Tak jak w temacie
Oto log combofixa
ComboFix 08-11-07.01 - Mateusz 2008-11-08 20:20:51.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.2175 [GMT 1:00]
Uruchomiony z: C:\Users\Mateusz\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\Internet Explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Windows\system32\f3PSSavr.scr
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Pliki utworzone od 2008-10-08 do 2008-11-08 )))))))))))))))))))))))))))))))
.
2008-11-08 19:11 . 2008-11-08 19:11
2008-11-08 18:54 . 2008-11-08 18:54
2008-11-04 20:09 . 2008-11-04 20:09
2008-10-29 16:22 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-29 16:22 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-29 16:22 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-27 16:37 . 2007-11-08 10:04 11,967,524 --a------ C:\Windows\System32\korwbrkr.lex
2008-10-26 21:45 . 2008-04-26 09:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-10-26 17:45 . 2008-10-26 17:45 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-26 16:49 . 2008-10-26 16:49
2008-10-23 16:59 . 2008-10-23 16:59
2008-10-23 16:58 . 2008-10-23 16:58
2008-10-23 16:53 . 2008-10-23 16:53
2008-10-23 16:52 . 2008-10-23 16:53
2008-10-23 16:47 . 2008-10-23 16:47
2008-10-23 16:47 . 2008-10-23 16:47 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-10-23 16:28 . 2008-10-23 16:28
2008-10-23 16:28 . 2007-10-12 14:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-10-23 16:28 . 2007-10-12 14:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-10-23 16:28 . 2007-10-02 08:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-10-23 16:28 . 2007-10-22 02:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-10-23 16:28 . 2007-07-19 23:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-10-23 16:13 . 2008-10-23 16:13
2008-10-23 16:13 . 2008-10-23 16:13
2008-10-23 16:12 . 2008-08-05 10:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-23 16:12 . 2008-08-05 10:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-23 16:12 . 2008-08-05 10:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-23 16:12 . 2008-08-05 10:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-23 16:12 . 2008-08-05 10:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-21 13:45 . 2008-10-21 14:05
2008-10-21 13:45 . 2008-10-21 13:45 20,480 --a------ C:\Windows\CDP_Uninst.exe
2008-10-18 20:42 . 2007-11-25 20:20
2008-10-17 14:54 . 2007-08-22 18:53
2008-10-17 14:48 . 2007-08-22 18:53
2008-10-16 14:59 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-16 14:59 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-16 14:59 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-16 14:59 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-16 14:59 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-16 14:59 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 16:39 . 2008-10-15 16:39
2008-10-11 17:07 . 2008-10-11 17:07
2008-10-11 16:59 . 2008-10-11 16:59
2008-10-11 15:59 . 2006-09-28 15:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-10-11 15:59 . 2006-09-28 15:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
2008-10-11 15:59 . 2006-07-28 08:30 236,824 --a------ C:\Windows\System32\xactengine2_3.dll
2008-10-11 15:59 . 2006-07-28 08:30 62,744 --a------ C:\Windows\System32\xinput1_2.dll
2008-10-11 15:58 . 2005-05-26 14:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-10-11 15:57 . 2008-10-11 15:57
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 19:55 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-11-08 19:04 27,525 ----a-w C:\Users\Mateusz\AppData\Roaming\nvModes.dat
2008-10-26 16:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-26 16:02 174 --sha-w C:\Program Files\desktop.ini
2008-10-26 15:52 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-26 15:52 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-10-26 15:52 --------- d-----w C:\Program Files\Windows Mail
2008-10-26 15:52 --------- d-----w C:\Program Files\Windows Journal
2008-10-26 15:52 --------- d-----w C:\Program Files\Windows Defender
2008-10-26 15:52 --------- d-----w C:\Program Files\Windows Collaboration
2008-10-26 15:52 --------- d-----w C:\Program Files\Windows Calendar
2008-10-26 15:23 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-10-26 15:23 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-10-23 18:13 --------- d-----w C:\Users\Mateusz\AppData\Roaming\Nowe Gadu-Gadu
2008-10-23 15:59 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-10-23 15:47 --------- d-----w C:\Users\Mateusz\AppData\Roaming\uTorrent
2008-10-15 14:25 --------- d-----w C:\Program Files\Nowe Gadu-Gadu
2008-10-05 21:14 --------- d-----w C:\Program Files\FREE Hi-Q Recorder
2008-10-05 21:07 --------- d-----w C:\Program Files\Vstplugins
2008-10-05 21:07 --------- d-----w C:\Program Files\Sony Setup
2008-10-05 21:07 --------- d-----w C:\Program Files\Sony
2008-10-05 10:43 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-10-05 10:43 --------- d-----w C:\Program Files\ALLPlayer
2008-09-21 16:20 --------- d-----w C:\Program Files\BYOND
2008-09-20 14:23 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-19 10:48 --------- d-----w C:\ProgramData\AVerTV
2008-09-13 16:32 --------- d-----w C:\Users\Mateusz\AppData\Roaming\Media Player Classic
2008-09-13 16:03 --------- d-----w C:\Program Files\uTorrent
2008-09-13 15:55 --------- d-----w C:\Program Files\Real Alternative
2008-09-12 22:33 --------- d-----w C:\Users\Mateusz\AppData\Roaming\Skype
2008-09-12 22:01 --------- d-----w C:\Users\Mateusz\AppData\Roaming\skypePM
2008-09-09 19:19 --------- d-----w C:\Program Files\Leksykonia
2008-09-01 17:34 56 —ha-w C:\ProgramData\ezsidmv.dat
2008-08-31 01:02 269,312 ----a-w C:\Windows\System32\es.dll
2008-08-29 19:46 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-08-29 19:46 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-08-29 19:46 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-08-29 19:46 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-08-29 19:41 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-08-29 19:33 988,216 ----a-w C:\Windows\System32\winload.exe
2008-08-29 19:33 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-08-29 19:33 615,992 ----a-w C:\Windows\System32\ci.dll
2008-08-29 19:33 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-08-29 19:33 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-08-29 19:33 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-08-29 19:33 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-08-29 19:33 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-08-29 19:33 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-08-29 19:33 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-08-29 19:31 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-08-29 19:31 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-08-29 19:31 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-08-29 19:31 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-08-29 19:30 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-08-29 19:30 738,304 ----a-w C:\Windows\System32\inetcomm.dll
2008-08-29 19:30 1,314,816 ----a-w C:\Windows\System32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-19 08:33 1233920]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 11:04 2127296]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-09-01 18:25 171448]
“Veoh”=“C:\Program Files\Veoh Networks\Veoh\VeohClient.exe” [2008-08-28 09:18 3660848]
“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2008-01-19 08:33 125952]
“Nowe Gadu-Gadu”=“C:\Program Files\Nowe Gadu-Gadu\gg.exe” [2008-10-10 10:50 6500960]
“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-08-08 13:11 490952]
“WindowsWelcomeCenter”=“oobefldr.dll” [2008-01-19 08:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SMSERIAL”=“C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe” [2006-11-22 10:31 630784]
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-09 22:58 115816]
“IS CfgWiz”=“C:\Program Files\Common Files\Symantec Shared\OPC{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe” [2007-01-12 19:27 431752]
“ATKMEDIA”=“C:\Program Files\ASUS\ATK Media\DMEDIA.EXE” [2006-11-02 16:27 61440]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-03-01 14:24 857648]
“PowerForPhone”=“C:\Program Files\PowerForPhone\PowerForPhone.exe” [2007-06-26 18:10 778240]
“ASUS Screen Saver Protector”=“C:\Windows\ASScrPro.exe” [2008-03-15 11:57 33136]
“ASUS Camera ScreenSaver”=“C:\Windows\ASScrProlog.exe” [2008-03-15 11:57 37232]
“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2007-05-22 15:34 86016]
“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2007-05-22 15:34 8433664]
“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2007-05-22 15:34 81920]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]
“RtHDVCpl”=“RtHDVCpl.exe” [2007-09-03 11:39 4702208 C:\Windows\RtHDVCpl.exe]
“Skytel”=“Skytel.exe” [2007-08-03 06:22 1826816 C:\Windows\SkyTel.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-08-29 20:11:39 675840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{7C98A100-D2F5-45BA-9D93-E198C8E9F0D1}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“{E89C6D64-B23F-46B2-AA81-EC4DC454B783}”= C:\Program Files\Skype\Phone\Skype.exe:Skype
“{48348C21-A02A-40E2-B9CD-4E91637B5A71}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
“{18329A5C-48FB-4DA8-9E86-AFBCADE7082F}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
“TCP Query User{9BE2431A-0838-4C7B-BFB6-8FFDC6789E45}C:\users\mateusz\desktop\utorrent.exe”= UDP:C:\users\mateusz\desktop\utorrent.exe:utorrent.exe
“UDP Query User{186F88BD-5E04-492B-850D-8FB166FD6F3F}C:\users\mateusz\desktop\utorrent.exe”= TCP:C:\users\mateusz\desktop\utorrent.exe:utorrent.exe
“TCP Query User{66B50771-9EED-41FA-86E5-B3F64784E5DF}C:\program files\nowe gadu-gadu\gg.exe”= UDP:C:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta
“UDP Query User{2A816EEF-1198-4632-922D-032770FB9584}C:\program files\nowe gadu-gadu\gg.exe”= TCP:C:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta
“TCP Query User{0CB5F927-1207-464E-8896-27F66F6E0A0A}C:\program files\byond\bin\byond.exe”= UDP:C:\program files\byond\bin\byond.exe:byond
“UDP Query User{6B6E3828-ED3D-47E7-8618-0F8EFE8BEF6C}C:\program files\byond\bin\byond.exe”= TCP:C:\program files\byond\bin\byond.exe:byond
“{00EEFEA9-2F70-48D0-916A-967FDFED68E4}”= UDP:C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx9.exe:Assassin’s Creed Dx9
“{95B5E10D-9992-4009-B339-BA8E27054FE6}”= TCP:C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx9.exe:Assassin’s Creed Dx9
“{ED347F88-C508-48D2-9804-0F829CCFD98E}”= UDP:C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx10.exe:Assassin’s Creed Dx10
“{6DE89DA2-5DB3-4C8E-A670-580E92FA8F1D}”= TCP:C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx10.exe:Assassin’s Creed Dx10
“{D0DC84B5-5ADF-48A5-8864-6E287F164319}”= UDP:C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Launcher.exe:Assassin’s Creed Update
“{3C992AC1-1BCB-46B8-974E-A30704661AB2}”= TCP:C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Launcher.exe:Assassin’s Creed Update
“{AD0068B7-C112-423D-9500-22F70976DBB4}”= UDP:C:\Ntreev\Grand Chase\main.exe:GrandChase
“{AE38DB78-F966-416A-8C62-C7EA4A8DB818}”= TCP:C:\Ntreev\Grand Chase\main.exe:GrandChase
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-08-29 17:38 46080]
S3 AVerIR;AVerMedia Infrared Receiver;C:\Windows\system32\DRIVERS\AVerIR.sys [2007-10-04 09:34 83456]
S3 CXSONORA;AVerMedia 23885 AvStream Video Capture;C:\Windows\system32\drivers\A885VCap.sys [2007-10-08 07:46 737152]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-27 23:47 212280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{257d5cbe-a11a-11dd-9cfa-001fc6128012}]
\shell\AutoRun\command - G:\autorun.exe
*Newly Created Service* - COMHOST
.
Zawartość folderu ‘Zaplanowane zadania’
2008-11-07 C:\Windows\Tasks\User_Feed_Synchronization-{B92B1B1D-1063-4944-AF3F-4F9D7C67BFC9}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
HKLM-Run-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\0lfuktuw.default\
FF -: plugin - C:\Program Files\BYOND\bin\npbyond.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.