ComboFix 14-01-01.01 - Chmiel 2014-01-03 1:04.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3326.2700 [GMT 1:00] Uruchomiony z: c:\documents and settings\Chmiel\Moje dokumenty\Pobieranie\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\BrowserDefender c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 c:\documents and settings\All Users\Dane aplikacji\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe c:\documents and settings\Chmiel\Menu Start\Programy\BrowserDefender\Uninstall BrowserDefender.lnk c:\documents and settings\Chmiel\Menu Start\Programy\Uninstall.lnk c:\documents and settings\Chmiel\Ustawienia lokalne\Dane aplikacji\lollipop c:\documents and settings\Chmiel\Ustawienia lokalne\Dane aplikacji\lollipop\logo.ico c:\documents and settings\Chmiel\Ustawienia lokalne\Dane aplikacji\lollipop\lollipop_12231521.bat c:\documents and settings\Chmiel\Ustawienia lokalne\Dane aplikacji\lollipop\lollipop_12231521.dat c:\documents and settings\Chmiel\Ustawienia lokalne\Dane aplikacji\lollipop\lollipop_12231521.exe c:\documents and settings\Chmiel\Ustawienia lokalne\Dane aplikacji\lollipop\lollipop_12231521.lpd c:\documents and settings\Chmiel\Ustawienia lokalne\Dane aplikacji\lollipop\lollipop_12231521_cfg.lpd c:\documents and settings\Chmiel\Ustawienia lokalne\Dane aplikacji\lollipop\lollipop_12231521_ps.lpd c:\program files\5Fantastic\OneWay\OneWay.exe c:\program files\Common Files\337 c:\program files\Common Files\337\libcef\1.1364.1123\icudt.dll c:\program files\Common Files\337\libcef\1.1364.1123\libcef.dll c:\program files\Common Files\337\libcef\1.1364.1123\locales\en-US.pak c:\windows\system32\AegisI5Installer.exe E:\AUTORUN.INF . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_BROWSERDEFENDERT -------\Service_BrowserDefendert . . ((((((((((((((((((((((((( Pliki utworzone od 2013-12-03 do 2014-01-03 ))))))))))))))))))))))))))))))) . . 2014-01-03 00:09 . 2014-01-03 00:09 -------- d-----w- c:\windows\system32\xircom 2014-01-03 00:09 . 2014-01-03 00:09 -------- d-----w- c:\windows\system32\wbem\snmp 2014-01-03 00:09 . 2014-01-03 00:09 -------- d-----w- c:\program files\microsoft frontpage 2014-01-02 21:52 . 2013-10-28 10:00 102104 ----a-w- c:\windows\system32\RTNUninst32.dll 2014-01-02 20:57 . 2014-01-02 20:57 -------- d-----w- c:\program files\cFosSpeed 2014-01-02 20:57 . 2014-01-02 20:57 -------- d-----w- c:\documents and settings\Chmiel\Ustawienia lokalne\Dane aplikacji\cFos 2014-01-02 20:57 . 2011-11-08 14:52 952192 ----a-w- c:\windows\system32\drivers\cfosspeed.sys 2014-01-02 20:56 . 2014-01-02 20:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\cFos 2014-01-02 20:52 . 2014-01-02 20:52 -------- d--h--w- c:\windows\system32\GroupPolicy 2014-01-02 19:11 . 2011-08-11 05:46 606440 ----a-r- c:\windows\system32\drivers\RTL8192su.sys 2014-01-02 19:00 . 2014-01-02 19:00 -------- d-----w- c:\program files\ISY 2013-12-29 14:02 . 2013-12-29 14:02 -------- d-----w- c:\documents and settings\Chmiel\Dane aplikacji\Bonanza 2013-12-28 00:02 . 2013-12-29 20:28 -------- d-----w- c:\documents and settings\Chmiel\Dane aplikacji\TS3Client 2013-12-28 00:02 . 2013-12-28 00:02 -------- d-----w- c:\program files\TeamSpeak 3 Client 2013-12-25 10:05 . 2013-09-24 17:59 86232 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll 2013-12-25 10:05 . 2011-11-22 15:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll 2013-12-25 10:05 . 2013-10-25 10:38 26084 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT 2013-12-25 09:43 . 2013-11-11 16:38 893728 ----a-w- c:\windows\system32\nvdispgenco3233182.dll 2013-12-25 09:43 . 2013-11-11 16:38 1049888 ----a-w- c:\windows\system32\nvdispco3233182.dll 2013-12-25 09:43 . 2013-11-11 16:38 9605120 ----a-w- c:\windows\system32\nvopencl.dll 2013-12-25 01:30 . 2013-12-25 01:30 -------- d-----w- c:\program files\AGEIA Technologies 2013-12-25 01:29 . 2013-12-25 01:29 -------- d-----w- c:\documents and settings\UpdatusUser 2013-12-25 01:23 . 2013-12-25 09:30 -------- d-----w- C:\Driver_Win8_Win7 2013-12-25 01:22 . 2013-12-25 01:22 -------- d-----w- C:\swsetup 2013-12-25 01:11 . 2014-01-03 00:09 -------- d-----w- c:\program files\Desk 365 2013-12-25 01:11 . 2014-01-02 22:44 -------- d-----w- c:\documents and settings\Chmiel\Dane aplikacji\Desk 365 2013-12-25 01:10 . 2013-12-25 01:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\WPM 2013-12-25 01:10 . 2014-01-02 21:31 -------- d-----w- c:\documents and settings\Chmiel\Dane aplikacji\Device Doctor 2013-12-25 01:10 . 2013-12-25 01:10 -------- d-----w- c:\program files\Device Doctor 2013-12-25 00:59 . 2013-12-25 00:59 -------- d-----w- c:\program files\Probit Software 2013-12-24 18:44 . 2013-12-24 18:44 -------- d-----w- c:\program files\TORParse 2013-12-04 14:12 . 2013-12-04 14:12 -------- d-----w- c:\program files\Common Files\Skype 2013-12-04 14:12 . 2013-12-04 14:12 -------- d-----r- c:\program files\Skype 2013-12-04 14:00 . 2014-01-02 22:43 -------- d-----w- c:\documents and settings\Chmiel\Dane aplikacji\Skype 2013-12-04 14:00 . 2013-12-04 14:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype 2013-12-04 13:58 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2013-12-04 13:58 . 2008-04-14 21:51 20992 ----a-w- c:\windows\system32\dshowext.ax 2013-12-04 13:58 . 2008-04-13 23:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-03 00:09 . 2011-05-21 16:34 17488 ----a-w- c:\windows\gdrv.sys 2013-11-09 19:31 . 2013-08-05 19:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-11-09 19:31 . 2011-12-27 18:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-11-05 18:47 . 2011-05-21 16:30 5589720 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2013-10-30 18:20 . 2013-10-30 12:20 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-10-30 12:01 . 2013-10-30 12:01 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys 2013-10-28 10:00 . 2011-05-21 16:32 415832 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-02 . 8E036EEC565910417EA020CE0962AA24 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{fe063412-bea4-4d76-8ed3-183be6220d17}] 2013-08-21 17:36 100336 ----a-w- c:\program files\BonanzaDeals\BonanzaDealsIE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2009-02-19 1171456] "Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2013-12-19 55360] "Steam"="c:\program files\Steam\Steam.exe" [2013-12-11 1823656] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-05-21 802136] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664] "Easy Driver Pro"="c:\program files\Probit Software\Easy Driver Pro\DPLauncher.exe" [2013-05-05 198960] "Device Doctor"="c:\program files\Device Doctor\DDLauncher.exe" [2013-03-11 133944] "Desk 365"="c:\program files\Desk 365\desk365.exe" [2013-12-25 1013840] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-12-22 380928] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-17 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-25 111208] "RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368] "cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2011-11-08 1219456] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-03-01 124928] . c:\documents and settings\Chmiel\Menu Start\Programy\Autostart\ OneWay.lnk - c:\qoobox\Quarantine\C\Program Files\5Fantastic\OneWay\OneWay.exe.vir [2011-7-24 142848] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296] TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G\COMMON\TWCU.exe -s [2013-10-30 1298432] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "d:\\Warcraft III\\Warcraft III.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\steam\\Steam.exe"= "c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "d:\\Star Wars-The Old Republic\\swtor\\retailclient\\swtor.exe"= "d:\\Star Wars-The Old Republic\\launcher.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\HappyCloud\\Cache\\The Lord of the Rings Online\\lotroclient.exe"= "d:\\HappyCloud\\Cache\\The Lord of the Rings Online\\TurbineLauncher.exe"= "c:\\Program Files\\Raptr\\raptr.exe"= "c:\\Program Files\\Raptr\\raptr_im.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\skyrim\\SkyrimLauncher.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= . R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696] R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2011-05-21 212232] R2 desksvc;Desk 365 service;c:\program files\Desk 365\deskSvc.exe [2013-12-25 422312] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-12-07 38144] R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [2011-05-21 68136] R2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\WebCake\WebCakeDesktop.Updater.exe [2013-07-11 23552] R2 Wpm;Wpm Service;c:\documents and settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe -service --> c:\documents and settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe -service [?] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2014-01-02 606440] S2 bonanzadealslive;UsA‚uga BonanzaDealsLive (bonanzadealslive);c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-29 148976] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-05-21 1691480] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968] S3 bonanzadealslivem;UsA‚uga BonanzaDealsLive (bonanzadealslivem);c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-29 148976] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2014-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-05 19:31] . 2013-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2013-12-27 c:\windows\Tasks\At1.job - c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2012-10-02 04:57] . 2014-01-02 c:\windows\Tasks\At2.job - c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2012-10-02 04:57] . 2013-12-30 c:\windows\Tasks\At3.job - c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2012-10-02 04:57] . 2013-12-28 c:\windows\Tasks\At4.job - c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2012-10-02 04:57] . 2014-01-03 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job - c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-29 22:22] . 2014-01-02 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job - c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-29 22:22] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.nationzoom.com/?type=hp&ts=1387933805&from=air&uid=ST3250318AS_9VM7CN0WXXXX9VM7CN0W mStart Page = hxxp://www.nationzoom.com/?type=hp&ts=1387933805&from=air&uid=ST3250318AS_9VM7CN0WXXXX9VM7CN0W uInternet Settings,ProxyOverride = *.local IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{72FA458A-DB7F-49DF-A942-E2870F59A4B9}: NameServer = 194.204.159.1,194.204.152.34 FF - ProfilePath - c:\documents and settings\Chmiel\Dane aplikacji\Mozilla\Firefox\Profiles\t9lgsiyk.default-1365690088109\ FF - prefs.js: browser.search.selectedEngine - nationzoom FF - prefs.js: browser.startup.homepage - hxxp://www.nationzoom.com/?type=hp&ts=1387933805&from=air&uid=ST3250318AS_9VM7CN0WXXXX9VM7CN0W FF - ExtSQL: 2013-11-29 23:22; {f9d03c26-0575-497e-821d-f7956d23e0ca}; c:\documents and settings\Chmiel\Dane aplikacji\Mozilla\Firefox\Profiles\t9lgsiyk.default-1365690088109\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} FF - user.js: extentions.webcake.installId - 94134fe3-286e-4e67-8c29-1be2bc028b1f FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 10b71c5200000000000000241ddb5d14 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15897 FF - user.js: extensions.delta.vrsn - 1.8.21.5 FF - user.js: extensions.delta.vrsni - 1.8.21.5 FF - user.js: extensions.delta.vrsnTs - 1.8.21.512:25 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=119357&tt=040713_rdrctful&tsp=4940 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-lollipop_12231521 - c:\documents and settings\chmiel\ustawienia lokalne\dane aplikacji\lollipop\lollipop_12231521.exe AddRemove-lollipop_12231521 - c:\documents and settings\chmiel\ustawienia lokalne\dane aplikacji\lollipop\lollipop_12231521.bat . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-01-03 01:09 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1004336348-287218729-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:b6,b3,e5,b9,f3,28,75,38,85,bf,4a,bd,d3,56,bd,1b,fe,65,f9,b0,e4, d3,b9,d3,e9,83,cf,33,1e,2b,95,fc,1e,58,60,f5,21,b8,f9,23,44,5f,71,91,90,57,\ "rkeysecu"=hex:b6,21,8a,c2,6d,67,b9,6d,02,21,5c,56,15,c6,19,5b . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(1472) c:\windows\system32\cscui.dll . - - - - - - - > 'explorer.exe'(2904) c:\progra~1\Raptr\ltc_help32-78769.dll c:\program files\Desk 365\edis.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\documents and settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\ATKKBService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\cFosSpeed\spd.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\system32\PnkBstrA.exe c:\program files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\TP-LINK\TL-WN321G\COMMON\TWCU.exe c:\progra~1\Raptr\raptr.exe c:\windows\system32\rundll32.exe c:\progra~1\Raptr\raptr_im.exe . ************************************************************************** . Czas ukończenia: 2014-01-03 01:13:44 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2014-01-03 00:13 . Przed: 6 675 480 576 bajtów wolnych Po: 6 587 310 080 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - A8A8B1D783D5A3201716D32A6335AF81 32052574BF9F325AE309ABC7BFD04460