ComboFix 12-09-09.02 - atomek 2012-09-09 20:36:20.1.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1250.48.1033.18.3536.3220 [GMT 2:00] Uruchomiony z: C:\ComboFix.exe Użyto następujących komend :: C:\CFScript.txt.bak AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525} FW: Trend Micro Personal Firewall *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . [i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i] . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\wro01692\AUTORUN.INF C:\install.exe c:\windows\null c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\_000005_.tmp.dll c:\windows\system32\_000006_.tmp.dll c:\windows\system32\muzapp.exe c:\windows\system32\SET5D12.tmp c:\windows\system32\SET5D9B.tmp c:\windows\system32\System32\MASetupCleaner.exe c:\windows\system32\System32\muzapp.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_RKHIT . . ((((((((((((((((((((((((( Pliki utworzone od 2012-08-09 do 2012-09-09 ))))))))))))))))))))))))))))))) . . 2012-09-09 18:20 . 2012-09-09 18:20 -------- d-----w- c:\documents and settings\atomek 2012-09-09 17:59 . 2012-09-09 17:59 4731392 ----a-w- C:\aswMBR.exe 2012-09-09 17:22 . 2012-09-09 17:13 133208 ----a-w- c:\windows\system32\drivers\65567281.sys 2012-09-09 17:20 . 2012-09-09 17:22 134815744 ----a-w- C:\setup_11.0.0.1245.x01_2012_09_09_19_14.exe 2012-09-09 16:58 . 2012-09-09 16:58 -------- d-----w- c:\program files\Enigma Software Group 2012-09-09 16:57 . 2012-09-09 17:12 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP 2012-09-09 16:47 . 2012-09-09 17:51 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2012-09-09 10:07 . 2012-09-09 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\RegRun 2012-09-09 10:07 . 2012-09-09 10:07 39184 ----a-w- c:\windows\system32\Partizan.exe 2012-09-09 10:07 . 2012-09-09 10:07 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2012-09-09 10:07 . 2012-09-09 10:07 2 --shatr- c:\windows\winstart.bat 2012-09-09 10:07 . 2012-06-27 14:01 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2012-09-09 10:07 . 2012-09-09 17:50 -------- d-----w- c:\program files\UnHackMe 2012-09-09 09:59 . 2012-09-09 09:59 302592 ----a-w- C:\fbrb68eh.exe 2012-09-09 09:52 . 2012-09-09 09:52 1629088 ----a-w- C:\rkill.exe 2012-09-09 09:51 . 2012-09-09 17:18 2211928 ----a-w- C:\tdsskiller.exe 2012-09-09 09:36 . 2012-09-09 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-09-06 09:27 . 2012-09-06 09:27 4096000 ----a-w- c:\program files\GUT44CF.tmp . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-09 09:47 . 2011-01-18 05:15 102400 ----a-w- c:\windows\RegBootClean.exe 2012-08-22 19:03 . 2012-07-23 09:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-22 19:03 . 2011-06-25 18:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-06 13:58 . 2008-10-17 00:47 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2008-10-16 16:08 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2008-10-17 00:49 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49 . 2008-10-17 00:49 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2008-10-17 00:48 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49 . 2008-10-17 00:48 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2008-10-17 00:48 385024 ----a-w- c:\windows\system32\html.iec 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-06-12 07:16 . 2010-05-27 05:46 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-12 07:16 . 2009-03-23 14:51 73728 ----a-w- c:\windows\system32\javacpl.cpl . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "ServicesSynchronizationUtility"="c:\program files\Siemens\Services Synchronization Utility\vbs.exe" [2008-09-19 20480] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-22 442467] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-05-20 466944] "Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2008-04-12 666176] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-02 200704] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296] "openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2012-01-19 879144] "NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Cisco WebEx Connect"="c:\program files\WebEx\Connect\connect.exe" [2011-08-03 1937208] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776] VPN Client.lnk - c:\windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2009-10-6 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "MaxGPOScriptWait"= 180 (0xb4) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPublishingWizard"= 1 (0x1) "NoWebServices"= 1 (0x1) "NoOnlinePrintsWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1593251271-2640304127-1825641215-289394\Scripts\Logon\0\0] "Script"=GPOLogon-V2.6.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1593251271-2640304127-1825641215-330678\Scripts\Logon\0\0] "Script"=GPOLogon-V2.6.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1593251271-2640304127-1825641215-96630\Scripts\Logon\0\0] "Script"=\\nsn-intra.net\sysvol\nsn-intra.net\scripts\programs\GPOLogon\GPOLogonV3.6.vbs . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Communication Suite] 2012-04-17 13:16 6487552 ----a-w- c:\program files\Nokia Siemens Networks\Communication Suite\NCS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "%systemroot%\\PCHEALTH\\HELPCTR\\Binaries\\helpsvc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\WebEx\\Connect\\wbxcOIEx.exe"= "c:\\Program Files\\WebEx\\Connect\\widget.exe"= "c:\\Program Files\\WebEx\\Connect\\connect.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "139:TCP"= 139:TCP:@xpsp2res.dll,-22004 "445:TCP"= 445:TCP:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP:@xpsp2res.dll,-22001 "138:UDP"= 138:UDP:@xpsp2res.dll,-22002 "123:UDP"= 123:UDP:@xpsp2res.dll,-22126 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "24881:TCP"= 24881:TCP:Trend Micro OfficeScan Listener "24880:TCP"= 24880:TCP:Trend Micro OfficeScan Listener . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings] "Enabled"= 1 (0x1) "RemoteAddresses"= * . R0 65567281;65567281;c:\windows\system32\drivers\65567281.sys [2012-09-09 133208] R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2008-04-12 221632] R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2008-10-17 17968] S2 Cisco WebEx Connect Upgrade Service;Cisco WebEx Connect Upgrade Service;c:\program files\WebEx\Connect\apUpdate.exe [2011-08-03 859448] S2 gupdate1ca0ef4f3d6a03e;Usługa Google Update (gupdate1ca0ef4f3d6a03e);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 133104] S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-03-16 149952] S2 MCsvc;Managed Client Service;c:\windows\system32\MCSvc.exe [2008-10-16 69632] S2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2008-04-12 367168] S2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2008-04-12 145984] S2 Service Launcher;Service Launcher;c:\windows\system32\SvcLncher.exe [2008-03-06 208896] S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-04-26 59664] S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [2009-12-04 262416] S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [2009-12-04 36624] S2 UCMS;UCMS;c:\program files\Siemens\UCMS\Core\UCMS.exe [2010-04-19 94208] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 250056] S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-10-17 108160] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-07-24 30312] S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-12-04 32808] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-04-02 80184] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-07-24 20032] S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-10-17 243856] S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-03-16 11113] S3 ExtranetAccess;Contivity VPN Service;c:\program files\CORINA VPN\Extranet_serv.exe [2009-03-16 790528] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 133104] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-17 110080] S3 NbtDet;NetBoot PCI Detection Service;c:\windows\system32\drivers\nbtdet.sys [2009-03-16 4992] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-07-16 137600] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-09-09 24416] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-07-24 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-07-24 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-07-24 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-07-24 114280] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-04-02 181432] S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624] S3 TESTCAP;Mobicam, Video Capture Device;c:\windows\system32\drivers\mobicam.sys [2010-03-05 230144] S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-04-24 341584] S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [2012-04-26 497272] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2010-01-07 689680] S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2008-10-17 63024] S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2008-10-17 34992] S4 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2008-10-17 251194] S4 CorinaService;CorinaService;c:\program files\Trusted Applications\CORINA\Corina_service.exe [2005-11-21 299008] S4 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2008-10-17 68864] . --- Inne Usługi/Sterowniki w Pamięci --- . *Deregistered* - Partizan . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3248F0A8-6813-11D6-A77B-00B0D0160070}] 2008-05-19 00:57 95744 ----a-w- c:\windows\system32\msiexec.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 19:03] . 2012-09-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-27 08:53] . 2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 20:00] . 2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 20:00] . . ------- Skan uzupełniający ------- . uStart Page = https://inside.nokiasiemensnetworks.com mStart Page = about:blank uInternet Settings,ProxyOverride = IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 217.30.129.149 217.30.137.200 DPF: {41520880-8342-3431-3684-140032321000} - hxxps://sharenet-ims.inside.nokiasiemensnetworks.com/livelink/livelink?func=webdav.webdavxpi&filename=otdavview101.cab . - - - - USUNIĘTO PUSTE WPISY - - - - . ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) HKLM-Run-MCDesk - %MgmtFolder%\MCDesk.exe %MgmtFolder%\MCDesk.ini SafeBoot-23615475.sys MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-BatteryMon - c:\program files\BatteryMon\BatteryMon.exe MSConfigStartUp-Komunikator - c:\program files\Tlen.pl\tlen.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe MSConfigStartUp-winlogon - c:\documents and settings\wro01692\winlogon.exe AddRemove-Offer Manager 3.0EP1 - d:\tt\OM30EP1\uninstall.exe AddRemove-Offer Manager 3.1 - d:\tt\OM30EP1\OM31\uninstall.exe AddRemove-{77CD16CB-99E4-429D-BF5C-F0BB05893D51} - c:\program files\InstallShield Installation Information\{77CD16CB-99E4-429D-BF5C-F0BB05893D51}\SETUP.exe AddRemove-01_Simmental - d:\usb drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - d:\usb drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - d:\usb drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - d:\usb drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - d:\usb drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - d:\usb drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - d:\usb drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - d:\usb drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - d:\usb drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - d:\usb drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - d:\usb drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - d:\usb drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - d:\usb drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - d:\usb drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - d:\usb drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - d:\usb drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - d:\usb drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - d:\usb drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - d:\usb drivers\25_escape\Uninstall.exe AddRemove-26_VIA_driver2 - d:\usb drivers\26_VIA_driver2\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-09 20:44 Windows 5.1.2600 Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(1296) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\netprovcredman.dll . Czas ukończenia: 2012-09-09 20:49:14 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-09-09 18:49 . Przed: 2 019 213 312 bytes free Po: 2 525 921 280 bytes free . - - End Of File - - 99233BE9ABAA15A656C46D06ECE82B45