ComboFix 13-02-07.02 - Administrator 2013-02-09 18:56:30.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1977.1273 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: ESET NOD32 Antivirus 5.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\msmqinst.log c:\windows\system32\Cache c:\windows\system32\Cache\1eb77b82f792db9a.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\37d1f5dbd74364de.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb . . ((((((((((((((((((((((((( Pliki utworzone od 2013-01-09 do 2013-02-09 ))))))))))))))))))))))))))))))) . . 2013-02-18 14:42 . 2013-02-18 14:42 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\LolClient 2013-02-10 13:26 . 2008-04-14 21:50 10752 ------w- c:\windows\system32\smtpapi.dll 2013-02-10 13:23 . 2013-02-10 13:27 -------- d-----w- c:\windows\ServicePackFiles 2013-02-10 13:23 . 2008-04-14 21:50 33792 ------w- c:\windows\system32\dllcache\custsat.dll 2013-02-10 13:23 . 2008-04-14 21:51 294912 ------w- c:\program files\Windows Media Player\dlimport.exe 2013-02-10 13:19 . 2006-12-28 23:31 19569 ----a-w- c:\windows\002749_.tmp 2013-02-10 13:11 . 2013-02-10 13:11 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\PowerISO 2013-02-10 11:59 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll 2013-02-10 11:59 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll 2013-02-10 11:59 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2013-02-10 11:59 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2013-02-10 11:59 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2013-02-10 11:59 . 2013-02-10 11:59 -------- d-----w- c:\windows\Logs 2013-02-10 11:50 . 2013-02-10 11:50 -------- d-----w- C:\Riot Games 2013-02-09 22:38 . 2013-02-09 22:38 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-02-09 19:31 . 2013-02-09 18:02 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\PMB Files 2013-02-09 19:30 . 2013-02-09 16:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PMB Files 2013-02-09 19:28 . 2013-02-09 19:28 -------- d-----w- c:\program files\Pando Networks 2013-02-09 19:28 . 2013-02-09 19:28 -------- d-----w- c:\documents and settings\Administrator\.swt 2013-02-09 14:33 . 2013-02-09 14:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TP-LINK 2013-02-09 10:38 . 2011-07-28 11:06 1763584 ----a-r- c:\windows\system32\drivers\athuw.sys 2013-02-09 08:43 . 2004-08-03 21:06 169984 ----a-w- c:\windows\system32\drivers\pcx500.sys 2013-02-09 08:43 . 2004-08-03 21:06 169984 ----a-w- c:\windows\system32\dllcache\pcx500.sys 2013-01-31 16:15 . 2013-01-31 16:15 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\EAC 2013-01-31 16:15 . 2013-01-31 16:15 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\AccurateRip 2013-01-30 15:18 . 2008-04-14 21:50 21504 ----a-w- c:\windows\system32\hidserv.dll 2013-01-30 15:18 . 2001-10-26 15:57 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2013-01-30 15:18 . 2001-10-26 15:57 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2013-01-30 15:17 . 2008-04-14 20:50 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2013-01-30 15:17 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2013-01-30 15:16 . 2008-04-13 23:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-01-29 10:27 . 2013-01-29 10:27 -------- d-----w- c:\documents and settings\admin\Ustawienia lokalne\Dane aplikacji\Identities 2013-01-17 12:31 . 2013-01-17 12:31 -------- d-----w- c:\documents and settings\admin\Ustawienia lokalne\Dane aplikacji\ESET . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-18 14:55 . 2012-12-25 10:49 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-02-09 22:38 . 2012-11-22 13:47 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-09 22:38 . 2012-11-22 13:47 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-27 13:24 . 2012-12-27 13:24 3022 ----a-w- c:\documents and settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.js 2012-11-22 18:52 . 2012-11-22 18:53 7261256 ----a-w- c:\windows\system32\SpoonUninstall.exe 2012-11-22 15:26 . 2012-11-22 15:26 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-22 15:26 . 2012-11-22 15:26 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-22 15:26 . 2012-11-22 15:26 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-22 15:26 . 2012-11-22 13:22 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-11-22 13:27 . 2012-11-22 13:27 155136 ----a-w- c:\windows\system32\imapihp.exe 2012-11-16 12:56 . 2012-11-16 12:56 160856 ----a-w- c:\windows\system32\drivers\eamon.sys 2013-02-06 08:43 . 2013-02-06 08:43 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTo0.dll" [2012-11-06 183112] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] 2012-11-06 13:01 183112 ----a-w- c:\program files\uTorrentControl_v2\prxtbuTo0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2013-02-18 14:55 1920688 ----a-w- c:\program files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTo0.dll" [2012-11-06 183112] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll" [2013-02-18 1920688] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{7473B6BD-4691-4744-A82B-7854EB3D70B6}"= "c:\program files\uTorrentControl_v2\prxtbuTo0.dll" [2012-11-06 183112] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2012-10-08 2991616] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-02-09 3093624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-19 773144] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-27 298536] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-08-19 329520] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-07-23 24848] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-06-23 10244096] "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1124016] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-16 3117384] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2007-11-27 16:41 109568 ----a-w- c:\windows\system32\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2007-11-27 16:40 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2008-08-06 14:23 69632 ----a-w- c:\windows\system32\DeviceNP.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2008-07-23 12:03 158992 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "c:\\WINDOWS\\system32\\dmwu.exe"= "c:\\WINDOWS\\system32\\ARFC\\wrtc.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56708:TCP"= 56708:TCP:Pando Media Booster "56708:UDP"= 56708:UDP:Pando Media Booster . R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-08-07 109184] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-08-07 51376] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-08-07 12928] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2012-11-22 24064] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-12-25 33112] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-03-14 120152] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-03-14 104160] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-08-07 12496] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-27 185896] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-11-16 913184] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-08-19 32768] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-08-07 256512] R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-11-22 77824] R2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [2012-12-05 188760] R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2012-12-05 1008496] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2012-11-22 576024] R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2012-11-22 2054680] R2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [2013-02-18 965296] R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2013-02-09 1763584] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2012-11-22 44800] S1 FSLX;FSLX;\??\c:\windows\system32\drivers\fslx.sys --> c:\windows\system32\drivers\fslx.sys [?] S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe --> c:\program files\Fighters\FighterSuiteService.exe [?] S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2013-01-05 14336] S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2013-01-05 20736] S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2013-01-05 20096] S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2013-01-05 25088] S3 Common Toolkit Tools;Common Toolkit Tools;"c:\program files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe" --> c:\program files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [?] S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2008-08-06 32256] S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2012-11-22 144480] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2008-08-06 349432] S3 PCX500;Sterownik kart Cisco Wireless LAN;c:\windows\system32\drivers\pcx500.sys [2013-02-09 169984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 19:48 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2013-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-22 22:38] . 2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-22 13:43] . 2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-22 13:43] . 2013-02-09 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job - c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-31 16:10] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uInternet Settings,ProxyOverride = TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\drx0rmr2.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bbb7e7b29-eded-41bb-9d19-fd085b934731%7D&mid=Unknown&ds=xn011&v=13.3.0.17&lang=pl&pr=sa&d=2012-12-25%2011%3A49%3A41&sap=hp FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={1AC22798-F7EF-4D98-9C3B-65C79E41073D}&mid=Unknown&lang=pl&ds=xn011&pr=sa&d=2012-12-25 11:49&v=13.3.0.17&sap=ku&q= FF - ExtSQL: 2012-12-24 02:50; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\drx0rmr2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-12-25 11:49; avg@toolbar; c:\documents and settings\All Users\Dane aplikacji\AVG Secure Search\FireFoxExt\14.1.0.10 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQRMfMVEy&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 007fb06c00000000000000237d1ccd3b FF - user.js: extensions.incredibar_i.instlDay - 15679 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1410:32 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQRMfMVEy FF - user.js: extensions.incredibar_i.upn2n - 92544043242102118 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10678 FF - user.js: extensions.incredibar_i.ppd - 111 . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-09 19:01 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1574165943-109398757-4279207423-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,4d,c2,5e,f5,c5,26,4f,ae,74,c7,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,4d,c2,5e,f5,c5,26,4f,ae,74,c7,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(624) c:\windows\system32\ackpbsc.dll c:\windows\system32\aclog.dll c:\windows\system32\accrypto.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acevtsub.dll c:\windows\system32\asphat32.dll c:\windows\system32\acerrmes.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\bin\brand.dll c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll c:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_pl_b77a5c561934e089\System.Xml.resources.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\windows\system32\aicext.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll c:\windows\system32\DeviceNP.dll c:\windows\system32\SSREGLIB.dll c:\windows\system32\HPPTLog.dll . - - - - - - - > 'explorer.exe'(2292) c:\windows\system32\APSHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\System32\SCardSvr.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Intel\AMT\LMS.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\wscntfy.exe c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe c:\windows\system32\igfxsrvc.exe c:\program files\ActivIdentity\ActivClient\acevents.exe . ************************************************************************** . Czas ukończenia: 2013-02-09 19:03:40 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2013-02-09 18:03 ComboFix2.txt 2012-12-27 15:06 . Przed: 41 567 223 808 bajtów wolnych Po: 43 348 234 240 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 4646D009E02B05519CDC6089337CD878