ComboFix 12-11-16.02 - Przemek 2012-11-18 15:43:01.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.3.1250.48.1045.18.3037.1861 [GMT 1:00] Uruchomiony z: c:\users\Przemek\Desktop\ComboFix.exe AV: G Data TotalProtection 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496} FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED} SP: G Data TotalProtection 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Przemek\AppData\Local\TempDIR c:\users\Przemek\AppData\Local\TempDIR\cacert.crt . Zainfekowana kopia c:\windows\system32\winlogon.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\erdnt\cache\winlogon.exe . Zainfekowana kopia c:\windows\System32\slui.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_5dc908a6fd144a83\slui.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-10-18 do 2012-11-18 ))))))))))))))))))))))))))))))) . . 2012-11-18 14:53 . 2012-11-18 14:58 -------- d-----w- c:\users\Przemek\AppData\Local\temp 2012-11-18 14:53 . 2012-11-18 14:53 -------- d-----w- c:\users\Weronika\AppData\Local\temp 2012-11-18 14:53 . 2012-11-18 14:53 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-18 14:53 . 2012-11-18 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-18 11:43 . 2012-11-18 11:43 181064 ----a-w- c:\windows\PSEXESVC.EXE 2012-11-18 11:43 . 2010-04-27 10:04 381816 ----a-w- c:\windows\system32\PsExec.exe 2012-11-18 08:03 . 2012-11-18 10:01 878682 ----a-w- c:\windows\system32\sig.bin 2012-11-17 20:09 . 2010-11-20 21:29 286720 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\winlogon.exe 2012-11-17 20:09 . 2009-07-14 01:14 79872 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\winver.exe 2012-11-17 20:09 . 2010-11-20 21:29 53760 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\sppuinotify.dll 2012-11-17 20:09 . 2012-08-11 13:12 409088 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\systemcpl.dll 2012-11-17 20:09 . 2010-11-20 21:29 325632 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\slui.exe 2012-11-17 20:09 . 2009-07-14 01:16 345088 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\sppcommdlg.dll 2012-11-17 20:09 . 2012-03-05 17:55 811520 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\user32.dll 2012-11-17 20:09 . 2009-07-14 01:16 118784 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\sppwmi.dll 2012-11-17 20:09 . 2012-08-11 13:12 13824 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\slwga.dll 2012-11-17 20:08 . 2009-06-10 21:38 113629 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\slmgr.vbs 2012-11-17 20:07 . 2012-11-17 20:07 2169856 --sha-w- c:\windows\system32\hale.exe 2012-11-17 19:45 . 2012-11-17 19:45 30416 ----a-w- c:\windows\system32\drivers\GRD.sys 2012-11-17 19:16 . 2012-11-17 19:16 -------- d-----w- c:\windows\system32\BioAPIFFDB 2012-11-17 19:16 . 2012-11-17 19:16 49528 ----a-w- c:\windows\system32\drivers\PktIcpt.sys 2012-11-17 19:16 . 2012-11-17 19:16 103928 ----a-w- c:\windows\system32\drivers\TS4nt.sys 2012-11-17 19:15 . 2012-11-17 19:15 50040 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2012-11-17 19:15 . 2012-11-17 19:15 90744 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2012-11-17 19:15 . 2012-11-17 19:15 41848 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2012-11-17 19:15 . 2012-11-17 19:15 54648 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys 2012-11-17 19:15 . 2012-11-17 19:15 -------- d-----w- c:\programdata\G DATA Software 2012-11-17 19:15 . 2012-11-17 19:43 -------- d-----w- c:\programdata\G DATA 2012-11-17 19:15 . 2012-11-17 19:15 -------- d-----w- c:\program files\Common Files\G Data 2012-11-17 19:15 . 2012-11-17 19:15 -------- d-----w- c:\program files\G Data 2012-11-17 18:32 . 2012-11-17 18:33 -------- d-----w- c:\program files\Common Files\Intel Corporation 2012-11-17 18:29 . 2012-11-17 18:29 -------- d-----w- c:\users\Przemek\AppData\Roaming\Intel Corporation 2012-11-17 15:40 . 2012-11-17 15:48 -------- d-----w- c:\program files\Intel 2012-11-17 15:40 . 2012-08-27 22:37 53248 ----a-w- c:\windows\system32\CSVer.dll 2012-11-17 15:38 . 2012-11-17 15:38 -------- d-----w- C:\Intel 2012-11-17 15:36 . 2012-10-06 17:26 80488 ----a-w- c:\windows\system32\RtNicProp32.dll 2012-11-17 15:36 . 2012-10-06 17:26 582800 ----a-w- c:\windows\system32\drivers\Rt86win7.sys 2012-11-17 15:36 . 2012-10-06 17:26 100896 ----a-w- c:\windows\system32\RTNUninst32.dll 2012-11-17 15:16 . 2012-11-17 15:47 -------- d-----w- c:\programdata\DriverGenius 2012-11-17 15:16 . 2012-11-17 15:23 -------- d-----w- c:\program files\Driver-Soft 2012-11-17 15:14 . 2012-11-17 15:14 -------- d-----w- c:\users\Przemek\AppData\Local\Innovative Solutions 2012-11-17 15:08 . 2012-11-17 15:21 -------- d-----w- c:\program files\Driver Checker 2012-11-17 14:50 . 2012-11-17 14:50 -------- d-----w- c:\users\Przemek\AppData\Roaming\Easeware 2012-11-17 14:50 . 2012-11-17 15:53 -------- d-----w- c:\program files\Easeware 2012-11-17 14:37 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-17 14:37 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-17 14:37 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-17 14:36 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-17 14:36 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-17 14:36 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-17 14:36 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-17 14:36 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-17 14:36 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-17 14:36 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-17 13:57 . 2012-11-17 13:57 -------- d-----w- c:\users\Przemek\AppData\Roaming\Simply Super Software 2012-11-17 13:56 . 2012-11-17 13:56 -------- d-----w- c:\program files\Trojan Remover 2012-11-17 13:56 . 2012-11-17 13:56 -------- d-----w- c:\programdata\Simply Super Software 2012-11-17 11:59 . 2012-11-17 11:59 -------- d-----w- c:\program files\Enigma Software Group 2012-11-17 11:59 . 2012-11-17 12:26 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP 2012-11-17 11:48 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{082B72F2-3056-4D01-904E-A9EC9D34088C}\mpengine.dll 2012-11-17 10:43 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-11-17 10:43 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys 2012-11-17 10:43 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll 2012-11-17 10:43 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll 2012-11-17 10:43 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll 2012-11-16 16:13 . 2012-11-16 16:13 -------- d-----w- c:\users\Przemek\AppData\Roaming\Thunderbird 2012-11-16 16:13 . 2012-11-16 16:13 -------- d-----w- c:\users\Przemek\AppData\Local\Thunderbird 2012-11-16 16:13 . 2012-11-16 16:13 -------- d-----w- c:\program files\Mozilla Thunderbird 2012-11-14 07:14 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-11-14 07:14 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-11-14 07:14 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-11-14 07:14 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-11-14 07:14 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-11-14 07:14 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll 2012-11-14 07:14 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-11-14 07:14 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-11-14 07:14 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll 2012-11-14 07:14 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-11-14 07:14 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-11-14 07:14 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-11-09 22:48 . 2012-11-09 22:48 -------- d-----w- c:\program files\EA Games 2012-11-04 14:38 . 2012-11-04 14:38 -------- d-----w- c:\users\Weronika\.gstreamer-0.10 2012-11-04 14:38 . 2012-11-04 14:42 -------- d-----w- c:\users\Weronika\AppData\Local\ChomikBox 2012-11-03 11:10 . 2012-11-03 11:10 -------- d-----w- c:\users\Przemek\AppData\Local\Programs 2012-11-02 16:01 . 2012-11-02 16:01 -------- d-----w- C:\$WINDOWS.~BT 2012-11-01 07:19 . 2012-11-01 07:19 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin7.dll 2012-11-01 07:19 . 2012-11-01 07:19 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin6.dll 2012-11-01 07:19 . 2012-11-01 07:19 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin5.dll 2012-11-01 07:19 . 2012-11-01 07:19 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin4.dll 2012-11-01 07:19 . 2012-11-01 07:19 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin3.dll 2012-11-01 07:19 . 2012-11-01 07:19 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin2.dll 2012-11-01 07:19 . 2012-11-01 07:19 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin.dll 2012-11-01 07:18 . 2012-11-01 07:19 -------- d-----w- c:\program files\QuickTime 2012-11-01 07:18 . 2012-11-01 07:18 -------- d-----w- c:\programdata\Apple Computer 2012-10-30 12:54 . 2012-09-21 09:41 526392 ----a-w- c:\windows\system32\drivers\iaStorA.sys 2012-10-30 12:54 . 2012-09-21 09:41 25656 ----a-w- c:\windows\system32\drivers\iaStorF.sys 2012-10-29 21:29 . 2012-10-29 21:29 19512 ----a-w- c:\program files\Common Files\Microsoft Shared\VSTO\10.0\1045\VSTOLoaderUI.dll 2012-10-29 21:29 . 2012-10-29 21:29 10816 ----a-w- c:\program files\Common Files\Microsoft Shared\VSTO\10.0\1045\VSTOInstallerUI.dll 2012-10-29 20:03 . 2012-10-29 20:03 32832 ----a-w- c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.1028.dll 2012-10-29 20:03 . 2012-10-29 20:03 48192 ----a-w- c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.1033.dll 2012-10-29 20:03 . 2012-10-29 20:03 32320 ----a-w- c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.2052.dll 2012-10-29 20:03 . 2012-10-29 20:03 597040 ----a-w- c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exe 2012-10-29 20:03 . 2012-10-29 20:03 597040 ----a-w- c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PLK\install.exe 2012-10-28 15:42 . 2012-10-28 15:42 -------- d-----w- C:\Brother 2012-10-28 15:42 . 2012-10-28 15:42 -------- d-----w- c:\program files\Browny02 2012-10-28 15:42 . 2010-01-22 14:34 3072 ------w- c:\windows\system32\BrDctF2S.dll 2012-10-28 15:42 . 2007-12-13 21:16 73728 ------w- c:\windows\system32\BrDctF2.dll 2012-10-28 15:42 . 2007-12-13 21:16 4608 ------w- c:\windows\system32\BrDctF2L.dll 2012-10-28 15:42 . 2010-02-05 10:42 180224 ------w- c:\windows\system32\BroSNMP.dll 2012-10-28 13:53 . 2012-10-28 13:53 -------- d-----w- c:\users\Przemek\WapSter 2012-10-28 13:52 . 2012-10-28 13:52 -------- d-----w- c:\program files\WapSter 2012-10-28 13:52 . 2012-10-28 13:52 -------- d-----w- c:\users\Przemek\AppData\Roaming\.wtw 2012-10-28 13:51 . 2012-10-28 13:51 -------- d-----w- c:\program files\K2T 2012-10-28 13:05 . 2012-11-16 22:34 -------- d-----w- c:\program files\XCOM Enemy Unknown 2012-10-22 20:41 . 2012-01-23 21:43 7523840 ----a-w- c:\windows\system32\drivers\NETwNs32.sys 2012-10-22 20:41 . 2010-05-19 04:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll 2012-10-22 20:41 . 2010-05-19 04:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll 2012-10-19 16:16 . 2012-10-19 16:16 -------- d-----w- c:\program files\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-08 18:49 . 2012-04-01 07:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 18:49 . 2011-08-12 17:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-24 13:32 . 2012-06-15 17:55 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 13:32 . 2011-09-01 13:40 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-14 18:28 . 2012-10-10 12:55 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-31 17:18 . 2012-10-10 12:55 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 17:12 . 2012-10-10 12:55 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 12:55 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-24 16:57 . 2012-10-10 12:55 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 15:52 . 2012-11-18 11:31 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui 2012-08-22 18:58 . 2012-08-16 12:47 112640 ----a-w- c:\windows\system32\ff_vfw.dll 2012-08-22 18:56 . 2012-08-16 12:47 47616 ----a-w- c:\windows\system32\ff_acm.acm 2012-08-22 17:16 . 2012-09-12 07:18 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16 . 2012-09-12 07:18 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16 . 2012-09-12 07:18 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 20:12 . 2012-09-26 06:15 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 17:40 . 2012-10-10 12:55 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 17:40 . 2012-10-10 12:55 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 17:37 . 2012-10-10 12:55 271360 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 17:32 . 2012-10-10 12:55 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 12:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 12:55 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 12:55 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 12:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 12:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-10-29 12:28 . 2012-10-29 12:27 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2012-03-05 . B189A238B879FC36EF79E05D322FB2C2 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-10-25 14:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-10-25 14:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-10-25 14:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-10-25 14:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "G Data AntiVirus Tray Application"="c:\program files\G Data\TotalProtection\AVKTray\AVKTray.exe" [2012-05-24 985624] "GDFirewallTray"="c:\program files\G Data\TotalProtection\Firewall\GDFirewallTray.exe" [2012-01-27 1470968] . c:\users\Iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\Iza\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-09-16 13:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2012-10-09 08:53 4441920 ----a-w- c:\users\Przemek\AppData\Local\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] 2011-08-16 18:30 1379840 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2008-10-21 06:58 184320 ----a-w- c:\program files\Apoint2K\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] 2012-10-08 11:53 10833408 ----a-w- c:\progra~1\WapSter\WAPSTE~1\AQQ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT] 2012-03-28 01:53 404568 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00] 2010-02-09 15:43 2621440 ------r- c:\program files\Browny02\Brother\BrStMonW.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chew7Hale] 2012-11-17 20:07 2169856 --sha-w- c:\windows\System32\hale.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] 2008-12-24 09:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] 2012-04-12 11:00 1163072 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync] 2012-10-25 14:45 16052192 ----a-w- c:\program files\Google\Drive\googledrivesync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon] 2012-09-28 16:32 56128 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng] 2009-07-22 11:40 83336 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2011-11-18 11:37 1492264 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter] 2011-03-21 14:13 1839104 ----a-w- c:\program files\NetLimiter 3\NLClientApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx] 2012-10-11 11:51 3264912 ----a-w- c:\program files\NetWorx\networx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarX7Mouse5Mode] 2011-08-04 14:09 3514368 ----a-w- c:\program files\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 19:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl11] 2011-04-20 03:56 234792 ----a-w- c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2009-08-24 08:27 7719456 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAFE12 File Redirection Starter] 2012-03-19 11:59 17408 ----a-w- c:\program files\Steganos Safe 12\fredirstarter.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAFE12 HotKeys] 2012-03-19 12:01 84480 ----a-w- c:\program files\Steganos Safe 12\SteganosHotKeyService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2011-07-28 15:49 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2011-09-25 11:31 1242448 ----a-w- c:\program files\Steam\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-09-17 10:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-03-24 19:02 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] 2012-09-14 10:58 1247504 ----a-w- c:\program files\Trojan Remover\Trjscan.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Akamai NetSession Interface"="c:\users\Przemek\AppData\Local\Akamai\netsession_win.exe" "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" -autorun . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot . R1 FNETURPX;FNETURPX; [x] R1 GLogin;GLogin; [x] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x] R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x] R3 GDTunerSvc;G Data Tuner Service;c:\program files\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [x] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] R3 NETw5s32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] R3 netw5v32;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 32-bitowej;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 NETwNs32;___ Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x] R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x] R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;WatAdminSvc; [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [x] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 TS4NT;TS4nt driver;c:\windows\System32\Drivers\TS4nt.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x] S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [x] S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [x] S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x] S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [x] S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\Sleen17.sys [x] S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/11 10:13];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x] S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [x] S2 AVKService;G Data Scheduler;c:\program files\G Data\TotalProtection\AVK\AVKService.exe [x] S2 AVKWCtl;G Data Strażnik systemu plików;c:\program files\G Data\TotalProtection\AVK\AVKWCtl.exe [x] S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x] S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x] S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [x] S2 GDBackupSvc;G Data Backup Service;c:\program files\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [x] S2 IAStorDataMgrSvc;Technologia pamięci Intel® Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x] S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [x] S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [x] S2 TSNxGService;G Data TopSecret Service;c:\program files\G Data\TotalProtection\TSNxG\TSNxGService.exe [x] S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [x] S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x] S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\TotalProtection\Firewall\GDFwSvc.exe [x] S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x] S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [x] S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC GPSvcGroup REG_MULTI_SZ GPSvc . Zawartość folderu 'Zaplanowane zadania' . 2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:50] . 2012-11-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1784937873-793891771-2312621795-1003Core.job - c:\users\Iza\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-26 22:08] . 2012-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1784937873-793891771-2312621795-1003UA.job - c:\users\Iza\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-26 22:08] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-03 20:43] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-03 20:43] . . ------- Skan uzupełniający ------- . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=vlt2&from=vlt2&uid=TOSHIBA_MK5055GSX_19VBT0JGT__19VBT0JGT&ts=1351961398 mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=vlt2&from=vlt2&uid=TOSHIBA_MK5055GSX_19VBT0JGT__19VBT0JGT&ts=1351961398 uInternet Settings,ProxyOverride = 127.0.0.1:9421; uInternet Settings,ProxyServer = bramkaproxy.ufux.net:8080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Przemek\AppData\Roaming\Mozilla\Firefox\Profiles\ibj4b70l.default\ FF - prefs.js: browser.search.defaulturl - Yahoo FF - prefs.js: browser.startup.homepage - google.pl FF - prefs.js: keyword.URL - hxxp://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0&install_country=PL&install_date=20110911&user_guid=D423612B9B064A949D86E39C3CC82A34&machine_id=7aef8dff5b8ca610a17b183e723d86db&browser=FF&os=win&os_version=6.1-x86-SP1&q= FF - prefs.js: network.proxy.ftp - 217.98.20.20 FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.http - 217.98.20.20 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - 217.98.20.20 FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - 217.98.20.20 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-19 18:16; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-16 20:10; {a603964d-bbbe-44b5-8d83-fe493310b8fc}; c:\users\Przemek\AppData\Roaming\Mozilla\Firefox\Profiles\ibj4b70l.default\extensions\{a603964d-bbbe-44b5-8d83-fe493310b8fc}.xpi FF - ExtSQL: 2012-11-17 20:16; {906305f7-aafc-45e9-8bbd-941950a84dad}; c:\program files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-Driver Genius - (no file) MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe MSConfigStartUp-TSNxG4Tray - c:\program files\G Data\TotalProtection\TSNxG\TSNxGTray.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1784937873-793891771-2312621795-1000\Software\SecuROM\License information*] "datasecu"=hex:0b,c9,d4,b6,94,41,59,88,de,27,18,83,e1,f5,e3,1e,96,d8,e6,83,37, 81,72,14,f4,f6,d4,d3,7d,cf,82,7e,50,39,51,0b,9b,fc,6a,28,06,7f,39,ad,f6,b4,\ "rkeysecu"=hex:6f,98,bf,d8,91,47,b6,25,55,41,3a,84,b6,e3,43,dc . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\taskhost.exe c:\windows\system32\sppsvc.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\vds.exe c:\program files\DAEMON Tools Pro\DTShellHlp.exe c:\windows\system32\taskhost.exe . ************************************************************************** . Czas ukończenia: 2012-11-18 16:03:53 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-11-18 15:03 ComboFix2.txt 2012-08-31 08:40 . Przed: 31 631 085 568 bajtów wolnych Po: 32 011 644 928 bajtów wolnych . - - End Of File - - F6B28F09BD5FFA631658AF7083ECA7D2