 10:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-09 10:38 . 2012-07-09 10:38 -------- d-----w- c:\users\Aśq xD\AppData\Local\temp 2012-07-09 09:27 . 2012-07-09 10:18 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DA5E61D-32D7-4567-A179-DEA243B82535}\offreg.dll 2012-07-09 08:42 . 2012-07-09 08:42 -------- d-----w- c:\users\Piotrusia\AppData\Roaming\hellomoto 2012-07-09 08:11 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DA5E61D-32D7-4567-A179-DEA243B82535}\mpengine.dll 2012-07-08 17:54 . 2012-07-08 17:54 -------- d-----w- c:\users\Piotrusia\AppData\Roaming\Registry Mechanic 2012-07-08 16:12 . 2008-04-02 13:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-07-08 16:12 . 2008-04-02 13:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-07-08 16:12 . 2008-04-02 13:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-07-08 16:12 . 2012-04-26 12:08 512472 ----a-w- c:\windows\system32\msxml.dll 2012-07-08 16:12 . 2012-04-26 12:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-07-08 16:12 . 2008-09-17 19:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-07-08 16:12 . 2004-03-08 22:00 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-07-08 16:12 . 2012-07-08 16:12 -------- d-----w- c:\program files\Common Files\PC Tools 2012-07-08 16:12 . 2012-07-09 09:26 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-07-08 14:46 . 2012-07-09 08:27 -------- d-----w- c:\users\Piotrusia\AppData\Roaming\.minecraft 2012-07-08 07:32 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-05 09:03 . 2012-07-05 09:03 -------- d-----w- c:\program files\LogMeIn Hamachi 2012-07-04 08:17 . 2012-02-10 10:35 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FE4751D-4A82-42B7-9ED7-4F9A79531ED6}\gapaengine.dll 2012-07-03 19:00 . 2012-07-08 07:25 -------- d-----w- c:\programdata\F4D561F3007880460003ED7EB4EB238B 2012-06-19 14:53 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-19 14:53 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-19 14:53 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-19 14:53 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-19 14:53 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-19 14:53 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-19 14:53 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-19 14:52 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 14:52 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-15 11:21 . 2012-07-08 16:53 -------- d-----w- c:\programdata\Wizard101(PL) 2012-06-13 17:54 . 2012-06-13 17:59 -------- d-----w- c:\users\Piotrusia\AppData\Local\Turbine 2012-06-13 17:54 . 2012-06-13 18:12 -------- d-----w- c:\users\Piotrusia\AppData\Local\ApplicationHistory 2012-06-13 17:50 . 2012-06-13 17:50 -------- d-----w- c:\windows\system32\URTTEMP 2012-06-13 08:32 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-06-13 08:32 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 08:30 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 08:30 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 08:30 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 08:30 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 08:30 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 08:29 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-11 08:21 . 2012-06-11 08:22 -------- d-----w- c:\users\Piotrusia\AppData\Local\ElevatedDiagnostics . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-27 13:39 . 2011-08-05 08:38 477240 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-12-21 08:04 . 2012-01-26 13:49 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBrot.dll" [2011-01-17 175912] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\prxtbfre0.dll" [2011-05-09 176936] "{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}"= "c:\program files\SFT_Polska\prxtbSFT_.dll" [2011-03-28 176936] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-02-01 141616] . [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_CLASSES_ROOT\clsid\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}] . [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}] 2011-05-09 09:49 176936 ----a-w- c:\program files\4shared.com\prxtb4sh0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 15:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}] 2011-01-17 15:54 175912 ----a-w- c:\program files\BrotherSoft_Extreme\prxtbBrot.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}] 2011-03-28 16:22 176936 ----a-w- c:\program files\SFT_Polska\prxtbSFT_.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2011-05-09 09:49 176936 ----a-w- c:\program files\free-downloads.net\prxtbfre0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2011-02-01 13:58 1499440 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBrot.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\prxtbfre0.dll" [2011-05-09 176936] "{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\prxtb4sh0.dll" [2011-05-09 176936] "{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}"= "c:\program files\SFT_Polska\prxtbSFT_.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}] . [HKEY_CLASSES_ROOT\clsid\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\prxtb4sh0.dll" [2011-05-09 176936] "{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\program files\BrotherSoft_Extreme\prxtbBrot.dll" [2011-01-17 175912] "{5C5B9468-D672-4EB7-B52F-B5AFABF28C5B}"= "c:\program files\SFT_Polska\prxtbSFT_.dll" [2011-03-28 176936] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\prxtbfre0.dll" [2011-05-09 176936] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440] . [HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}] . [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}] . [HKEY_CLASSES_ROOT\clsid\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-06-01 13349472] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120] "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 1728512] "4StoryPrePatch"="c:\program files\Gameforge4D\4Story\PrePatch.exe" [2012-04-26 327680] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-06-02 114992] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-04-26 103896] . c:\users\Aśq xD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . c:\users\Piotruś\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 lormranf;lormranf;c:\windows\system32\drivers\lormranf.sys [x] R1 MpKsl1e9c4d15;MpKsl1e9c4d15;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48FA2775-598D-4837-A64D-10199700B614}\MpKsl1e9c4d15.sys [x] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x] R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 PCSUService;PC Speed Up Service;c:\program files\Przyspiesz Komputer\PCSUService.exe [x] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] R3 AsrCDDrv;AsrCDDrv;c:\windows\system32\Drivers\AsrCDDrv.sys [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x] S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Zawartość folderu 'Zaplanowane zadania' . 2012-07-09 c:\windows\Tasks\DriverScanner.job - c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-04-27 12:41] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-14 20:02] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-14 20:02] . 2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3524711855-4001228517-4061389017-1003Core.job - c:\users\Piotrusia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 14:08] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3524711855-4001228517-4061389017-1003UA.job - c:\users\Piotrusia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 14:08] . 2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3524711855-4001228517-4061389017-1006Core.job - c:\users\Gry\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 10:28] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3524711855-4001228517-4061389017-1006UA.job - c:\users\Gry\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 10:28] . 2012-07-07 c:\windows\Tasks\Norton Security Scan for Piotruś.job - c:\progra~1\NORTON~2\Engine\352~1.10\Nss.exe [2011-09-19 15:16] . 2012-07-09 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-07-08 12:08] . 2012-07-08 c:\windows\Tasks\RMSchedule.job - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-07-08 12:08] . . ------- Skan uzupełniający ------- . uStart Page = my.daemon-search.com uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://home.sweetim.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Piotruś\AppData\Roaming\Mozilla\Firefox\Profiles\u2c409aa.default\ FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/|http://home.sweetim.com FF - prefs.js: browser.search.selectedEngine - DAEMON Search . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-VIAAUD - c:\program files\VIA\VIAudioi\VDeck\VIAAUD.exe HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-3524711855-4001228517-4061389017-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a5,a6,00,e3,5b,73,b8,83,58,85,5a,3c,86,29,a6,0d,99,2d,f1,23,9e,92,7a, dd,61,55,f5,d3,0b,84,db,f0,b7,b4,2f,00,38,f8,e8,74,dd,09,90,b0,9a,bd,33,15,\ "??"=hex:35,b7,3c,3b,87,fe,f7,a4,c2,25,36,03,8f,43,8c,33 . [HKEY_USERS\S-1-5-21-3524711855-4001228517-4061389017-1000\Software\SecuROM\License information*] "datasecu"=hex:51,11,55,7b,ec,56,56,1f,a6,4d,06,c4,60,1e,15,00,8e,30,e7,f0,6e, 56,f4,3e,3c,6e,73,b1,22,81,48,89,64,70,8a,25,9f,f7,d1,08,4f,96,45,13,76,2c,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-07-09 12:40:17 ComboFix-quarantined-files.txt 2012-07-09 10:40 . Przed: 168 988 430 336 bajtów wolnych Po: 174 532 427 776 bajtów wolnych . - - End Of File - - 3AB7327B292D4A44BF38E61113C283FF