1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
377.
378.
379.
380.
381.
382.
383.
384.
385.
386.
387.
388.
389.
390.
391.
392.
393.
394.
395.
396.
397.
398.
399.
400.
401.
402.
403.
404.
405.
406.
407.
408.
409.
410.
411.
412.
413.
414.
415.
416.
417.
418.
419.
420.
421.
422.
423.
424.
425.
426.
427.
428.
429.
430.
431.
432.
433.
434.
435.
436.
437.
438.
439.
440.
441.
442.
443.
444.
445.
446.
447.
448.
449.
450.
451.
452.
453.
454.
455.
456.
457.
458.
459.
460.
461.
462.
463.
464.
465.
466.
467.
468.
469.
470.
471.
472.
473. | ComboFix 10-09-01.04 - sowa 2010-09-05 21:57:31.2.2 - x86
Uruchomiony z: c:\\users\\sowa\\Downloads\\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Pliki utworzone od 2010-08-05 do 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-05 20:15 . 2010-09-05 20:15 -------- d-----w- c:\\users\\sowa\\AppData\\Local\\temp
2010-09-05 20:15 . 2010-09-05 20:15 -------- d-----w- c:\\users\\Public\\AppData\\Local\\temp
2010-09-05 20:15 . 2010-09-05 20:15 -------- d-----w- c:\\users\\Default\\AppData\\Local\\temp
2010-09-05 19:50 . 2010-09-05 19:51 -------- d-----w- C:\\32788R22FWJFW
2010-09-04 18:46 . 2010-09-04 18:46 -------- d-----w- c:\\windows\\8A809006C25A4A3A9DAB94659BCDB107.TMP
2010-09-04 18:43 . 2010-09-04 18:43 -------- d-----w- c:\\programdata\\NVIDIA Corporation
2010-09-04 18:37 . 2010-06-21 22:07 26216 ----a-w- c:\\windows\\system32\\nvhdap32.dll
2010-09-04 18:37 . 2010-06-21 22:07 64104 ----a-w- c:\\windows\\system32\\nvapo32v.dll
2010-09-04 18:37 . 2010-06-21 22:07 105576 ----a-w- c:\\windows\\system32\\drivers\\nvhda32v.sys
2010-09-04 18:36 . 2010-07-09 22:37 56936 ----a-w- c:\\windows\\system32\\OpenCL.dll
2010-09-04 18:36 . 2010-07-09 22:37 5107816 ----a-w- c:\\windows\\system32\\nvwgf2um.dll
2010-09-04 18:36 . 2010-07-09 22:37 11008040 ----a-w- c:\\windows\\system32\\drivers\\nvlddmkm.sys
2010-09-04 18:36 . 2010-07-09 22:37 4553832 ----a-w- c:\\windows\\system32\\nvcuda.dll
2010-09-04 18:36 . 2010-07-09 22:37 2892904 ----a-w- c:\\windows\\system32\\nvcuvid.dll
2010-09-04 18:36 . 2010-07-09 22:37 2506344 ----a-w- c:\\windows\\system32\\nvcuvenc.dll
2010-09-04 18:36 . 2010-07-09 22:37 236136 ----a-w- c:\\windows\\system32\\nvcod1922.dll
2010-09-04 18:36 . 2010-07-09 22:37 236136 ----a-w- c:\\windows\\system32\\nvcod.dll
2010-09-04 18:36 . 2010-07-09 22:37 10267240 ----a-w- c:\\windows\\system32\\nvcompiler.dll
2010-09-03 22:31 . 2010-09-03 22:31 -------- d-----w- c:\\program files\\Trend Micro
2010-09-03 02:19 . 2010-09-03 02:19 -------- d-----w- c:\\users\\sowa\\DoctorWeb
2010-09-02 14:58 . 2010-09-02 14:58 -------- d-----w- c:\\program files\\Perfect Uninstaller
2010-08-27 22:18 . 2010-08-27 22:18 -------- d-----w- c:\\users\\sowa\\AppData\\Roaming\\.wtw
2010-08-27 22:12 . 2010-08-27 22:12 -------- d-----w- c:\\program files\\K2T
2010-08-27 10:37 . 2010-08-27 10:37 -------- d-----w- c:\\program files\\Team17
2010-08-25 21:46 . 2010-08-25 21:46 -------- d-----w- c:\\users\\sowa\\AppData\\Local\\2K Games
2010-08-25 21:25 . 2010-09-04 18:47 -------- d-----w- c:\\program files\\NVIDIA Corporation
2010-08-25 21:23 . 2010-06-02 02:55 74072 ----a-w- c:\\windows\\system32\\XAPOFX1_5.dll
2010-08-25 21:23 . 2010-06-02 02:55 527192 ----a-w- c:\\windows\\system32\\XAudio2_7.dll
2010-08-25 21:23 . 2010-06-02 02:55 239960 ----a-w- c:\\windows\\system32\\xactengine3_7.dll
2010-08-25 21:23 . 2010-05-26 09:41 470880 ----a-w- c:\\windows\\system32\\d3dx10_43.dll
2010-08-25 21:23 . 2010-05-26 09:41 248672 ----a-w- c:\\windows\\system32\\d3dx11_43.dll
2010-08-25 21:23 . 2010-05-26 09:41 2106216 ----a-w- c:\\windows\\system32\\D3DCompiler_43.dll
2010-08-25 21:23 . 2010-05-26 09:41 1998168 ----a-w- c:\\windows\\system32\\D3DX9_43.dll
2010-08-25 21:23 . 2010-05-26 09:41 1868128 ----a-w- c:\\windows\\system32\\d3dcsx_43.dll
2010-08-25 21:23 . 2010-02-04 08:01 74072 ----a-w- c:\\windows\\system32\\XAPOFX1_4.dll
2010-08-25 21:23 . 2010-02-04 08:01 528216 ----a-w- c:\\windows\\system32\\XAudio2_6.dll
2010-08-25 21:23 . 2010-02-04 08:01 238936 ----a-w- c:\\windows\\system32\\xactengine3_6.dll
2010-08-25 21:23 . 2010-02-04 08:01 22360 ----a-w- c:\\windows\\system32\\X3DAudio1_7.dll
2010-08-25 18:42 . 2010-08-25 21:12 -------- d-----w- C:\\maf
2010-08-22 14:55 . 2010-08-22 14:55 -------- d-----w- c:\\program files\\oZone3D
2010-08-19 01:27 . 2010-08-18 15:13 52224 ----a-w- c:\\users\\sowa\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\cav60kmi.default\\extensions\\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\\components\\FFExternalAlert.dll
2010-08-19 01:27 . 2010-08-18 15:13 101376 ----a-w- c:\\users\\sowa\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\cav60kmi.default\\extensions\\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\\components\\RadioWMPCore.dll
2010-08-17 15:00 . 2010-08-17 15:01 -------- d-----w- c:\\program files\\Absolute MP3 Splitter
2010-08-17 14:49 . 2010-08-17 15:05 -------- d-----w- c:\\program files\\Visual MP3 Splitter & Joiner
2010-08-17 09:39 . 2010-08-17 09:39 -------- d-----w- c:\\program files\\Microsoft Network Monitor 3
2010-08-15 15:50 . 2010-06-08 17:35 3600768 ----a-w- c:\\windows\\system32\\ntkrnlpa.exe
2010-08-15 15:50 . 2010-06-08 17:35 3548040 ----a-w- c:\\windows\\system32\\ntoskrnl.exe
2010-08-15 15:50 . 2010-06-16 16:04 905088 ----a-w- c:\\windows\\system32\\drivers\\tcpip.sys
2010-08-15 15:48 . 2010-05-27 20:08 81920 ----a-w- c:\\windows\\system32\\iccvid.dll
2010-08-15 15:48 . 2010-06-11 16:16 274944 ----a-w- c:\\windows\\system32\\schannel.dll
2010-08-15 15:48 . 2010-06-21 13:37 2037760 ----a-w- c:\\windows\\system32\\win32k.sys
2010-08-15 15:48 . 2010-06-18 17:31 36864 ----a-w- c:\\windows\\system32\\rtutils.dll
2010-08-15 15:48 . 2010-06-11 16:15 1248768 ----a-w- c:\\windows\\system32\\msxml3.dll
2010-08-15 15:48 . 2010-06-18 15:04 302080 ----a-w- c:\\windows\\system32\\drivers\\srv.sys
2010-08-15 15:48 . 2010-06-18 15:04 144896 ----a-w- c:\\windows\\system32\\drivers\\srv2.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 20:16 . 2010-07-19 22:40 -------- d-----w- c:\\program files\\Common Files\\Akamai
2010-09-05 19:51 . 2008-10-03 05:19 -------- d-----w- c:\\users\\sowa\\AppData\\Roaming\\uTorrent
2010-09-05 18:12 . 2010-02-05 19:25 -------- d-----w- c:\\program files\\Steam
2010-09-05 18:06 . 2009-03-21 18:38 -------- d-----w- c:\\users\\sowa\\AppData\\Roaming\\Dropbox
2010-09-05 17:35 . 2009-01-19 22:08 -------- d-----w- c:\\users\\sowa\\AppData\\Roaming\\foobar2000
2010-09-05 17:34 . 2008-10-03 09:37 445936 ----a-w- c:\\windows\\system32\\drivers\\sptd.sys
2010-09-05 13:08 . 2008-11-05 16:12 138520 ----a-w- c:\\windows\\system32\\drivers\\PnkBstrK.sys
2010-09-05 13:08 . 2008-11-05 16:12 233960 ----a-w- c:\\windows\\system32\\PnkBstrB.exe
2010-09-04 17:52 . 2008-11-04 12:49 -------- d-----w- c:\\programdata\\Soulseek
2010-09-03 23:59 . 2010-05-23 12:26 -------- d-----w- c:\\users\\sowa\\AppData\\Roaming\\codeblocks
2010-09-03 04:53 . 2009-02-08 00:24 -------- d-----w- c:\\program files\\VentriloMIX
2010-09-03 03:36 . 2008-06-25 05:14 -------- d--h--w- c:\\program files\\InstallShield Installation Information
2010-09-03 03:33 . 2008-06-25 05:12 -------- d-----w- c:\\program files\\Common Files\\InstallShield
2010-09-02 20:14 . 2008-10-03 17:13 -------- d-----w- c:\\users\\sowa\\AppData\\Roaming\\Tlen.pl
2010-08-31 17:02 . 2008-10-03 05:19 -------- d-----w- c:\\program files\\uTorrent
2010-08-28 16:10 . 2008-06-26 11:37 749382 ----a-w- c:\\windows\\system32\\perfh007.dat
2010-08-28 16:10 . 2008-06-26 11:37 174234 ----a-w- c:\\windows\\system32\\perfc007.dat
2010-08-27 16:53 . 2009-02-15 09:38 -------- d-----w- c:\\program files\\Mozilla Thunderbird
2010-08-25 21:25 . 2008-10-16 20:40 -------- d-----w- c:\\program files\\AGEIA Technologies
2010-08-25 21:23 . 2008-10-16 20:40 -------- d-----w- c:\\program files\\Common Files\\Wise Installation Wizard
2010-08-24 21:12 . 2008-06-25 05:38 -------- d-----w- c:\\programdata\\Microsoft Help
2010-08-24 19:40 . 2009-08-10 12:01 2828 --sha-w- c:\\programdata\\KGyGaAvL.sys
2010-08-24 19:40 . 2009-08-10 12:01 2828 --sha-w- c:\\programdata\\KGyGaAvL.sys
2010-08-24 15:17 . 2010-01-30 20:36 -------- d-----w- c:\\users\\sowa\\AppData\\Roaming\\Tropico 3
2010-08-22 13:21 . 2010-08-05 21:55 -------- d-----w- c:\\program files\\Burn4Free
2010-08-17 09:32 . 2009-11-08 18:39 -------- d-----w- c:\\program files\\Movie Maker 2.6
2010-08-17 09:31 . 2006-11-02 11:18 -------- d-----w- c:\\program files\\Windows Mail
2010-08-05 10:38 . 2010-08-05 10:37 -------- d-----w- c:\\program files\\CDex
2010-08-04 09:40 . 2010-08-04 09:38 -------- d-----w- c:\\users\\sowa\\AppData\\Roaming\\WhatPulse
2010-08-04 09:40 . 2010-08-04 09:38 -------- d-----w- c:\\program files\\WhatPulse
2010-08-02 14:08 . 2010-05-23 12:25 -------- d-----w- c:\\program files\\CodeBlocks
2010-08-01 20:40 . 2009-01-19 22:08 -------- d-----w- c:\\program files\\foobar2000
2010-07-22 16:42 . 2010-07-22 16:42 -------- d-----w- c:\\program files\\Hardcoded Software
2010-07-20 17:56 . 2010-02-17 13:35 -------- d-----w- c:\\program files\\K-Lite Codec Pack
2010-07-20 05:25 . 2010-07-20 05:25 -------- d-----w- c:\\program files\\alaplaya
2010-07-16 12:05 . 2009-11-13 12:12 -------- d-----w- c:\\program files\\Ask.com
2010-07-15 22:55 . 2010-07-15 22:55 2944904 ----a-w- c:\\users\\sowa\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\cav60kmi.default\\extensions\\toolbar@ask.com\\chrome\\temp\\askToolbar.exe
2010-07-14 08:00 . 2010-02-17 13:35 108032 ----a-w- c:\\windows\\system32\\ff_vfw.dll
2010-07-11 15:03 . 2008-10-03 04:27 116472 ----a-w- c:\\users\\sowa\\AppData\\Local\\GDIPFONTCACHEV1.DAT
2010-07-10 23:40 . 2010-07-10 23:40 -------- d-----w- c:\\program files\\PremiumSoft
2010-07-10 22:46 . 2010-07-10 22:46 -------- d-----w- c:\\programdata\\MySQL
2010-07-10 21:54 . 2010-07-10 21:54 -------- d-----w- c:\\program files\\BestGameEver
2010-07-09 22:37 . 2010-09-04 18:36 10920 ----a-w- c:\\windows\\system32\\drivers\\nvBridge.kmd
2010-07-09 22:37 . 2009-08-19 11:35 604776 ----a-w- c:\\windows\\system32\\nvudisp.exe
2010-07-09 22:37 . 2009-02-25 03:49 9818728 ----a-w- c:\\windows\\system32\\nvd3dum.dll
2010-07-09 22:37 . 2009-02-25 03:49 1625192 ----a-w- c:\\windows\\system32\\nvapi.dll
2010-07-09 22:37 . 2009-02-25 03:49 14092904 ----a-w- c:\\windows\\system32\\nvoglv32.dll
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\\windows\\system32\\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\\windows\\system32\\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\\windows\\system32\\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\\windows\\system32\\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\\windows\\system32\\nvvsvc.exe
2010-07-07 12:03 . 2008-06-25 05:13 604776 ----a-w- c:\\windows\\system32\\NVUNINST.EXE
2010-06-26 06:05 . 2010-08-15 15:49 916480 ----a-w- c:\\windows\\system32\\wininet.dll
2010-06-26 06:02 . 2010-08-15 15:49 71680 ----a-w- c:\\windows\\system32\\iesetup.dll
2010-06-26 06:02 . 2010-08-15 15:49 109056 ----a-w- c:\\windows\\system32\\iesysprep.dll
2010-06-26 04:25 . 2010-08-15 15:49 133632 ----a-w- c:\\windows\\system32\\ieUnatt.exe
2010-06-21 22:07 . 2009-08-20 17:18 600680 ----a-w- c:\\windows\\system32\\nvuhda.exe
2010-06-21 22:07 . 2009-08-20 17:18 232040 ----a-w- c:\\windows\\system32\\nvcohda.dll
2010-06-09 15:05 . 2010-06-09 15:05 39736 ----a-w- c:\\windows\\system32\\drivers\\nm3.sys
2010-06-08 16:10 . 2009-08-23 15:06 790528 ----a-w- c:\\windows\\system32\\xvidcore.dll
2010-06-08 16:10 . 2009-08-23 14:43 134144 ----a-w- c:\\windows\\system32\\xvidvfw.dll
2010-06-08 15:32 . 2008-11-05 16:12 75064 ----a-w- c:\\windows\\system32\\PnkBstrA.exe
2010-05-15 15:41 . 2010-05-25 21:43 8292376 ----a-w- c:\\program files\\2Brushes_www_grafiki_info.abr
2006-01-23 08:32 . 2006-01-23 08:32 131072 ----a-w- c:\\program files\\internet explorer\\plugins\\LV80ActiveXControl.dll
2006-06-07 12:40 . 2006-06-07 12:40 132848 ----a-w- c:\\program files\\internet explorer\\plugins\\LV82ActiveXControl.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\DropboxExt1]
@=\"{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\"
[HKEY_CLASSES_ROOT\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\\users\\sowa\\AppData\\Roaming\\Dropbox\\bin\\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\DropboxExt2]
@=\"{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\"
[HKEY_CLASSES_ROOT\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\\users\\sowa\\AppData\\Roaming\\Dropbox\\bin\\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\DropboxExt3]
@=\"{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\"
[HKEY_CLASSES_ROOT\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\\users\\sowa\\AppData\\Roaming\\Dropbox\\bin\\DropboxExt.13.dll
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Komunikator\"=\"c:\\program files\\Tlen.pl\\tlen.exe\" [2009-01-17 5853672]
\"DAEMON Tools Lite\"=\"c:\\program files\\DAEMON Tools Lite\\daemon.exe\" [2008-07-24 490952]
\"WhatPulse\"=\"c:\\program files\\WhatPulse\\WhatPulse.exe\" [2009-04-08 2814976]
\"Gadu-Gadu\"=\"c:\\program files\\Gadu-Gadu\\gg.exe\" [2008-03-20 2127296]
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SynTPEnh\"=\"c:\\program files\\Synaptics\\SynTP\\SynTPEnh.exe\" [2007-12-06 1029416]
\"RtHDVCpl\"=\"c:\\program files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe\" [2008-09-24 6335008]
\"SunJavaUpdateSched\"=\"c:\\program files\\Common Files\\Java\\Java Update\\jusched.exe\" [2010-02-18 248040]
c:\\users\\sowa\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\
Dropbox.lnk - c:\\users\\sowa\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe [2010-2-26 21979992]
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
\"EnableLUA\"= 0 (0x0)
\"EnableUIADesktopToggle\"= 0 (0x0)
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\WinDefend]
@=\"Service\"
[HKLM\\~\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\\programdata\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\BTTray.lnk
backup=c:\\windows\\pss\\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\\~\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\\programdata\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk
backup=c:\\windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\\~\\startupfolder\\C:^Users^sowa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Budzik.lnk]
path=c:\\users\\sowa\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Budzik.lnk
backup=c:\\windows\\pss\\Budzik.lnk.Startup
backupExtension=.Startup
[HKLM\\~\\startupfolder\\C:^Users^sowa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\\users\\sowa\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hamachi.lnk
backup=c:\\windows\\pss\\hamachi.lnk.Startup
backupExtension=.Startup
[HKLM\\~\\startupfolder\\C:^Users^sowa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Launch NoNameScript.lnk]
path=c:\\users\\sowa\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Launch NoNameScript.lnk
backup=c:\\windows\\pss\\Launch NoNameScript.lnk.Startup
backupExtension=.Startup
[HKLM\\~\\startupfolder\\C:^Users^sowa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\\users\\sowa\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.1.lnk
backup=c:\\windows\\pss\\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKLM\\~\\startupfolder\\C:^Users^sowa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Total Commander Updater.exe]
path=c:\\users\\sowa\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Total Commander Updater.exe
backup=c:\\windows\\pss\\Total Commander Updater.exe.Startup
backupExtension=.Startup
[HKLM\\~\\startupfolder\\C:^Users^sowa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\\users\\sowa\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\\windows\\pss\\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKLM\\~\\startupfolder\\C:^Users^sowa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\\users\\sowa\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Xfire.lnk
backup=c:\\windows\\pss\\Xfire.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QPrinter 2.0 monitor]
c:\\program files\\QPrinter Bookmaker\\qprintmon --server [X]
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\\program files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\\program files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe_ID0ENQBO]
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ALLUpdate]
2009-06-04 20:56 869888 ----a-w- c:\\program files\\ALLPlayer\\ALLUpdate.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Ask and Record FLV Service]
2009-03-10 01:29 156672 ----a-w- c:\\program files\\Ask & Record Toolbar\\FLVSrvc.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\\program files\\DAEMON Tools Lite\\daemon.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\\windows\\ehome\\ehtray.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Gadu-Gadu]
2008-03-20 10:04 2127296 ----a-w- c:\\program files\\Gadu-Gadu\\gg.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\\program files\\HP\\HP Software Update\\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:31 1840424 ----a-w- c:\\program files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Konnekt]
2005-05-24 21:41 503808 ----a-w- c:\\program files\\Konnekt\\konnekt.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NBKeyScan]
2008-12-02 14:29 2221352 ----a-w- c:\\program files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NvCplDaemon]
2010-07-09 14:20 13939816 ----a-w- c:\\windows\\System32\\nvcpl.dll
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NvMediaCenter]
2010-07-09 14:20 110696 ----a-w- c:\\windows\\System32\\nvmctray.dll
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Steam]
2010-08-24 21:40 1242448 ----a-w- c:\\program files\\Steam\\steam.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\\program files\\Common Files\\Java\\Java Update\\jusched.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\uTorrent]
2010-08-31 17:02 328568 ----a-w- c:\\program files\\uTorrent\\uTorrent.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run-]
\"Adobe Reader Speed Launcher\"=\"c:\\program files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"
\"Windows Defender\"=%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide
\"IAAnotif\"=c:\\program files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\McAfeeAntiSpyware]
\"DisableMonitoring\"=dword:00000001
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Svc]
\"VistaSp2\"=hex(b):34,30,13,54,e9,37,ca,01
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Svc\\S-1-5-21-3955316444-2243232555-2832667671-1003]
\"EnableNotificationsRef\"=dword:00000002
R0 Lbd;Lbd;c:\\windows\\system32\\DRIVERS\\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\\windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\\windows\\system32\\DRIVERS\\eamonm.sys [x]
R2 srenum;srenum;c:\\windows\\system32\\DRIVERS\\srenum.sys [x]
R3 ADDMEM;ADDMEM;c:\\users\\sowa\\AppData\\Local\\Temp\\__Samsung_Update\\ADDMEM.SYS [x]
R3 kvnet;Kerio Virtual Network Adapter;c:\\windows\\system32\\DRIVERS\\kvnet.sys [2009-03-23 26624]
R3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\\windows\\system32\\DRIVERS\\kwflower.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\\windows\\system32\\DRIVERS\\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\\windows\\system32\\DRIVERS\\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\\windows\\system32\\DRIVERS\\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\\windows\\system32\\DRIVERS\\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\\windows\\system32\\DRIVERS\\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\\windows\\system32\\DRIVERS\\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\\windows\\system32\\DRIVERS\\s0016unic.sys [2008-05-16 115752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\\windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva352;XDva352;c:\\windows\\system32\\XDva352.sys [x]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\\program files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe [2008-08-15 284016]
R4 FAH@C:+Users+sowa+AppData+Local+Temp+IXP000.TMP+FAH.exe;FAH@C:+Users+sowa+AppData+Local+Temp+IXP000.TMP+FAH.exe;c:\\users\\sowa\\AppData\\Local\\Temp\\IXP000.TMP\\FAH.exe [x]
R4 gupdate1cb0489f4837c95;Usługa Google Update (gupdate1cb0489f4837c95);c:\\program files\\Google\\Update\\GoogleUpdate.exe [2010-06-05 133104]
R4 OMSI download service;Sony Ericsson OMSI download service;c:\\program files\\Sony Ericsson\\Sony Ericsson PC Suite\\SupServ.exe [2009-04-30 90112]
R4 sptd;sptd;c:\\windows\\system32\\Drivers\\sptd.sys [2010-09-05 445936]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\\windows\\system32\\DRIVERS\\iaNvStor.sys [2008-05-08 226328]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\\windows\\system32\\DRIVERS\\nm3.sys [2010-06-09 39736]
S2 Akamai;Akamai NetSession Interface;c:\\windows\\System32\\svchost.exe [2008-01-21 21504]
S2 atjsgt;atjsgt;c:\\windows\\system32\\DRIVERS\\atjsgt.sys [2009-02-27 165504]
S2 BlackfishSQL;BlackfishSQL;c:\\program files\\Embarcadero\\RAD Studio\\7.0\\Bin\\BSQLServer.exe [2009-11-19 65536]
S2 HopperP;WiFi Hopper (Vista);c:\\windows\\system32\\DRIVERS\\hopperp.sys [2008-02-18 15360]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\\windows\\system32\\DRIVERS\\kmdfmemio.sys [2008-06-25 13312]
S2 linsgt;linsgt;c:\\windows\\system32\\DRIVERS\\linsgt.sys [2009-02-27 16000]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\\windows\\System32\\StkCSrv.exe [2008-01-16 31248]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\\windows\\system32\\DRIVERS\\NETw5v32.sys [2009-10-26 4247552]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\\windows\\system32\\drivers\\nvhda32v.sys [2010-06-21 105576]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\\windows\\system32\\DRIVERS\\seehcri.sys [2008-01-09 27632]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\\windows\\system32\\Drivers\\StkCMini.sys [2008-03-28 1363088]
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu \'Zaplanowane zadania\'
2010-09-05 c:\\windows\\Tasks\\1-Click Maintenance.job
- c:\\program files\\TuneUp Utilities 2009\\OneClickStarter.exe [2008-12-11 20:36]
2010-09-05 c:\\windows\\Tasks\\GoogleUpdateTaskMachineCore.job
- c:\\program files\\Google\\Update\\GoogleUpdate.exe [2010-06-05 08:34]
2010-09-05 c:\\windows\\Tasks\\GoogleUpdateTaskMachineUA.job
- c:\\program files\\Google\\Update\\GoogleUpdate.exe [2010-06-05 08:34]
2010-09-05 c:\\windows\\Tasks\\SupBackGroundTask.job
- c:\\program files\\Samsung\\Samsung Update Plus\\SUPBackGround.exe [2008-10-27 12:26]
2010-09-05 c:\\windows\\Tasks\\User_Feed_Synchronization-{C2EFC06B-C955-4628-8A98-2F727C536DF3}.job
- c:\\windows\\system32\\msfeedssync.exe [2010-08-15 04:24]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\\users\\sowa\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\cav60kmi.default\\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT144873&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Filmweb.pl
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig?hl=pl&source=iglk
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=APLV5&o=14912&locale=en_US&apn_uid=&apn_ptnrs=PQ&apn_sauid=&apn_dtid=&q=
FF - component: c:\\users\\sowa\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\cav60kmi.default\\extensions\\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\\components\\FFExternalAlert.dll
FF - component: c:\\users\\sowa\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\cav60kmi.default\\extensions\\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\\components\\RadioWMPCore.dll
FF - plugin: c:\\program files\\Google\\Update\\1.2.183.29\\npGoogleOneClick8.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\np-mswmp.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npdeployJava1.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\NPLV80Win32.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\NPLV82Win32.dll
FF - plugin: c:\\program files\\Opera\\program\\plugins\\nppl3260.dll
FF - plugin: c:\\program files\\Opera\\program\\plugins\\nprpjplug.dll
FF - plugin: c:\\programdata\\id Software\\QuakeLive\\npquakezero.dll
FF - plugin: c:\\users\\sowa\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\cav60kmi.default\\extensions\\battlefieldheroespatcher@ea.com\\platform\\WINNT_x86-msvc\\plugins\\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\\windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\DotNetAssistantExtension\\
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\\program files\\Mozilla Firefox\\greprefs\\all.js - pref(\"network.IDN.whitelist.xn--mgbaam7a8h\", true);
c:\\program files\\Mozilla Firefox\\greprefs\\all.js - pref(\"network.IDN.whitelist.xn--mgberp4a5d4ar\", true);
c:\\program files\\Mozilla Firefox\\defaults\\pref\\firefox.js - pref(\"dom.ipc.plugins.enabled\", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 22:15
Windows 6.0.6002 Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet028\\Services\\exfat]
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet028\\Services\\FAH@C:+Users+sowa+AppData+Local+Temp+IXP000.TMP+FAH.exe]
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\\S-1-5-21-3955316444-2243232555-2832667671-1003\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.*M*P*�%\\OpenWithList]
@Class=\"Shell\"
[HKEY_USERS\\S-1-5-21-3955316444-2243232555-2832667671-1003\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{6758EE2E-B2FE-5A31-8F7A-BB745DAA9527}*]
\"dabehgki\"=hex:64,62,63,63,69,6a,6f,62,61,6c,67,64,69,69,63,70,6e,6b,6e,6e,6a,
61,6d,6d,63,6e,68,66,63,6d,64,66,70,69,66,68,63,65,6f,66,00,00
\"iagdkggaklbppmjamn\"=hex:6a,61,6c,70,62,70,65,6c,6a,67,6f,6a,6d,66,64,6a,6e,65,
6a,63,00,00
\"haacianillmekcpl\"=hex:6a,61,6c,70,64,70,6b,6b,68,62,65,6c,6f,65,6b,65,62,6d,
64,6f,00,00
[HKEY_USERS\\S-1-5-21-3955316444-2243232555-2832667671-1003\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{8B57A30E-2D48-D408-3CE6-F73B28951F78}*]
\"iagfgbainhgilmfobg\"=hex:6b,61,6b,6d,70,63,67,63,69,6c,64,6c,6b,6f,63,69,6c,63,
67,6e,6c,6c,00,00
\"hamemoemonlmfgab\"=hex:6b,61,6b,6d,70,63,67,63,69,6c,64,6c,6b,6f,63,69,6c,63,
67,6e,6c,6c,00,00
[HKEY_USERS\\S-1-5-21-3955316444-2243232555-2832667671-1003\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{96394F0E-DB86-1747-B04D-BFC98EE0ACAC}*]
\"iabgaonomkalbjklon\"=hex:6b,61,6e,6b,70,6a,6e,63,62,62,69,68,69,6f,68,67,62,6c,
62,64,68,6b,00,00
\"hapfgokgjahiedde\"=hex:6b,61,6e,6b,70,6a,6e,63,62,62,69,68,69,6f,68,67,62,6c,
62,64,68,6b,00,00
\"gaefnliimomjog\"=hex:61,63,61,6c,70,6b,70,66,62,6b,6b,6c,6f,6b,6f,65,6b,68,6a,
6e,61,6e,63,64,62,62,61,6c,6f,64,69,63,6d,6d,61,6a,66,67,6c,65,67,66,61,69,\\
[HKEY_USERS\\S-1-5-21-3955316444-2243232555-2832667671-1003\\Software\\SecuROM\\License information*]
\"datasecu\"=hex:02,58,a5,73,a8,8a,38,1a,c4,af,28,91,8f,a4,83,ba,94,29,16,f3,d0,
5c,4d,03,bd,72,6d,77,0a,9c,34,bb,2a,4a,20,51,71,f0,e5,b0,42,cd,91,e1,8e,b1,\\
\"rkeysecu\"=hex:4c,aa,9e,ce,85,3a,83,a1,c7,81,c1,e6,3e,8f,7f,38
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6758EE2E-B2FE-5A31-8F7A-BB745DAA9527}\\InProcServer32*]
\"famcnejeahan\"=hex:64,61,65,65,6f,68,6f,6c,00,e1
\"eamckfoimn\"=hex:6d,63,68,64,67,6a,6e,6b,65,67,66,68,6f,66,69,6c,6a,6d,70,67,
68,61,6c,68,6d,61,70,65,6c,6b,61,6c,6e,6b,69,68,69,61,6e,6b,66,64,6c,6d,63,\\
\"gamcnejeahandk\"=hex:64,61,65,65,6f,68,6f,6c,00,e1
\"famckfoimnpi\"=hex:6d,63,68,64,67,6a,6e,6b,65,67,66,68,6f,66,69,6c,6a,6d,70,67,
68,61,6c,68,6d,61,70,65,6c,6b,61,6c,6e,6b,69,68,69,61,6e,6b,66,64,6c,6d,63,\\
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet028\\Control\\Class\\{4D36E96D-E325-11CE-BFC1-08002BE10318}\\0000\\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
\"BlindDial\"=dword:00000000
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet028\\Control\\Class\\{4D36E96D-E325-11CE-BFC1-08002BE10318}\\0001\\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
\"BlindDial\"=dword:00000000
.
Czas ukończenia: 2010-09-05 22:23:45
ComboFix-quarantined-files.txt 2010-09-05 20:23
ComboFix2.txt 2010-09-02 17:38
Przed: 13 979 541 504 bytes free
Po: 14 008 623 104 bytes free
- - End Of File - - 5553906D5D2F8787195FDFB1B5ABAAB0
|
