ComboFix 11-11-12.02 - Alfik 2011-11-12 15:13:22.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.12265.9689 [GMT 1:00] Uruchomiony z: e:\desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\INSTALL.LOG c:\programdata\FullRemove.exe c:\windows\assembly\tmp\U c:\windows\assembly\tmp\U\000000c0.@ c:\windows\assembly\tmp\U\000000cb.@ c:\windows\assembly\tmp\U\000000cf.@ c:\windows\assembly\tmp\U\80000000.@ c:\windows\assembly\tmp\U\800000c0.@ c:\windows\assembly\tmp\U\800000cb.@ c:\windows\assembly\tmp\U\800000cf.@ c:\windows\av_ico c:\windows\av_ico\ico_avast_desktop.ico c:\windows\av_ico\ico_avast_start.ico c:\windows\av_ico\ico_NOD_SS_START.ico c:\windows\av_ico\ico_NOD_SYSINSP.ico c:\windows\av_ico\ico_NOD_SYSRESC.ico c:\windows\av_ico\ico_NOD_TXT.ico c:\windows\av_ico\ico_NOD_UNINSTALL.ico c:\windows\btc_client_iplist.txt c:\windows\front_ip_list.txt c:\windows\geoiplist c:\windows\geoiplist.rar c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\loader2.exe_ok c:\windows\phoenix c:\windows\phoenix.rar c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\__init__.pyc c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\__init__.pyc c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\proc_list1.log c:\windows\rpcminer c:\windows\rpcminer.rar c:\windows\rpcminer\bitcoinminercuda_10.cubin c:\windows\rpcminer\bitcoinminercuda_11.cubin c:\windows\rpcminer\bitcoinminercuda_20.cubin c:\windows\rpcminer\bitcoinmineropencl.cl c:\windows\rpcminer\cudart32_32_16.dll c:\windows\rpcminer\curllib.dll c:\windows\rpcminer\libeay32.dll c:\windows\rpcminer\libsasl.dll c:\windows\rpcminer\openldap.dll c:\windows\rpcminer\rpcminer-4way.exe c:\windows\rpcminer\rpcminer-cpu.exe c:\windows\rpcminer\rpcminer-cuda.exe c:\windows\rpcminer\rpcminer-opencl.exe c:\windows\rpcminer\ssleay32.dll c:\windows\services32.exe c:\windows\sysdriver32.exe c:\windows\sysdriver32_.exe c:\windows\system32\consrv.dll c:\windows\system32\drivers\etc\HSTS~1 c:\windows\ufa.rar c:\windows\update.1 c:\windows\update.1\svchost.exe c:\windows\update.2 c:\windows\update.2\svchost.exe c:\windows\update.5.0 c:\windows\update.5.0\svchost.exe c:\windows\winlog-dirs.txt c:\windows\winlog-ids.txt c:\windows\winsetupapi.log . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_srvbtcclient -------\Service_srviecheck -------\Service_srvsysdriver32 -------\Service_wxpdrivers . . ((((((((((((((((((((((((( Pliki utworzone od 2011-10-12 do 2011-11-12 ))))))))))))))))))))))))))))))) . . 2011-11-12 14:21 . 2011-11-12 14:21 -------- d-----w- c:\windows\av_ico 2011-11-12 14:19 . 2011-11-12 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-11 21:09 . 2011-11-11 21:09 287304 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys 2011-11-11 20:57 . 2011-11-11 20:57 -------- d--h--w- c:\windows\update.tray-7-0 2011-11-11 20:57 . 2011-11-11 20:57 -------- d--h--w- c:\windows\update.tray-7-0-lnk 2011-11-11 20:07 . 2011-09-06 21:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-11 20:07 . 2011-09-06 21:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-11 20:07 . 2011-09-06 21:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-11 20:07 . 2011-09-06 21:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-11 20:07 . 2011-09-06 21:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-11 20:07 . 2011-09-06 21:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-11-11 20:07 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr 2011-11-11 20:07 . 2011-09-06 21:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-11-11 16:18 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A56A8A5F-70D5-476C-A6A9-CB7A1EBDB989}\mpengine.dll 2011-11-10 23:44 . 2011-11-10 23:44 -------- d-----w- c:\programdata\OpenFM 2011-11-10 23:44 . 2011-11-10 23:44 -------- d-----w- c:\users\Alfik\AppData\Roaming\OpenFM 2011-11-08 21:20 . 2011-11-08 21:20 -------- d-----w- c:\windows\system32\Macromed 2011-11-08 21:18 . 2011-11-08 21:18 -------- d-sh--w- c:\windows\system32\%APPDATA% 2011-11-06 18:59 . 2011-11-06 18:59 -------- d-----w- c:\program files (x86)\Lame For Audacity 2011-11-01 09:51 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll 2011-10-30 10:43 . 2011-10-30 10:43 -------- d-----w- c:\windows\Sun 2011-10-28 22:00 . 2011-11-12 13:45 -------- d-----w- c:\windows\ufa 2011-10-28 17:43 . 2011-11-12 13:41 246272 ----a-w- c:\windows\unrar.exe 2011-10-28 17:40 . 2011-10-28 17:40 -------- d--h--w- c:\windows\update.tray-3-0 2011-10-28 17:40 . 2011-10-28 17:40 -------- d--h--w- c:\windows\update.tray-3-0-lnk 2011-10-21 19:20 . 2011-10-21 19:20 -------- d-----w- c:\programdata\ASUS 2011-10-21 19:20 . 2011-10-21 19:20 -------- d-----w- c:\users\Alfik\AppData\Local\ASUS 2011-10-21 19:07 . 2011-10-21 19:07 -------- d-----w- c:\users\Alfik\AppData\Roaming\ASUS Drivers Update Utility 2011-10-21 16:32 . 2011-10-21 16:32 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-10-21 16:32 . 2011-10-03 03:06 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll 2011-10-16 21:16 . 2011-10-16 21:16 -------- d-----w- c:\users\Alfik\AppData\Roaming\Electronic Arts 2011-10-16 21:03 . 2011-10-16 21:03 -------- d-----w- c:\users\Alfik\AppData\Local\Unity 2011-10-16 15:57 . 2011-11-05 23:00 -------- d-----w- c:\users\Alfik\AppData\Roaming\Skype 2011-10-16 15:57 . 2011-10-18 18:43 -------- d-----r- c:\program files (x86)\Skype 2011-10-16 15:57 . 2011-10-16 15:57 -------- d-----w- c:\programdata\Skype 2011-10-16 01:13 . 2011-10-16 01:13 -------- d-----w- c:\program files (x86)\MonkeyDragon Mods 2011-10-15 22:50 . 2011-10-15 22:50 -------- d-----w- c:\program files (x86)\MP3 Bitrate Changer 2011-10-15 22:50 . 2011-10-15 22:50 -------- d-----w- c:\programdata\Pianosoft 2011-10-15 22:50 . 2009-03-07 19:52 832512 ----a-w- c:\windows\SysWow64\MobacXPro.dll 2011-10-15 22:50 . 2005-11-05 11:31 356352 ----a-w- c:\windows\eSellerateEngine.dll 2011-10-15 22:50 . 2005-10-07 13:23 266240 ----a-w- c:\windows\SysWow64\MyCommandButton.ocx 2011-10-15 22:50 . 2003-06-06 09:21 81920 ----a-w- c:\windows\SysWow64\eSellerateControl350.dll 2011-10-15 22:50 . 2002-12-20 13:02 1077336 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2011-10-15 22:50 . 2000-05-22 15:58 140488 ----a-w- c:\windows\SysWow64\comdlg32.ocx 2011-10-14 22:54 . 2011-10-14 22:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2011-10-14 10:33 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-14 10:33 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-14 10:33 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-14 10:33 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-14 10:32 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-14 10:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-14 10:32 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-14 10:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-14 10:32 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-12 14:21 . 2011-05-14 21:42 45056 ----a-w- c:\windows\system32\acovcnt.exe 2011-11-08 21:20 . 2011-07-06 09:51 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-15 10:48 . 2011-10-04 12:06 1454400 ----a-w- c:\windows\system32\nvir3dgenco6420130.dll 2011-10-15 08:53 . 2011-08-13 15:48 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-10-15 08:53 . 2011-08-13 15:48 1533248 ----a-w- c:\windows\system32\nvdispco64.dll 2011-10-15 08:53 . 2011-08-13 15:48 1454400 ----a-w- c:\windows\system32\nvgenco64.dll 2011-10-15 08:53 . 2011-08-13 15:48 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-10-15 08:53 . 2011-07-08 11:33 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll 2011-10-15 08:53 . 2011-07-08 11:33 539456 ----a-w- c:\windows\system32\nvhotkey.dll 2011-10-15 08:53 . 2011-07-08 11:33 5067584 ----a-w- c:\windows\system32\nvsvc64.dll 2011-10-15 08:53 . 2011-07-08 11:33 3074368 ----a-w- c:\windows\system32\nvsvcr.dll 2011-10-15 08:53 . 2011-07-08 11:33 222528 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-07-08 11:33 1640768 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2011-07-08 11:33 137536 ----a-w- c:\windows\system32\nvshext.dll 2011-10-15 08:53 . 2011-07-08 11:33 10406208 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-07-08 11:25 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-10-15 08:53 . 2011-07-08 11:25 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll 2011-10-15 08:53 . 2011-07-08 11:25 2808128 ----a-w- c:\windows\system32\nvapi64.dll 2011-10-05 22:36 . 2011-10-04 10:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-10-04 14:19 . 2011-06-06 08:33 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-10-03 03:06 . 2011-06-05 16:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-06 21:45 . 2011-07-13 14:23 254400 ----a-w- c:\windows\system32\aswBoot.exe 2011-08-26 22:22 . 2011-08-26 22:22 28056 ----a-w- c:\windows\system32\xfcodec64.dll 2011-08-22 10:44 . 2011-08-22 10:44 348160 ----a-w- c:\windows\msvcr71.dll 2011-08-22 10:44 . 2011-08-22 10:44 434252 ----a-w- c:\windows\MSVCRTD.DLL . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480] "Gadu-Gadu 10"="c:\program files (x86)\Gadu-Gadu 10\gg.exe" [2011-05-26 13345376] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-05-14 3058304] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464] "Gaming Mouse Hid"="c:\program files (x86)\Gaming Mouse\hid.exe" [2010-01-19 428544] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe" [2011-07-05 737104] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-07 905216] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-12 21504] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920] "tray_ico0"="c:\windows\update.tray-7-0\svchost.exe" [2011-10-28 1201152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 135664] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-07-12 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-14 79360] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 135664] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040] S3 AsusgmsFltr;Gaming Mouse;c:\windows\system32\drivers\Asusgms.sys [x] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [x] . . Zawartość folderu 'Zaplanowane zadania' . 2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 20:42] . 2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 20:42] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184] "combofix"="c:\combofix\CF10602.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://startsear.ch/?aff=1 mStart Page = hxxp://startsear.ch/?aff=1 mLocal Page = c:\windows\SysWOW64\blank.htm uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube to MP3 Converter - c:\users\Alfik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C69DCFC6-4611-4DC3-84C4-F74A6FA5D82C}: NameServer = 213.191.74.19,62.109.123.197 TCP: Interfaces\{C69DCFC6-4611-4DC3-84C4-F74A6FA5D82C}\26C616465653: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C69DCFC6-4611-4DC3-84C4-F74A6FA5D82C}\445667963656: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C69DCFC6-4611-4DC3-84C4-F74A6FA5D82C}\448444: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C69DCFC6-4611-4DC3-84C4-F74A6FA5D82C}\A79676A71676: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Alfik\AppData\Roaming\Mozilla\Firefox\Profiles\t5j5pd91.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q= . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-SRSHDAudioLab - c:\program files\SRS Labs\SRS HD Audio Lab\HDAL.exe Wow6432Node-HKLM-Run-wxpdrv - c:\windows\services32.exe Wow6432Node-HKLM-Run-tray_ico - (no file) Wow6432Node-HKLM-Run-tray_ico1 - (no file) Wow6432Node-HKLM-Run-tray_ico2 - (no file) Wow6432Node-HKLM-Run-tray_ico3 - (no file) Wow6432Node-HKLM-Run-tray_ico4 - (no file) Wow6432Node-HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShA64.dll HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\expressgateutil\VAWinService.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe . ************************************************************************** . Czas ukończenia: 2011-11-12 15:25:43 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-11-12 14:25 . Przed: 119 290 810 368 bajtów wolnych Po: 119 042 883 584 bajtów wolnych . - - End Of File - - 05C95C0F9AE80DA92C3C4E508D205A8B