ComboFix 13-04-25.01 - Jarek 04/25/2013 22:21:32.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1033.18.3067.2040 [GMT 2:00] Uruchomiony z: c:\users\Jarek\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\SecureW2 c:\program files\SecureW2\Uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2 c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk c:\programdata\Roaming c:\users\Jarek\AppData\Local\TempDIR c:\users\Jarek\AppData\Local\unins000.exe c:\users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2 c:\users\Jarek\AppData\Roaming\Propellerhead Software\ReCycle c:\users\Jarek\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle Preferences File.prf c:\users\Jarek\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle220.dat c:\users\Jarek\AppData\Roaming\Roaming c:\users\Jarek\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst c:\windows\iun6002.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\tmp5B0A.tmp c:\windows\system32\tmp5B0B.tmp c:\windows\XSxS F:\autorun.inf G:\setup.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2013-03-25 do 2013-04-25 ))))))))))))))))))))))))))))))) . . 2013-04-25 20:35 . 2013-04-25 20:35 -------- d-----w- c:\users\other\AppData\Local\temp 2013-04-25 19:37 . 2013-04-25 19:37 -------- d-----w- c:\program files\Lavalys 2013-04-25 19:35 . 2013-04-25 19:35 -------- d-----w- c:\users\amin\AppData\Local\Macromedia 2013-04-25 19:33 . 2013-04-25 19:33 -------- d-----w- c:\users\amin\AppData\Local\Mozilla 2013-04-25 19:31 . 2013-04-25 19:31 -------- d-----w- c:\users\amin\AppData\Roaming\Avira 2013-04-25 19:31 . 2013-04-25 19:31 -------- d-----w- c:\users\amin\AppData\Local\Adobe 2013-04-25 19:31 . 2013-04-25 19:31 -------- d-----w- c:\users\amin\AppData\Roaming\ControlCenter4 2013-04-25 18:46 . 2013-04-25 18:46 -------- d-----w- c:\programdata\KONAMI 2013-04-24 14:36 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-17 18:10 . 2013-04-18 16:24 -------- d-----w- c:\users\Jarek\.gstreamer-0.10 2013-04-17 18:09 . 2013-04-18 18:18 -------- d-----w- c:\users\Jarek\AppData\Local\ChomikBox 2013-04-17 18:09 . 2013-04-17 18:09 -------- d-----w- c:\program files\ChomikBox 2013-04-15 17:30 . 2013-04-15 17:30 -------- d-----w- c:\program files\e-Deklaracje 2013-04-15 14:09 . 2013-03-15 02:59 4119328 ----a-w- c:\windows\system32\nvcpl.dll 2013-04-15 14:09 . 2013-03-15 02:59 3014432 ----a-w- c:\windows\system32\nvsvc.dll 2013-04-15 14:09 . 2013-03-15 02:59 634144 ----a-w- c:\windows\system32\nvvsvc.exe 2013-04-15 14:09 . 2013-03-15 02:59 2555168 ----a-w- c:\windows\system32\nvsvcr.dll 2013-04-15 14:09 . 2013-03-15 02:59 62752 ----a-w- c:\windows\system32\nvshext.dll 2013-04-15 14:09 . 2013-03-15 02:59 223008 ----a-w- c:\windows\system32\nvmctray.dll 2013-04-15 14:09 . 2013-03-15 02:59 568608 ----a-w- c:\windows\system32\oemdspif.dll 2013-04-15 14:09 . 2013-04-15 14:09 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-04-15 14:07 . 2013-03-15 05:46 8952608 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-04-15 14:07 . 2013-03-15 05:46 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll 2013-04-15 14:07 . 2013-03-15 05:46 7959000 ----a-w- c:\windows\system32\nvcuda.dll 2013-04-15 14:07 . 2013-03-15 05:46 6271872 ----a-w- c:\windows\system32\nvopencl.dll 2013-04-15 14:07 . 2013-03-15 05:46 2728736 ----a-w- c:\windows\system32\nvcuvid.dll 2013-04-15 14:07 . 2013-03-15 05:46 20542752 ----a-w- c:\windows\system32\nvoglv32.dll 2013-04-15 14:07 . 2013-03-15 05:46 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-04-15 14:07 . 2013-03-15 05:46 15042928 ----a-w- c:\windows\system32\nvd3dum.dll 2013-04-15 14:07 . 2013-03-15 05:46 13088000 ----a-w- c:\windows\system32\nvwgf2um.dll 2013-04-15 14:07 . 2013-03-15 05:46 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll 2013-04-15 14:07 . 2013-03-15 05:46 2539128 ----a-w- c:\windows\system32\nvapi.dll 2013-04-15 14:07 . 2013-03-15 05:46 17560352 ----a-w- c:\windows\system32\nvcompiler.dll 2013-04-10 16:52 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 16:52 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-10 16:52 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 16:52 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 16:52 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe 2013-04-10 16:52 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 16:52 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 16:52 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-08 14:33 . 2013-04-08 14:34 -------- d-----w- c:\program files\EAGLE-6.4.0 2013-04-08 14:33 . 2013-04-08 14:33 -------- d-----w- c:\users\Jarek\AppData\Roaming\CadSoft 2013-04-02 20:19 . 2013-04-02 20:19 -------- d-----w- c:\program files\CyberLat 2013-04-02 15:18 . 2013-04-02 15:18 -------- d-----w- c:\windows\system32\Hotspot Shield 2013-04-01 18:32 . 2013-04-01 18:32 -------- d-----w- c:\users\other\AppData\Local\Mozilla 2013-03-31 12:58 . 2013-03-31 12:59 -------- d-----w- c:\users\other\AppData\Roaming\ControlCenter4 2013-03-30 14:14 . 2013-03-30 14:30 -------- d-----w- c:\programdata\Hotspot Shield 2013-03-30 14:13 . 2013-03-30 14:15 -------- d-----w- c:\program files\Hotspot Shield 2013-03-30 14:13 . 2013-03-30 14:13 -------- d-----w- c:\users\Jarek\AppData\Roaming\Hotspot Shield 2013-03-28 17:29 . 2013-03-28 17:29 27248 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys 2013-03-28 17:29 . 2013-04-01 16:27 -------- d-----w- c:\program files\Connectify 2013-03-28 17:29 . 2013-03-28 17:30 -------- d-----w- c:\programdata\Connectify . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-04 12:50 . 2012-10-22 18:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-30 12:14 . 2012-10-29 15:30 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-30 12:14 . 2012-10-29 15:30 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-30 12:14 . 2012-10-29 15:30 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-20 00:35 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2013-03-14 20:07 . 2013-03-14 20:07 559904 ----a-w- c:\windows\system32\nvStreaming.exe 2013-03-13 12:05 . 2012-03-30 19:21 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 12:05 . 2012-03-30 19:21 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-22 01:50 . 2013-02-22 01:50 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys 2013-02-22 01:37 . 2013-02-22 01:37 40136 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2013-02-18 07:22 . 2013-02-18 07:22 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll 2013-02-18 07:22 . 2013-02-18 07:22 28008 ----a-w- c:\windows\system32\nvhdap32.dll 2013-02-18 07:22 . 2013-02-18 07:22 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2013-02-12 03:32 . 2013-03-25 23:11 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-06 06:42 . 2013-02-06 06:42 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2013-02-06 06:42 . 2013-02-06 06:42 181784 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-04-12 08:42 . 2013-04-12 08:42 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-08-30 19:10 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2013-02-13 21:26 233288 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-08-30 1734240] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 130736 ----a-w- c:\users\Jarek\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 130736 ----a-w- c:\users\Jarek\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 130736 ----a-w- c:\users\Jarek\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 130736 ----a-w- c:\users\Jarek\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CyberLat Ram Cleaner"="c:\program files\CyberLat\CyberLat RAM Cleaner 2" [X] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-31 4114336] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-30 345312] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576] . c:\users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jarek\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-10 27151288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Users^Jarek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk] path=c:\users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk backup=c:\windows\pss\ctfmon.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Jarek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify] 2012-11-09 19:30 4013928 ----a-w- c:\program files\Connectify\Connectify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative SB Monitoring Utility] 2010-07-29 11:35 103936 ----a-w- c:\windows\System32\SBAVMon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management] 2009-06-25 07:46 5064520 ----a-w- c:\program files\Lenovo\Energy Management\Energy Management.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-03-30 20:50 116648 ----atw- c:\users\Jarek\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] 2005-12-18 12:18 307200 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Module Loader] 2007-07-23 13:43 57344 ------w- c:\program files\Creative\Shared Files\Module Loader\DLLML.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_JULY_P1] 2012-08-30 19:10 1022048 ----a-w- c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-08-03 20:53 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel] 2010-02-18 16:27 241789 ------w- c:\program files\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2012-08-30 19:10 947808 ----a-w- c:\program files\AVG Secure Search\vprot.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2012-06-28 15:40 74752 ----a-w- c:\program files\Winamp\winampa.exe . R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [x] R3 MAYA44;usb-audio.de driver for Maya44;c:\windows\system32\Drivers\Maya44.sys [x] R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x] R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x] R3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [x] R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [x] R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [x] R3 PVUSB;CESG502 USB Driver;c:\windows\system32\DRIVERS\CESG502.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x] R4 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x] R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x] R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x] R4 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [x] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 Connectify;Connectify;c:\program files\Connectify\ConnectifyService.exe [x] S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x] S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x] S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x] S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [x] S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x] S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:05] . 2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-03 17:53] . 2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-03 17:53] . 2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-207598203-2322062775-1724687355-1001Core.job - c:\users\Jarek\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-30 20:50] . 2013-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-207598203-2322062775-1724687355-1001UA.job - c:\users\Jarek\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-30 20:50] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=128 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll FF - ProfilePath - c:\users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\o8e4sru5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html?p=128 FF - ExtSQL: 2013-03-29 11:17; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\o8e4sru5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-03-30 15:13; afurladvisor@anchorfree.com; c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com FF - ExtSQL: 2013-04-08 19:17; {c2921baa-9930-4d73-a203-f69db858f139}; c:\users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\o8e4sru5.default\extensions\{c2921baa-9930-4d73-a203-f69db858f139}.xpi FF - user.js: extensions.BabylonToolbar_i.id - f0a115040000000000000026c6882098 FF - user.js: extensions.BabylonToolbar_i.hardId - f0a115040000000000000026c6882098 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15442 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:13 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ------- Skojarzenia plików ------- . .scr=AutoCADScriptFile . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe MSConfigStartUp-COMODO - c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe MSConfigStartUp-CPA - c:\program files\COMODO\COMODO GeekBuddy\VALA.exe MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE MSConfigStartUp-Regedit32 - c:\windows\system32\regedit.exe AddRemove-763v2 - c:\windows\iun6002.exe AddRemove-763v21 - c:\windows\iun6002.exe AddRemove-ATR_72500 - c:\windows\iun6002.exe AddRemove-CyberLat RAM Cleaner 2.3.32_is1 - c:\program files\CyberLat\CyberLat RAM Cleaner 2 AddRemove-RD - g:\vst\RD\uninstall.exe AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Jarek\AppData\Local\unins000.exe AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'Explorer.exe'(5872) c:\users\Jarek\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Connectify\ConnectifyD.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\conhost.exe c:\windows\system32\taskhost.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\COMODO\COMODO Internet Security\cfpupdat.exe . ************************************************************************** . Czas ukończenia: 2013-04-25 22:47:57 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2013-04-25 20:47 . Przed: 21,936,177,152 bytes free Po: 22,356,844,544 bytes free . - - End Of File - - A78B22FE718771895C2A2E58AEAD4C77