ComboFix 12-07-14.01 - Admin 2012-07-14 19:34:07.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3583.2893 [GMT 2:00] Uruchomiony z: d:\pobieranie\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Admin\7z465.exe c:\documents and settings\Admin\Dane aplikacji\Afoioi.exe c:\documents and settings\Admin\Dane aplikacji\DYA_OHVLCOUWMHUOJBBNL c:\documents and settings\Admin\Dane aplikacji\DYA_OHVLCOUWMHUOJBBNL\1.0.0\Data\dya.dat c:\documents and settings\Admin\Dane aplikacji\facemoods.com c:\documents and settings\Admin\Dane aplikacji\toolplugin\toOLbar.dll c:\documents and settings\Admin\metin2.bin c:\documents and settings\Admin\metin2client.bin c:\documents and settings\All Users\Dane aplikacji\DYA_OHVLCOUWMHUOJBBNL c:\documents and settings\All Users\Dane aplikacji\DYA_OHVLCOUWMHUOJBBNL\1.0.0\Data\app.dat c:\documents and settings\All Users\Dane aplikacji\DYA_OHVLCOUWMHUOJBBNL\1.0.0\Data\updates.dat c:\program files\StartSearch plugin c:\program files\StartSearch plugin\BarLcher.dll c:\program files\StartSearch plugin\IEhelperActiveX.dll c:\program files\StartSearch plugin\uninst.exe c:\program files\StartSearch plugin\vShareBar.dll c:\program files\StartSearch plugin\vshareplg.crx c:\program files\webserv\webserv.exe c:\windows\Cbukoa.exe c:\windows\IsUn0415.exe c:\windows\My.ini c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\arking.exe c:\windows\system32\arking0.dll c:\windows\system32\arking1.dll c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\dllcache\wmpvis.dll c:\windows\system32\mgking.exe c:\windows\system32\mgking0.dll c:\windows\system32\mgking1.dll c:\windows\system32\muzapp.exe D:\autorun.inf D:\cbbw88s.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-14 do 2012-07-14 ))))))))))))))))))))))))))))))) . . 2012-07-14 17:07 . 2012-07-14 17:07 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\hellomoto 2012-07-09 13:27 . 2012-06-14 22:18 16864 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2012-06-27 19:18 . 2012-06-27 19:18 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\ALLConverter 2012-06-27 19:18 . 2012-06-27 19:18 -------- d-----w- c:\program files\ALLConverter PRO 2012-06-27 19:18 . 2009-09-27 22:02 797184 ----a-w- c:\windows\system32\ac3filter.ax 2012-06-27 19:18 . 2007-10-07 13:36 258048 ----a-w- c:\windows\system32\libFLAC.dll 2012-06-27 19:18 . 2012-06-27 19:18 -------- d-----w- c:\program files\ALLPlayer 2012-06-27 19:14 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm 2012-06-27 19:14 . 2012-06-27 19:14 -------- d-----w- c:\program files\XP Codec Pack 2012-06-24 08:40 . 2012-06-24 08:40 -------- d-----w- c:\program files\Common Files\Skype 2012-06-24 08:40 . 2012-06-24 08:40 -------- d-----w- c:\program files\Common Files\Overwolf 2012-06-23 21:52 . 2012-06-23 21:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Hi-Rez Studios 2012-06-21 10:49 . 2012-06-21 10:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-17 06:39 . 2012-06-14 22:17 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll 2012-06-17 06:39 . 2012-06-14 22:19 85472 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-06-17 06:39 . 2012-06-14 22:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2012-06-17 06:39 . 2012-06-14 22:17 117728 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-14 16:59 . 2011-10-09 12:08 139448 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-07-14 16:59 . 2011-10-10 17:34 282472 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-07-14 16:59 . 2011-10-09 12:07 282472 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-07-14 11:47 . 2011-10-09 12:07 282472 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-07-05 19:34 . 2011-10-09 12:07 76888 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-06-28 14:37 . 2011-01-30 15:34 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin 2012-06-21 10:49 . 2011-05-28 07:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 13:19 . 2011-01-30 17:23 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2011-01-30 17:23 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2011-01-30 17:23 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2009-08-06 17:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2009-08-06 17:24 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2011-01-30 17:23 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2011-01-30 15:11 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2002-09-28 22:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2009-08-06 17:24 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2011-01-30 17:23 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2011-01-30 15:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2009-08-06 17:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:18 . 2012-06-05 05:12 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2012-06-05 05:12 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18 . 2012-06-05 05:12 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2002-09-28 22:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2002-09-28 22:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55 . 2002-09-28 22:00 1863424 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:44 . 2002-09-28 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2002-09-28 22:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2011-01-30 17:23 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:14 . 2002-09-28 22:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2002-09-20 17:12 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2011-01-30 15:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 22:19 . 2012-06-17 06:39 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] "Akamai NetSession Interface"="c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe" [2012-05-26 4327744] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048] "Overwolf"="c:\program files\Overwolf\Overwolf.exe" [2012-06-21 35256] "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-27 955280] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-27 21392] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "SkyTel"="SkyTel.EXE" [2007-04-04 1822720] "ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2011-01-07 111208] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2011-01-07 13880424] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-27 3521424] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "TabbtnEx"="c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\3565\TabbtnEx.exe" [2012-07-14 49152] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "d:\\Need for Speed hot pursuit\\Launcher.exe"= "d:\\Need for Speed hot pursuit\\NFS11.exe"= "d:\\NeverWinter Nights 2\\nwn2main.exe"= "d:\\NeverWinter Nights 2\\nwn2main_amdxp.exe"= "d:\\NeverWinter Nights 2\\nwupdate.exe"= "d:\\NeverWinter Nights 2\\nwn2server.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\WebServ\\mysql\\bin\\WebServ(mysqld-nt).exe"= "c:\\Program Files\\WebServ\\apache2\\bin\\WebServ(apache).exe"= "d:\\pobieranie\\PDFConverterSetup.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Super Street Fighter IV\\SSFIV.exe"= "d:\\Virtua Tennis 4\\VT4.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Documents and Settings\\Admin\\Ustawienia lokalne\\Dane aplikacji\\Akamai\\netsession_win.exe"= "d:\\NBA\\nba2k12.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1037:TCP"= 1037:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-01-30 218688] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2011-01-30 39424] S0 bootcfg;DriverStudio BootTime Configuration; [x] S0 CptHook;DriverStudio Hook Driver; [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2002-09-29 14336] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-20 136176] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\smite\HiPatchService.exe [2012-06-23 8704] S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-01-30 8192] S2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2011-07-27 24652] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-20 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 113120] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [2012-04-14 18360] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2012-05-17 98560] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2012-05-17 14848] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2012-05-17 123648] S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2012-05-17 100352] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-07-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-HARRY-Admin.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-16 02:44] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-20 15:23] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-20 15:23] . 2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-162531612-839522115-1003Core.job - c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-28 05:20] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-162531612-839522115-1003UA.job - c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-28 05:20] . 2012-07-04 c:\windows\Tasks\Norton Security Scan for Admin.job - c:\progra~1\Norton Security Scan\Engine\3.6.1.11\Nss.exe [2012-02-18 00:45] . 2012-04-16 c:\windows\Tasks\RunOW.job - c:\program files\Overwolf\OverwolfLauncher.exe [2012-06-21 15:40] . 2012-07-14 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2012-06-05 20:18] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=135 mStart Page = pl.v9.com/idg/idg_1333990606_335938 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1:9421; Trusted Zone: metin2.pl\www Trusted Zone: rewardtv.com\www TCP: DhcpNameServer = 192.168.2.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\im8pfw3i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110727100635029&tb_oid=27-07-2011&tb_mrud=27-07-2011 FF - prefs.js: browser.search.selectedEngine - Search the web FF - prefs.js: browser.startup.homepage - www.google.pl FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q= FF - user.js: browser.search.selectedEngine - Search the web FF - user.js: browser.search.order.1 - Search the web FF - user.js: browser.search.defaultenginename - Search the web FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q= FF - user.js: privacy.item.cookies - false FF - user.js: privacy.sanitize.promptOnSanitize - false . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) HKCU-Run-MediaGet2 - c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\MediaGet2\mediaget.exe HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe HKCU-Run-Afoioi - c:\documents and settings\Admin\Dane aplikacji\Afoioi.exe AddRemove-AOL Emergency Connect Utility 1.0 - c:\program files\Common Files\AOL\ECU\uninst.exe AddRemove-Klient Tiveria - d:\tiveria\uninst.exe AddRemove-Metin2_is1 - d:\metin2\unins000.exe AddRemove-toolplugin - c:\docume~1\Admin\USTAWI~1\Temp\WZSE0.TMP\setup.exe AddRemove-vShare plugin - c:\program files\StartSearch plugin\uninst.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-14 19:36 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-484763869-162531612-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Czas ukończenia: 2012-07-14 19:38:03 ComboFix-quarantined-files.txt 2012-07-14 17:37 . Przed: 3 408 887 808 bajtów wolnych Po: 12 025 413 632 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - 1E9AF02101F1E83C457FDB1A47175F8A