ComboFix 12-10-15.01 - admin 2012-10-16 0:20.1.4 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.8190.7179 [GMT 2:00] Uruchomiony z: e:\pobrane chrome\ComboFix.exe SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\admin\AppData\Local\Bron.tok-12-10 c:\users\admin\AppData\Local\Bron.tok-12-11 c:\users\admin\AppData\Local\Bron.tok-12-12 c:\users\admin\AppData\Local\Bron.tok-12-13 c:\users\admin\AppData\Local\Bron.tok-12-14 c:\users\admin\AppData\Local\Bron.tok-12-15 c:\users\admin\AppData\Local\Bron.tok-12-16 c:\users\admin\AppData\Local\Bron.tok-12-17 c:\users\admin\AppData\Local\Bron.tok-12-18 c:\users\admin\AppData\Local\Bron.tok-12-19 c:\users\admin\AppData\Local\Bron.tok-12-20 c:\users\admin\AppData\Local\Bron.tok-12-21 c:\users\admin\AppData\Local\Bron.tok-12-22 c:\users\admin\AppData\Local\Bron.tok-12-23 c:\users\admin\AppData\Local\Bron.tok-12-24 c:\users\admin\AppData\Local\Bron.tok-12-8 c:\users\admin\AppData\Local\Bron.tok-12-9 c:\users\admin\AppData\Local\Bron.tok.A12.em.bin c:\users\admin\AppData\Local\csrss.exe c:\users\admin\AppData\Local\inetinfo.exe c:\users\admin\AppData\Local\Kosong.Bron.Tok.txt c:\users\admin\AppData\Local\lsass.exe c:\users\admin\AppData\Local\PhotoZoom Pro 3 Setup.exe c:\users\admin\AppData\Local\services.exe c:\users\admin\AppData\Local\smss.exe c:\users\admin\AppData\Local\winlogon.exe c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif c:\users\admin\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com c:\windows\DPINST.LOG c:\windows\IsUn0415.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\SysWow64\d58f345a.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NVSvc . . ((((((((((((((((((((((((( Pliki utworzone od 2012-09-15 do 2012-10-15 ))))))))))))))))))))))))))))))) . . 2012-10-15 22:29 . 2012-10-15 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-14 15:01 . 2012-10-14 15:01 -------- d-----w- c:\users\admin\AppData\Roaming\LavasoftStatistics 2012-10-14 14:59 . 2012-10-14 14:59 -------- d-----w- c:\programdata\blekko toolbars 2012-10-14 14:59 . 2012-10-15 21:58 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-10-14 14:59 . 2012-10-14 15:45 -------- d-----w- c:\users\admin\AppData\Local\adawarebp 2012-10-14 14:59 . 2012-10-14 14:59 -------- d-----w- c:\program files (x86)\adawaretb 2012-10-14 14:59 . 2012-10-14 14:59 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2012-10-13 20:39 . 2012-10-13 20:41 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-10-13 19:46 . 2012-10-13 19:46 -------- d-----w- c:\windows\WindowsMobile 2012-09-30 20:23 . 2012-09-30 20:23 -------- d-----w- c:\users\admin\AppData\Local\GHISLER 2012-09-30 08:08 . 2012-10-05 18:06 -------- d-----w- c:\users\UpdatusUser 2012-09-30 08:07 . 2012-08-30 16:18 3487434 ----a-w- c:\windows\system32\nvcoproc.bin 2012-09-30 08:06 . 2012-07-03 15:25 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2012-09-30 08:06 . 2012-07-03 15:25 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2012-09-30 07:32 . 2012-08-30 19:14 971624 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-09-30 07:32 . 2012-08-30 19:14 7397736 ----a-w- c:\windows\system32\nvopencl.dll 2012-09-30 07:32 . 2012-08-30 19:14 247144 ----a-w- c:\windows\system32\nvinitx.dll 2012-09-30 07:32 . 2012-08-30 19:14 202600 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-09-30 07:12 . 2012-09-30 07:12 -------- d-----w- c:\programdata\NVIDIA Corporation . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-08 20:18 . 2012-06-18 12:26 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 20:18 . 2012-01-25 15:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-24 06:38 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll 2012-09-24 06:38 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll 2012-09-24 06:38 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll 2012-09-05 20:32 . 2012-09-05 20:32 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-05 20:32 . 2012-08-27 20:41 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-05 20:32 . 2011-03-13 21:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-30 16:18 . 2010-12-12 21:46 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-08-30 16:18 . 2010-12-12 21:46 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-08-30 16:18 . 2010-12-12 21:46 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-08-30 16:18 . 2010-12-12 21:46 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-08-30 16:18 . 2010-12-12 21:46 3266920 ----a-w- c:\windows\system32\nvsvc64.dll 2012-08-30 16:17 . 2010-12-12 21:46 6198120 ----a-w- c:\windows\system32\nvcpl.dll 2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-08-15 16:21 . 2011-09-14 15:02 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-07-24 04:44 . 2012-07-24 04:44 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-07-24 04:44 . 2012-07-24 04:44 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-07-24 04:44 . 2012-07-24 04:44 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-07-24 04:44 . 2012-07-24 04:44 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-07-24 04:44 . 2012-07-24 04:44 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-07-24 04:44 . 2012-07-24 04:44 82432 ----a-w- c:\windows\system32\icardie.dll 2012-07-24 04:44 . 2012-07-24 04:44 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-07-24 04:44 . 2012-07-24 04:44 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-07-24 04:44 . 2012-07-24 04:44 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-07-24 04:44 . 2012-07-24 04:44 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-07-24 04:44 . 2012-07-24 04:44 697344 ----a-w- c:\windows\system32\msfeeds.dll 2012-07-24 04:44 . 2012-07-24 04:44 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-07-24 04:44 . 2012-07-24 04:44 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-07-24 04:44 . 2012-07-24 04:44 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-07-24 04:44 . 2012-07-24 04:44 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-07-24 04:44 . 2012-07-24 04:44 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-07-24 04:44 . 2012-07-24 04:44 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-07-24 04:44 . 2012-07-24 04:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-07-24 04:44 . 2012-07-24 04:44 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-07-24 04:44 . 2012-07-24 04:44 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-07-24 04:44 . 2012-07-24 04:44 448512 ----a-w- c:\windows\system32\html.iec 2012-07-24 04:44 . 2012-07-24 04:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-07-24 04:44 . 2012-07-24 04:44 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-07-24 04:44 . 2012-07-24 04:44 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-07-24 04:44 . 2012-07-24 04:44 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-07-24 04:44 . 2012-07-24 04:44 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-07-24 04:44 . 2012-07-24 04:44 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-07-24 04:44 . 2012-07-24 04:44 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-24 04:44 . 2012-07-24 04:44 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-07-24 04:44 . 2012-07-24 04:44 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-07-24 04:44 . 2012-07-24 04:44 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-07-24 04:44 . 2012-07-24 04:44 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-07-24 04:44 . 2012-07-24 04:44 222208 ----a-w- c:\windows\system32\msls31.dll 2012-07-24 04:44 . 2012-07-24 04:44 197120 ----a-w- c:\windows\system32\msrating.dll 2012-07-24 04:44 . 2012-07-24 04:44 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-07-24 04:44 . 2012-07-24 04:44 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-07-24 04:44 . 2012-07-24 04:44 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-07-24 04:44 . 2012-07-24 04:44 160256 ----a-w- c:\windows\system32\wextract.exe 2012-07-24 04:44 . 2012-07-24 04:44 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-07-24 04:44 . 2012-07-24 04:44 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-07-24 04:44 . 2012-07-24 04:44 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-07-24 04:44 . 2012-07-24 04:44 149504 ----a-w- c:\windows\system32\occache.dll 2012-07-24 04:44 . 2012-07-24 04:44 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-07-24 04:44 . 2012-07-24 04:44 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-07-24 04:44 . 2012-07-24 04:44 12288 ----a-w- c:\windows\system32\mshta.exe 2012-07-24 04:44 . 2012-07-24 04:44 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-07-24 04:44 . 2012-07-24 04:44 114176 ----a-w- c:\windows\system32\admparse.dll 2012-07-24 04:44 . 2012-07-24 04:44 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-07-24 04:44 . 2012-07-24 04:44 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-07-24 04:44 . 2012-07-24 04:44 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-07-24 04:44 . 2012-07-24 04:44 103936 ----a-w- c:\windows\system32\inseng.dll 2012-07-24 04:44 . 2012-07-24 04:44 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-07-18 18:15 . 2012-08-15 07:45 3148800 ----a-w- c:\windows\system32\win32k.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2010-11-21 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2012-03-17 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyœlne, prawidłowe wpisy nie sš pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}] 2011-04-05 16:48 482360 ----a-w- c:\program files (x86)\vShare\vshare_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{043C5167-00BB-4324-AF7E-62013FAEDACF}"= "c:\program files (x86)\vShare\vshare_toolbar.dll" [2011-04-05 482360] . [HKEY_CLASSES_ROOT\clsid\{043c5167-00bb-4324-af7e-62013faedacf}] [HKEY_CLASSES_ROOT\vShare.PugiObj.1] [HKEY_CLASSES_ROOT\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}] [HKEY_CLASSES_ROOT\vShare.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft AutoScreenRecorder 3.1 Free"="0" [X] "GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2012-07-18 2048368] "Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2005-08-30 1708032] "DAEMON Tools Lite"="f:\daemon tools lite\DTLite.exe" [2011-01-20 1305408] "BitTorrent"="c:\users\admin\Downloads\BitTorrent.exe" [2012-05-11 6380400] "TBPanel"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2012-07-18 2048368] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048] "Turbo Key"="c:\program files (x86)\ASUS\Turbo Key\TurboKey.exe" [2009-06-02 1769472] "Cpu Level Up"="c:\program files (x86)\ASUS\AI Suite\CPU Level UPEx\CpuLevelUp.exe" [2009-12-28 1177216] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "hpqSRMon"="d:\programy\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Browsers Protector"="c:\program files (x86)\Browsers Protector\regmon32.exe" [2012-07-06 207360] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 116648] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808] R3 ALSysIO;ALSysIO;c:\users\admin\AppData\Local\Temp\ALSysIO64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-02-02 21712] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 116648] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-11-01 12800] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-11-01 171008] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 Usbfilt;Usbfilt;c:\windows\SYSTEM32\DRIVERS\usbfilt.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-24 1255736] R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-06-11 136616] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2012-01-02 69376] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 23464] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2012-02-07 30592] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-01-02 1355968] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-02-13 82048] S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-04 1342064] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartoœć folderu 'Zaplanowane zadania' . 2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 20:18] . 2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 05:39] . 2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 05:39] . 2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1091478074-1113649513-200975790-1000Core.job - c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 18:03] . 2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1091478074-1113649513-200975790-1000UA.job - c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 18:03] . 2012-10-09 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360] . ------- Skan uzupełniajšcy ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://startsear.ch/?aff=1&cf=78cde8af-dcc3-11e1-bb22-20cf30f50cfe mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download ALL with IDA IE: Download remotely with IDA IE: Download with IDA IE: Œcišgnij przy poomocy FlashGet3 - c:\users\admin\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: Œcišgnij wszystko przy pomocy FlashGet3 - c:\users\admin\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: ????3?? - c:\users\admin\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ????3?????? - c:\users\admin\AppData\Roaming\FlashGetBHO\GetAllUrl.htm TCP: DhcpNameServer = 192.168.1.1 Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files (x86)\vShare\vshare_toolbar.dll FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp225sfc.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - error FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=78cde8af-dcc3-11e1-bb22-20cf30f50cfe&q= FF - ExtSQL: 2012-08-21 10:39; p24ext@przelewy24.pl; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp225sfc.default\extensions\p24ext@przelewy24.pl.xpi FF - ExtSQL: 2012-10-14 16:59; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp225sfc.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack FF - ExtSQL: !HIDDEN! 2011-04-06 14:41; smartwebprinting@hp.com; d:\programy\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: extensions.BabylonToolbar_i.id - a6acadd400000000000020cf30f50cfe FF - user.js: extensions.BabylonToolbar_i.hardId - a6acadd400000000000020cf30f50cfe FF - user.js: extensions.BabylonToolbar_i.instlDay - 15543 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:22 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113679&tt=2912_4 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ------- Skojarzenia plików ------- . JSEFile=NOTEPAD.EXE %1 . - - - - USUNIĘTO PUSTE WPISY - - - - . URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe AddRemove-BitTorrent - d:\program files (x86)\BitTorrent\BitTorrent.exe AddRemove-d58f345a - c:\windows\system32\d58f345a.exe AddRemove-Heroes of Might and MagicŽ III - c:\windows\IsUn0415.exe AddRemove-KLiteCodecPack_is1 - c:\program files (x86)\K-Lite Codec Pack\unins000.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe AddRemove-Rockstar Games Social Club - c:\program files (x86)\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe AddRemove-thecasino - c:\microgaming\Casino\PlayersPalace\install.exe AddRemove-vegaspalms - c:\microgaming\Casino\VegasPalms\install.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1091478074-1113649513-200975790-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}] @Allowed: (Read) (RestrictedCode) @="c:\\Users\\admin\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm" "contexts"=dword:00000022 . [HKEY_USERS\S-1-5-21-1091478074-1113649513-200975790-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}hQčţ”Ľc] @Allowed: (Read) (RestrictedCode) @="c:\\Users\\admin\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm" "contexts"=dword:000000f3 . [HKEY_USERS\S-1-5-21-1091478074-1113649513-200975790-1000\Software\SecuROM\License information*] "datasecu"=hex:06,96,36,79,d4,ff,7a,03,6c,a0,c7,6e,e3,3e,68,4a,3b,39,3c,60,de, 3f,c5,42,59,ce,0d,e3,7e,20,1d,d6,25,60,ca,61,31,da,0e,e9,ca,52,2b,90,61,e3,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . [HKEY_USERS\S-1-5-21-1091478074-1113649513-200975790-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):21,ac,29,5b,59,6a,27,14,fe,d5,76,74,a5,7b,6b,be,e4,bf,8b,d5,17, be,eb,a2,09,b6,bb,16,8d,74,1b,42,09,e4,97,5c,73,78,73,4f,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-1091478074-1113649513-200975790-1000_Classes\Wow6432Node\CLSID\{7cae46d0-76c5-495a-865f-2837832c19d2}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000022 "Therad"=dword:00000008 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\SysWOW64\IoctlSvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\PnkBstrB.exe . ************************************************************************** . Czas ukończenia: 2012-10-16 00:33:42 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-10-15 22:33 . Przed: 880 275 456 bajtów wolnych Po: 1 189 969 920 bajtów wolnych . - - End Of File - - D0E126A7E6BCFE672B36E9293EA897B4