ComboFix 14-09-05.01 - MS 2014-09-05 9:03.9.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3519.3048 [GMT 2:00] Uruchomiony z: c:\documents and settings\MS\Pulpit\ComboFix.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2014-08-05 do 2014-09-05 ))))))))))))))))))))))))))))))) . . 2014-09-04 11:38 . 2014-09-04 11:38 388096 ----a-r- c:\documents and settings\MS\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2014-09-04 11:38 . 2014-09-04 11:38 -------- d-----w- c:\program files\Trend Micro 2014-09-03 13:53 . 2006-12-04 15:53 207664 ----a-w- c:\windows\system32\psshutdown.exe 2014-09-01 13:28 . 2014-09-01 13:28 -------- d-----w- c:\program files\Pervasive Software 2014-09-01 13:28 . 2014-09-01 13:28 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Pervasive Software 2014-08-11 06:27 . 2014-08-11 06:26 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-11 06:26 . 2013-02-21 16:31 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-07-09 09:16 . 2012-04-11 08:08 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-07-09 09:16 . 2011-05-20 07:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-07-07 07:32 . 2014-07-07 07:32 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp 2014-07-03 08:23 . 2014-05-06 07:03 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2007-02-08 09:48 . 2007-02-08 09:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ------w- c:\documents and settings\MS\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ------w- c:\documents and settings\MS\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ------w- c:\documents and settings\MS\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ------w- c:\documents and settings\MS\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ------w- c:\documents and settings\MS\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ------w- c:\documents and settings\MS\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ------w- c:\documents and settings\MS\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ------w- c:\documents and settings\MS\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-08-08 08:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-08-08 08:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-08-08 08:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-08-08 08:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-08-08 08:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-08-08 08:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264] "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-08-08 22734160] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-10-07 33538048] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "Cobian Backup 10 Interface"="c:\program files\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 98304] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "VTTrayp"="VTtrayp.exe" [2005-10-31 163840] "VTTimer"="VTTimer.exe" [2005-03-07 53248] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2008-04-15 198144] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544] . c:\documents and settings\MS\Menu Start\Programy\Autostart\ Dropbox.lnk - c:\documents and settings\MS\Dane aplikacji\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-30 36414496] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Check for Updates.lnk - c:\program files\pc_conf\Tools\Chk4Update.exe /AutoStartNoMsg [2012-8-16 382080] Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoMultiIE"= 0 (0x0) "LWA"= 0 (0x0) "LWB"= 0 (0x0) "LWC"= 0 (0x0) "LWD"= 0 (0x0) "LWE"= 0 (0x0) "LWF"= 0 (0x0) "LWG"= 0 (0x0) "LWH"= 0 (0x0) "LWI"= 0 (0x0) "LWJ"= 0 (0x0) "LWK"= 0 (0x0) "LWL"= 0 (0x0) "LWM"= 0 (0x0) "LWN"= 0 (0x0) "LWO"= 0 (0x0) "LWP"= 0 (0x0) "LWQ"= 0 (0x0) "LWR"= 0 (0x0) "LWS"= 0 (0x0) "LWT"= 0 (0x0) "LWU"= 0 (0x0) "LWV"= 0 (0x0) "LWW"= 0 (0x0) "LWX"= 0 (0x0) "LWY"= 0 (0x0) "LWZ"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8169Diag] c:\program files\D-Link\Diagnostics Utility\8169Diag [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2014-04-17 19:07 4672920 ------w- c:\documents and settings\MS\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface] 2012-02-26 14:42 1044992 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2010-06-09 18:55 49208 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage] 2013-10-30 03:20 578560 ----a-w- c:\program files\Samsung\Kies\KiesAirMessage.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] 2014-02-14 12:55 845120 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR.exe] 2014-02-14 12:55 845120 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] 2014-02-14 12:55 311616 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6] 2004-02-11 23:08 61440 ----a-w- c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5] 2004-02-12 21:40 163840 ----a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "vmwriter"=2 (0x2) "VMwareServerWebAccess"=2 (0x2) "VMwareHostd"=2 (0x2) "VMware NAT Service"=2 (0x2) "VMnetDHCP"=2 (0x2) "VMAuthdService"=2 (0x2) "MSSQLSERVER"=2 (0x2) "MSSQL$PLATNIK2005"=2 (0x2) "Hamachi2Svc"=3 (0x3) "DMS"=2 (0x2) "AcrSch2Svc"=2 (0x2) "AcronisAgent"=2 (0x2) "vmware-converter-worker"=2 (0x2) "vmware-converter-server"=2 (0x2) "vmware-converter-agent"=2 (0x2) "TeamViewer9"=2 (0x2) "SMwatch"=2 (0x2) "FsUsbExService"=2 (0x2) "FileZilla Server"=2 (0x2) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "c:\\ATerm\\ATerm.exe"= "c:\\Program Files\\IP Camera Super-Client\\SuperIPCam.exe"= "c:\\Program Files\\IP Camera Super-Client\\DevFind.exe"= "c:\\Program Files\\IPView SE\\IPViewSE.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\SmartConsole Utility\\SmartConsole Utility.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\DrayTek Router Tools V3.5.1\\SyslogRd.exe"= "c:\\Program Files\\NVR\\NVR.exe"= "c:\\Program Files\\EpsonNet\\EpsonNet Config V3\\ENConfig.exe"= "c:\\Program Files\\web_management_utility\\web_management_utility.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\NVSCenter\\NVSCenterV6.19\\Center.exe"= "c:\\Documents and Settings\\MS\\Ustawienia lokalne\\Dane aplikacji\\Akamai\\netsession_win.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\MS\\Dane aplikacji\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"= "c:\\Documents and Settings\\MS\\Ustawienia lokalne\\Dane aplikacji\\Google\\Chrome\\Application\\chrome.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 "9089:TCP"= 9089:TCP:VMware vCenter Converter Standalone - Agent "443:TCP"= 443:TCP:VMware vCenter Converter Standalone - Server . R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2007-02-15 15136] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-09-14 643072] R1 vcdrom;Virtual CD-ROM Device Driver;c:\virtual\VCdRom.sys [2001-12-19 8576] R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2011-03-02 67584] R2 CobianBackup10;Cobian Backup Boletus;c:\program files\Cobian Backup 10\cbService.exe [2011-03-02 1125376] R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-02-19 72672] R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2007-02-23 11552] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088] R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2013-01-08 436040] R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2012-05-17 27424] R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2010-11-04 22768] R2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi20-shared.sys [2013-08-28 23632] R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2014-07-30 32896] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-03-29 103040] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-03 876288] S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-09-05 672408] S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2012-07-03 25856] S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2012-07-03 23040] S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2012-07-03 27776] S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-09-04 35840] S3 bmdrvr;Modified Clusters Tracking Driver;c:\windows\system32\drivers\bmdrvr.sys [2013-08-28 54992] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?] S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-02-21 88576] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-01-10 20032] S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-12-17 37344] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?] S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2007-02-21 11552] S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2007-02-16 11552] S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2007-02-16 11552] S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2007-02-22 11552] S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2007-02-23 11552] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-10-17 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-10-17 11104] S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2012-05-17 34208] S3 RTLVLANMP;Realtek Virtual Adapter;c:\windows\system32\drivers\RTLVLAN.SYS [2008-12-09 16384] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-02-21 184192] S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2014-02-21 184192] S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-09-14 223128] S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [2009-07-13 19024] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-12-17 233472] S4 SMwatch;SMwatch;c:\smartmonitor\SMwatch.exe [2008-12-08 24576] S4 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-01-28 5037888] S4 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2013-10-07 479312] S4 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2013-10-07 479312] S4 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2013-10-07 479312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2014-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 09:16] . 2014-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 10:09] . 2014-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 10:09] . 2014-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job - c:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2014-02-07 20:52] . 2014-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job - c:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2014-02-07 20:52] . 2014-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-839522115-1003Core.job - c:\documents and settings\MS\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-09-23 21:42] . 2014-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-839522115-1003UA.job - c:\documents and settings\MS\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-09-23 21:42] . 2014-08-08 c:\windows\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job - c:\windows\system32\xp_eos.exe [2014-03-26 23:28] . 2014-09-05 c:\windows\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job - c:\windows\system32\xp_eos.exe [2014-03-26 23:28] . . ------- Skan uzupełniający ------- . uStart Page = https://www.google.pl/ uInternet Settings,ProxyOverride = ;127.0.0.1:9421;;192.168.*.* IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Trusted Zone: mario Trusted Zone: matic.com.pl TCP: Interfaces\{DEC3C189-9C24-4B2D-8A39-97C23642DFC8}: NameServer = 192.168.200.20 DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://rettpol.dyndns.tv:9999/webrec.cab DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} . . ************************************************************************** . disk not found C:\ . please note that you need administrator rights to perform deep scan skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-796845957-920026266-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-796845957-920026266-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (S-1-5-21-796845957-920026266-839522115-1003) @Allowed: (Read) (S-1-5-21-796845957-920026266-839522115-1003) @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(936) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\windows\system32\ATL.DLL . Czas ukończenia: 2014-09-05 09:14:01 ComboFix-quarantined-files.txt 2014-09-05 07:13 ComboFix2.txt 2014-09-04 11:30 ComboFix3.txt 2014-01-30 15:20 ComboFix4.txt 2013-06-26 08:12 ComboFix5.txt 2014-09-05 06:41 . Przed: 116 566 568 960 bajtów wolnych Po: 116 629 069 824 bajtów wolnych . - - End Of File - - C5B1370B468FF55B571FD351A9C8B6E1 32052574BF9F325AE309ABC7BFD04460