kamo502 utworzono 4 lipca 2012 utworzono 4 lipca 2012 Witam Problemy zaczely sie jakis czas temu. Zaczelo mi zawieszac komputer, zauwazylem ze chyab tylko wtedy jak uzywam Chrome. Wyczyscilem rejestr, zrobilem scan on-line, usuenite zbedne oprogramowanie itd. Zainstalowano na nowo przegladarke. Bylo dobrze. Do dzis. Chrome sie odpala ale nie laduje stron. (Bialy ekran) Prosze o sprawdzenie logow i ewentualna pomoc. OTL (Zawiesil sie na Manual File Scan Gettin Folder Structure, uruchomilem jeszcze raz) Narazie czekam na log. Jak sie pojawi dorzuce RSIT (Tez sie zatrzymal na 'Listing Event Logs" ale poszedl) [log] Logfile of random's system information tool 1.09 (written by random/random) Run by Gocejna at 2012-07-04 13:02:53 Microsoft Windows 7 Home Premium System drive C: has 48 GB (60%) free of 79 GB Total RAM: 3327 MB (35% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:03:47, on 2012-07-04 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe C:\Program Files\ASUS\ATK Hotkey\HControl.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files\ASUS\ATK Hotkey\WDC.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\TEMP\VRT59C.tmp C:\Windows\system32\config\systemprofile\AppData\Roaming\tonysba.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Gocejna\Downloads\OTL.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\Gocejna\Downloads\RSIT.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\Gocejna.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl/"]http://www.google.pl/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [url="file://C:/Users/Gocejna/AppData/Local/Google/Chrome/User%20Data/Default/Extensions/caehdcpeofiiigpdhbabniblemipncjj/SwitchyAuto.pac?1330439778483"]file://C:/Users/Gocejna/AppData/Local/Google/Chrome/User%20Data/Default/Extensions/caehdcpeofiiigpdhbabniblemipncjj/SwitchyAuto.pac?1330439778483[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [Audio Driver] C:\Windows\system32\config\systemprofile\AppData\Roaming\audiomgr.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [tnssb] C:\Windows\system32\config\systemprofile\AppData\Roaming\tonysba.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [tcpudp] C:\Windows\VRT59C.tmp (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Audio Driver] C:\Windows\system32\config\systemprofile\AppData\Roaming\audiomgr.exe (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 8063 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3475593946-788457680-2885981346-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3475593946-788457680-2885981346-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-17 425680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-06-19 4014280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016] "HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-07-13 1503232] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696] "ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2009-04-20 188416] "ATKOSD2"=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 136176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe [2011-07-04 13374048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 136176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe [2011-08-01 958352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-08-01 20880] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2011-08-01 3507088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KORG USB-MIDI Driver] C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe [2011-03-30 393616] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe [2011-12-12 1760328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl] C:\Program Files\Notebook Hardware Control\nhc.exe -quiet [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-11-29 450560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-05-17 296056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gocejna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk] C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-07-31 203776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1" "C:\Windows\system32\wininit.exe"="C:\Windows\system32\wininit.exe:*:enabled:@shell32.dll,-1" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "aux4"=wdmaud.drv "wave5"=wdmaud.drv "mixer5"=wdmaud.drv "wave6"=wdmaud.drv "mixer6"=wdmaud.drv "midi5"=KORGUMDD.DRV "wave7"=wdmaud.drv "midi6"=wdmaud.drv "mixer7"=wdmaud.drv "aux5"=wdmaud.drv "wave8"=wdmaud.drv "midi7"=wdmaud.drv "mixer8"=wdmaud.drv "aux6"=wdmaud.drv "wave9"=wdmaud.drv "midi8"=wdmaud.drv "mixer9"=wdmaud.drv "aux7"=wdmaud.drv "vidc.iv50"=ir50_32.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 month====== 2012-07-04 13:02:53 ----D---- C:\rsit 2012-07-04 12:21:32 ----AH---- C:\Windows\VRT59C.tmp 2012-07-04 11:07:10 ----SD---- C:\32788R22FWJFW 2012-07-04 11:03:07 ----D---- C:\Qoobox 2012-06-25 18:11:54 ----D---- C:\Program Files\ESET 2012-06-25 18:10:09 ----D---- C:\Users\Gocejna\AppData\Roaming\Malwarebytes 2012-06-25 18:10:07 ----D---- C:\ProgramData\Malwarebytes 2012-06-25 18:10:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2012-06-25 18:10:06 ----A---- C:\Windows\system32\drivers\mbam.sys 2012-06-25 18:05:00 ----A---- C:\Windows\ntbtlog.txt 2012-06-25 15:28:32 ----D---- C:\Program Files\Odkurzacz 2012-06-25 15:11:41 ----D---- C:\Program Files\CCleaner 2012-06-25 15:07:46 ----A---- C:\Windows\system32\MRT.exe 2012-06-23 20:21:59 ----D---- C:\Program Files\VS Revo Group ======List of files/folders modified in the last 1 month====== 2012-07-04 13:03:53 ----D---- C:\Windows\Temp 2012-07-04 13:02:59 ----D---- C:\Program Files\trend micro 2012-07-04 12:29:07 ----D---- C:\Program Files 2012-07-04 12:21:32 ----D---- C:\Windows 2012-07-04 12:17:01 ----A---- C:\Windows\crocclip.ini 2012-07-04 11:10:28 ----SHD---- C:\System Volume Information 2012-07-04 11:03:08 ----D---- C:\Windows\system32\drivers 2012-07-04 10:53:46 ----D---- C:\Windows\Prefetch 2012-07-04 10:50:35 ----D---- C:\Windows\System32 2012-07-03 11:44:16 ----D---- C:\Users\Gocejna\AppData\Roaming\AIMP3 2012-07-02 10:15:41 ----D---- C:\ADCDA2 2012-07-02 10:07:35 ----D---- C:\Windows\system32\catroot2 2012-06-30 12:07:00 ----D---- C:\Windows\inf 2012-06-30 12:07:00 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-06-30 12:05:49 ----D---- C:\Windows\system32\LogFiles 2012-06-29 23:13:39 ----D---- C:\Users\Gocejna\AppData\Roaming\ipla 2012-06-29 18:39:27 ----D---- C:\Users\Gocejna\AppData\Roaming\DAEMON Tools Lite 2012-06-27 17:34:38 ----D---- C:\Windows\system32\config 2012-06-25 18:10:07 ----D---- C:\ProgramData 2012-06-25 15:39:06 ----D---- C:\Users\Gocejna\AppData\Roaming\skypePM 2012-06-25 15:33:06 ----D---- C:\Windows\Downloaded Installations 2012-06-25 15:33:06 ----D---- C:\ProgramData\Skype 2012-06-25 15:33:06 ----D---- C:\Program Files\Common Files 2012-06-25 15:26:12 ----D---- C:\Users\Gocejna\AppData\Roaming\Winamp 2012-06-25 15:26:11 ----D---- C:\Users\Gocejna\AppData\Roaming\Skype 2012-06-25 15:23:40 ----D---- C:\Windows\SoftwareDistribution 2012-06-25 15:22:09 ----D---- C:\Windows\Panther 2012-06-25 15:22:05 ----D---- C:\Windows\Logs 2012-06-25 15:22:05 ----D---- C:\Windows\debug 2012-06-23 20:46:43 ----SHD---- C:\Windows\Installer 2012-06-23 20:41:29 ----D---- C:\BHBACKUP 2012-06-23 20:34:19 ----D---- C:\Program Files\SpeedFan 2012-06-23 20:33:36 ----D---- C:\Windows\system32\catroot 2012-06-23 20:31:20 ----D---- C:\Windows\system32\Tasks 2012-06-23 20:30:43 ----D---- C:\Program Files\Adobe 2012-06-23 20:12:16 ----D---- C:\Windows\Microsoft.NET ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [2007-03-05 20880] R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2007-03-05 35600] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-19 218688] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880] R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2008-07-11 92712] R3 adatadrv;Autodata Protection Service; C:\Windows\system32\DRIVERS\adatadrv.sys [2009-07-01 762112] R3 athr;Rozszerzony sterownik urządzenia bezprzewodowej sieci LAN Atheros; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-14 4194816] R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704] R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792] R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2011-09-29 21632] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 22344] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2009-05-13 14392] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192] R3 RTL8167;Sterownik Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-06 1766592] R3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\Windows\system32\DRIVERS\SNTNLUSB.SYS [2008-07-11 37088] R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320] R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448] R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-07-09 1066496] S2 DS1410D;DS1410D Dongle Driver; \??\C:\Windows\system32\drivers\ds1410d.sys [1997-01-14 6848] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-07-20 30312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-05-09 36496] S3 BthEnum;Usługa wyliczania Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816] S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696] S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704] S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880] S3 catchme;catchme; \??\C:\Users\Gocejna\AppData\Local\Temp\catchme.sys [] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864] S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2010-11-16 60552] S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2010-11-16 73096] S3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM); C:\Windows\system32\drivers\ipmidi.sys [2010-04-05 19456] S3 KORGUMDS;KORG USB-MIDI Driver for Windows; C:\Windows\System32\Drivers\KORGUMDS.SYS [2011-03-30 24056] S3 LoopBeMidi1;nerds.de LoopBe1 - Internal Midi Port SvcDesc(WDM); C:\Windows\system32\drivers\loopbe1.sys [2008-01-27 10880] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-07-20 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-07-20 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-07-20 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-07-20 114280] S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056] S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864] S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960] S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-08 691696] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208] R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 MSSQL$IC_SKLEP;SQL Server (IC_SKLEP); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 NWCWorkstation;Client Service for NetWare; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136] R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-05-03 158856] S3 aspnet_state;„Usługa stanu ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 258048] S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-09-25 682496] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- [/log] i Info [log] info.txt logfile of random's system information tool 1.09 2012-07-04 13:04:33 ======Uninstall list====== 32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C} Adobe Color JA Extra Settings-->MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE} Adobe Color NA Extra Settings-->MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1 Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\678cd98c8365a5647f9a2e539d120a8\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{78EFD06D-7583-42F1-9E77-671D8782EB70} Adobe Reader 9.4.5 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001} Adobe Setup-->MsiExec.exe /I{CBF4DADD-974D-49C8-BC83-C6F31554001E} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} AIMP3-->C:\Program Files\AIMP3\Uninstall.exe AMD USB Filter Driver-->MsiExec.exe /X{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\SETUP.exe -runfromtemp -l0x0009 -removeonly ATK Hotkey-->MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9} ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF} ATKOSD2-->MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B} Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" Bluesoleil2.6.0.8 Release 070517-->MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D} Bosch Viewer-->C:\PROGRA~1\Bosch\ESITRO~1\MCVIEWER\UNWISE.EXE C:\PROGRA~1\Bosch\ESITRO~1\MCVIEWER\viewer_uninstall.log BurnAware Free 4.0-->"C:\Program Files\BurnAware Free\unins000.exe" CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe" Crystal Reports for .NET Framework 2.0 (x86)-->MsiExec.exe /I{7C05EEDD-E565-4E2B-ADE4-0C784C17311C} DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly e-Deklaracje Desktop-->msiexec /qb /x {238F53CC-4768-A6A3-1D6B-FCF616C75368} e-Deklaracje Desktop-->MsiExec.exe /I{238F53CC-4768-A6A3-1D6B-FCF616C75368} EPC-->G:\SETUP.EXE -funinst -SMS e-pity 2011 wersja 3.0-->"C:\Program Files\e-file\e-pity2011\unins000.exe" ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe ESI[tronic]-->C:\PROGRA~1\Bosch\ESITRO~1\Setup.exe -u Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot HP Deskjet F4500 Printer Driver Software 13.0 Rel .6-->C:\Program Files\HP\Digital Imaging\{7F08A772-2816-4F46-84F1-49578502AD28}\setup\hpzscr01.exe -datfile hposcr46.dat -onestop -forcereboot HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Print Projects 1.0-->C:\Program Files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat HP Smart Web Printing 4.5-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4} IC_Katalog-->C:\Program Files\Inter Cars\IC_Katalog\uninstall.exe ipla 2.3.5-->C:\Program Files\ipla\uninst.exe IsoBuster 2.8.5-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF} K-Lite Codec Pack 6.2.0 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" KORG KONTROL Editor-->MsiExec.exe /I{7824A7EF-4EE7-43CC-B98D-BD4CDB08E042} KORG USB-MIDI Driver Tools for Windows-->MsiExec.exe /I{B3CB5BA3-3E98-4E85-944E-B03D055F8450} LG USB Modem Drivers-->MsiExec.exe /X{3E8DE1A6-B365-4FF6-B917-2892A34990E8} LPD8 Editor-->"C:\Program Files\AkaiPro\LPD8Editor\LPD8 Editor uninstall.exe" Malwarebytes Anti-Malware wersja 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" ManyCam 2.6.65 (remove only)-->"C:\Program Files\ManyCam\uninstall.exe" Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft .NET Framework 4 Extended PLK Language Pack-->MsiExec.exe /X{5C19E2DC-4CCF-3114-B40A-6E565987025F} Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702} Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Outlook Personal Folders Backup-->MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Express Edition (IC_SKLEP)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4} Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mixvibes ASIO UMix44-->C:\Windows\System32\MixvibesASIOUMix44uninstaller.exe Native Instruments Service Center-->"C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe" REMOVE=TRUE MODIFY=FALSE Native Instruments Service Center-->C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe Native Instruments Traktor-->"C:\ProgramData\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}\Traktor Setup.exe" REMOVE=TRUE MODIFY=FALSE Native Instruments Traktor-->C:\ProgramData\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}\Traktor Setup.exe Odkurzacz-->"C:\Program Files\Odkurzacz\unins000.exe" PDF Settings-->MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9} PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe" Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ExtendedLP QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C} RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA} RealPlayer-->c:\program files\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB} Revo Uninstaller 1.94-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe Samsung Kies-->"C:\Program Files\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A} SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe ScanMaster-ELM 1.6.0.0-->"C:\Program Files\WGSoft\ScanMaster-ELM\unins000.exe" Sentinel Protection Installer 7.5.0-->MsiExec.exe /I{A5A63519-F5C2-4F4A-849A-F28A1AB3D522} Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype™ 5.9-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe" Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe USB 2.0 1.3M UVC WebCam-->C:\Windows\Uninstsxga.bat VIA Platforma Menedżera urządzeń-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows 7 USB/DVD Download Tool-->MsiExec.exe /X{CCF298AF-9CE1-4B26-B251-486E98A34789} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Wtyczka e-Deklaracje-->"C:\Users\Gocejna\AppData\Local\unins000.exe" ======System event log====== Computer Name: Gocejna_ Event Code: 7036 Message: Usługa Usługa Asystent zgodności programów weszła w stan uruchomienia. Record Number: 380433 Source Name: Service Control Manager Time Written: 20120408215101.163264-000 Event Type: Informacje User: Computer Name: Gocejna_ Event Code: 201 Message: Usługa Asystent zgodności programów została pomyślnie uruchomiona. Record Number: 380432 Source Name: Microsoft-Windows-Application-Experience Time Written: 20120408215101.163264-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: Gocejna_ Event Code: 7036 Message: Usługa Microsoft .NET Framework NGEN v4.0.30319_X86 weszła w stan uruchomienia. Record Number: 380431 Source Name: Service Control Manager Time Written: 20120408215002.055872-000 Event Type: Informacje User: Computer Name: Gocejna_ Event Code: 7036 Message: Usługa Grupowanie sieci równorzędnej weszła w stan uruchomienia. Record Number: 380430 Source Name: Service Control Manager Time Written: 20120408214941.785813-000 Event Type: Informacje User: Computer Name: Gocejna_ Event Code: 7036 Message: Usługa Protokół rozpoznawania nazw równorzędnych weszła w stan uruchomienia. Record Number: 380429 Source Name: Service Control Manager Time Written: 20120408214941.772812-000 Event Type: Informacje User: =====Application event log===== Computer Name: Gocejna_ Event Code: 1066 Message: Stan zainicjowania obiektów usługi. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000 Record Number: 89618 Source Name: Microsoft-Windows-Security-SPP Time Written: 20111201033500.000000-000 Event Type: Informacje User: Computer Name: Gocejna_ Event Code: 1 Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona. Record Number: 89617 Source Name: SecurityCenter Time Written: 20111201033500.000000-000 Event Type: Informacje User: Computer Name: Gocejna_ Event Code: 900 Message: Usługa ochrony oprogramowania jest uruchamiana. Record Number: 89616 Source Name: Microsoft-Windows-Security-SPP Time Written: 20111201033458.000000-000 Event Type: Informacje User: Computer Name: Gocejna_ Event Code: 1003 Message: Usługa Windows Search została uruchomiona. Record Number: 89615 Source Name: Microsoft-Windows-Search Time Written: 20111201033307.000000-000 Event Type: Informacje User: Computer Name: Gocejna_ Event Code: 302 Message: Windows (3100) Windows: Aparat bazy danych pomyślnie ukończył procedurę przywracania. Record Number: 89614 Source Name: ESENT Time Written: 20111201033306.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: Gocejna_ Event Code: 5058 Message: Operacja na pliku klucza. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: GOCEJNA_$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Parametry funkcji kryptograficznej: Nazwa dostawcy: Microsoft Software Key Storage Provider Nazwa algorytmu: Niedostępne. Nazwa klucza: {9BDE7B4D-DA90-417C-810B-00E8686754CA} Typ klucza: Klucz komputera. Informacje dotyczące operacji na pliku klucza: Ścieżka do pliku: C:\ProgramData\Microsoft\Crypto\Keys\03881496ad77b9b5518697478bdb7aee_6cbd2f70-f604-4d37-a1b6-a1969c4e933d Operacja: Odczytaj trwały klucz z pliku. Kod powrotny: 0x0 Record Number: 113739 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120414031200.545364-000 Event Type: Sukcesy inspekcji User: Computer Name: Gocejna_ Event Code: 5061 Message: Operacja kryptograficzna. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: GOCEJNA_$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Parametry funkcji kryptograficznej: Nazwa dostawcy: Microsoft Software Key Storage Provider Nazwa algorytmu: RSA Nazwa klucza: {9BDE7B4D-DA90-417C-810B-00E8686754CA} Typ klucza: Klucz komputera. Operacja kryptograficzna: Operacja: Otwórz klucz. Kod powrotny: 0x0 Record Number: 113738 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120414031059.857407-000 Event Type: Sukcesy inspekcji User: Computer Name: Gocejna_ Event Code: 5058 Message: Operacja na pliku klucza. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: GOCEJNA_$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Parametry funkcji kryptograficznej: Nazwa dostawcy: Microsoft Software Key Storage Provider Nazwa algorytmu: Niedostępne. Nazwa klucza: {9BDE7B4D-DA90-417C-810B-00E8686754CA} Typ klucza: Klucz komputera. Informacje dotyczące operacji na pliku klucza: Ścieżka do pliku: C:\ProgramData\Microsoft\Crypto\Keys\03881496ad77b9b5518697478bdb7aee_6cbd2f70-f604-4d37-a1b6-a1969c4e933d Operacja: Odczytaj trwały klucz z pliku. Kod powrotny: 0x0 Record Number: 113737 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120414031059.732403-000 Event Type: Sukcesy inspekcji User: Computer Name: Gocejna_ Event Code: 5061 Message: Operacja kryptograficzna. Podmiot: Identyfikator zabezpieczeń: S-1-5-19 Nazwa konta: USŁUGA LOKALNA Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e5 Parametry funkcji kryptograficznej: Nazwa dostawcy: Microsoft Software Key Storage Provider Nazwa algorytmu: RSA Nazwa klucza: 25e7b61a-9316-4b2f-86b1-e7c9638807af Typ klucza: Klucz komputera. Operacja kryptograficzna: Operacja: Otwórz klucz. Kod powrotny: 0x0 Record Number: 113736 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120414031041.569786-000 Event Type: Sukcesy inspekcji User: Computer Name: Gocejna_ Event Code: 5058 Message: Operacja na pliku klucza. Podmiot: Identyfikator zabezpieczeń: S-1-5-19 Nazwa konta: USŁUGA LOKALNA Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e5 Parametry funkcji kryptograficznej: Nazwa dostawcy: Microsoft Software Key Storage Provider Nazwa algorytmu: Niedostępne. Nazwa klucza: 25e7b61a-9316-4b2f-86b1-e7c9638807af Typ klucza: Klucz komputera. Informacje dotyczące operacji na pliku klucza: Ścieżka do pliku: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bdacd483858aef4f2cc657391577331d_6cbd2f70-f604-4d37-a1b6-a1969c4e933d Operacja: Odczytaj trwały klucz z pliku. Kod powrotny: 0x0 Record Number: 113735 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120414031041.568786-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=17 "PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0301 "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- [/log]
wirusolog komentarz 4 lipca 2012 komentarz 4 lipca 2012 Użyj i wklej log z ComboFixa: http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix
kamo502 komentarz 5 lipca 2012 Autor komentarz 5 lipca 2012 [quote name='wirusolog' timestamp='1341412237' post='1532110'] Użyj i wklej log z ComboFixa: [url="http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix"]http://www.bleepingc...uzycia-combofix[/url] [/quote] Program nie chce sie uruchomic. Obecnosc Viruta. Przeskanwalem system programem Dr Web Ltd i znalazl i naprawil prawie 400 zagrozen tym wirusem. Virut.56 jak dobrze pamietam
wirusolog komentarz 5 lipca 2012 komentarz 5 lipca 2012 (edytowane) Pobierz narzędzie specjalizowane w tematyce: [url="http://speedyshare.com/zPr6p/vk.zip"][color=blue][u][b]VirutKiller[/u][/color][/url][u][/b][/u]. Przejdź w Tryb awaryjny Windows i uruchom narzędzie. Stosuj go do skutku póki wynik nie będzie wynosił 0. Potem pobierasz nową wersję ComboFixa, uruchamiasz ją i tworzysz logi.
kamo502 komentarz 6 lipca 2012 Autor komentarz 6 lipca 2012 (edytowane) OK. Sprawdzam. <p>[quote name='kamo502' timestamp='1341473229' post='1532415'] OK. Sprawdzam. [/quote]</p> <p> </p> <p>Uzylem Virutkillera. Bylo zero</p> <p> </p> <p>Poziej ComboFix</p> <p>Pierwszy raz po skanowaniu zresetowal mi koputer na koncu i po restarcie nic sie nie dzialo, Log sie nie wygenerowal.</p> <p> </p> <p>Uruchomilem drugi raz.</p> <p> </p> <p>[log]</p> <p> </p> <div>ComboFix 12-07-05.02 - Gocejna 2012-07-05 11:43:32.3.2 - x86</div> <div>Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.3327.2424 [GMT 2:00]</div> <div>Uruchomiony z: c:\users\Gocejna\Downloads\ComboFix.exe</div> <div>SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div> * Utworzono nowy punkt przywracania</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>---- Poprzednie uruchomienie -------</div> <div>.</div> <div>c:\program files\RelevantKnowledge</div> <div>c:\program files\RelevantKnowledge\chrome.manifest</div> <div>c:\program files\RelevantKnowledge\install.rdf</div> <div>c:\program files\RelevantKnowledge\nscf.dat</div> <div>c:\program files\RelevantKnowledge\rloci.bin</div> <div>c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge</div> <div>c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk</div> <div>c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk</div> <div>c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk</div> <div>c:\users\Gocejna\AppData\Local\unins000.exe</div> <div>c:\users\Gocejna\Documents\explorer</div> <div>c:\users\Gocejna\Documents\explorer\id_111102220459884_111102220459114.upf</div> <div>c:\windows\IsUn0415.exe</div> <div>c:\windows\pkunzip.pif</div> <div>c:\windows\pkzip.pif</div> <div>c:\windows\system32\muzapp.exe</div> <div>c:\windows\system32\nwcwks.dll</div> <div>c:\windows\VRTBD85.tmp</div> <div>.</div> <div>-- Poprzednie uruchomienie --</div> <div>.</div> <div>c:\windows\system32\userinit.exe . . . jest zainfekowany!!</div> <div>.</div> <div>c:\windows\system32\userinit.exe . . . jest zainfekowany!!</div> <div>.</div> <div>c:\windows\explorer.exe . . . jest zainfekowany!!</div> <div>.</div> <div>--------</div> <div>.</div> <div>c:\windows\system32\userinit.exe . . . jest zainfekowany!!</div> <div>.</div> <div>c:\windows\explorer.exe . . . jest zainfekowany!!</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>-------\Service_NWCWorkstation</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Pliki utworzone od 2012-06-05 do 2012-07-05 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2012-07-05 09:49 . 2012-07-05 09:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Public\AppData\Local\temp</div> <div>2012-07-05 09:49 . 2012-07-05 09:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2012-07-05 09:34 . 2012-07-05 09:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Gocejna\AppData\Local\temp</div> <div>2012-07-04 11:34 . 2012-07-04 11:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Gocejna\DoctorWeb</div> <div>2012-07-04 11:02 . 2012-07-04 11:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\rsit</div> <div>2012-07-04 10:27 . 2012-07-04 10:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Gocejna\AppData\Local\Google</div> <div>2012-06-25 16:31 . 2012-06-25 16:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Gocejna\AppData\Local\ElevatedDiagnostics</div> <div>2012-06-25 16:11 . 2012-06-25 16:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ESET</div> <div>2012-06-25 16:10 . 2012-06-25 16:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Gocejna\AppData\Roaming\Malwarebytes</div> <div>2012-06-25 16:10 . 2012-06-25 16:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div> <div>2012-06-25 16:10 . 2012-06-25 16:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div> <div>2012-06-25 16:10 . 2012-04-04 13:56<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-06-25 13:28 . 2012-06-25 13:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Odkurzacz</div> <div>2012-06-25 13:11 . 2012-06-25 13:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CCleaner</div> <div>2012-06-23 18:21 . 2012-06-23 18:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\VS Revo Group</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2012-07-05 08:08 . 2009-07-14 00:12<span class="Apple-tab-span" style="white-space:pre"> </span>9728<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\winhlp32.exe</div> <div>2012-07-05 08:08 . 2009-07-14 00:14<span class="Apple-tab-span" style="white-space:pre"> </span>31232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\twunk_32.exe</div> <div>2012-07-05 08:04 . 2009-07-13 23:17<span class="Apple-tab-span" style="white-space:pre"> </span>398336<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\regedit.exe</div> <div>2012-07-05 08:04 . 2010-10-28 17:23<span class="Apple-tab-span" style="white-space:pre"> </span>305152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\IsUninst.exe</div> <div>2012-07-05 08:04 . 2002-09-17 23:45<span class="Apple-tab-span" style="white-space:pre"> </span>119808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\lsb_un20.exe</div> <div>2012-07-05 08:03 . 2009-07-14 00:12<span class="Apple-tab-span" style="white-space:pre"> </span>497152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\HelpPane.exe</div> <div>2012-07-05 08:03 . 2009-07-14 00:12<span class="Apple-tab-span" style="white-space:pre"> </span>15360<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\hh.exe</div> <div>2012-07-05 08:03 . 2009-07-13 23:12<span class="Apple-tab-span" style="white-space:pre"> </span>13824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\fveupdate.exe</div> <div>2012-07-05 08:03 . 2009-07-13 23:13<span class="Apple-tab-span" style="white-space:pre"> </span>65024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\bfsvc.exe</div> <div>2012-07-04 13:45 . 2009-07-13 23:41<span class="Apple-tab-span" style="white-space:pre"> </span>2640896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\explorer.exe</div> <div>2012-07-04 13:35 . 2009-07-13 23:31<span class="Apple-tab-span" style="white-space:pre"> </span>146432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wbem\WmiApSrv.exe</div> <div>2012-07-04 13:23 . 2007-01-12 03:22<span class="Apple-tab-span" style="white-space:pre"> </span>53248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\SCTray.exe</div> <div>2012-07-04 13:20 . 2009-07-13 23:51<span class="Apple-tab-span" style="white-space:pre"> </span>51712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\xwizard.exe</div> <div>2012-07-04 13:20 . 2009-07-14 00:24<span class="Apple-tab-span" style="white-space:pre"> </span>3415552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\xpsrchvw.exe</div> <div>2012-07-04 13:20 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>47104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\xcopy.exe</div> <div>2012-07-04 13:19 . 2009-07-13 23:22<span class="Apple-tab-span" style="white-space:pre"> </span>325120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wusa.exe</div> <div>2012-07-04 13:19 . 2009-07-13 23:50<span class="Apple-tab-span" style="white-space:pre"> </span>205824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFHost.exe</div> <div>2012-07-04 13:19 . 2009-07-14 00:14<span class="Apple-tab-span" style="white-space:pre"> </span>57344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuauclt.exe</div> <div>2012-07-04 13:18 . 2009-07-14 00:14<span class="Apple-tab-span" style="white-space:pre"> </span>44032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapp.exe</div> <div>2012-07-04 13:18 . 2009-07-13 23:27<span class="Apple-tab-span" style="white-space:pre"> </span>265216<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wsqmcons.exe</div> <div>2012-07-04 13:18 . 2009-07-13 23:31<span class="Apple-tab-span" style="white-space:pre"> </span>22528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wsmprovhost.exe</div> <div>2012-07-04 13:18 . 2009-07-13 23:31<span class="Apple-tab-span" style="white-space:pre"> </span>208384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WSManHTTPConfig.exe</div> <div>2012-07-04 13:17 . 2009-07-13 23:42<span class="Apple-tab-span" style="white-space:pre"> </span>152064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wscript.exe</div> <div>2012-07-04 13:17 . 2009-07-13 23:41<span class="Apple-tab-span" style="white-space:pre"> </span>19456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\write.exe</div> <div>2012-07-04 13:17 . 2009-07-13 23:41<span class="Apple-tab-span" style="white-space:pre"> </span>19456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\write.exe</div> <div>2012-07-04 13:17 . 2009-07-14 00:18<span class="Apple-tab-span" style="white-space:pre"> </span>49664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wpnpinst.exe</div> <div>2012-07-04 13:17 . 2009-07-14 00:07<span class="Apple-tab-span" style="white-space:pre"> </span>40448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WPDShextAutoplay.exe</div> <div>2012-07-04 13:16 . 2009-07-13 23:36<span class="Apple-tab-span" style="white-space:pre"> </span>50688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wlrmdr.exe</div> <div>2012-07-04 13:16 . 2009-07-13 23:51<span class="Apple-tab-span" style="white-space:pre"> </span>87552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wlanext.exe</div> <div>2012-07-04 13:16 . 2009-07-14 00:01<span class="Apple-tab-span" style="white-space:pre"> </span>233472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wksprt.exe</div> <div>2012-07-04 13:15 . 2009-07-13 23:47<span class="Apple-tab-span" style="white-space:pre"> </span>344576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wisptis.exe</div> <div>2012-07-04 13:15 . 2009-07-13 23:41<span class="Apple-tab-span" style="white-space:pre"> </span>90112<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\winver.exe</div> <div>2012-07-04 13:15 . 2009-07-13 23:23<span class="Apple-tab-span" style="white-space:pre"> </span>3377664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WinSAT.exe</div> <div>2012-07-04 13:15 . 2009-07-13 23:31<span class="Apple-tab-span" style="white-space:pre"> </span>30720<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\winrshost.exe</div> <div>2012-07-04 13:14 . 2009-07-13 23:31<span class="Apple-tab-span" style="white-space:pre"> </span>50176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\winrs.exe</div> <div>2012-07-04 13:14 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>387072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAnytimeUpgradeui.exe</div> <div>2012-07-04 13:14 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>303104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAnytimeUpgradeResults.exe</div> <div>2012-07-04 13:13 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>267264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAnytimeUpgrade.exe</div> <div>2012-07-04 13:13 . 2009-07-13 23:18<span class="Apple-tab-span" style="white-space:pre"> </span>337920<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wimserv.exe</div> <div>2012-07-04 13:13 . 2009-07-14 00:15<span class="Apple-tab-span" style="white-space:pre"> </span>98816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wiaacmgr.exe</div> <div>2012-07-04 13:13 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>53248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\whoami.exe</div> <div>2012-07-04 13:12 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>45568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\where.exe</div> <div>2012-07-04 13:12 . 2009-07-14 00:15<span class="Apple-tab-span" style="white-space:pre"> </span>812544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WFS.exe</div> <div>2012-07-04 13:12 . 2011-07-31 15:58<span class="Apple-tab-span" style="white-space:pre"> </span>162304<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wextract.exe</div> <div>2012-07-04 13:12 . 2009-07-13 23:30<span class="Apple-tab-span" style="white-space:pre"> </span>185856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wevtutil.exe</div> <div>2012-07-04 13:11 . 2009-07-13 23:27<span class="Apple-tab-span" style="white-space:pre"> </span>64000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wermgr.exe</div> <div>2012-07-04 13:11 . 2009-07-13 23:27<span class="Apple-tab-span" style="white-space:pre"> </span>38912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WerFaultSecure.exe</div> <div>2012-07-04 13:11 . 2009-07-13 23:27<span class="Apple-tab-span" style="white-space:pre"> </span>370688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WerFault.exe</div> <div>2012-07-04 13:11 . 2009-07-13 23:30<span class="Apple-tab-span" style="white-space:pre"> </span>90624<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wecutil.exe</div> <div>2012-07-04 13:10 . 2009-07-13 23:23<span class="Apple-tab-span" style="white-space:pre"> </span>1212928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wbengine.exe</div> <div>2012-07-04 13:10 . 2009-07-13 23:23<span class="Apple-tab-span" style="white-space:pre"> </span>235008<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wbadmin.exe</div> <div>2012-07-04 13:10 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>44544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\waitfor.exe</div> <div>2012-07-04 13:10 . 2009-07-13 23:33<span class="Apple-tab-span" style="white-space:pre"> </span>75776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\w32tm.exe</div> <div>2012-07-04 13:09 . 2009-07-13 23:24<span class="Apple-tab-span" style="white-space:pre"> </span>1035776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\VSSVC.exe</div> <div>2012-07-04 13:09 . 2009-07-13 23:23<span class="Apple-tab-span" style="white-space:pre"> </span>125440<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\vssadmin.exe</div> <div>2012-07-04 13:09 . 2009-07-13 23:59<span class="Apple-tab-span" style="white-space:pre"> </span>113664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\verifier.exe</div> <div>2012-07-04 13:08 . 2009-07-13 23:41<span class="Apple-tab-span" style="white-space:pre"> </span>20992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\verclsid.exe</div> <div>2012-07-04 13:08 . 2009-07-13 23:23<span class="Apple-tab-span" style="white-space:pre"> </span>30208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\vdsldr.exe</div> <div>2012-07-04 13:08 . 2009-07-13 23:24<span class="Apple-tab-span" style="white-space:pre"> </span>462848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\vds.exe</div> <div>2012-07-04 13:08 . 2009-07-13 23:37<span class="Apple-tab-span" style="white-space:pre"> </span>47616<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\VaultSysUi.exe</div> <div>2012-07-04 13:07 . 2009-07-13 23:37<span class="Apple-tab-span" style="white-space:pre"> </span>33280<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\VaultCmd.exe</div> <div>2012-07-04 13:07 . 2009-07-14 00:13<span class="Apple-tab-span" style="white-space:pre"> </span>1407488<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Utilman.exe</div> <div>2012-07-04 13:07 . 2009-07-13 23:34<span class="Apple-tab-span" style="white-space:pre"> </span>36352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\userinit.exe</div> <div>2012-07-04 13:07 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>202752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\UserAccountControlSettings.exe</div> <div>2012-07-04 13:06 . 2009-07-13 23:55<span class="Apple-tab-span" style="white-space:pre"> </span>33792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\upnpcont.exe</div> <div>2012-07-04 13:06 . 2009-07-14 00:09<span class="Apple-tab-span" style="white-space:pre"> </span>288768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\unregmp2.exe</div> <div>2012-07-04 13:06 . 2009-07-13 23:19<span class="Apple-tab-span" style="white-space:pre"> </span>44032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\unlodctr.exe</div> <div>2012-07-04 13:06 . 2009-07-13 23:36<span class="Apple-tab-span" style="white-space:pre"> </span>46080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\UI0Detect.exe</div> <div>2012-07-04 13:05 . 2009-07-13 23:13<span class="Apple-tab-span" style="white-space:pre"> </span>57344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ucsvc.exe</div> <div>2012-07-04 13:05 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>57856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tzutil.exe</div> <div>2012-07-04 13:05 . 2009-07-13 23:19<span class="Apple-tab-span" style="white-space:pre"> </span>50688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\typeperf.exe</div> <div>2012-07-04 13:05 . 2007-05-03 17:37<span class="Apple-tab-span" style="white-space:pre"> </span>79872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TWUNK_32.EXE</div> <div>2012-07-04 13:04 . 2009-07-14 00:01<span class="Apple-tab-span" style="white-space:pre"> </span>56320<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TSWbPrxy.exe</div> <div>2012-07-04 13:04 . 2009-07-14 00:02<span class="Apple-tab-span" style="white-space:pre"> </span>49152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TSTheme.exe</div> <div>2012-07-04 13:04 . 2009-07-13 23:55<span class="Apple-tab-span" style="white-space:pre"> </span>22528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TRACERT.EXE</div> <div>2012-07-04 13:04 . 2009-07-13 23:20<span class="Apple-tab-span" style="white-space:pre"> </span>374784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tracerpt.exe</div> <div>2012-07-04 13:03 . 2009-07-13 23:12<span class="Apple-tab-span" style="white-space:pre"> </span>104960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TpmInit.exe</div> <div>2012-07-04 13:03 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>37376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\timeout.exe</div> <div>2012-07-04 13:03 . 2009-07-13 23:55<span class="Apple-tab-span" style="white-space:pre"> </span>19456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TCPSVCS.EXE</div> <div>2012-07-04 13:02 . 2009-07-14 00:19<span class="Apple-tab-span" style="white-space:pre"> </span>24064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tcmsetup.exe</div> <div>2012-07-04 13:02 . 2009-07-13 23:20<span class="Apple-tab-span" style="white-space:pre"> </span>237568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\taskmgr.exe</div> <div>2012-07-04 13:02 . 2009-07-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>91136<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tasklist.exe</div> <div>2012-07-04 13:02 . 2009-07-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>88064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\taskkill.exe</div> <div>2012-07-04 13:01 . 2009-07-13 23:30<span class="Apple-tab-span" style="white-space:pre"> </span>200704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\taskeng.exe</div> <div>2012-07-04 13:01 . 2009-07-14 00:19<span class="Apple-tab-span" style="white-space:pre"> </span>21504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TapiUnattend.exe</div> <div>2012-07-04 13:01 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>60928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\takeown.exe</div> <div>2012-07-04 13:01 . 2009-07-13 23:48<span class="Apple-tab-span" style="white-space:pre"> </span>84480<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tabcal.exe</div> <div>2012-07-04 13:00 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>18432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\systray.exe</div> <div>2012-07-04 13:00 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesRemote.exe</div> <div>2012-07-04 13:00 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesProtection.exe</div> <div>2012-07-04 13:00 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesPerformance.exe</div> <div>2012-07-04 12:59 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesHardware.exe</div> <div>2012-07-04 12:59 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesDataExecutionPrevention.exe</div> <div>2012-07-04 12:59 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesComputerName.exe</div> <div>2012-07-04 12:59 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesAdvanced.exe</div> <div>2012-07-04 12:58 . 2009-07-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>86016<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\systeminfo.exe</div> <div>2012-07-04 12:58 . 2009-07-13 23:34<span class="Apple-tab-span" style="white-space:pre"> </span>38912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\syskey.exe</div> <div>2012-07-04 12:58 . 2009-07-14 00:07<span class="Apple-tab-span" style="white-space:pre"> </span>49152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SyncHost.exe</div> <div>2012-07-04 12:58 . 2009-07-13 23:16<span class="Apple-tab-span" style="white-space:pre"> </span>37376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\sxstrace.exe</div> <div>2012-07-04 12:57 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>24064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\subst.exe</div> <div>.</div> <div>.</div> <div>------- Sigcheck -------</div> <div>Note: Unsigned files aren't necessarily malware.</div> <div>.</div> <div>[-] 2012-07-04 . C5B680360D2FE1E6F95E5E174B6952AC . 57344 . . [7.3.7600.16385] . . c:\windows\System32\wuauclt.exe</div> <div>[-] 2012-07-04 . C5B680360D2FE1E6F95E5E174B6952AC . 57344 . . [7.3.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_3086c9dad36a69b3\wuauclt.exe</div> <div>.</div> <div>[-] 2012-07-04 . 2C4A04F442180F3E7944A5FAB1C0D6CF . 36352 . . [6.1.7600.16385] . . c:\windows\System32\userinit.exe</div> <div>[-] 2012-07-04 . 2C4A04F442180F3E7944A5FAB1C0D6CF . 36352 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe</div> <div>.</div> <div>[-] 2012-07-04 . 669D409F09B06C32EC911942EC69457D . 2640896 . . [6.1.7600.16385] . . c:\windows\explorer.exe</div> <div>[-] 2012-07-04 . 669D409F09B06C32EC911942EC69457D . 2640896 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe</div> <div>.</div> <div>[-] 2012-07-05 . 73EA7E31DC2BAF85532AF3E911B0EACA . 398336 . . [6.1.7600.16385] . . c:\windows\regedit.exe</div> <div>[-] 2012-07-05 . 73EA7E31DC2BAF85532AF3E911B0EACA . 398336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe</div> <div>.</div> <div>[-] 2012-07-04 . 49D2DDAA81AEEE683A4C39A893C4A83D . 36352 . . [6.1.7600.16385] . . c:\windows\System32\ctfmon.exe</div> <div>[-] 2012-07-04 . 49D2DDAA81AEEE683A4C39A893C4A83D . 36352 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]</div> <div>"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]</div> <div>"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-07-04 1503232]</div> <div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]</div> <div>"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2012-07-04 188416]</div> <div>"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"ConsentPromptBehaviorAdmin"= 0 (0x0)</div> <div>"ConsentPromptBehaviorUser"= 3 (0x3)</div> <div>"EnableLUA"= 0 (0x0)</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>"PromptOnSecureDesktop"= 0 (0x0)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]</div> <div>"Userinit"="c:\windows\explorer.exe,"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]</div> <div>"midi5"=KORGUMDD.DRV</div> <div>"aux7"=wdmaud.drv</div> <div>.</div> <div>[HKLM\~\startupfolder\C:^Users^Gocejna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]</div> <div>path=c:\users\Gocejna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk</div> <div>backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup</div> <div>backupExtension=.Startup</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]</div> <div>2012-01-03 07:37<span class="Apple-tab-span" style="white-space:pre"> </span>843712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]</div> <div>2011-06-08 04:02<span class="Apple-tab-span" style="white-space:pre"> </span>37296<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]</div> <div>2011-07-04 17:45<span class="Apple-tab-span" style="white-space:pre"> </span>13374048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Gadu-Gadu 10\gg.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]</div> <div>2010-10-08 13:25<span class="Apple-tab-span" style="white-space:pre"> </span>136176<span class="Apple-tab-span" style="white-space:pre"> </span>----atw-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]</div> <div>2007-05-08 15:24<span class="Apple-tab-span" style="white-space:pre"> </span>54840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\HP\HP Software Update\hpwuSchd2.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]</div> <div>2011-08-01 03:32<span class="Apple-tab-span" style="white-space:pre"> </span>958352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Samsung\Kies\KiesHelper.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]</div> <div>2011-08-01 03:32<span class="Apple-tab-span" style="white-space:pre"> </span>20880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]</div> <div>2011-08-01 03:32<span class="Apple-tab-span" style="white-space:pre"> </span>3507088<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Samsung\Kies\KiesTrayAgent.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KORG USB-MIDI Driver]</div> <div>2011-03-29 23:05<span class="Apple-tab-span" style="white-space:pre"> </span>393616<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\KORG\KORG USB-MIDI Driver\EsHelper2.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]</div> <div>2011-12-12 04:33<span class="Apple-tab-span" style="white-space:pre"> </span>1760328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ManyCam\Bin\ManyCam.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]</div> <div>2012-07-05 07:56<span class="Apple-tab-span" style="white-space:pre"> </span>421888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\QuickTime\QTTask.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]</div> <div>2012-05-17 15:16<span class="Apple-tab-span" style="white-space:pre"> </span>296056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Real\RealPlayer\Update\realsched.exe</div> <div>.</div> <div>R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]</div> <div>R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]</div> <div>R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]</div> <div>R3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);c:\windows\system32\drivers\ipmidi.sys [x]</div> <div>R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUMDS.SYS [x]</div> <div>R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x]</div> <div>R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]</div> <div>R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]</div> <div>R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]</div> <div>R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]</div> <div>R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]</div> <div>S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]</div> <div>S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]</div> <div>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]</div> <div>S2 MSSQL$IC_SKLEP;SQL Server (IC_SKLEP);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]</div> <div>S3 adatadrv;Autodata Protection Service;c:\windows\system32\DRIVERS\adatadrv.sys [x]</div> <div>S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]</div> <div>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]</div> <div>S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]</div> <div>S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]</div> <div>S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div> <div>nosGetPlusHelper<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>nosGetPlusHelper</div> <div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div> <div>HPService<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>HPSLPSVC</div> <div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div> <div>.</div> <div>Zawartość folderu 'Zaplanowane zadania'</div> <div>.</div> <div>2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3475593946-788457680-2885981346-1000Core.job</div> <div>- c:\users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 13:25]</div> <div>.</div> <div>2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3475593946-788457680-2885981346-1000UA.job</div> <div>- c:\users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 13:25]</div> <div>.</div> <div>.</div> <div>------- Skan uzupełniający -------</div> <div>.</div> <div>uStart Page = hxxp://www.google.pl/</div> <div>IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</div> <div>TCP: DhcpNameServer = 192.168.1.1</div> <div>.</div> <div>- - - - USUNIĘTO PUSTE WPISY - - - -</div> <div>.</div> <div>HKU-Default-Run-tcpudp - c:\windows\VRTBD85.tmp</div> <div>MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe</div> <div>MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe</div> <div>MSConfigStartUp-NotebookHardwareControl - c:\program files\Notebook Hardware Control\nhc.exe</div> <div>MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe</div> <div>AddRemove-EPC32.EXE - G:\SETUP.EXE</div> <div>AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe</div> <div>AddRemove-Microsoft .NET Framework 4 Client Profile PLK Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe</div> <div>AddRemove-Microsoft .NET Framework 4 Extended - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe</div> <div>AddRemove-Microsoft .NET Framework 4 Extended PLK Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe</div> <div>AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Gocejna\AppData\Local\unins000.exe</div> <div>AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe</div> <div>AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe</div> <div>AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe</div> <div>AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe</div> <div>AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe</div> <div>AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe</div> <div>AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe</div> <div>AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe</div> <div>AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe</div> <div>AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe</div> <div>AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe</div> <div>AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe</div> <div>AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe</div> <div>AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe</div> <div>AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe</div> <div>AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe</div> <div>AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe</div> <div>AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe</div> <div>AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe</div> <div>AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe</div> <div>.</div> <div>.</div> <div>.</div> <div>--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</div> <div>@Denied: (Full) (Everyone)</div> <div>.</div> <div>Czas ukończenia: 2012-07-05 11:52:06</div> <div>ComboFix-quarantined-files.txt 2012-07-05 09:52</div> <div>.</div> <div>Przed: 49 884 401 664 bajtów wolnych</div> <div>Po: 49 794 256 896 bajtów wolnych</div> <div>.</div> <div>- - End Of File - - C6E199333AEDF926CAB4B6BE480D2EE8</div> <div>[/log]</div> EDIT: Cos sie dzieje z forum? Ze tak mi post napisalo? Log raz jeszcze (ten sam) [log]ComboFix 12-07-05.02 - Gocejna 2012-07-05 11:43:32.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.3327.2424 [GMT 2:00] Uruchomiony z: c:\users\Gocejna\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Poprzednie uruchomienie ------- . c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\chrome.manifest c:\program files\RelevantKnowledge\install.rdf c:\program files\RelevantKnowledge\nscf.dat c:\program files\RelevantKnowledge\rloci.bin c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk c:\users\Gocejna\AppData\Local\unins000.exe c:\users\Gocejna\Documents\explorer c:\users\Gocejna\Documents\explorer\id_111102220459884_111102220459114.upf c:\windows\IsUn0415.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\muzapp.exe c:\windows\system32\nwcwks.dll c:\windows\VRTBD85.tmp . -- Poprzednie uruchomienie -- . c:\windows\system32\userinit.exe . . . jest zainfekowany!! . c:\windows\system32\userinit.exe . . . jest zainfekowany!! . c:\windows\explorer.exe . . . jest zainfekowany!! . -------- . c:\windows\system32\userinit.exe . . . jest zainfekowany!! . c:\windows\explorer.exe . . . jest zainfekowany!! . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NWCWorkstation . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-05 do 2012-07-05 ))))))))))))))))))))))))))))))) . . 2012-07-05 09:49 . 2012-07-05 09:49 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-05 09:49 . 2012-07-05 09:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-05 09:34 . 2012-07-05 09:49 -------- d-----w- c:\users\Gocejna\AppData\Local\temp 2012-07-04 11:34 . 2012-07-04 11:34 -------- d-----w- c:\users\Gocejna\DoctorWeb 2012-07-04 11:02 . 2012-07-04 11:04 -------- d-----w- C:\rsit 2012-07-04 10:27 . 2012-07-04 10:28 -------- d-----w- c:\users\Gocejna\AppData\Local\Google 2012-06-25 16:31 . 2012-06-25 16:31 -------- d-----w- c:\users\Gocejna\AppData\Local\ElevatedDiagnostics 2012-06-25 16:11 . 2012-06-25 16:11 -------- d-----w- c:\program files\ESET 2012-06-25 16:10 . 2012-06-25 16:10 -------- d-----w- c:\users\Gocejna\AppData\Roaming\Malwarebytes 2012-06-25 16:10 . 2012-06-25 16:10 -------- d-----w- c:\programdata\Malwarebytes 2012-06-25 16:10 . 2012-06-25 16:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-25 16:10 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-25 13:28 . 2012-06-25 13:28 -------- d-----w- c:\program files\Odkurzacz 2012-06-25 13:11 . 2012-06-25 13:11 -------- d-----w- c:\program files\CCleaner 2012-06-23 18:21 . 2012-06-23 18:21 -------- d-----w- c:\program files\VS Revo Group . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-05 08:08 . 2009-07-14 00:12 9728 ----a-w- c:\windows\winhlp32.exe 2012-07-05 08:08 . 2009-07-14 00:14 31232 ----a-w- c:\windows\twunk_32.exe 2012-07-05 08:04 . 2009-07-13 23:17 398336 ------w- c:\windows\regedit.exe 2012-07-05 08:04 . 2010-10-28 17:23 305152 ----a-w- c:\windows\IsUninst.exe 2012-07-05 08:04 . 2002-09-17 23:45 119808 ----a-w- c:\windows\lsb_un20.exe 2012-07-05 08:03 . 2009-07-14 00:12 497152 ----a-w- c:\windows\HelpPane.exe 2012-07-05 08:03 . 2009-07-14 00:12 15360 ----a-w- c:\windows\hh.exe 2012-07-05 08:03 . 2009-07-13 23:12 13824 ----a-w- c:\windows\fveupdate.exe 2012-07-05 08:03 . 2009-07-13 23:13 65024 ----a-w- c:\windows\bfsvc.exe 2012-07-04 13:45 . 2009-07-13 23:41 2640896 ----a-w- c:\windows\explorer.exe 2012-07-04 13:35 . 2009-07-13 23:31 146432 ----a-w- c:\windows\system32\wbem\WmiApSrv.exe 2012-07-04 13:23 . 2007-01-12 03:22 53248 ----a-w- c:\windows\system32\drivers\SCTray.exe 2012-07-04 13:20 . 2009-07-13 23:51 51712 ----a-w- c:\windows\system32\xwizard.exe 2012-07-04 13:20 . 2009-07-14 00:24 3415552 ----a-w- c:\windows\system32\xpsrchvw.exe 2012-07-04 13:20 . 2009-07-13 23:15 47104 ----a-w- c:\windows\system32\xcopy.exe 2012-07-04 13:19 . 2009-07-13 23:22 325120 ----a-w- c:\windows\system32\wusa.exe 2012-07-04 13:19 . 2009-07-13 23:50 205824 ----a-w- c:\windows\system32\WUDFHost.exe 2012-07-04 13:19 . 2009-07-14 00:14 57344 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-04 13:18 . 2009-07-14 00:14 44032 ----a-w- c:\windows\system32\wuapp.exe 2012-07-04 13:18 . 2009-07-13 23:27 265216 ----a-w- c:\windows\system32\wsqmcons.exe 2012-07-04 13:18 . 2009-07-13 23:31 22528 ----a-w- c:\windows\system32\wsmprovhost.exe 2012-07-04 13:18 . 2009-07-13 23:31 208384 ----a-w- c:\windows\system32\WSManHTTPConfig.exe 2012-07-04 13:17 . 2009-07-13 23:42 152064 ----a-w- c:\windows\system32\wscript.exe 2012-07-04 13:17 . 2009-07-13 23:41 19456 ----a-w- c:\windows\write.exe 2012-07-04 13:17 . 2009-07-13 23:41 19456 ----a-w- c:\windows\system32\write.exe 2012-07-04 13:17 . 2009-07-14 00:18 49664 ----a-w- c:\windows\system32\wpnpinst.exe 2012-07-04 13:17 . 2009-07-14 00:07 40448 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2012-07-04 13:16 . 2009-07-13 23:36 50688 ----a-w- c:\windows\system32\wlrmdr.exe 2012-07-04 13:16 . 2009-07-13 23:51 87552 ----a-w- c:\windows\system32\wlanext.exe 2012-07-04 13:16 . 2009-07-14 00:01 233472 ----a-w- c:\windows\system32\wksprt.exe 2012-07-04 13:15 . 2009-07-13 23:47 344576 ----a-w- c:\windows\system32\wisptis.exe 2012-07-04 13:15 . 2009-07-13 23:41 90112 ----a-w- c:\windows\system32\winver.exe 2012-07-04 13:15 . 2009-07-13 23:23 3377664 ----a-w- c:\windows\system32\WinSAT.exe 2012-07-04 13:15 . 2009-07-13 23:31 30720 ----a-w- c:\windows\system32\winrshost.exe 2012-07-04 13:14 . 2009-07-13 23:31 50176 ----a-w- c:\windows\system32\winrs.exe 2012-07-04 13:14 . 2009-07-13 23:40 387072 ----a-w- c:\windows\system32\WindowsAnytimeUpgradeui.exe 2012-07-04 13:14 . 2009-07-13 23:40 303104 ----a-w- c:\windows\system32\WindowsAnytimeUpgradeResults.exe 2012-07-04 13:13 . 2009-07-13 23:40 267264 ----a-w- c:\windows\system32\WindowsAnytimeUpgrade.exe 2012-07-04 13:13 . 2009-07-13 23:18 337920 ----a-w- c:\windows\system32\wimserv.exe 2012-07-04 13:13 . 2009-07-14 00:15 98816 ----a-w- c:\windows\system32\wiaacmgr.exe 2012-07-04 13:13 . 2009-07-13 23:15 53248 ----a-w- c:\windows\system32\whoami.exe 2012-07-04 13:12 . 2009-07-13 23:15 45568 ----a-w- c:\windows\system32\where.exe 2012-07-04 13:12 . 2009-07-14 00:15 812544 ----a-w- c:\windows\system32\WFS.exe 2012-07-04 13:12 . 2011-07-31 15:58 162304 ----a-w- c:\windows\system32\wextract.exe 2012-07-04 13:12 . 2009-07-13 23:30 185856 ----a-w- c:\windows\system32\wevtutil.exe 2012-07-04 13:11 . 2009-07-13 23:27 64000 ----a-w- c:\windows\system32\wermgr.exe 2012-07-04 13:11 . 2009-07-13 23:27 38912 ----a-w- c:\windows\system32\WerFaultSecure.exe 2012-07-04 13:11 . 2009-07-13 23:27 370688 ----a-w- c:\windows\system32\WerFault.exe 2012-07-04 13:11 . 2009-07-13 23:30 90624 ----a-w- c:\windows\system32\wecutil.exe 2012-07-04 13:10 . 2009-07-13 23:23 1212928 ----a-w- c:\windows\system32\wbengine.exe 2012-07-04 13:10 . 2009-07-13 23:23 235008 ----a-w- c:\windows\system32\wbadmin.exe 2012-07-04 13:10 . 2009-07-13 23:15 44544 ----a-w- c:\windows\system32\waitfor.exe 2012-07-04 13:10 . 2009-07-13 23:33 75776 ----a-w- c:\windows\system32\w32tm.exe 2012-07-04 13:09 . 2009-07-13 23:24 1035776 ----a-w- c:\windows\system32\VSSVC.exe 2012-07-04 13:09 . 2009-07-13 23:23 125440 ----a-w- c:\windows\system32\vssadmin.exe 2012-07-04 13:09 . 2009-07-13 23:59 113664 ----a-w- c:\windows\system32\verifier.exe 2012-07-04 13:08 . 2009-07-13 23:41 20992 ----a-w- c:\windows\system32\verclsid.exe 2012-07-04 13:08 . 2009-07-13 23:23 30208 ----a-w- c:\windows\system32\vdsldr.exe 2012-07-04 13:08 . 2009-07-13 23:24 462848 ----a-w- c:\windows\system32\vds.exe 2012-07-04 13:08 . 2009-07-13 23:37 47616 ----a-w- c:\windows\system32\VaultSysUi.exe 2012-07-04 13:07 . 2009-07-13 23:37 33280 ----a-w- c:\windows\system32\VaultCmd.exe 2012-07-04 13:07 . 2009-07-14 00:13 1407488 ----a-w- c:\windows\system32\Utilman.exe 2012-07-04 13:07 . 2009-07-13 23:34 36352 ----a-w- c:\windows\system32\userinit.exe 2012-07-04 13:07 . 2009-07-13 23:40 202752 ----a-w- c:\windows\system32\UserAccountControlSettings.exe 2012-07-04 13:06 . 2009-07-13 23:55 33792 ----a-w- c:\windows\system32\upnpcont.exe 2012-07-04 13:06 . 2009-07-14 00:09 288768 ----a-w- c:\windows\system32\unregmp2.exe 2012-07-04 13:06 . 2009-07-13 23:19 44032 ----a-w- c:\windows\system32\unlodctr.exe 2012-07-04 13:06 . 2009-07-13 23:36 46080 ----a-w- c:\windows\system32\UI0Detect.exe 2012-07-04 13:05 . 2009-07-13 23:13 57344 ----a-w- c:\windows\system32\ucsvc.exe 2012-07-04 13:05 . 2009-07-13 23:15 57856 ----a-w- c:\windows\system32\tzutil.exe 2012-07-04 13:05 . 2009-07-13 23:19 50688 ----a-w- c:\windows\system32\typeperf.exe 2012-07-04 13:05 . 2007-05-03 17:37 79872 ----a-w- c:\windows\system32\TWUNK_32.EXE 2012-07-04 13:04 . 2009-07-14 00:01 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe 2012-07-04 13:04 . 2009-07-14 00:02 49152 ----a-w- c:\windows\system32\TSTheme.exe 2012-07-04 13:04 . 2009-07-13 23:55 22528 ----a-w- c:\windows\system32\TRACERT.EXE 2012-07-04 13:04 . 2009-07-13 23:20 374784 ----a-w- c:\windows\system32\tracerpt.exe 2012-07-04 13:03 . 2009-07-13 23:12 104960 ----a-w- c:\windows\system32\TpmInit.exe 2012-07-04 13:03 . 2009-07-13 23:15 37376 ----a-w- c:\windows\system32\timeout.exe 2012-07-04 13:03 . 2009-07-13 23:55 19456 ----a-w- c:\windows\system32\TCPSVCS.EXE 2012-07-04 13:02 . 2009-07-14 00:19 24064 ----a-w- c:\windows\system32\tcmsetup.exe 2012-07-04 13:02 . 2009-07-13 23:20 237568 ----a-w- c:\windows\system32\taskmgr.exe 2012-07-04 13:02 . 2009-07-13 23:57 91136 ----a-w- c:\windows\system32\tasklist.exe 2012-07-04 13:02 . 2009-07-13 23:57 88064 ----a-w- c:\windows\system32\taskkill.exe 2012-07-04 13:01 . 2009-07-13 23:30 200704 ----a-w- c:\windows\system32\taskeng.exe 2012-07-04 13:01 . 2009-07-14 00:19 21504 ----a-w- c:\windows\system32\TapiUnattend.exe 2012-07-04 13:01 . 2009-07-13 23:15 60928 ----a-w- c:\windows\system32\takeown.exe 2012-07-04 13:01 . 2009-07-13 23:48 84480 ----a-w- c:\windows\system32\tabcal.exe 2012-07-04 13:00 . 2009-07-13 23:40 18432 ----a-w- c:\windows\system32\systray.exe 2012-07-04 13:00 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesRemote.exe 2012-07-04 13:00 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesProtection.exe 2012-07-04 13:00 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesPerformance.exe 2012-07-04 12:59 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesHardware.exe 2012-07-04 12:59 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesDataExecutionPrevention.exe 2012-07-04 12:59 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesComputerName.exe 2012-07-04 12:59 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesAdvanced.exe 2012-07-04 12:58 . 2009-07-13 23:57 86016 ----a-w- c:\windows\system32\systeminfo.exe 2012-07-04 12:58 . 2009-07-13 23:34 38912 ----a-w- c:\windows\system32\syskey.exe 2012-07-04 12:58 . 2009-07-14 00:07 49152 ----a-w- c:\windows\system32\SyncHost.exe 2012-07-04 12:58 . 2009-07-13 23:16 37376 ----a-w- c:\windows\system32\sxstrace.exe 2012-07-04 12:57 . 2009-07-13 23:15 24064 ----a-w- c:\windows\system32\subst.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2012-07-04 . C5B680360D2FE1E6F95E5E174B6952AC . 57344 . . [7.3.7600.16385] . . c:\windows\System32\wuauclt.exe [-] 2012-07-04 . C5B680360D2FE1E6F95E5E174B6952AC . 57344 . . [7.3.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_3086c9dad36a69b3\wuauclt.exe . [-] 2012-07-04 . 2C4A04F442180F3E7944A5FAB1C0D6CF . 36352 . . [6.1.7600.16385] . . c:\windows\System32\userinit.exe [-] 2012-07-04 . 2C4A04F442180F3E7944A5FAB1C0D6CF . 36352 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe . [-] 2012-07-04 . 669D409F09B06C32EC911942EC69457D . 2640896 . . [6.1.7600.16385] . . c:\windows\explorer.exe [-] 2012-07-04 . 669D409F09B06C32EC911942EC69457D . 2640896 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe . [-] 2012-07-05 . 73EA7E31DC2BAF85532AF3E911B0EACA . 398336 . . [6.1.7600.16385] . . c:\windows\regedit.exe [-] 2012-07-05 . 73EA7E31DC2BAF85532AF3E911B0EACA . 398336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe . [-] 2012-07-04 . 49D2DDAA81AEEE683A4C39A893C4A83D . 36352 . . [6.1.7600.16385] . . c:\windows\System32\ctfmon.exe [-] 2012-07-04 . 49D2DDAA81AEEE683A4C39A893C4A83D . 36352 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-07-04 1503232] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2012-07-04 188416] "ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\explorer.exe," . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi5"=KORGUMDD.DRV "aux7"=wdmaud.drv . [HKLM\~\startupfolder\C:^Users^Gocejna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk] path=c:\users\Gocejna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10] 2011-07-04 17:45 13374048 ----a-w- c:\program files\Gadu-Gadu 10\gg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-08 13:25 136176 ----atw- c:\users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper] 2011-08-01 03:32 958352 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] 2011-08-01 03:32 20880 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] 2011-08-01 03:32 3507088 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KORG USB-MIDI Driver] 2011-03-29 23:05 393616 ----a-w- c:\program files\KORG\KORG USB-MIDI Driver\EsHelper2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam] 2011-12-12 04:33 1760328 ----a-w- c:\program files\ManyCam\Bin\ManyCam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-07-05 07:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-05-17 15:16 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x] R3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);c:\windows\system32\drivers\ipmidi.sys [x] R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUMDS.SYS [x] R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 MSSQL$IC_SKLEP;SQL Server (IC_SKLEP);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x] S3 adatadrv;Autodata Protection Service;c:\windows\system32\DRIVERS\adatadrv.sys [x] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3475593946-788457680-2885981346-1000Core.job - c:\users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 13:25] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3475593946-788457680-2885981346-1000UA.job - c:\users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 13:25] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - USUNIĘTO PUSTE WPISY - - - - . HKU-Default-Run-tcpudp - c:\windows\VRTBD85.tmp MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-NotebookHardwareControl - c:\program files\Notebook Hardware Control\nhc.exe MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe AddRemove-EPC32.EXE - G:\SETUP.EXE AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe AddRemove-Microsoft .NET Framework 4 Client Profile PLK Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe AddRemove-Microsoft .NET Framework 4 Extended - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe AddRemove-Microsoft .NET Framework 4 Extended PLK Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Gocejna\AppData\Local\unins000.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-07-05 11:52:06 ComboFix-quarantined-files.txt 2012-07-05 09:52 . Przed: 49 884 401 664 bajtów wolnych Po: 49 794 256 896 bajtów wolnych . - - End Of File - - C6E199333AEDF926CAB4B6BE480D2EE8 [/log]????
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.