wklejto.pl

Dodane przez: ~Anonim (2012-05-25 19:26) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
377.
378.
379.
380.
381.
382.
383.
384.
385.
386.
387.
388.
389.
390.
391.
392.
393.
394.
395.
396.
397.
398.
399.
400.
401.
402.
403.
404.
405.
406.
407.
408.
409.
410.
411.
412.
413.
414.
415.
416.
417.
418.
419.
420.
421.
422.
423.
424.
425.
426.
427.
428.
429.
430.
431.
432.
433.
434.
435.
436.
437.
438.
439.
440.
441.
442.
443.
444.
445.
446.
447.
ComboFix 12-05-22.02 - Dawid 2012-05-23  14:10:38.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1250.48.1045.18.2997.1533 [GMT 2:00]
Uruchomiony z: d:\forza sport\DVD2\ComboFix_www.INSTALKI.pl.exe
AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunito   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\program files (x86)\StartSearch plugin
c:\program files (x86)\StartSearch plugin\IEhelperActiveX.dll
c:\program files (x86)\StartSearch plugin\ssBarLcher.dll
c:\program files (x86)\StartSearch plugin\StartBar.dll
c:\program files (x86)\StartSearch plugin\uninst.exe
c:\program files (x86)\StartSearch plugin\vshareplg.crx
c:\program files (x86)\TrashReg
c:\program files (x86)\TrashReg\Backups\[20120118205018].reg
c:\program files (x86)\TrashReg\Backups\[20120118205023].reg
c:\program files (x86)\TrashReg\Backups\[20120319015012].reg
c:\program files (x86)\TrashReg\DisableNewSearches.reg
c:\program files (x86)\TrashReg\File_id.diz
c:\program files (x86)\TrashReg\Help\rtkf_deu.chm
c:\program files (x86)\TrashReg\Help\rtkf_eng.chm
c:\program files (x86)\TrashReg\Help\rtkf_esp.chm
c:\program files (x86)\TrashReg\Help\rtkf_rus.chm
c:\program files (x86)\TrashReg\LastSettings.reg
c:\program files (x86)\TrashReg\ReadMe.Deu.txt
c:\program files (x86)\TrashReg\ReadMe.Eng.txt
c:\program files (x86)\TrashReg\ReadMe.Esp.txt
c:\program files (x86)\TrashReg\ReadMe.Rus.txt
c:\program files (x86)\TrashReg\rtkf_uninst.exe
c:\program files (x86)\TrashReg\TrashReg.exe
c:\program files (x86)\TrashReg\TrashRegX64.exe
c:\programdata\FullRemove.exe
c:\users\Dawid\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\users\Dawid\AppData\Local\unins000.exe
c:\users\Dawid\AppData\Roaming\IDM\idmmzcc3
c:\users\Dawid\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Dawid\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Dawid\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Dawid\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Dawid\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Dawid\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Dawid\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Dawid\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Dawid\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\windows\IsUn0415.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\tmpF678.tmp
c:\windows\SysWow64\tmpF966.tmp
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usugi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-04-23 do 2012-05-23  )))))))))))))))))))))))))))))))
.
.
2012-05-23 12:19 . 2012-05-23 12:19     --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-05-12 01:11 . 2012-04-13 08:46     8917360 ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{25B99C0C-303E-43A7-BFDA-9CAFAAAF7A6C}\mpengine.dll
2012-05-01 13:47 . 2010-02-17 10:04     85048   ----a-w-        c:\windows\system32\drivers\CSCrySec.sys
2012-05-01 13:47 . 2010-02-17 10:04     66104   ----a-w-        c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-05-01 13:47 . 2012-05-01 13:47     --------        d-----w-        c:\program files (x86)\Common Files\InfoWatch
2012-05-01 13:47 . 2012-05-01 13:47     --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2012-05-01 13:45 . 2012-05-01 13:45     --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2012-04-29 19:31 . 2012-04-29 19:31     --------        d-----w-        c:\users\Dawid\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1
2012-04-25 13:17 . 2012-04-25 13:17     --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-04-23 23:45 . 2012-04-23 23:45     --------        d-----w-        c:\programdata\KONAMI
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 21:44 . 2010-11-28 22:28     472808  ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-09-16 14:12 . 2011-11-03 12:44     3623592 ----a-w-        c:\program files (x86)\Common Files\ApnToolbarInstaller.exe
2011-09-16 14:12 . 2011-11-03 12:44     143240  ----a-w-        c:\program files (x86)\Common Files\ApnStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawidowe wpisy nie s pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 19:05        129624  ----a-w-        c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="d:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-11-03 1479680]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
"IDMan"="d:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-11-03 3220912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"Anti Trojan Elite"="c:\program files (x86)\Anti Trojan Elite\TJEnder.exe" [2009-06-14 4076544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages       REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders       credssp.dll, AfzoncUjwucr.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LanguageShortcut"="d:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe"
"NBKeyScan"="d:\program files (x86)\Nero\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"RemoteControl"="d:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 ATE_PROCMON;ATE_PROCMON;c:\program files (x86)\Anti Trojan Elite\ATEPMon.sys [2010-11-15 9984]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-27 13336]
R3 ABndis;AbNDIS Service;c:\windows\system32\DRIVERS\abndis.sys [x]
R3 ABndisMP;ABndisMP;c:\windows\system32\DRIVERS\abndis.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 RTCore64;RTCore64;c:\users\Dawid\Downloads\Programy\rmclock_235_bin\RTCore64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 WatAdminSvc;Usuga Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 CSObjectsSrv;Usuga zarzdzajca CryptoStorage;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2010-03-22 743992]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S2 Realtek9xp;Realtek9xp;c:\program files (x86)\REALTEK Wireless LAN Software\RtlService.exe [2009-09-01 36864]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Inne Usugi/Sterowniki w Pamici ---
.
*NewlyCreated* - WS2IFSL
.
Zawarto folderu 'Zaplanowane zadania'
.
2012-05-23 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files (x86)\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 08:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 19:06        170584  ----a-w-        c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"combofix"="c:\combofix_www.instalki.pl\CF12446.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Skan uzupeniajcy -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://pricesstart200.net/?q=NzMwODA0Mj7gnTxi4/METUNub0R0VExVa3FSQ3p2bWFsdXNDY3NqSHd3ZDExYjc5MTQ3MmMwNmJkZjhhZTFmNjBhMTUzNGIyZTlmYTcxYWNhNjMwMmY1ZTkwNTk4YzMzN2QzN2E4Mzc0ZmM0ZjgyYmU3MzhhM2JjNTR3c0NGUkZUY21xbGdvd3VKYkMxMzMzOTk3OTI2a21aeFhlSG1NbTc=
mStart Page = hxxp://startsear.ch/?aff=2&cf=7fd59bb9-fcc9-11e0-a816-c0cb38d75d4a
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Wylij obraz do urzdzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wylij stron do urzdzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: cignij przez IDM - d:\program files (x86)\Internet Download Manager\IEExt.htm
IE: cignij wszystkie linki przez IDM - d:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: cignij zawarto wideo FLV przez IDM - d:\program files (x86)\Internet Download Manager\IEGetVL.htm
TCP: DhcpNameServer = 158.75.88.5
FF - ProfilePath - c:\users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\1p2acnlk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pricesstart200.net/?q=NzMwODA0Mj7gnTxi4/METUNub0R0VExVa3FSQ3p2bWFsdXNDY3NqSHd3ZDExYjc5MTQ3MmMwNmJkZjhhZTFmNjBhMTUzNGIyZTlmYTcxYWNhNjMwMmY1ZTkwNTk4YzMzN2QzN2E4Mzc0ZmM0ZjgyYmU3MzhhM2JjNTR3c0NGUkZUY21xbGdvd3VKYkMxMzMzOTk3OTI2a21aeFhlSG1NbTc=
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=7fd59bb9-fcc9-11e0-a816-c0cb38d75d4a&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://pricesstart200.net/?q=NzMwODA0Mj7gnTxi4/METUNub0R0VExVa3FSQ3p2bWFsdXNDY3NqSHd3ZDExYjc5MTQ3MmMwNmJkZjhhZTFmNjBhMTUzNGIyZTlmYTcxYWNhNjMwMmY1ZTkwNTk4YzMzN2QzN2E4Mzc0ZmM0ZjgyYmU3MzhhM2JjNTR3c0NGUkZUY21xbGdvd3VKYkMxMzMzOTk3OTI2a21aeFhlSG1NbTc=
FF - user.js: browser.startup.page - 1
.
- - - - USUNITO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-LiveVDO plugin - c:\program files (x86)\StartSearch plugin\uninst.exe
AddRemove-Registry Trash Keys Finder - c:\program files (x86)\TrashReg\rtkf_uninst.exe
AddRemove-SuperMemo francuski_sredni - c:\windows\IsUn0415.exe
AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Dawid\AppData\Local\unins000.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4104769877-1918981244-963635753-1000\Software\SecuROM\License information*]
"datasecu"=hex:f9,f8,12,10,0d,2b,cc,b0,a9,01,86,07,57,cc,a7,a9,f6,70,c4,8f,f5,
   dd,9e,96,80,18,03,68,34,b6,e8,98,17,53,02,8d,ca,3e,20,4b,af,98,df,6f,8d,53,\
"rkeysecu"=hex:f5,f2,dd,25,24,cf,47,27,a1,12,99,25,0d,e1,2d,a2
.
[HKEY_USERS\S-1-5-21-4104769877-1918981244-963635753-1000_Classes\Wow6432Node\CLSID\{554b3fcd-4fe9-4db7-b1a4-2b21727a5c6d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000150
"Therad"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-4104769877-1918981244-963635753-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ff,86,9b,1e,06,a0,bb,c8,d1,60,08,24,9b,04,f1,1e,69,b3,51,6b,76,
   e1,ac,c4,7a,f5,70,5d,0b,0b,82,46,8c,25,33,10,bb,ed,a2,dc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4104769877-1918981244-963635753-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):16,b8,b7,6a,7d,d8,62,50,b1,2d,68,6d,e7,aa,76,89,4c,c5,22,cf,07,
   f0,31,47,65,d4,54,c5,c0,57,6a,5e,f7,c2,c3,bb,02,43,f1,55,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4104769877-1918981244-963635753-1000_Classes\Wow6432Node\CLSID\{e06a8702-71d3-4576-8bc1-9176461f6e97}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000005e
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostae uruchomione procesy ------------------------
.
c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
d:\program files (x86)\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\REALTEK Wireless LAN Software\RtWlan.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
d:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Czas ukoczenia: 2012-05-23  14:29:52 - komputer zosta uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-05-23 12:29
.
Przed: 24436678656 bajtw wolnych
Po: 24257388544 bajtw wolnych
.
- - End Of File - - 0225DE73DABE6658E907E3EAF4BA7611
 
Wygenerowano w 0.142s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!