ComboFix 14-01-16.03 - Mafia 2014-01-19 18:27:35.8.2 - x86 Uruchomiony z: c:\documents and settings\Mafia\Pulpit\Narzędzia Taty\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Mafia\Dane aplikacji\PriceGong c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\1.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\a.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\b.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\c.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\d.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\e.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\f.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\g.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\h.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\i.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\j.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\k.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\l.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\m.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\n.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\o.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\p.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\q.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\r.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\s.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\t.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\u.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\v.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\w.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\x.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\y.txt c:\documents and settings\Mafia\Dane aplikacji\PriceGong\Data\z.txt . . ((((((((((((((((((((((((( Pliki utworzone od 2013-12-19 do 2014-01-19 ))))))))))))))))))))))))))))))) . . 2014-01-02 18:53 . 2014-01-02 18:53 -------- d-----w- c:\documents and settings\Mama\Dane aplikacji\openvr 2014-01-02 18:37 . 2014-01-02 18:37 -------- d-----w- c:\documents and settings\Mafia\Dane aplikacji\openvr 2013-12-27 21:06 . 2013-12-27 21:06 -------- d-----w- c:\documents and settings\Mafia\Ustawienia lokalne\Dane aplikacji\NativeMessaging 2013-12-27 21:04 . 2009-11-11 06:54 294912 ----a-r- c:\windows\system32\CM106rm.exe 2013-12-27 21:04 . 2009-01-16 10:12 221184 ----a-r- c:\windows\system\cm106eye.exe 2013-12-27 21:04 . 2006-09-13 05:08 491520 ----a-r- c:\windows\system\cmau106.dll 2013-12-27 21:03 . 2009-09-25 09:59 1511936 ----a-r- c:\windows\system32\drivers\CM106.sys 2013-12-27 21:03 . 2004-04-14 03:28 315392 ----a-r- c:\windows\system\fltr106.dll 2013-12-27 21:03 . 2009-08-19 08:06 307200 ------r- c:\windows\Cmi106Uninstall.exe 2013-12-27 21:02 . 2013-12-27 21:02 -------- d-----w- c:\program files\REAL 5.1 GAMING HEADSET 2013-12-27 21:00 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2013-12-27 21:00 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2013-12-27 21:00 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2013-12-27 21:00 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2013-12-27 21:00 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2013-12-27 21:00 . 2013-12-27 21:00 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2013-12-27 21:00 . 2013-12-27 21:00 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2013-12-27 20:58 . 2013-12-27 20:58 -------- d-----w- c:\documents and settings\Mama\Dane aplikacji\AVAST Software 2013-12-27 20:58 . 2013-12-27 20:58 -------- d-----w- c:\documents and settings\Mafia\Dane aplikacji\AVAST Software 2013-12-21 12:45 . 2013-12-21 12:50 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-12-21 12:45 . 2013-12-21 12:50 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-21 12:45 . 2013-12-21 12:50 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-21 12:11 . 2013-12-21 12:11 -------- d-----w- c:\documents and settings\Mafia\Ustawienia lokalne\Dane aplikacji\Launcher 2013-12-21 12:10 . 2013-12-21 12:11 -------- d-----w- C:\Quake Live 2013-12-21 12:06 . 2013-12-21 12:06 -------- d-----w- c:\program files\Quake Live . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-21 12:50 . 2012-11-10 10:34 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-12-21 12:50 . 2012-11-10 10:34 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-12-21 12:50 . 2012-11-10 10:34 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-21 12:50 . 2012-11-10 10:34 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-12-21 12:50 . 2012-11-10 10:34 43152 ----a-w- c:\windows\avastSS.scr 2013-12-21 12:50 . 2012-11-10 10:34 270240 ----a-w- c:\windows\system32\aswBoot.exe 2013-12-03 16:31 . 2010-11-23 21:17 282296 ----a-w- c:\windows\system32\PnkBstrB.ex0 2013-12-03 16:09 . 2010-11-23 21:17 139048 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2013-12-03 16:09 . 2011-02-12 09:24 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr 2013-12-03 16:09 . 2010-11-23 21:17 282296 ----a-w- c:\windows\system32\PnkBstrB.exe 2013-11-17 17:52 . 2010-11-23 21:17 138056 ----a-w- c:\documents and settings\Mafia\Dane aplikacji\PnkBstrK.sys 2013-11-17 17:52 . 2013-11-17 17:52 2434856 ----a-w- c:\windows\system32\pbsvc.exe 2013-11-17 17:36 . 2010-11-23 21:17 76888 ----a-w- c:\windows\system32\PnkBstrA.exe 2013-11-17 16:56 . 2013-01-18 13:42 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-10-28 20:01 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\wlidui.dll 2013-10-28 20:01 . 2009-08-18 10:24 22240 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}] 2013-11-06 11:59 226592 ----a-w- c:\program files\uTorrentControl2\prxtbuTo0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2014-01-11 14:06 3349528 ----a-w- c:\program files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{eae1e35c-bdd4-49aa-adc9-e82496f88370}] 2013-11-06 11:59 226592 ----a-w- c:\program files\The_Game_Creators_Ltd\prxtbThe0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{eae1e35c-bdd4-49aa-adc9-e82496f88370}"= "c:\program files\The_Game_Creators_Ltd\prxtbThe0.dll" [2013-11-06 226592] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTo0.dll" [2013-11-06 226592] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll" [2014-01-11 3349528] . [HKEY_CLASSES_ROOT\clsid\{eae1e35c-bdd4-49aa-adc9-e82496f88370}] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EAE1E35C-BDD4-49AA-ADC9-E82496F88370}"= "c:\program files\The_Game_Creators_Ltd\prxtbThe0.dll" [2013-11-06 226592] "{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTo0.dll" [2013-11-06 226592] . [HKEY_CLASSES_ROOT\clsid\{eae1e35c-bdd4-49aa-adc9-e82496f88370}] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-12-21 12:50 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2010-06-21 561263] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-29 13923432] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-21 3764024] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:51a1a2a7a /dir:C:\Program . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt] 2008-07-22 12:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] 2005-02-17 23:00 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2013-03-14 08:23 3672640 ----a-w- d:\daemon\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray] 2013-03-29 15:07 2081792 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX] 2007-06-28 18:44 2816512 ----a-w- c:\program files\HEXelon MAX 6\hexelon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-02-15 11:46 159744 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2013-11-29 15:20 3806544 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-07-29 17:33 13923432 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster] 2012-12-26 23:53 3093624 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] 2010-06-14 15:10 153672 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2011-10-25 19:41 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2014-01-07 21:00 1815464 ----a-w- c:\program files\Steam\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2014-01-11 14:06 2486296 ----a-w- c:\program files\AVG Secure Search\vprot.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "CrossLoopService"=2 (0x2) "Akamai"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\UGS\\NX 4.0\\UGII\\ugraf.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Documents and Settings\\Mafia\\Ustawienia lokalne\\Dane aplikacji\\CrossLoop\\vncviewer.exe"= "c:\\Documents and Settings\\Mafia\\Ustawienia lokalne\\Dane aplikacji\\CrossLoop\\tvnserver.exe"= "c:\\Documents and Settings\\Mafia\\Ustawienia lokalne\\Dane aplikacji\\Akamai\\netsession_win.exe"= "g:\\Tony Hawk\\Game\\Skate4.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "d:\\AC\\ACBSP.exe"= "d:\\AC\\ACBMP.exe"= "d:\\AC\\AssassinsCreedBrotherhood.exe"= "d:\\Origin\\Dead Space 3\\deadspace3.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\Dead Space\\Dead Space.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\Dead Space\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"= "d:\\SteamLibrary2\\SteamApps\\common\\mirrors edge\\Binaries\\MirrorsEdge.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\mirrors edge\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"= "d:\\SteamLibrary2\\SteamApps\\common\\Batman Arkham City GOTY\\Binaries\\Win32\\BatmanAC.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\Batman Arkham City GOTY\\RunLauncher.bat"= "d:\\SteamLibrary2\\SteamApps\\common\\Mortal Kombat Arcade Kollection\\BINARIES\\WIN32\\MKHDGame.exe"= "d:\\Origin\\Battlefield Bad Company 2\\BFBC2Game.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\GarrysMod\\hl2.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\Serious Sam HD The Second Encounter\\Bin\\SamHD_TSE.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\Serious Sam HD The Second Encounter\\Bin\\SamHD_TSE_Unrestricted.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\AC\\AssassinsCreedIIGame.exe"= "d:\\AC\\AssassinsCreedII.exe"= "d:\\AC\\UPlayBrowser.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\Counter-Strike Global Offensive\\csgo.exe"= "c:\\Documents and Settings\\Mafia\\Dane aplikacji\\uTorrent\\uTorrent.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\Scribblenauts\\Scribble.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\dota 2 beta\\dota.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\Team Fortress 2\\hl2.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\Left 4 Dead 2\\left4dead2.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\FEAR2\\FEAR2.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\War in the North\\witn.exe"= "d:\\SteamLibrary2\\SteamApps\\common\\Sniper Ghost Warrior\\Sniper_x86.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58869:TCP"= 58869:TCP:Pando Media Booster "58869:UDP"= 58869:UDP:Pando Media Booster "8381:TCP"= 8381:TCP:League of Legends Launcher "8381:UDP"= 8381:UDP:League of Legends Launcher "5910:TCP"= 5910:TCP:vnc5910 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "57840:TCP"= 57840:TCP:Pando Media Booster "57840:UDP"= 57840:UDP:Pando Media Booster . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-12-21 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-12-21 180248] R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-10 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-10 410528] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-01-18 37664] R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [2013-02-18 283600] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-12-21 67824] R2 GtDetectSc;GtDetectSc;c:\program files\ERA\GlobeTrotter Connect\GtDetectSc.exe [2007-11-05 204915] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 375056] R2 MSSQL$PLATNIK2005;SQL Server (PLATNIK2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 Unigraphics License Server (uglmd);Unigraphics License Server (uglmd);c:\program files\UGS\NX 4.0\UGNXFLEXlm\lmgrd.exe [2005-10-27 962560] R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-01-11 1771544] R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2012-07-02 1756384] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-12-19 100368] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-09-29 12160] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-09-29 10496] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-09-29 12928] R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2013-12-27 1511936] S2 aswFsBlk;aswFsBlk; [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 1664336] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680] S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2011-09-06 23040] S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2011-09-06 27776] S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [2011-09-16 70400] S3 Desura Install Service;Desura Install Service;c:\program files\Common Files\Desura\desura_service.exe [2013-11-17 131912] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-05-26 23456] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2013-04-18 13896] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2013-04-18 9160] S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?] S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2007-07-09 95744] S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2007-06-26 51968] S3 ldiskl;ldiskl;\??\c:\docume~1\Mafia\USTAWI~1\Temp\ldiskl.sys --> c:\docume~1\Mafia\USTAWI~1\Temp\ldiskl.sys [?] S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?] S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-01-12 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-01-12 8576] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PciCon;PciCon;\??\h:\pcicon.sys --> h:\PciCon.sys [?] S3 tvnserver;TightVNC Server;c:\documents and settings\Mafia\Ustawienia lokalne\Dane aplikacji\CrossLoop\tvnserver.exe [2011-09-26 814080] S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336] S4 CrossLoopService;CrossLoop Service;c:\documents and settings\Mafia\Ustawienia lokalne\Dane aplikacji\CrossLoop\CrossLoopService.exe [2011-09-26 569072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-01-19 17:02 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 14:53] . 2014-01-11 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-10 12:50] . 2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 12:16] . 2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 12:16] . 2012-10-12 c:\windows\Tasks\Install.job - c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-05-26 11:50] . 2014-01-19 c:\windows\Tasks\User_Feed_Synchronization-{F21E80BD-D20D-4260-ABE9-BA2D62684058}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Skan uzupełniający ------- . uStart Page = https://www.google.pl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=ef3551d4-89d5-4cb0-960d-04196e740d82&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} - hxxp://www.englishon-line.com/pl/lekcje/localplayer/recording/yrecording.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-01-19 17:55 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_b5e8a4c.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-2025429265-343818398-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:08,7a,d4,98,fa,1a,a9,15,0c,50,dc,2d,6d,68,3f,5c,d5,16,e3,ad,6f,54,85, c7,41,b8,c1,f1,e4,8d,fe,c9,3d,88,2e,e6,21,e1,bc,be,d8,b4,a5,3b,d9,b6,0e,25,\ "??"=hex:a7,bf,41,4f,96,d8,80,34,44,00,b5,c8,2e,8b,7a,8b . [HKEY_USERS\S-1-5-21-2025429265-343818398-682003330-1003\Software\SecuROM\License information*] "datasecu"=hex:cd,ec,86,3e,43,29,da,7d,10,32,08,a4,06,a1,63,91,eb,d7,af,a2,41, ed,5a,e1,40,47,8c,c9,4f,49,c5,a4,f7,34,16,58,c7,8e,d1,a9,f8,94,10,17,09,f5,\ "rkeysecu"=hex:60,76,bf,f3,1a,8f,e5,73,03,d5,49,df,3c,fc,a7,93 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(1272) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\windows\system32\igfxdev.dll . Czas ukończenia: 2014-01-19 18:47:34 ComboFix-quarantined-files.txt 2014-01-19 17:47 ComboFix2.txt 2014-01-11 14:15 ComboFix3.txt 2012-11-09 23:02 . Przed: 153 971 908 608 bajtów wolnych Po: 153 982 599 168 bajtów wolnych . - - End Of File - - 9F214F27ED7E0E63D74D22DD2F5AB98F 32052574BF9F325AE309ABC7BFD04460