ComboFix 14-01-16.03 - Zurawski 2014-01-19 14:20:08.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1446 [GMT 1:00] Uruchomiony z: c:\documents and settings\Zurawski\Pulpit\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Zurawski\USTAWI~1\Temp\jna\jna3105023551252277260.dll c:\documents and settings\All Users\Dane aplikacji\TEMP c:\documents and settings\Zurawski\Dane aplikacji\win32 c:\documents and settings\Zurawski\Dane aplikacji\win32\spoolsv32.jar c:\documents and settings\Zurawski\Ustawienia lokalne\Dane aplikacji\lollipop c:\documents and settings\Zurawski\Ustawienia lokalne\Temp\jna\jna3105023551252277260.dll c:\program files\Common Files\logonInit.dll c:\windows\system32\frapsvid.dll . . ((((((((((((((((((((((((( Pliki utworzone od 2013-12-19 do 2014-01-19 ))))))))))))))))))))))))))))))) . . 2014-01-19 13:11 . 2013-09-20 09:49 18968 ----a-w- c:\windows\system32\sdnclean.exe 2014-01-19 13:11 . 2014-01-19 13:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2014-01-19 13:11 . 2014-01-19 13:11 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2014-01-19 10:03 . 2014-01-19 10:04 -------- d-----w- c:\program files\MyPC Backup 2014-01-19 10:02 . 2014-01-19 10:02 -------- d-----w- c:\program files\IObit 2014-01-19 10:02 . 2014-01-19 10:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\IObit 2014-01-19 10:02 . 2013-12-27 17:10 18776 ----a-w- c:\windows\system32\roboot.exe 2014-01-19 10:02 . 2014-01-19 10:03 -------- d-----w- c:\documents and settings\Zurawski\Dane aplikacji\systweak 2014-01-19 10:02 . 2014-01-19 10:04 -------- d-----w- c:\program files\RegClean Pro 2014-01-19 09:58 . 2014-01-19 10:00 -------- d-----w- c:\program files\Mobogenie 2014-01-17 12:53 . 2014-01-17 12:56 -------- d-----w- c:\documents and settings\Zurawski\Ustawienia lokalne\Dane aplikacji\gtk-2.0 2014-01-17 12:53 . 2014-01-17 12:53 -------- d-----w- c:\documents and settings\Zurawski\.thumbnails 2014-01-17 12:40 . 2014-01-17 12:40 -------- d-----w- c:\documents and settings\Zurawski\Ustawienia lokalne\Dane aplikacji\fontconfig 2014-01-17 12:40 . 2014-01-17 12:57 -------- d-----w- c:\documents and settings\Zurawski\.gimp-2.8 2014-01-17 12:40 . 2014-01-17 12:40 -------- d-----w- c:\documents and settings\Zurawski\Ustawienia lokalne\Dane aplikacji\gegl-0.2 2014-01-17 12:37 . 2014-01-17 12:40 -------- d-----w- c:\program files\GIMP 2 2014-01-16 12:44 . 2014-01-16 12:44 -------- d-----w- c:\documents and settings\Zurawski\Ustawienia lokalne\Dane aplikacji\Sun 2014-01-13 08:49 . 2014-01-13 08:49 -------- d-----w- c:\program files\Common Files\Java 2014-01-13 08:49 . 2014-01-13 08:49 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-01-12 15:21 . 2014-01-12 15:21 -------- d-----w- c:\documents and settings\Zurawski\Ustawienia lokalne\Dane aplikacji\OTLand 2014-01-06 10:47 . 2014-01-06 10:47 -------- d-----w- c:\documents and settings\Zurawski\Dane aplikacji\Remere's Map Editor 2014-01-06 10:46 . 2014-01-06 10:47 -------- d-----w- c:\program files\Remere's Map Editor 2013-12-28 14:49 . 2013-12-28 14:49 -------- d-----w- c:\documents and settings\Zurawski\Dane aplikacji\AVG 2013-12-28 14:45 . 2013-12-28 14:45 -------- d-----w- c:\documents and settings\Zurawski\Dane aplikacji\Cool Record Edit Pro 2013-12-28 14:45 . 2013-12-28 14:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AVG 2013-12-28 14:45 . 2013-12-28 14:45 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2013-12-28 14:45 . 2013-12-28 14:45 -------- d--h--w- c:\documents and settings\All Users\Dane aplikacji\Common Files 2013-12-28 14:44 . 2013-12-28 14:46 -------- d-----w- c:\documents and settings\Zurawski\Dane aplikacji\Free Sound Recorder 2013-12-26 09:45 . 2013-12-26 09:45 -------- d-----w- c:\documents and settings\Zurawski\Ustawienia lokalne\Dane aplikacji\Sony 2013-12-26 09:45 . 2014-01-19 12:54 -------- d-----w- c:\program files\Common Files\Sony Shared 2013-12-26 09:45 . 2013-12-26 09:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Sony Corporation 2013-12-26 09:44 . 2013-12-26 09:44 -------- d-----w- c:\documents and settings\Zurawski\Ustawienia lokalne\Dane aplikacji\Downloaded Installations 2013-12-26 09:42 . 2013-12-27 09:03 -------- d-----w- c:\windows\SxsCaPendDel 2013-12-26 09:38 . 2013-12-26 09:44 -------- d-----w- c:\program files\Sony Media Go Install 2013-12-26 09:38 . 2013-12-26 09:38 -------- d-----w- c:\documents and settings\Zurawski\Dane aplikacji\Sony 2013-12-26 09:25 . 2013-12-26 09:26 -------- d-----w- c:\windows\system32\drivers\UMDF 2013-12-26 09:25 . 2013-12-26 09:25 -------- d-----w- c:\windows\system32\LogFiles 2013-12-22 17:07 . 2014-01-18 18:51 -------- d-----w- c:\documents and settings\Zurawski\Dane aplikacji\Skype 2013-12-22 17:06 . 2013-12-22 17:06 -------- d-----w- c:\program files\Common Files\Skype 2013-12-22 17:06 . 2013-12-22 17:07 -------- d-----r- c:\program files\Skype 2013-12-21 06:04 . 2013-12-21 06:04 225656 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-19 13:06 . 2013-12-19 09:03 150 ----a-w- c:\program files\Common Files\userInit.dll 2014-01-13 08:49 . 2013-11-12 09:22 145408 ----a-w- c:\windows\system32\javacpl.cpl 2013-12-26 09:43 . 2013-09-14 12:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-12-26 09:43 . 2013-09-14 12:40 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-11-11 16:38 . 2013-12-01 13:06 893728 ----a-w- c:\windows\system32\nvdispgenco3233182.dll 2013-11-11 16:38 . 2013-12-01 13:06 1049888 ----a-w- c:\windows\system32\nvdispco3233182.dll 2013-11-11 16:38 . 2013-10-01 16:25 57344 ----a-w- c:\windows\system32\OpenCL.dll 2013-11-11 16:38 . 2013-10-01 16:24 9605120 ----a-w- c:\windows\system32\nvopencl.dll 2013-11-11 16:38 . 2013-10-01 16:24 22183936 ----a-w- c:\windows\system32\nvoglnt.dll 2013-11-11 16:38 . 2013-10-01 16:24 9646080 ----a-w- c:\windows\system32\nvcuda.dll 2013-11-11 16:38 . 2013-10-01 16:24 353056 ----a-w- c:\windows\system32\nvEncodeAPI.dll 2013-11-11 16:38 . 2013-10-01 16:24 2952992 ----a-w- c:\windows\system32\nvcuvid.dll 2013-11-11 16:38 . 2013-10-01 16:24 2747680 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-11-11 16:38 . 2013-10-01 16:24 2633728 ----a-w- c:\windows\system32\nvapi.dll 2013-11-11 16:38 . 2013-10-01 16:24 17551360 ----a-w- c:\windows\system32\nvcompiler.dll 2013-11-11 16:38 . 2013-10-01 16:18 4083584 ----a-w- c:\windows\system32\nv4_disp.dll 2013-11-11 16:38 . 2013-10-01 16:14 12684992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2013-11-11 14:32 . 2013-10-01 16:25 274432 ----a-w- c:\windows\system32\nvrspt.dll 2013-11-11 14:32 . 2013-10-01 16:25 270336 ----a-w- c:\windows\system32\nvrsru.dll 2013-11-11 14:32 . 2013-10-01 16:25 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2013-11-11 14:32 . 2013-10-01 16:25 258048 ----a-w- c:\windows\system32\nvrstr.dll 2013-11-11 14:32 . 2013-10-01 16:25 258048 ----a-w- c:\windows\system32\nvrssl.dll 2013-11-11 14:32 . 2013-10-01 16:25 258048 ----a-w- c:\windows\system32\nvrssk.dll 2013-11-11 14:32 . 2013-10-01 16:25 258048 ----a-w- c:\windows\system32\nvrspl.dll 2013-11-11 14:32 . 2013-10-01 16:25 253952 ----a-w- c:\windows\system32\nvrsth.dll 2013-11-11 14:32 . 2013-10-01 16:25 253952 ----a-w- c:\windows\system32\nvrssv.dll 2013-11-11 14:32 . 2013-10-01 16:25 253952 ----a-w- c:\windows\system32\nvrsno.dll 2013-11-11 14:32 . 2013-10-01 16:25 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2013-11-11 14:32 . 2013-10-01 16:25 126976 ----a-w- c:\windows\system32\nvrszht.dll 2013-11-11 14:32 . 2013-10-01 16:25 335872 ----a-w- c:\windows\system32\nvrshe.dll 2013-11-11 14:32 . 2013-10-01 16:25 282624 ----a-w- c:\windows\system32\nvrsit.dll 2013-11-11 14:32 . 2013-10-01 16:25 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2013-11-11 14:32 . 2013-10-01 16:25 274432 ----a-w- c:\windows\system32\nvrsja.dll 2013-11-11 14:32 . 2013-10-01 16:25 266240 ----a-w- c:\windows\system32\nvrsko.dll 2013-11-11 14:32 . 2013-10-01 16:25 262144 ----a-w- c:\windows\system32\nvrshu.dll 2013-11-11 14:32 . 2013-10-01 16:25 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2013-11-11 14:32 . 2013-10-01 16:25 282624 ----a-w- c:\windows\system32\nvrses.dll 2013-11-11 14:32 . 2013-10-01 16:25 282624 ----a-w- c:\windows\system32\nvrsel.dll 2013-11-11 14:32 . 2013-10-01 16:25 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2013-11-11 14:32 . 2013-10-01 16:25 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2013-11-11 14:32 . 2013-10-01 16:25 249856 ----a-w- c:\windows\system32\nvrseng.dll 2013-11-11 14:32 . 2013-10-01 16:25 335872 ----a-w- c:\windows\system32\nvrsar.dll 2013-11-11 14:32 . 2013-10-01 16:25 278528 ----a-w- c:\windows\system32\nvrsde.dll 2013-11-11 14:32 . 2013-10-01 16:25 253952 ----a-w- c:\windows\system32\nvrsda.dll 2013-11-11 14:32 . 2013-10-01 16:25 249856 ----a-w- c:\windows\system32\nvrscs.dll 2013-11-11 14:31 . 2013-10-01 16:25 156960 ----a-w- c:\windows\system32\nvsvc32.exe 2013-11-11 14:31 . 2013-10-01 16:25 54272 ----a-w- c:\windows\system32\nvwddi.dll 2013-11-11 14:31 . 2013-10-01 16:25 209184 ----a-w- c:\windows\system32\nvmctray.dll 2013-11-11 14:31 . 2013-10-01 16:25 15711008 ----a-w- c:\windows\system32\nvcpl.dll 2013-11-11 14:31 . 2013-10-01 16:25 144160 ----a-w- c:\windows\system32\nvcolor.exe 2013-11-11 13:55 . 2013-11-11 13:55 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-11-11 13:55 . 2013-11-11 13:55 768848 ----a-w- c:\windows\system32\msvcr100.dll 2013-09-27 14:14 1406935 --sh--r- c:\windows\system32\29EDD5\A9B90D.EXE . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696] "NextLive"="c:\documents and settings\Zurawski\Dane aplikacji\newnext.me\nengine.dll" [2013-11-14 1283584] "spoolsv32"="c:\windows\system32\javaw.exe" [2014-01-13 175016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-12-27 41032304] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] "A9B90D"="c:\windows\system32\29EDD5\A9B90D.EXE" [2013-09-27 1406935] "Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384] "TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2009-12-28 561263] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-11-11 15711008] "NvMediaCenter"="NvMCTray.dll" [2013-11-11 209184] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-11-11 2602784] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Zurawski\Menu Start\Programy\Autostart\ A9B90D.lnk - c:\windows\system32\29EDD5\A9B90D.EXE [2013-9-27 1406935] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2013-9-14 950272] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\cdp.pl\\Farming Simulator 2013\\FarmingSimulator2013.exe"= "c:\\Program Files\\cdp.pl\\Farming Simulator 2013\\FarmingSimulator2013Game.exe"= "c:\\Program Files\\cdp.pl\\Farming Simulator 2013\\x86\\FarmingSimulator2013Game.exe"= "c:\\Games\\World_of_Tanks\\WoTLauncher.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"= "c:\\Documents and Settings\\Zurawski\\Dane aplikacji\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\WarThunder\\launcher.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:War Thunder "20010:UDP"= 20010:UDP:War Thunder "3478:UDP"= 3478:UDP:War Thunder "7850:TCP"= 7850:TCP:War Thunder "27022:TCP"= 27022:TCP:War Thunder "6881:TCP"= 6881:TCP:War Thunder "33333:TCP"= 33333:TCP:War Thunder "20443:TCP"= 20443:TCP:War Thunder "8090:TCP"= 8090:TCP:War Thunder . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-09-14 243128] R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2013-09-14 88688] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-01-19 3921880] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-01-19 1042272] R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2013-10-28 1714176] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2013-09-14 65136] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2013-09-14 2804720] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-01-19 171416] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2013-09-14 450560] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [2014-01-19 14416] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' . 2014-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14 09:43] . 2014-01-19 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-01-19 09:57] . 2014-01-19 c:\windows\Tasks\Game_Booster_AutoUpdate.job - c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2014-01-19 10:03] . 2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-11-21 16:23] . 2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-11-21 16:23] . 2014-01-19 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-01-19 09:49] . 2014-01-19 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-01-19 09:51] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD3200AVJS-63WDA0_WD-WCARW278467984679&ts=1379163499 mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD3200AVJS-63WDA0_WD-WCARW278467984679&ts=1379163499 uInternet Connection Wizard,ShellNext = hxxp://www.neostrada.pl/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 FF - ProfilePath - c:\documents and settings\Zurawski\Dane aplikacji\Mozilla\Firefox\Profiles\08ltct9c.default\ FF - prefs.js: browser.startup.homepage - www.google.pl FF - ExtSQL: 2013-11-24 13:12; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - ExtSQL: !HIDDEN! 2013-11-24 13:12; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: extensions.irspeeddial.aflt - fxtb103 FF - user.js: extensions.irspeeddial.instlRef - FF - user.js: extensions.irspeeddial.cr - 451951118 FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1Qzu0FzztC0AyCyBtByByDzz0DtAzyzyyBtDtN0D0Tzu0CyCyByBtN1L2XzutBtFtBtFyBtFtCtBtDtCtN1L1Czu1G2Z1S . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-FreeRAM XP - c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe HKCU-Run-Overwolf - c:\program files\Overwolf\Overwolf.exe HKLM-Run-tuto4pc_pl_21 - (no file) HKLM-Run-upt4pc_pl_21.exe - c:\documents and settings\Zurawski\Ustawienia lokalne\Dane aplikacji\tuto4pc_pl_21\upt4pc_pl_21.exe HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe Notify-SDWinLogon - SDWinLogon.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-01-19 14:27 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe????????????????????????????????????????????????????????????????????????????????????? . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(3868) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\acs.exe c:\program files\Java\jre7\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\system32\RunDLL32.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Czas ukończenia: 2014-01-19 14:30:52 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2014-01-19 13:30 . Przed: 208,244,297,728 bajtów wolnych Po: 208,225,460,224 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 543AC6AF82B7CB4569D0E338EF3A8AB2 32052574BF9F325AE309ABC7BFD04460