ComboFix 12-02-27.02 - Mikołaj 2012-02-28  20:29:20.2.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1250.48.1045.18.3582.2468 [GMT 1:00]
Uruchomiony z: c:\users\Miko-aj\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\mswsock.dll
c:\windows\$NtUninstallKB5202$\1442946012
c:\windows\$NtUninstallKB5202$\2045275578\@
c:\windows\$NtUninstallKB5202$\2045275578\cfg.ini
c:\windows\$NtUninstallKB5202$\2045275578\Desktop.ini
c:\windows\$NtUninstallKB5202$\2045275578\L\xadqgnnk
.
Zainfekowana kopia c:\windows\system32\drivers\serial.sys została znaleziona. Problem naprawiono 
Plik odzyskano z - The cat found it :) 
Zainfekowana kopia c:\windows\system32\drivers\cdrom.sys została znaleziona. Problem naprawiono 
Plik odzyskano z - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys 
.
c:\windows\system32\drivers\afd.sys - brakowało pliku 
Plik odzyskano z - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
.
c:\windows\system32\drivers\netbt.sys - brakowało pliku 
Plik odzyskano z - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.afd
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-01-28 do 2012-02-28  )))))))))))))))))))))))))))))))
.
.
2012-02-28 19:40 . 2012-02-28 19:45	--------	d-----w-	c:\users\Mikołaj\AppData\Local\temp
2012-02-28 19:40 . 2012-02-28 19:40	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-02-28 19:40 . 2012-02-28 19:40	--------	d-----w-	c:\users\TEMP\AppData\Local\temp
2012-02-28 19:40 . 2012-02-28 19:40	--------	d-----w-	c:\users\TEMP.MikołajPC\AppData\Local\temp
2012-02-28 19:40 . 2012-02-28 19:40	--------	d-----w-	c:\users\TEMP.MikołajPC.002\AppData\Local\temp
2012-02-28 19:40 . 2012-02-28 19:40	--------	d-----w-	c:\users\TEMP.MikołajPC.001\AppData\Local\temp
2012-02-28 19:40 . 2012-02-28 19:40	--------	d-----w-	c:\users\TEMP.MikołajPC.000\AppData\Local\temp
2012-02-28 19:40 . 2012-02-28 19:40	--------	d-----w-	c:\users\Gruby\AppData\Local\temp
2012-02-28 19:40 . 2012-02-28 19:40	--------	d-----w-	c:\users\Gość\AppData\Local\temp
2012-02-28 19:40 . 2012-02-28 19:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-28 19:40 . 2009-07-13 23:12	187904	----a-w-	c:\windows\system32\drivers\netbt.sys
2012-02-28 19:40 . 2011-04-25 03:24	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-28 19:26 . 2009-07-13 23:45	83456	----a-w-	c:\windows\system32\drivers\serial.sys
2012-02-28 18:32 . 2012-02-28 18:28	147456	----a-w-	C:\cdrom.sys
2012-02-28 17:30 . 2012-02-28 17:30	--------	d-----w-	C:\_OTL
2012-02-27 15:11 . 2012-02-27 15:11	--------	d-----w-	C:\CyberLink
2012-02-27 09:59 . 2012-02-27 10:01	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-02-27 08:02 . 2012-02-27 14:08	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2012-02-26 12:40 . 2012-02-26 12:40	--------	d-----w-	c:\program files\ESET
2012-02-24 10:00 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{044F8260-A50B-4084-9D62-E0DB23F591D5}\mpengine.dll
2012-02-23 08:58 . 2012-02-23 08:59	--------	d-----w-	c:\users\Mikołaj\AppData\Roaming\HpUpdate
2012-02-23 08:58 . 2012-02-23 08:58	--------	d-----w-	c:\windows\Hewlett-Packard
2012-02-16 08:04 . 2012-02-16 08:05	--------	d-----w-	c:\users\Mikołaj\AppData\Roaming\HP
2012-02-16 08:04 . 2012-02-16 08:04	--------	d-----w-	c:\programdata\WEBREG
2012-02-16 08:04 . 2012-02-16 08:04	--------	d-----w-	c:\users\Mikołaj\AppData\Local\HP
2012-02-16 08:02 . 2012-02-16 08:02	--------	d-----w-	c:\programdata\HP Product Assistant
2012-02-16 08:01 . 2012-02-16 08:01	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard
2012-02-16 08:00 . 2012-02-16 08:00	--------	d-----w-	c:\program files\Common Files\HP
2012-02-16 07:57 . 2012-02-23 08:58	--------	d-----w-	c:\program files\HP
2012-02-16 07:54 . 2012-02-16 08:04	--------	d-----w-	c:\programdata\HP
2012-02-16 07:54 . 2009-07-08 10:51	452408	----a-w-	c:\windows\system32\hpzids01.dll
2012-02-15 15:09 . 2011-12-30 05:27	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-02-15 15:09 . 2011-12-16 07:52	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 15:09 . 2012-01-04 08:58	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-15 15:09 . 2012-01-14 03:35	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-02-11 08:52 . 2012-02-11 17:12	--------	d-----w-	c:\program files\LogMeIn Hamachi
2012-02-11 08:50 . 2012-02-11 08:50	--------	d-----w-	C:\My Shared Folder
2012-02-08 21:48 . 2012-02-08 21:48	--------	d-----w-	c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 19:43 . 2009-11-27 17:21	17488	----a-w-	c:\windows\gdrv.sys
2012-02-19 22:59 . 2011-11-08 14:21	140496	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-02-19 22:59 . 2011-11-08 14:20	280736	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-02-19 22:59 . 2010-09-02 04:44	280736	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-02-15 19:34 . 2011-11-08 14:20	280736	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-01-29 04:10 . 2009-11-27 20:11	237072	------w-	c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfi1.dll" [2011-02-04 3911776]
"{5c81f57f-3cf7-4785-b4ef-11ace31aec4f}"= "c:\program files\Bigpoint_Games_PL\tbBig0.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{5c81f57f-3cf7-4785-b4ef-11ace31aec4f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-02-04 12:52	3911776	----a-w-	c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5c81f57f-3cf7-4785-b4ef-11ace31aec4f}]
2010-12-09 11:51	3911776	----a-w-	c:\program files\Bigpoint_Games_PL\tbBig0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-02-04 12:52	3911776	----a-w-	c:\program files\XfireXO\tbXfi1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08	2393184	----a-w-	c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 13:56	1175944	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
2011-02-09 18:29	400384	----a-w-	e:\allplayer\Iplex\IplexToALLPlayer.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfi1.dll" [2011-02-04 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-02-04 3911776]
"{5c81f57f-3cf7-4785-b4ef-11ace31aec4f}"= "c:\program files\Bigpoint_Games_PL\tbBig0.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5c81f57f-3cf7-4785-b4ef-11ace31aec4f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfi1.dll" [2011-02-04 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-02-04 3911776]
"{5C81F57F-3CF7-4785-B4EF-11ACE31AEC4F}"= "c:\program files\Bigpoint_Games_PL\tbBig0.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5c81f57f-3cf7-4785-b4ef-11ace31aec4f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2009-10-05 2158592]
"IPLA!"="c:\program files\ipla\ipla.exe" [2011-12-16 19858888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-05 39408]
"KiesTrayAgent"="c:\program files\Samsung\Kies\/\KiesTrayAgent.exe" [2010-01-28 3404600]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-01 1242448]
"ALLUpdate"="e:\allplayer\ALLUpdate.exe" [2011-08-16 1379840]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344]
"WeatherBugAlert"="c:\program files\AWS\WeatherBug Alert\WeatherBugAlert.exe" [2010-02-22 442368]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-30 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-30 347008]
"GameXN"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-30 347008]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-20 6711840]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-20 1833504]
"diagnostics"="c:\program files\Thomson\ST330\diagnostics\diagnostics.exe" [2009-11-27 557149]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-06-30 114688]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"UnlockerAssistant"="d:\unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"4StoryPrePatch"="d:\4story\PrePatch.exe" [2010-11-10 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2010-1-2 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 135664]
R2 pr2aj6ec;You Are Empty Drivers Auto Removal (pr2aj6ec);c:\windows\system32\pr2aj6ec.exe svc [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 135664]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2007-03-19 30464]
R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2007-03-19 12672]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys [2009-11-27 32000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S0 ps6aj6ec;You Are Empty Synchronization Driver (ps6aj6ec);c:\windows\system32\drivers\ps6aj6ec.sys [2007-03-23 52104]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/29 23:27];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 07:11 87536]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-12-22 95568]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-03-02 68136]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 1373576]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-07 381248]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
winmtsrv
bh611
lgsnd_filter
om518p
Sus2pl
mks_scan
nimdbgk
vulfnths
dklogger
earthlinksafeconnectagent
trcboot
AtlsAud
PBADRV
eSettingsService
qcdonner
patrolagent
MRESP50a64
ntpr_nic_service2
3comtftp
wdmaud
wlluc48b
uisp
nisum
tphdexlgsvc
nisvcloc
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 18:55]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 18:55]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
mStart Page = about:blank
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to &Teleport - c:\program files\Teleport Pro\teleport.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\Mikołaj\AppData\Roaming\Mozilla\Firefox\Profiles\o1kauu88.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html?p=125
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Iplex to ALLPlayer: IplextoALL@ALLPlayer.org - %profile%\extensions\IplextoALL@ALLPlayer.org
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-569617077-483490569-2739753594-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:3b,0e,43,ea,2f,5d,dd,28,e9,41,1c,df,32,5f,c1,47,23,99,83,fb,20,56,d3,
   53,dc,99,88,23,7d,bb,40,df,08,73,7b,0e,21,70,20,f6,a5,fe,27,69,bb,44,98,25,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-569617077-483490569-2739753594-1000\Software\SecuROM\License information*]
"datasecu"=hex:72,24,90,aa,57,e7,17,15,f5,c6,8c,cd,0d,05,09,11,08,d8,11,03,63,
   3c,79,57,07,61,41,e7,74,18,05,fb,a9,c8,9c,51,1f,09,fc,74,08,58,cf,a1,b4,80,\
"rkeysecu"=hex:3b,ea,17,90,18,d2,1d,82,73,6f,7e,f9,80,34,b0,22
.
[HKEY_USERS\S-1-5-21-569617077-483490569-2739753594-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0079&PID_0006\Calibration\0\Type\Axes]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'Explorer.exe'(2240)
c:\program files\MultiScreen\ServiceHook.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Thomson\ST330\service\st330service.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\MagicTune Premium\MagicTuneEngine.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Czas ukończenia: 2012-02-28  20:50:02 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-02-28 19:50
ComboFix2.txt  2012-02-27 15:06
.
Przed: 13 776 695 296 bajtów wolnych
Po: 13 447 684 096 bajtów wolnych
.
- - End Of File - - 9B9505CD6E205EFADCD8C3FAC28A18F8