x-kom hosting

Problemy z Chrome. Logi do sprawdzenia

kamo502
utworzono
utworzono

Witam

Problemy zaczely sie jakis czas temu.
Zaczelo mi zawieszac komputer, zauwazylem ze chyab tylko wtedy jak uzywam Chrome.

Wyczyscilem rejestr, zrobilem scan on-line, usuenite zbedne oprogramowanie itd.
Zainstalowano na nowo przegladarke.

Bylo dobrze.

Do dzis.
Chrome sie odpala ale nie laduje stron. (Bialy ekran)

Prosze o sprawdzenie logow i ewentualna pomoc.

OTL
(Zawiesil sie na Manual File Scan Gettin Folder Structure, uruchomilem jeszcze raz)
Narazie czekam na log. Jak sie pojawi dorzuce :)

RSIT
(Tez sie zatrzymal na 'Listing Event Logs" ale poszedl)
[log]
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gocejna at 2012-07-04 13:02:53
Microsoft Windows 7 Home Premium
System drive C: has 48 GB (60%) free of 79 GB
Total RAM: 3327 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:03:47, on 2012-07-04
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\TEMP\VRT59C.tmp
C:\Windows\system32\config\systemprofile\AppData\Roaming\tonysba.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Gocejna\Downloads\OTL.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Gocejna\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Gocejna.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl/"]http://www.google.pl/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [url="file://C:/Users/Gocejna/AppData/Local/Google/Chrome/User%20Data/Default/Extensions/caehdcpeofiiigpdhbabniblemipncjj/SwitchyAuto.pac?1330439778483"]file://C:/Users/Gocejna/AppData/Local/Google/Chrome/User%20Data/Default/Extensions/caehdcpeofiiigpdhbabniblemipncjj/SwitchyAuto.pac?1330439778483[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [Audio Driver] C:\Windows\system32\config\systemprofile\AppData\Roaming\audiomgr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [tnssb] C:\Windows\system32\config\systemprofile\AppData\Roaming\tonysba.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [tcpudp] C:\Windows\VRT59C.tmp (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Audio Driver] C:\Windows\system32\config\systemprofile\AppData\Roaming\audiomgr.exe (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 8063 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3475593946-788457680-2885981346-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3475593946-788457680-2885981346-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-17 425680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-06-19 4014280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-07-13 1503232]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2009-04-20 188416]
"ATKOSD2"=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]
C:\Program Files\Gadu-Gadu 10\gg.exe [2011-07-04 13374048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
C:\Program Files\Samsung\Kies\KiesHelper.exe [2011-08-01 958352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-08-01 20880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2011-08-01 3507088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KORG USB-MIDI Driver]
C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe [2011-03-30 393616]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
C:\Program Files\ManyCam\Bin\ManyCam.exe [2011-12-12 1760328]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
C:\Program Files\Notebook Hardware Control\nhc.exe -quiet []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-05-17 296056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gocejna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-07-31 203776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\Windows\system32\wininit.exe"="C:\Windows\system32\wininit.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"midi5"=KORGUMDD.DRV
"wave7"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux5"=wdmaud.drv
"wave8"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux7"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2012-07-04 13:02:53 ----D---- C:\rsit
2012-07-04 12:21:32 ----AH---- C:\Windows\VRT59C.tmp
2012-07-04 11:07:10 ----SD---- C:\32788R22FWJFW
2012-07-04 11:03:07 ----D---- C:\Qoobox
2012-06-25 18:11:54 ----D---- C:\Program Files\ESET
2012-06-25 18:10:09 ----D---- C:\Users\Gocejna\AppData\Roaming\Malwarebytes
2012-06-25 18:10:07 ----D---- C:\ProgramData\Malwarebytes
2012-06-25 18:10:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-06-25 18:10:06 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-06-25 18:05:00 ----A---- C:\Windows\ntbtlog.txt
2012-06-25 15:28:32 ----D---- C:\Program Files\Odkurzacz
2012-06-25 15:11:41 ----D---- C:\Program Files\CCleaner
2012-06-25 15:07:46 ----A---- C:\Windows\system32\MRT.exe
2012-06-23 20:21:59 ----D---- C:\Program Files\VS Revo Group
======List of files/folders modified in the last 1 month======
2012-07-04 13:03:53 ----D---- C:\Windows\Temp
2012-07-04 13:02:59 ----D---- C:\Program Files\trend micro
2012-07-04 12:29:07 ----D---- C:\Program Files
2012-07-04 12:21:32 ----D---- C:\Windows
2012-07-04 12:17:01 ----A---- C:\Windows\crocclip.ini
2012-07-04 11:10:28 ----SHD---- C:\System Volume Information
2012-07-04 11:03:08 ----D---- C:\Windows\system32\drivers
2012-07-04 10:53:46 ----D---- C:\Windows\Prefetch
2012-07-04 10:50:35 ----D---- C:\Windows\System32
2012-07-03 11:44:16 ----D---- C:\Users\Gocejna\AppData\Roaming\AIMP3
2012-07-02 10:15:41 ----D---- C:\ADCDA2
2012-07-02 10:07:35 ----D---- C:\Windows\system32\catroot2
2012-06-30 12:07:00 ----D---- C:\Windows\inf
2012-06-30 12:07:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-30 12:05:49 ----D---- C:\Windows\system32\LogFiles
2012-06-29 23:13:39 ----D---- C:\Users\Gocejna\AppData\Roaming\ipla
2012-06-29 18:39:27 ----D---- C:\Users\Gocejna\AppData\Roaming\DAEMON Tools Lite
2012-06-27 17:34:38 ----D---- C:\Windows\system32\config
2012-06-25 18:10:07 ----D---- C:\ProgramData
2012-06-25 15:39:06 ----D---- C:\Users\Gocejna\AppData\Roaming\skypePM
2012-06-25 15:33:06 ----D---- C:\Windows\Downloaded Installations
2012-06-25 15:33:06 ----D---- C:\ProgramData\Skype
2012-06-25 15:33:06 ----D---- C:\Program Files\Common Files
2012-06-25 15:26:12 ----D---- C:\Users\Gocejna\AppData\Roaming\Winamp
2012-06-25 15:26:11 ----D---- C:\Users\Gocejna\AppData\Roaming\Skype
2012-06-25 15:23:40 ----D---- C:\Windows\SoftwareDistribution
2012-06-25 15:22:09 ----D---- C:\Windows\Panther
2012-06-25 15:22:05 ----D---- C:\Windows\Logs
2012-06-25 15:22:05 ----D---- C:\Windows\debug
2012-06-23 20:46:43 ----SHD---- C:\Windows\Installer
2012-06-23 20:41:29 ----D---- C:\BHBACKUP
2012-06-23 20:34:19 ----D---- C:\Program Files\SpeedFan
2012-06-23 20:33:36 ----D---- C:\Windows\system32\catroot
2012-06-23 20:31:20 ----D---- C:\Windows\system32\Tasks
2012-06-23 20:30:43 ----D---- C:\Program Files\Adobe
2012-06-23 20:12:16 ----D---- C:\Windows\Microsoft.NET
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-19 218688]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2008-07-11 92712]
R3 adatadrv;Autodata Protection Service; C:\Windows\system32\DRIVERS\adatadrv.sys [2009-07-01 762112]
R3 athr;Rozszerzony sterownik urządzenia bezprzewodowej sieci LAN Atheros; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-14 4194816]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2011-09-29 21632]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2009-05-13 14392]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
R3 RTL8167;Sterownik Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-06 1766592]
R3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\Windows\system32\DRIVERS\SNTNLUSB.SYS [2008-07-11 37088]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-07-09 1066496]
S2 DS1410D;DS1410D Dongle Driver; \??\C:\Windows\system32\drivers\ds1410d.sys [1997-01-14 6848]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-07-20 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 BthEnum;Usługa wyliczania Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 catchme;catchme; \??\C:\Users\Gocejna\AppData\Local\Temp\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2010-11-16 60552]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2010-11-16 73096]
S3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM); C:\Windows\system32\drivers\ipmidi.sys [2010-04-05 19456]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows; C:\Windows\System32\Drivers\KORGUMDS.SYS [2011-03-30 24056]
S3 LoopBeMidi1;nerds.de LoopBe1 - Internal Midi Port SvcDesc(WDM); C:\Windows\system32\drivers\loopbe1.sys [2008-01-27 10880]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-07-20 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-07-20 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-07-20 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-07-20 114280]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]
S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-08 691696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 MSSQL$IC_SKLEP;SQL Server (IC_SKLEP); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NWCWorkstation;Client Service for NetWare; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-05-03 158856]
S3 aspnet_state;„Usługa stanu ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 258048]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-09-25 682496]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
[/log]

i Info

[log]
info.txt logfile of random's system information tool 1.09 2012-07-04 13:04:33
======Uninstall list======
32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings-->MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings-->MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\678cd98c8365a5647f9a2e539d120a8\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{78EFD06D-7583-42F1-9E77-671D8782EB70}
Adobe Reader 9.4.5 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001}
Adobe Setup-->MsiExec.exe /I{CBF4DADD-974D-49C8-BC83-C6F31554001E}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIMP3-->C:\Program Files\AIMP3\Uninstall.exe
AMD USB Filter Driver-->MsiExec.exe /X{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9}
ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2-->MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bluesoleil2.6.0.8 Release 070517-->MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D}
Bosch Viewer-->C:\PROGRA~1\Bosch\ESITRO~1\MCVIEWER\UNWISE.EXE C:\PROGRA~1\Bosch\ESITRO~1\MCVIEWER\viewer_uninstall.log
BurnAware Free 4.0-->"C:\Program Files\BurnAware Free\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
Crystal Reports for .NET Framework 2.0 (x86)-->MsiExec.exe /I{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
e-Deklaracje Desktop-->msiexec /qb /x {238F53CC-4768-A6A3-1D6B-FCF616C75368}
e-Deklaracje Desktop-->MsiExec.exe /I{238F53CC-4768-A6A3-1D6B-FCF616C75368}
EPC-->G:\SETUP.EXE -funinst -SMS
e-pity 2011 wersja 3.0-->"C:\Program Files\e-file\e-pity2011\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ESI[tronic]-->C:\PROGRA~1\Bosch\ESITRO~1\Setup.exe -u
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6-->C:\Program Files\HP\Digital Imaging\{7F08A772-2816-4F46-84F1-49578502AD28}\setup\hpzscr01.exe -datfile hposcr46.dat -onestop -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Print Projects 1.0-->C:\Program Files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat
HP Smart Web Printing 4.5-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
IC_Katalog-->C:\Program Files\Inter Cars\IC_Katalog\uninstall.exe
ipla 2.3.5-->C:\Program Files\ipla\uninst.exe
IsoBuster 2.8.5-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
K-Lite Codec Pack 6.2.0 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
KORG KONTROL Editor-->MsiExec.exe /I{7824A7EF-4EE7-43CC-B98D-BD4CDB08E042}
KORG USB-MIDI Driver Tools for Windows-->MsiExec.exe /I{B3CB5BA3-3E98-4E85-944E-B03D055F8450}
LG USB Modem Drivers-->MsiExec.exe /X{3E8DE1A6-B365-4FF6-B917-2892A34990E8}
LPD8 Editor-->"C:\Program Files\AkaiPro\LPD8Editor\LPD8 Editor uninstall.exe"
Malwarebytes Anti-Malware wersja 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.6.65 (remove only)-->"C:\Program Files\ManyCam\uninstall.exe"
Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended PLK Language Pack-->MsiExec.exe /X{5C19E2DC-4CCF-3114-B40A-6E565987025F}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE}
Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Outlook Personal Folders Backup-->MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (IC_SKLEP)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mixvibes ASIO UMix44-->C:\Windows\System32\MixvibesASIOUMix44uninstaller.exe
Native Instruments Service Center-->"C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Service Center-->C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe
Native Instruments Traktor-->"C:\ProgramData\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}\Traktor Setup.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor-->C:\ProgramData\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}\Traktor Setup.exe
Odkurzacz-->"C:\Program Files\Odkurzacz\unins000.exe"
PDF Settings-->MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ExtendedLP
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->c:\program files\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Revo Uninstaller 1.94-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Samsung Kies-->"C:\Program Files\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe
ScanMaster-ELM 1.6.0.0-->"C:\Program Files\WGSoft\ScanMaster-ELM\unins000.exe"
Sentinel Protection Installer 7.5.0-->MsiExec.exe /I{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.9-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
USB 2.0 1.3M UVC WebCam-->C:\Windows\Uninstsxga.bat
VIA Platforma Menedżera urządzeń-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows 7 USB/DVD Download Tool-->MsiExec.exe /X{CCF298AF-9CE1-4B26-B251-486E98A34789}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Wtyczka e-Deklaracje-->"C:\Users\Gocejna\AppData\Local\unins000.exe"
======System event log======
Computer Name: Gocejna_
Event Code: 7036
Message: Usługa Usługa Asystent zgodności programów weszła w stan uruchomienia.
Record Number: 380433
Source Name: Service Control Manager
Time Written: 20120408215101.163264-000
Event Type: Informacje
User:
Computer Name: Gocejna_
Event Code: 201
Message: Usługa Asystent zgodności programów została pomyślnie uruchomiona.
Record Number: 380432
Source Name: Microsoft-Windows-Application-Experience
Time Written: 20120408215101.163264-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM
Computer Name: Gocejna_
Event Code: 7036
Message: Usługa Microsoft .NET Framework NGEN v4.0.30319_X86 weszła w stan uruchomienia.
Record Number: 380431
Source Name: Service Control Manager
Time Written: 20120408215002.055872-000
Event Type: Informacje
User:
Computer Name: Gocejna_
Event Code: 7036
Message: Usługa Grupowanie sieci równorzędnej weszła w stan uruchomienia.
Record Number: 380430
Source Name: Service Control Manager
Time Written: 20120408214941.785813-000
Event Type: Informacje
User:
Computer Name: Gocejna_
Event Code: 7036
Message: Usługa Protokół rozpoznawania nazw równorzędnych weszła w stan uruchomienia.
Record Number: 380429
Source Name: Service Control Manager
Time Written: 20120408214941.772812-000
Event Type: Informacje
User:
=====Application event log=====
Computer Name: Gocejna_
Event Code: 1066
Message: Stan zainicjowania obiektów usługi.
C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000
Record Number: 89618
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20111201033500.000000-000
Event Type: Informacje
User:
Computer Name: Gocejna_
Event Code: 1
Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona.
Record Number: 89617
Source Name: SecurityCenter
Time Written: 20111201033500.000000-000
Event Type: Informacje
User:
Computer Name: Gocejna_
Event Code: 900
Message: Usługa ochrony oprogramowania jest uruchamiana.
Record Number: 89616
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20111201033458.000000-000
Event Type: Informacje
User:
Computer Name: Gocejna_
Event Code: 1003
Message: Usługa Windows Search została uruchomiona.
Record Number: 89615
Source Name: Microsoft-Windows-Search
Time Written: 20111201033307.000000-000
Event Type: Informacje
User:
Computer Name: Gocejna_
Event Code: 302
Message: Windows (3100) Windows: Aparat bazy danych pomyślnie ukończył procedurę przywracania.
Record Number: 89614
Source Name: ESENT
Time Written: 20111201033306.000000-000
Event Type: Informacje
User:
=====Security event log=====
Computer Name: Gocejna_
Event Code: 5058
Message: Operacja na pliku klucza.
Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: GOCEJNA_$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7
Parametry funkcji kryptograficznej:
Nazwa dostawcy: Microsoft Software Key Storage Provider
Nazwa algorytmu: Niedostępne.
Nazwa klucza: {9BDE7B4D-DA90-417C-810B-00E8686754CA}
Typ klucza: Klucz komputera.
Informacje dotyczące operacji na pliku klucza:
Ścieżka do pliku: C:\ProgramData\Microsoft\Crypto\Keys\03881496ad77b9b5518697478bdb7aee_6cbd2f70-f604-4d37-a1b6-a1969c4e933d
Operacja: Odczytaj trwały klucz z pliku.
Kod powrotny: 0x0
Record Number: 113739
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120414031200.545364-000
Event Type: Sukcesy inspekcji
User:
Computer Name: Gocejna_
Event Code: 5061
Message: Operacja kryptograficzna.
Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: GOCEJNA_$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7
Parametry funkcji kryptograficznej:
Nazwa dostawcy: Microsoft Software Key Storage Provider
Nazwa algorytmu: RSA
Nazwa klucza: {9BDE7B4D-DA90-417C-810B-00E8686754CA}
Typ klucza: Klucz komputera.
Operacja kryptograficzna:
Operacja: Otwórz klucz.
Kod powrotny: 0x0
Record Number: 113738
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120414031059.857407-000
Event Type: Sukcesy inspekcji
User:
Computer Name: Gocejna_
Event Code: 5058
Message: Operacja na pliku klucza.
Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: GOCEJNA_$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7
Parametry funkcji kryptograficznej:
Nazwa dostawcy: Microsoft Software Key Storage Provider
Nazwa algorytmu: Niedostępne.
Nazwa klucza: {9BDE7B4D-DA90-417C-810B-00E8686754CA}
Typ klucza: Klucz komputera.
Informacje dotyczące operacji na pliku klucza:
Ścieżka do pliku: C:\ProgramData\Microsoft\Crypto\Keys\03881496ad77b9b5518697478bdb7aee_6cbd2f70-f604-4d37-a1b6-a1969c4e933d
Operacja: Odczytaj trwały klucz z pliku.
Kod powrotny: 0x0
Record Number: 113737
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120414031059.732403-000
Event Type: Sukcesy inspekcji
User:
Computer Name: Gocejna_
Event Code: 5061
Message: Operacja kryptograficzna.
Podmiot:
Identyfikator zabezpieczeń: S-1-5-19
Nazwa konta: USŁUGA LOKALNA
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e5
Parametry funkcji kryptograficznej:
Nazwa dostawcy: Microsoft Software Key Storage Provider
Nazwa algorytmu: RSA
Nazwa klucza: 25e7b61a-9316-4b2f-86b1-e7c9638807af
Typ klucza: Klucz komputera.
Operacja kryptograficzna:
Operacja: Otwórz klucz.
Kod powrotny: 0x0
Record Number: 113736
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120414031041.569786-000
Event Type: Sukcesy inspekcji
User:
Computer Name: Gocejna_
Event Code: 5058
Message: Operacja na pliku klucza.
Podmiot:
Identyfikator zabezpieczeń: S-1-5-19
Nazwa konta: USŁUGA LOKALNA
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e5
Parametry funkcji kryptograficznej:
Nazwa dostawcy: Microsoft Software Key Storage Provider
Nazwa algorytmu: Niedostępne.
Nazwa klucza: 25e7b61a-9316-4b2f-86b1-e7c9638807af
Typ klucza: Klucz komputera.
Informacje dotyczące operacji na pliku klucza:
Ścieżka do pliku: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bdacd483858aef4f2cc657391577331d_6cbd2f70-f604-4d37-a1b6-a1969c4e933d
Operacja: Odczytaj trwały klucz z pliku.
Kod powrotny: 0x0
Record Number: 113735
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120414031041.568786-000
Event Type: Sukcesy inspekcji
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------

[/log]

wirusolog
komentarz
komentarz

Użyj i wklej log z ComboFixa: http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix

kamo502
komentarz
komentarz

[quote name='wirusolog' timestamp='1341412237' post='1532110']
Użyj i wklej log z ComboFixa: [url="http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix"]http://www.bleepingc...uzycia-combofix[/url]
[/quote]

Program nie chce sie uruchomic. Obecnosc Viruta.


Przeskanwalem system programem Dr Web Ltd i znalazl i naprawil prawie 400 zagrozen tym wirusem.
Virut.56 jak dobrze pamietam

wirusolog
komentarz
komentarz (edytowane)

Pobierz narzędzie specjalizowane w tematyce: [url="http://speedyshare.com/zPr6p/vk.zip"][color=blue][u][b]VirutKiller[/u][/color][/url][u][/b][/u]. Przejdź w Tryb awaryjny Windows i uruchom narzędzie. Stosuj go do skutku póki wynik nie będzie wynosił 0.

Potem pobierasz nową wersję ComboFixa, uruchamiasz ją i tworzysz logi.

kamo502
komentarz
komentarz (edytowane)

OK. Sprawdzam.

<p>[quote name=&#39;kamo502&#39; timestamp=&#39;1341473229&#39; post=&#39;1532415&#39;] OK. Sprawdzam. [/quote]</p>
<p> </p>
<p>Uzylem Virutkillera. Bylo zero</p>
<p> </p>
<p>Poziej ComboFix</p>
<p>Pierwszy raz po skanowaniu zresetowal mi koputer na koncu i po restarcie nic sie nie dzialo, Log sie nie wygenerowal.</p>
<p> </p>
<p>Uruchomilem drugi raz.</p>
<p> </p>
<p>[log]</p>
<p> </p>
<div>ComboFix 12-07-05.02 - Gocejna 2012-07-05 11:43:32.3.2 - x86</div>
<div>Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.3327.2424 [GMT 2:00]</div>
<div>Uruchomiony z: c:\users\Gocejna\Downloads\ComboFix.exe</div>
<div>SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>
<div> * Utworzono nowy punkt przywracania</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>---- Poprzednie uruchomienie -------</div>
<div>.</div>
<div>c:\program files\RelevantKnowledge</div>
<div>c:\program files\RelevantKnowledge\chrome.manifest</div>
<div>c:\program files\RelevantKnowledge\install.rdf</div>
<div>c:\program files\RelevantKnowledge\nscf.dat</div>
<div>c:\program files\RelevantKnowledge\rloci.bin</div>
<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge</div>
<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk</div>
<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk</div>
<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk</div>
<div>c:\users\Gocejna\AppData\Local\unins000.exe</div>
<div>c:\users\Gocejna\Documents\explorer</div>
<div>c:\users\Gocejna\Documents\explorer\id_111102220459884_111102220459114.upf</div>
<div>c:\windows\IsUn0415.exe</div>
<div>c:\windows\pkunzip.pif</div>
<div>c:\windows\pkzip.pif</div>
<div>c:\windows\system32\muzapp.exe</div>
<div>c:\windows\system32\nwcwks.dll</div>
<div>c:\windows\VRTBD85.tmp</div>
<div>.</div>
<div>-- Poprzednie uruchomienie --</div>
<div>.</div>
<div>c:\windows\system32\userinit.exe . . . jest zainfekowany!!</div>
<div>.</div>
<div>c:\windows\system32\userinit.exe . . . jest zainfekowany!!</div>
<div>.</div>
<div>c:\windows\explorer.exe . . . jest zainfekowany!!</div>
<div>.</div>
<div>--------</div>
<div>.</div>
<div>c:\windows\system32\userinit.exe . . . jest zainfekowany!!</div>
<div>.</div>
<div>c:\windows\explorer.exe . . . jest zainfekowany!!</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>-------\Service_NWCWorkstation</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((( Pliki utworzone od 2012-06-05 do 2012-07-05 )))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>2012-07-05 09:49 . 2012-07-05 09:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Public\AppData\Local\temp</div>
<div>2012-07-05 09:49 . 2012-07-05 09:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>
<div>2012-07-05 09:34 . 2012-07-05 09:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Gocejna\AppData\Local\temp</div>
<div>2012-07-04 11:34 . 2012-07-04 11:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Gocejna\DoctorWeb</div>
<div>2012-07-04 11:02 . 2012-07-04 11:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\rsit</div>
<div>2012-07-04 10:27 . 2012-07-04 10:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Gocejna\AppData\Local\Google</div>
<div>2012-06-25 16:31 . 2012-06-25 16:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Gocejna\AppData\Local\ElevatedDiagnostics</div>
<div>2012-06-25 16:11 . 2012-06-25 16:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ESET</div>
<div>2012-06-25 16:10 . 2012-06-25 16:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Gocejna\AppData\Roaming\Malwarebytes</div>
<div>2012-06-25 16:10 . 2012-06-25 16:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div>
<div>2012-06-25 16:10 . 2012-06-25 16:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes&#39; Anti-Malware</div>
<div>2012-06-25 16:10 . 2012-04-04 13:56<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>
<div>2012-06-25 13:28 . 2012-06-25 13:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Odkurzacz</div>
<div>2012-06-25 13:11 . 2012-06-25 13:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CCleaner</div>
<div>2012-06-23 18:21 . 2012-06-23 18:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\VS Revo Group</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>2012-07-05 08:08 . 2009-07-14 00:12<span class="Apple-tab-span" style="white-space:pre"> </span>9728<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\winhlp32.exe</div>
<div>2012-07-05 08:08 . 2009-07-14 00:14<span class="Apple-tab-span" style="white-space:pre"> </span>31232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\twunk_32.exe</div>
<div>2012-07-05 08:04 . 2009-07-13 23:17<span class="Apple-tab-span" style="white-space:pre"> </span>398336<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\regedit.exe</div>
<div>2012-07-05 08:04 . 2010-10-28 17:23<span class="Apple-tab-span" style="white-space:pre"> </span>305152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\IsUninst.exe</div>
<div>2012-07-05 08:04 . 2002-09-17 23:45<span class="Apple-tab-span" style="white-space:pre"> </span>119808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\lsb_un20.exe</div>
<div>2012-07-05 08:03 . 2009-07-14 00:12<span class="Apple-tab-span" style="white-space:pre"> </span>497152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\HelpPane.exe</div>
<div>2012-07-05 08:03 . 2009-07-14 00:12<span class="Apple-tab-span" style="white-space:pre"> </span>15360<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\hh.exe</div>
<div>2012-07-05 08:03 . 2009-07-13 23:12<span class="Apple-tab-span" style="white-space:pre"> </span>13824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\fveupdate.exe</div>
<div>2012-07-05 08:03 . 2009-07-13 23:13<span class="Apple-tab-span" style="white-space:pre"> </span>65024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\bfsvc.exe</div>
<div>2012-07-04 13:45 . 2009-07-13 23:41<span class="Apple-tab-span" style="white-space:pre"> </span>2640896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\explorer.exe</div>
<div>2012-07-04 13:35 . 2009-07-13 23:31<span class="Apple-tab-span" style="white-space:pre"> </span>146432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wbem\WmiApSrv.exe</div>
<div>2012-07-04 13:23 . 2007-01-12 03:22<span class="Apple-tab-span" style="white-space:pre"> </span>53248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\SCTray.exe</div>
<div>2012-07-04 13:20 . 2009-07-13 23:51<span class="Apple-tab-span" style="white-space:pre"> </span>51712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\xwizard.exe</div>
<div>2012-07-04 13:20 . 2009-07-14 00:24<span class="Apple-tab-span" style="white-space:pre"> </span>3415552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\xpsrchvw.exe</div>
<div>2012-07-04 13:20 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>47104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\xcopy.exe</div>
<div>2012-07-04 13:19 . 2009-07-13 23:22<span class="Apple-tab-span" style="white-space:pre"> </span>325120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wusa.exe</div>
<div>2012-07-04 13:19 . 2009-07-13 23:50<span class="Apple-tab-span" style="white-space:pre"> </span>205824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFHost.exe</div>
<div>2012-07-04 13:19 . 2009-07-14 00:14<span class="Apple-tab-span" style="white-space:pre"> </span>57344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuauclt.exe</div>
<div>2012-07-04 13:18 . 2009-07-14 00:14<span class="Apple-tab-span" style="white-space:pre"> </span>44032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapp.exe</div>
<div>2012-07-04 13:18 . 2009-07-13 23:27<span class="Apple-tab-span" style="white-space:pre"> </span>265216<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wsqmcons.exe</div>
<div>2012-07-04 13:18 . 2009-07-13 23:31<span class="Apple-tab-span" style="white-space:pre"> </span>22528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wsmprovhost.exe</div>
<div>2012-07-04 13:18 . 2009-07-13 23:31<span class="Apple-tab-span" style="white-space:pre"> </span>208384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WSManHTTPConfig.exe</div>
<div>2012-07-04 13:17 . 2009-07-13 23:42<span class="Apple-tab-span" style="white-space:pre"> </span>152064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wscript.exe</div>
<div>2012-07-04 13:17 . 2009-07-13 23:41<span class="Apple-tab-span" style="white-space:pre"> </span>19456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\write.exe</div>
<div>2012-07-04 13:17 . 2009-07-13 23:41<span class="Apple-tab-span" style="white-space:pre"> </span>19456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\write.exe</div>
<div>2012-07-04 13:17 . 2009-07-14 00:18<span class="Apple-tab-span" style="white-space:pre"> </span>49664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wpnpinst.exe</div>
<div>2012-07-04 13:17 . 2009-07-14 00:07<span class="Apple-tab-span" style="white-space:pre"> </span>40448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WPDShextAutoplay.exe</div>
<div>2012-07-04 13:16 . 2009-07-13 23:36<span class="Apple-tab-span" style="white-space:pre"> </span>50688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wlrmdr.exe</div>
<div>2012-07-04 13:16 . 2009-07-13 23:51<span class="Apple-tab-span" style="white-space:pre"> </span>87552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wlanext.exe</div>
<div>2012-07-04 13:16 . 2009-07-14 00:01<span class="Apple-tab-span" style="white-space:pre"> </span>233472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wksprt.exe</div>
<div>2012-07-04 13:15 . 2009-07-13 23:47<span class="Apple-tab-span" style="white-space:pre"> </span>344576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wisptis.exe</div>
<div>2012-07-04 13:15 . 2009-07-13 23:41<span class="Apple-tab-span" style="white-space:pre"> </span>90112<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\winver.exe</div>
<div>2012-07-04 13:15 . 2009-07-13 23:23<span class="Apple-tab-span" style="white-space:pre"> </span>3377664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WinSAT.exe</div>
<div>2012-07-04 13:15 . 2009-07-13 23:31<span class="Apple-tab-span" style="white-space:pre"> </span>30720<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\winrshost.exe</div>
<div>2012-07-04 13:14 . 2009-07-13 23:31<span class="Apple-tab-span" style="white-space:pre"> </span>50176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\winrs.exe</div>
<div>2012-07-04 13:14 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>387072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAnytimeUpgradeui.exe</div>
<div>2012-07-04 13:14 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>303104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAnytimeUpgradeResults.exe</div>
<div>2012-07-04 13:13 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>267264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAnytimeUpgrade.exe</div>
<div>2012-07-04 13:13 . 2009-07-13 23:18<span class="Apple-tab-span" style="white-space:pre"> </span>337920<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wimserv.exe</div>
<div>2012-07-04 13:13 . 2009-07-14 00:15<span class="Apple-tab-span" style="white-space:pre"> </span>98816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wiaacmgr.exe</div>
<div>2012-07-04 13:13 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>53248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\whoami.exe</div>
<div>2012-07-04 13:12 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>45568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\where.exe</div>
<div>2012-07-04 13:12 . 2009-07-14 00:15<span class="Apple-tab-span" style="white-space:pre"> </span>812544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WFS.exe</div>
<div>2012-07-04 13:12 . 2011-07-31 15:58<span class="Apple-tab-span" style="white-space:pre"> </span>162304<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wextract.exe</div>
<div>2012-07-04 13:12 . 2009-07-13 23:30<span class="Apple-tab-span" style="white-space:pre"> </span>185856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wevtutil.exe</div>
<div>2012-07-04 13:11 . 2009-07-13 23:27<span class="Apple-tab-span" style="white-space:pre"> </span>64000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wermgr.exe</div>
<div>2012-07-04 13:11 . 2009-07-13 23:27<span class="Apple-tab-span" style="white-space:pre"> </span>38912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WerFaultSecure.exe</div>
<div>2012-07-04 13:11 . 2009-07-13 23:27<span class="Apple-tab-span" style="white-space:pre"> </span>370688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WerFault.exe</div>
<div>2012-07-04 13:11 . 2009-07-13 23:30<span class="Apple-tab-span" style="white-space:pre"> </span>90624<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wecutil.exe</div>
<div>2012-07-04 13:10 . 2009-07-13 23:23<span class="Apple-tab-span" style="white-space:pre"> </span>1212928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wbengine.exe</div>
<div>2012-07-04 13:10 . 2009-07-13 23:23<span class="Apple-tab-span" style="white-space:pre"> </span>235008<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wbadmin.exe</div>
<div>2012-07-04 13:10 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>44544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\waitfor.exe</div>
<div>2012-07-04 13:10 . 2009-07-13 23:33<span class="Apple-tab-span" style="white-space:pre"> </span>75776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\w32tm.exe</div>
<div>2012-07-04 13:09 . 2009-07-13 23:24<span class="Apple-tab-span" style="white-space:pre"> </span>1035776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\VSSVC.exe</div>
<div>2012-07-04 13:09 . 2009-07-13 23:23<span class="Apple-tab-span" style="white-space:pre"> </span>125440<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\vssadmin.exe</div>
<div>2012-07-04 13:09 . 2009-07-13 23:59<span class="Apple-tab-span" style="white-space:pre"> </span>113664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\verifier.exe</div>
<div>2012-07-04 13:08 . 2009-07-13 23:41<span class="Apple-tab-span" style="white-space:pre"> </span>20992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\verclsid.exe</div>
<div>2012-07-04 13:08 . 2009-07-13 23:23<span class="Apple-tab-span" style="white-space:pre"> </span>30208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\vdsldr.exe</div>
<div>2012-07-04 13:08 . 2009-07-13 23:24<span class="Apple-tab-span" style="white-space:pre"> </span>462848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\vds.exe</div>
<div>2012-07-04 13:08 . 2009-07-13 23:37<span class="Apple-tab-span" style="white-space:pre"> </span>47616<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\VaultSysUi.exe</div>
<div>2012-07-04 13:07 . 2009-07-13 23:37<span class="Apple-tab-span" style="white-space:pre"> </span>33280<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\VaultCmd.exe</div>
<div>2012-07-04 13:07 . 2009-07-14 00:13<span class="Apple-tab-span" style="white-space:pre"> </span>1407488<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Utilman.exe</div>
<div>2012-07-04 13:07 . 2009-07-13 23:34<span class="Apple-tab-span" style="white-space:pre"> </span>36352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\userinit.exe</div>
<div>2012-07-04 13:07 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>202752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\UserAccountControlSettings.exe</div>
<div>2012-07-04 13:06 . 2009-07-13 23:55<span class="Apple-tab-span" style="white-space:pre"> </span>33792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\upnpcont.exe</div>
<div>2012-07-04 13:06 . 2009-07-14 00:09<span class="Apple-tab-span" style="white-space:pre"> </span>288768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\unregmp2.exe</div>
<div>2012-07-04 13:06 . 2009-07-13 23:19<span class="Apple-tab-span" style="white-space:pre"> </span>44032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\unlodctr.exe</div>
<div>2012-07-04 13:06 . 2009-07-13 23:36<span class="Apple-tab-span" style="white-space:pre"> </span>46080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\UI0Detect.exe</div>
<div>2012-07-04 13:05 . 2009-07-13 23:13<span class="Apple-tab-span" style="white-space:pre"> </span>57344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ucsvc.exe</div>
<div>2012-07-04 13:05 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>57856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tzutil.exe</div>
<div>2012-07-04 13:05 . 2009-07-13 23:19<span class="Apple-tab-span" style="white-space:pre"> </span>50688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\typeperf.exe</div>
<div>2012-07-04 13:05 . 2007-05-03 17:37<span class="Apple-tab-span" style="white-space:pre"> </span>79872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TWUNK_32.EXE</div>
<div>2012-07-04 13:04 . 2009-07-14 00:01<span class="Apple-tab-span" style="white-space:pre"> </span>56320<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TSWbPrxy.exe</div>
<div>2012-07-04 13:04 . 2009-07-14 00:02<span class="Apple-tab-span" style="white-space:pre"> </span>49152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TSTheme.exe</div>
<div>2012-07-04 13:04 . 2009-07-13 23:55<span class="Apple-tab-span" style="white-space:pre"> </span>22528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TRACERT.EXE</div>
<div>2012-07-04 13:04 . 2009-07-13 23:20<span class="Apple-tab-span" style="white-space:pre"> </span>374784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tracerpt.exe</div>
<div>2012-07-04 13:03 . 2009-07-13 23:12<span class="Apple-tab-span" style="white-space:pre"> </span>104960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TpmInit.exe</div>
<div>2012-07-04 13:03 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>37376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\timeout.exe</div>
<div>2012-07-04 13:03 . 2009-07-13 23:55<span class="Apple-tab-span" style="white-space:pre"> </span>19456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TCPSVCS.EXE</div>
<div>2012-07-04 13:02 . 2009-07-14 00:19<span class="Apple-tab-span" style="white-space:pre"> </span>24064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tcmsetup.exe</div>
<div>2012-07-04 13:02 . 2009-07-13 23:20<span class="Apple-tab-span" style="white-space:pre"> </span>237568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\taskmgr.exe</div>
<div>2012-07-04 13:02 . 2009-07-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>91136<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tasklist.exe</div>
<div>2012-07-04 13:02 . 2009-07-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>88064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\taskkill.exe</div>
<div>2012-07-04 13:01 . 2009-07-13 23:30<span class="Apple-tab-span" style="white-space:pre"> </span>200704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\taskeng.exe</div>
<div>2012-07-04 13:01 . 2009-07-14 00:19<span class="Apple-tab-span" style="white-space:pre"> </span>21504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\TapiUnattend.exe</div>
<div>2012-07-04 13:01 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>60928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\takeown.exe</div>
<div>2012-07-04 13:01 . 2009-07-13 23:48<span class="Apple-tab-span" style="white-space:pre"> </span>84480<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tabcal.exe</div>
<div>2012-07-04 13:00 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>18432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\systray.exe</div>
<div>2012-07-04 13:00 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesRemote.exe</div>
<div>2012-07-04 13:00 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesProtection.exe</div>
<div>2012-07-04 13:00 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesPerformance.exe</div>
<div>2012-07-04 12:59 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesHardware.exe</div>
<div>2012-07-04 12:59 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesDataExecutionPrevention.exe</div>
<div>2012-07-04 12:59 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesComputerName.exe</div>
<div>2012-07-04 12:59 . 2009-07-13 23:40<span class="Apple-tab-span" style="white-space:pre"> </span>92160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SystemPropertiesAdvanced.exe</div>
<div>2012-07-04 12:58 . 2009-07-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>86016<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\systeminfo.exe</div>
<div>2012-07-04 12:58 . 2009-07-13 23:34<span class="Apple-tab-span" style="white-space:pre"> </span>38912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\syskey.exe</div>
<div>2012-07-04 12:58 . 2009-07-14 00:07<span class="Apple-tab-span" style="white-space:pre"> </span>49152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SyncHost.exe</div>
<div>2012-07-04 12:58 . 2009-07-13 23:16<span class="Apple-tab-span" style="white-space:pre"> </span>37376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\sxstrace.exe</div>
<div>2012-07-04 12:57 . 2009-07-13 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>24064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\subst.exe</div>
<div>.</div>
<div>.</div>
<div>------- Sigcheck -------</div>
<div>Note: Unsigned files aren&#39;t necessarily malware.</div>
<div>.</div>
<div>[-] 2012-07-04 . C5B680360D2FE1E6F95E5E174B6952AC . 57344 . . [7.3.7600.16385] . . c:\windows\System32\wuauclt.exe</div>
<div>[-] 2012-07-04 . C5B680360D2FE1E6F95E5E174B6952AC . 57344 . . [7.3.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_3086c9dad36a69b3\wuauclt.exe</div>
<div>.</div>
<div>[-] 2012-07-04 . 2C4A04F442180F3E7944A5FAB1C0D6CF . 36352 . . [6.1.7600.16385] . . c:\windows\System32\userinit.exe</div>
<div>[-] 2012-07-04 . 2C4A04F442180F3E7944A5FAB1C0D6CF . 36352 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe</div>
<div>.</div>
<div>[-] 2012-07-04 . 669D409F09B06C32EC911942EC69457D . 2640896 . . [6.1.7600.16385] . . c:\windows\explorer.exe</div>
<div>[-] 2012-07-04 . 669D409F09B06C32EC911942EC69457D . 2640896 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe</div>
<div>.</div>
<div>[-] 2012-07-05 . 73EA7E31DC2BAF85532AF3E911B0EACA . 398336 . . [6.1.7600.16385] . . c:\windows\regedit.exe</div>
<div>[-] 2012-07-05 . 73EA7E31DC2BAF85532AF3E911B0EACA . 398336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe</div>
<div>.</div>
<div>[-] 2012-07-04 . 49D2DDAA81AEEE683A4C39A893C4A83D . 36352 . . [6.1.7600.16385] . . c:\windows\System32\ctfmon.exe</div>
<div>[-] 2012-07-04 . 49D2DDAA81AEEE683A4C39A893C4A83D . 36352 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe</div>
<div>.</div>
<div>((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane </div>
<div>REGEDIT4</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>
<div>&quot;GrooveMonitor&quot;=&quot;c:\program files\Microsoft Office\Office12\GrooveMonitor.exe&quot; [2006-10-26 31016]</div>
<div>&quot;HControlUser&quot;=&quot;c:\program files\ASUS\ATK Hotkey\HControlUser.exe&quot; [2009-06-19 105016]</div>
<div>&quot;HDAudDeck&quot;=&quot;c:\program files\VIA\VIAudioi\VDeck\VDeck.exe&quot; [2012-07-04 1503232]</div>
<div>&quot;SunJavaUpdateSched&quot;=&quot;c:\program files\Common Files\Java\Java Update\jusched.exe&quot; [2011-06-09 254696]</div>
<div>&quot;ATKMEDIA&quot;=&quot;c:\program files\ASUS\ATK Media\DMedia.exe&quot; [2012-07-04 188416]</div>
<div>&quot;ATKOSD2&quot;=&quot;c:\program files\ASUS\ATKOSD2\ATKOSD2.exe&quot; [2009-08-17 6859392]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>
<div>&quot;ConsentPromptBehaviorAdmin&quot;= 0 (0x0)</div>
<div>&quot;ConsentPromptBehaviorUser&quot;= 3 (0x3)</div>
<div>&quot;EnableLUA&quot;= 0 (0x0)</div>
<div>&quot;EnableUIADesktopToggle&quot;= 0 (0x0)</div>
<div>&quot;PromptOnSecureDesktop&quot;= 0 (0x0)</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]</div>
<div>&quot;Userinit&quot;=&quot;c:\windows\explorer.exe,&quot;</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]</div>
<div>&quot;midi5&quot;=KORGUMDD.DRV</div>
<div>&quot;aux7&quot;=wdmaud.drv</div>
<div>.</div>
<div>[HKLM\~\startupfolder\C:^Users^Gocejna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]</div>
<div>path=c:\users\Gocejna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk</div>
<div>backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup</div>
<div>backupExtension=.Startup</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]</div>
<div>2012-01-03 07:37<span class="Apple-tab-span" style="white-space:pre"> </span>843712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]</div>
<div>2011-06-08 04:02<span class="Apple-tab-span" style="white-space:pre"> </span>37296<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]</div>
<div>2011-07-04 17:45<span class="Apple-tab-span" style="white-space:pre"> </span>13374048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Gadu-Gadu 10\gg.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]</div>
<div>2010-10-08 13:25<span class="Apple-tab-span" style="white-space:pre"> </span>136176<span class="Apple-tab-span" style="white-space:pre"> </span>----atw-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]</div>
<div>2007-05-08 15:24<span class="Apple-tab-span" style="white-space:pre"> </span>54840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\HP\HP Software Update\hpwuSchd2.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]</div>
<div>2011-08-01 03:32<span class="Apple-tab-span" style="white-space:pre"> </span>958352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Samsung\Kies\KiesHelper.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]</div>
<div>2011-08-01 03:32<span class="Apple-tab-span" style="white-space:pre"> </span>20880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]</div>
<div>2011-08-01 03:32<span class="Apple-tab-span" style="white-space:pre"> </span>3507088<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Samsung\Kies\KiesTrayAgent.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KORG USB-MIDI Driver]</div>
<div>2011-03-29 23:05<span class="Apple-tab-span" style="white-space:pre"> </span>393616<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\KORG\KORG USB-MIDI Driver\EsHelper2.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]</div>
<div>2011-12-12 04:33<span class="Apple-tab-span" style="white-space:pre"> </span>1760328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ManyCam\Bin\ManyCam.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]</div>
<div>2012-07-05 07:56<span class="Apple-tab-span" style="white-space:pre"> </span>421888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\QuickTime\QTTask.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]</div>
<div>2012-05-17 15:16<span class="Apple-tab-span" style="white-space:pre"> </span>296056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Real\RealPlayer\Update\realsched.exe</div>
<div>.</div>
<div>R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]</div>
<div>R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]</div>
<div>R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]</div>
<div>R3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);c:\windows\system32\drivers\ipmidi.sys [x]</div>
<div>R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUMDS.SYS [x]</div>
<div>R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x]</div>
<div>R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]</div>
<div>R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]</div>
<div>R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]</div>
<div>R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]</div>
<div>R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]</div>
<div>S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]</div>
<div>S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]</div>
<div>S2 MBAMService;MBAMService;c:\program files\Malwarebytes&#39; Anti-Malware\mbamservice.exe [x]</div>
<div>S2 MSSQL$IC_SKLEP;SQL Server (IC_SKLEP);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]</div>
<div>S3 adatadrv;Autodata Protection Service;c:\windows\system32\DRIVERS\adatadrv.sys [x]</div>
<div>S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]</div>
<div>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]</div>
<div>S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]</div>
<div>S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]</div>
<div>S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]</div>
<div>.</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div>
<div>nosGetPlusHelper<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>nosGetPlusHelper</div>
<div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div>
<div>HPService<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>HPSLPSVC</div>
<div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div>
<div>.</div>
<div>Zawartość folderu &#39;Zaplanowane zadania&#39;</div>
<div>.</div>
<div>2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3475593946-788457680-2885981346-1000Core.job</div>
<div>- c:\users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 13:25]</div>
<div>.</div>
<div>2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3475593946-788457680-2885981346-1000UA.job</div>
<div>- c:\users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 13:25]</div>
<div>.</div>
<div>.</div>
<div>------- Skan uzupełniający -------</div>
<div>.</div>
<div>uStart Page = hxxp://www.google.pl/</div>
<div>IE: E&amp;ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</div>
<div>TCP: DhcpNameServer = 192.168.1.1</div>
<div>.</div>
<div>- - - - USUNIĘTO PUSTE WPISY - - - -</div>
<div>.</div>
<div>HKU-Default-Run-tcpudp - c:\windows\VRTBD85.tmp</div>
<div>MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe</div>
<div>MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe</div>
<div>MSConfigStartUp-NotebookHardwareControl - c:\program files\Notebook Hardware Control\nhc.exe</div>
<div>MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe</div>
<div>AddRemove-EPC32.EXE - G:\SETUP.EXE</div>
<div>AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe</div>
<div>AddRemove-Microsoft .NET Framework 4 Client Profile PLK Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe</div>
<div>AddRemove-Microsoft .NET Framework 4 Extended - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe</div>
<div>AddRemove-Microsoft .NET Framework 4 Extended PLK Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe</div>
<div>AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Gocejna\AppData\Local\unins000.exe</div>
<div>AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe</div>
<div>AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe</div>
<div>AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe</div>
<div>AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe</div>
<div>AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe</div>
<div>AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe</div>
<div>AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe</div>
<div>AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe</div>
<div>AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe</div>
<div>AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe</div>
<div>AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe</div>
<div>AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe</div>
<div>AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe</div>
<div>AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe</div>
<div>AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe</div>
<div>AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe</div>
<div>AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe</div>
<div>AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe</div>
<div>AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe</div>
<div>AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div>
<div>@Denied: (A) (Users)</div>
<div>@Denied: (A) (Everyone)</div>
<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>
<div>&quot;BlindDial&quot;=dword:00000000</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</div>
<div>@Denied: (A) (Users)</div>
<div>@Denied: (A) (Everyone)</div>
<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>
<div>&quot;BlindDial&quot;=dword:00000000</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]</div>
<div>@Denied: (A) (Users)</div>
<div>@Denied: (A) (Everyone)</div>
<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>
<div>&quot;BlindDial&quot;=dword:00000000</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]</div>
<div>@Denied: (A) (Users)</div>
<div>@Denied: (A) (Everyone)</div>
<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>
<div>&quot;BlindDial&quot;=dword:00000000</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]</div>
<div>@Denied: (A) (Users)</div>
<div>@Denied: (A) (Everyone)</div>
<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>
<div>&quot;BlindDial&quot;=dword:00000000</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]</div>
<div>@Denied: (A) (Users)</div>
<div>@Denied: (A) (Everyone)</div>
<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>
<div>&quot;BlindDial&quot;=dword:00000000</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</div>
<div>@Denied: (Full) (Everyone)</div>
<div>.</div>
<div>Czas ukończenia: 2012-07-05 11:52:06</div>
<div>ComboFix-quarantined-files.txt 2012-07-05 09:52</div>
<div>.</div>
<div>Przed: 49 884 401 664 bajtów wolnych</div>
<div>Po: 49 794 256 896 bajtów wolnych</div>
<div>.</div>
<div>- - End Of File - - C6E199333AEDF926CAB4B6BE480D2EE8</div>
<div>[/log]</div>

EDIT:
Cos sie dzieje z forum? Ze tak mi post napisalo?

Log raz jeszcze (ten sam)

[log]ComboFix 12-07-05.02 - Gocejna 2012-07-05 11:43:32.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.3327.2424 [GMT 2:00]
Uruchomiony z: c:\users\Gocejna\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Poprzednie uruchomienie -------
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rloci.bin
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\users\Gocejna\AppData\Local\unins000.exe
c:\users\Gocejna\Documents\explorer
c:\users\Gocejna\Documents\explorer\id_111102220459884_111102220459114.upf
c:\windows\IsUn0415.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\muzapp.exe
c:\windows\system32\nwcwks.dll
c:\windows\VRTBD85.tmp
.
-- Poprzednie uruchomienie --
.
c:\windows\system32\userinit.exe . . . jest zainfekowany!!
.
c:\windows\system32\userinit.exe . . . jest zainfekowany!!
.
c:\windows\explorer.exe . . . jest zainfekowany!!
.
--------
.
c:\windows\system32\userinit.exe . . . jest zainfekowany!!
.
c:\windows\explorer.exe . . . jest zainfekowany!!
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NWCWorkstation
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-06-05 do 2012-07-05 )))))))))))))))))))))))))))))))
.
.
2012-07-05 09:49 . 2012-07-05 09:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-05 09:49 . 2012-07-05 09:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 09:34 . 2012-07-05 09:49 -------- d-----w- c:\users\Gocejna\AppData\Local\temp
2012-07-04 11:34 . 2012-07-04 11:34 -------- d-----w- c:\users\Gocejna\DoctorWeb
2012-07-04 11:02 . 2012-07-04 11:04 -------- d-----w- C:\rsit
2012-07-04 10:27 . 2012-07-04 10:28 -------- d-----w- c:\users\Gocejna\AppData\Local\Google
2012-06-25 16:31 . 2012-06-25 16:31 -------- d-----w- c:\users\Gocejna\AppData\Local\ElevatedDiagnostics
2012-06-25 16:11 . 2012-06-25 16:11 -------- d-----w- c:\program files\ESET
2012-06-25 16:10 . 2012-06-25 16:10 -------- d-----w- c:\users\Gocejna\AppData\Roaming\Malwarebytes
2012-06-25 16:10 . 2012-06-25 16:10 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 16:10 . 2012-06-25 16:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-25 16:10 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 13:28 . 2012-06-25 13:28 -------- d-----w- c:\program files\Odkurzacz
2012-06-25 13:11 . 2012-06-25 13:11 -------- d-----w- c:\program files\CCleaner
2012-06-23 18:21 . 2012-06-23 18:21 -------- d-----w- c:\program files\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 08:08 . 2009-07-14 00:12 9728 ----a-w- c:\windows\winhlp32.exe
2012-07-05 08:08 . 2009-07-14 00:14 31232 ----a-w- c:\windows\twunk_32.exe
2012-07-05 08:04 . 2009-07-13 23:17 398336 ------w- c:\windows\regedit.exe
2012-07-05 08:04 . 2010-10-28 17:23 305152 ----a-w- c:\windows\IsUninst.exe
2012-07-05 08:04 . 2002-09-17 23:45 119808 ----a-w- c:\windows\lsb_un20.exe
2012-07-05 08:03 . 2009-07-14 00:12 497152 ----a-w- c:\windows\HelpPane.exe
2012-07-05 08:03 . 2009-07-14 00:12 15360 ----a-w- c:\windows\hh.exe
2012-07-05 08:03 . 2009-07-13 23:12 13824 ----a-w- c:\windows\fveupdate.exe
2012-07-05 08:03 . 2009-07-13 23:13 65024 ----a-w- c:\windows\bfsvc.exe
2012-07-04 13:45 . 2009-07-13 23:41 2640896 ----a-w- c:\windows\explorer.exe
2012-07-04 13:35 . 2009-07-13 23:31 146432 ----a-w- c:\windows\system32\wbem\WmiApSrv.exe
2012-07-04 13:23 . 2007-01-12 03:22 53248 ----a-w- c:\windows\system32\drivers\SCTray.exe
2012-07-04 13:20 . 2009-07-13 23:51 51712 ----a-w- c:\windows\system32\xwizard.exe
2012-07-04 13:20 . 2009-07-14 00:24 3415552 ----a-w- c:\windows\system32\xpsrchvw.exe
2012-07-04 13:20 . 2009-07-13 23:15 47104 ----a-w- c:\windows\system32\xcopy.exe
2012-07-04 13:19 . 2009-07-13 23:22 325120 ----a-w- c:\windows\system32\wusa.exe
2012-07-04 13:19 . 2009-07-13 23:50 205824 ----a-w- c:\windows\system32\WUDFHost.exe
2012-07-04 13:19 . 2009-07-14 00:14 57344 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-04 13:18 . 2009-07-14 00:14 44032 ----a-w- c:\windows\system32\wuapp.exe
2012-07-04 13:18 . 2009-07-13 23:27 265216 ----a-w- c:\windows\system32\wsqmcons.exe
2012-07-04 13:18 . 2009-07-13 23:31 22528 ----a-w- c:\windows\system32\wsmprovhost.exe
2012-07-04 13:18 . 2009-07-13 23:31 208384 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2012-07-04 13:17 . 2009-07-13 23:42 152064 ----a-w- c:\windows\system32\wscript.exe
2012-07-04 13:17 . 2009-07-13 23:41 19456 ----a-w- c:\windows\write.exe
2012-07-04 13:17 . 2009-07-13 23:41 19456 ----a-w- c:\windows\system32\write.exe
2012-07-04 13:17 . 2009-07-14 00:18 49664 ----a-w- c:\windows\system32\wpnpinst.exe
2012-07-04 13:17 . 2009-07-14 00:07 40448 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-07-04 13:16 . 2009-07-13 23:36 50688 ----a-w- c:\windows\system32\wlrmdr.exe
2012-07-04 13:16 . 2009-07-13 23:51 87552 ----a-w- c:\windows\system32\wlanext.exe
2012-07-04 13:16 . 2009-07-14 00:01 233472 ----a-w- c:\windows\system32\wksprt.exe
2012-07-04 13:15 . 2009-07-13 23:47 344576 ----a-w- c:\windows\system32\wisptis.exe
2012-07-04 13:15 . 2009-07-13 23:41 90112 ----a-w- c:\windows\system32\winver.exe
2012-07-04 13:15 . 2009-07-13 23:23 3377664 ----a-w- c:\windows\system32\WinSAT.exe
2012-07-04 13:15 . 2009-07-13 23:31 30720 ----a-w- c:\windows\system32\winrshost.exe
2012-07-04 13:14 . 2009-07-13 23:31 50176 ----a-w- c:\windows\system32\winrs.exe
2012-07-04 13:14 . 2009-07-13 23:40 387072 ----a-w- c:\windows\system32\WindowsAnytimeUpgradeui.exe
2012-07-04 13:14 . 2009-07-13 23:40 303104 ----a-w- c:\windows\system32\WindowsAnytimeUpgradeResults.exe
2012-07-04 13:13 . 2009-07-13 23:40 267264 ----a-w- c:\windows\system32\WindowsAnytimeUpgrade.exe
2012-07-04 13:13 . 2009-07-13 23:18 337920 ----a-w- c:\windows\system32\wimserv.exe
2012-07-04 13:13 . 2009-07-14 00:15 98816 ----a-w- c:\windows\system32\wiaacmgr.exe
2012-07-04 13:13 . 2009-07-13 23:15 53248 ----a-w- c:\windows\system32\whoami.exe
2012-07-04 13:12 . 2009-07-13 23:15 45568 ----a-w- c:\windows\system32\where.exe
2012-07-04 13:12 . 2009-07-14 00:15 812544 ----a-w- c:\windows\system32\WFS.exe
2012-07-04 13:12 . 2011-07-31 15:58 162304 ----a-w- c:\windows\system32\wextract.exe
2012-07-04 13:12 . 2009-07-13 23:30 185856 ----a-w- c:\windows\system32\wevtutil.exe
2012-07-04 13:11 . 2009-07-13 23:27 64000 ----a-w- c:\windows\system32\wermgr.exe
2012-07-04 13:11 . 2009-07-13 23:27 38912 ----a-w- c:\windows\system32\WerFaultSecure.exe
2012-07-04 13:11 . 2009-07-13 23:27 370688 ----a-w- c:\windows\system32\WerFault.exe
2012-07-04 13:11 . 2009-07-13 23:30 90624 ----a-w- c:\windows\system32\wecutil.exe
2012-07-04 13:10 . 2009-07-13 23:23 1212928 ----a-w- c:\windows\system32\wbengine.exe
2012-07-04 13:10 . 2009-07-13 23:23 235008 ----a-w- c:\windows\system32\wbadmin.exe
2012-07-04 13:10 . 2009-07-13 23:15 44544 ----a-w- c:\windows\system32\waitfor.exe
2012-07-04 13:10 . 2009-07-13 23:33 75776 ----a-w- c:\windows\system32\w32tm.exe
2012-07-04 13:09 . 2009-07-13 23:24 1035776 ----a-w- c:\windows\system32\VSSVC.exe
2012-07-04 13:09 . 2009-07-13 23:23 125440 ----a-w- c:\windows\system32\vssadmin.exe
2012-07-04 13:09 . 2009-07-13 23:59 113664 ----a-w- c:\windows\system32\verifier.exe
2012-07-04 13:08 . 2009-07-13 23:41 20992 ----a-w- c:\windows\system32\verclsid.exe
2012-07-04 13:08 . 2009-07-13 23:23 30208 ----a-w- c:\windows\system32\vdsldr.exe
2012-07-04 13:08 . 2009-07-13 23:24 462848 ----a-w- c:\windows\system32\vds.exe
2012-07-04 13:08 . 2009-07-13 23:37 47616 ----a-w- c:\windows\system32\VaultSysUi.exe
2012-07-04 13:07 . 2009-07-13 23:37 33280 ----a-w- c:\windows\system32\VaultCmd.exe
2012-07-04 13:07 . 2009-07-14 00:13 1407488 ----a-w- c:\windows\system32\Utilman.exe
2012-07-04 13:07 . 2009-07-13 23:34 36352 ----a-w- c:\windows\system32\userinit.exe
2012-07-04 13:07 . 2009-07-13 23:40 202752 ----a-w- c:\windows\system32\UserAccountControlSettings.exe
2012-07-04 13:06 . 2009-07-13 23:55 33792 ----a-w- c:\windows\system32\upnpcont.exe
2012-07-04 13:06 . 2009-07-14 00:09 288768 ----a-w- c:\windows\system32\unregmp2.exe
2012-07-04 13:06 . 2009-07-13 23:19 44032 ----a-w- c:\windows\system32\unlodctr.exe
2012-07-04 13:06 . 2009-07-13 23:36 46080 ----a-w- c:\windows\system32\UI0Detect.exe
2012-07-04 13:05 . 2009-07-13 23:13 57344 ----a-w- c:\windows\system32\ucsvc.exe
2012-07-04 13:05 . 2009-07-13 23:15 57856 ----a-w- c:\windows\system32\tzutil.exe
2012-07-04 13:05 . 2009-07-13 23:19 50688 ----a-w- c:\windows\system32\typeperf.exe
2012-07-04 13:05 . 2007-05-03 17:37 79872 ----a-w- c:\windows\system32\TWUNK_32.EXE
2012-07-04 13:04 . 2009-07-14 00:01 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-07-04 13:04 . 2009-07-14 00:02 49152 ----a-w- c:\windows\system32\TSTheme.exe
2012-07-04 13:04 . 2009-07-13 23:55 22528 ----a-w- c:\windows\system32\TRACERT.EXE
2012-07-04 13:04 . 2009-07-13 23:20 374784 ----a-w- c:\windows\system32\tracerpt.exe
2012-07-04 13:03 . 2009-07-13 23:12 104960 ----a-w- c:\windows\system32\TpmInit.exe
2012-07-04 13:03 . 2009-07-13 23:15 37376 ----a-w- c:\windows\system32\timeout.exe
2012-07-04 13:03 . 2009-07-13 23:55 19456 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-07-04 13:02 . 2009-07-14 00:19 24064 ----a-w- c:\windows\system32\tcmsetup.exe
2012-07-04 13:02 . 2009-07-13 23:20 237568 ----a-w- c:\windows\system32\taskmgr.exe
2012-07-04 13:02 . 2009-07-13 23:57 91136 ----a-w- c:\windows\system32\tasklist.exe
2012-07-04 13:02 . 2009-07-13 23:57 88064 ----a-w- c:\windows\system32\taskkill.exe
2012-07-04 13:01 . 2009-07-13 23:30 200704 ----a-w- c:\windows\system32\taskeng.exe
2012-07-04 13:01 . 2009-07-14 00:19 21504 ----a-w- c:\windows\system32\TapiUnattend.exe
2012-07-04 13:01 . 2009-07-13 23:15 60928 ----a-w- c:\windows\system32\takeown.exe
2012-07-04 13:01 . 2009-07-13 23:48 84480 ----a-w- c:\windows\system32\tabcal.exe
2012-07-04 13:00 . 2009-07-13 23:40 18432 ----a-w- c:\windows\system32\systray.exe
2012-07-04 13:00 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesRemote.exe
2012-07-04 13:00 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesProtection.exe
2012-07-04 13:00 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesPerformance.exe
2012-07-04 12:59 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesHardware.exe
2012-07-04 12:59 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesDataExecutionPrevention.exe
2012-07-04 12:59 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesComputerName.exe
2012-07-04 12:59 . 2009-07-13 23:40 92160 ----a-w- c:\windows\system32\SystemPropertiesAdvanced.exe
2012-07-04 12:58 . 2009-07-13 23:57 86016 ----a-w- c:\windows\system32\systeminfo.exe
2012-07-04 12:58 . 2009-07-13 23:34 38912 ----a-w- c:\windows\system32\syskey.exe
2012-07-04 12:58 . 2009-07-14 00:07 49152 ----a-w- c:\windows\system32\SyncHost.exe
2012-07-04 12:58 . 2009-07-13 23:16 37376 ----a-w- c:\windows\system32\sxstrace.exe
2012-07-04 12:57 . 2009-07-13 23:15 24064 ----a-w- c:\windows\system32\subst.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-07-04 . C5B680360D2FE1E6F95E5E174B6952AC . 57344 . . [7.3.7600.16385] . . c:\windows\System32\wuauclt.exe
[-] 2012-07-04 . C5B680360D2FE1E6F95E5E174B6952AC . 57344 . . [7.3.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_3086c9dad36a69b3\wuauclt.exe
.
[-] 2012-07-04 . 2C4A04F442180F3E7944A5FAB1C0D6CF . 36352 . . [6.1.7600.16385] . . c:\windows\System32\userinit.exe
[-] 2012-07-04 . 2C4A04F442180F3E7944A5FAB1C0D6CF . 36352 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
[-] 2012-07-04 . 669D409F09B06C32EC911942EC69457D . 2640896 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[-] 2012-07-04 . 669D409F09B06C32EC911942EC69457D . 2640896 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[-] 2012-07-05 . 73EA7E31DC2BAF85532AF3E911B0EACA . 398336 . . [6.1.7600.16385] . . c:\windows\regedit.exe
[-] 2012-07-05 . 73EA7E31DC2BAF85532AF3E911B0EACA . 398336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
.
[-] 2012-07-04 . 49D2DDAA81AEEE683A4C39A893C4A83D . 36352 . . [6.1.7600.16385] . . c:\windows\System32\ctfmon.exe
[-] 2012-07-04 . 49D2DDAA81AEEE683A4C39A893C4A83D . 36352 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-07-04 1503232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2012-07-04 188416]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi5"=KORGUMDD.DRV
"aux7"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Gocejna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\users\Gocejna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]
2011-07-04 17:45 13374048 ----a-w- c:\program files\Gadu-Gadu 10\gg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-08 13:25 136176 ----atw- c:\users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-08-01 03:32 958352 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-08-01 03:32 20880 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-08-01 03:32 3507088 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KORG USB-MIDI Driver]
2011-03-29 23:05 393616 ----a-w- c:\program files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2011-12-12 04:33 1760328 ----a-w- c:\program files\ManyCam\Bin\ManyCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-07-05 07:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-17 15:16 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);c:\windows\system32\drivers\ipmidi.sys [x]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUMDS.SYS [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MSSQL$IC_SKLEP;SQL Server (IC_SKLEP);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S3 adatadrv;Autodata Protection Service;c:\windows\system32\DRIVERS\adatadrv.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3475593946-788457680-2885981346-1000Core.job
- c:\users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 13:25]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3475593946-788457680-2885981346-1000UA.job
- c:\users\Gocejna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 13:25]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKU-Default-Run-tcpudp - c:\windows\VRTBD85.tmp
MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-NotebookHardwareControl - c:\program files\Notebook Hardware Control\nhc.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
AddRemove-EPC32.EXE - G:\SETUP.EXE
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-Microsoft .NET Framework 4 Client Profile PLK Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe
AddRemove-Microsoft .NET Framework 4 Extended - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe
AddRemove-Microsoft .NET Framework 4 Extended PLK Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe
AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Gocejna\AppData\Local\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2012-07-05 11:52:06
ComboFix-quarantined-files.txt 2012-07-05 09:52
.
Przed: 49 884 401 664 bajtów wolnych
Po: 49 794 256 896 bajtów wolnych
.
- - End Of File - - C6E199333AEDF926CAB4B6BE480D2EE8
[/log]

????

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.