ComboFix 12-12-13.02 - Ania 2012-12-13 22:19:37.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1014.272 [GMT 1:00] Uruchomiony z: c:\documents and settings\Ania\Pulpit\instalki\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Ania\USTAWI~1\Temp\7zS47D4\HPHNDUSVC.dll c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\setup.exe c:\documents and settings\Ania\Ustawienia lokalne\Temp\7zS47D4\HPHNDUSVC.dll c:\documents and settings\Ania\WINDOWS c:\documents and settings\Default User\WINDOWS c:\documents and settings\Marek\WINDOWS c:\windows\IsUn0415.exe c:\windows\iun6002.exe c:\windows\s32.txt c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\cdc62470b2f30216.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\e88d6e5b56bac6ba.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\CddbCdda.dll c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\SET82.tmp c:\windows\system32\SET8E.tmp c:\windows\system32\SET97.tmp c:\windows\system32\SET98.tmp c:\windows\system32\SET99.tmp c:\windows\system32\SET9C.tmp c:\windows\system32\TZLog.log c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\unin0415.exe c:\windows\wininit.ini c:\windows\ws386.ini . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_HPHNDUSVC -------\Service_HPHNDUSVC . . ((((((((((((((((((((((((( Pliki utworzone od 2012-11-13 do 2012-12-13 ))))))))))))))))))))))))))))))) . . 2012-12-12 20:51 . 2012-12-12 20:51 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-12-04 21:52 . 2012-12-04 21:52 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\Search Settings 2012-12-04 21:52 . 2012-12-04 21:52 -------- d-----w- c:\program files\Application Updater 2012-12-04 21:52 . 2012-12-04 21:52 -------- d-----w- c:\program files\YTD Toolbar 2012-12-04 21:52 . 2012-12-04 21:52 -------- d-----w- c:\program files\Common Files\Spigot 2012-11-29 19:58 . 2012-11-29 19:58 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1 2012-11-29 19:57 . 2012-11-29 19:57 -------- d-----w- c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1 2012-11-29 19:57 . 2012-11-29 19:57 -------- d-----w- c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\tuto4pc_pl_1 2012-11-29 19:57 . 2012-11-29 19:57 -------- d-----w- c:\program files\TUTO4PC 2012-11-28 20:21 . 2012-11-28 20:23 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\Free Sound Recorder 2012-11-28 20:21 . 2002-01-05 15:37 344064 ----a-w- c:\windows\system32\msvcr70.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 20:51 . 2012-04-28 21:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 20:51 . 2011-07-09 20:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 11:55 . 2006-01-30 07:06 1866624 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 00:41 . 2006-01-30 07:06 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-02 02:03 . 2006-01-30 07:06 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:13 . 2006-01-30 07:06 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:13 . 2006-01-30 07:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:13 . 2006-01-30 07:06 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2006-01-30 07:06 385024 ----a-w- c:\windows\system32\html.iec 2012-10-23 20:41 . 2009-08-11 00:14 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-10-23 16:31 . 2009-08-11 00:14 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-10-09 01:00 . 2012-10-26 11:00 586400 ----a-w- c:\windows\system32\drivers\NIS\1402000.013\srtsp.sys 2012-10-04 01:40 . 2012-10-26 11:00 927904 ----a-w- c:\windows\system32\drivers\NIS\1402000.013\symefa.sys 2012-10-04 01:40 . 2012-10-26 11:00 368288 ----a-w- c:\windows\system32\drivers\NIS\1402000.013\symds.sys 2012-10-04 01:19 . 2012-10-26 11:00 134304 ----a-w- c:\windows\system32\drivers\NIS\1402000.013\ccsetx86.sys 2012-10-02 18:04 . 2006-01-30 07:06 58368 ----a-w- c:\windows\system32\synceng.dll 2007-08-13 22:07 . 2007-08-13 22:06 3655608 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe 2007-08-13 22:05 . 2007-08-13 22:05 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-06-06 19:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-10 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "TPSMain"="TPSMain.exe" [2005-08-04 266240] "SmoothView"="c:\program files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-13 118784] "TFncKy"="TFncKy.exe" [BU] "TDispVol"="TDispVol.exe" [2005-09-16 73728] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728] "NDSTray.exe"="NDSTray.exe" [BU] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872] "Tutorials"="c:\program files\TUTO4PC\tuto4pc_pl_1.exe" [2012-11-05 3854696] "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-11-28 1123720] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] . c:\documents and settings\Ania\Menu Start\Programy\Autostart\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-2 1753088] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2007-3-7 155648] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1402000.013\symds.sys [2012-10-26 368288] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1402000.013\symefa.sys [2012-10-26 927904] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [2012-12-04 995488] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1402000.013\ccsetx86.sys [2012-10-26 134304] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1402000.013\ironx86.sys [2012-10-26 175264] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2012-11-28 793600] R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe [2012-10-26 143928] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 supt4pc_pl_1;supt4pc_pl_1;c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\tuto4pc_pl_1\supt4pc_pl_1.exe [2012-11-29 3055976] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-24 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20121212.001\IDSXpx86.sys [2012-12-13 373728] S2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc getPlusHelper REG_MULTI_SZ getPlusHelper HPHNDUService REG_MULTI_SZ HPHNDUSVC . Zawartość folderu 'Zaplanowane zadania' . 2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 20:52] . 2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 23:04] . 2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 23:04] . 2012-12-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-06-06 19:33] . 2012-12-13 c:\windows\Tasks\User_Feed_Synchronization-{5A8C39FB-9B67-4C09-97B0-031AB9E5B556}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Skan uzupełniający ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/pi/components/bph/SignActivX.cab . - - - - USUNIĘTO PUSTE WPISY - - - - . URLSearchHooks-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file) Toolbar-Locked - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKCU-Run-Twoje TVN24 - (no file) HKCU-Run-Flircik - c:\program files\Onet\Flircik\Flircik.exe HKCU-Run-ALLUpdate - c:\program files\ALLPlayer\ALLUpdate.exe HKLM-Run-Onet.pl AutoUpdate - c:\program files\Common Files\Onet.pl\AutoUpdate.exe HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe AddRemove-Capriccio - c:\program files\Capriccio\uninstall.exe AddRemove-GG Tools_is1 - c:\program files\kRk Software\GG Tools\unins000.exe AddRemove-NSS - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\InstWrap.exe AddRemove-PDF Creator - c:\program\uninstpw.exe AddRemove-Power Saver - c:\windows\IsUn0415.exe AddRemove-Program PC Diagnostic Tool - c:\windows\IsUn0415.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-13 22:44 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** Binary file raw_enum.dat matches . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-2132632690-3988415959-2320831103-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{244A8625-2C08-6C3A-E2B5-B8023E4A390D}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oakjmjdjeiondmbcjecohiegnhcdlm"=hex:64,61,6e,67,64,64,61,63,00,85 "oaohnglpgahlhelldnlncfcjckgpai"=hex:6b,61,6c,68,6d,64,68,6d,6e,65,6e,6e,6e,67, 61,68,6c,68,64,69,65,65,00,7c "naijgincjebggdafhmholmaifbao"=hex:6b,61,6c,68,6d,64,68,6d,6e,65,6e,6e,6e,67, 61,68,6c,68,64,69,65,65,00,7c . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(1884) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(5356) c:\windows\system32\WININET.dll c:\program files\Common Files\Spigot\Search Settings\wth156.dll c:\windows\system32\TDispVol.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_pol.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe c:\windows\system32\fxssvc.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\windows\system32\TPSMain.exe c:\program files\TOSHIBA\Program narzc:\windows\system32\TPSBattM.exe c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe c:\windows\system32\TDispVol.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Czas ukończenia: 2012-12-13 22:53:36 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-12-13 21:53 . Przed: 16 804 929 536 bajtów wolnych Po: 16 940 871 680 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 0545C9B94572DE51C6020A7F3D7E3F1F