[19:12:55] Kołeq: ComboFix 12-03-04.02 - x 2012-03-05 18:12:59.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.2046.892 [GMT 1:00] Uruchomiony z: c:\users\x\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\StartSearch plugin c:\programdata\ntuser.dat c:\users\x\AppData\Roaming\.# c:\users\x\AppData\Roaming\EurekaLog c:\windows\IsUn0415.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\1.txt c:\windows\system32\haslo.scr . . ((((((((((((((((((((((((( Pliki utworzone od 2012-02-05 do 2012-03-05 ))))))))))))))))))))))))))))))) . . 2012-03-05 17:04 . 2012-03-05 17:04 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{394D6076-0CEB-480A-B535-5F64A3F960D7}\offreg.dll 2012-03-05 17:04 . 2012-03-05 17:04 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{394D6076-0CEB-480A-B535-5F64A3F960D7}\MpKslfaf4c5ed.sys 2012-03-05 15:13 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{394D6076-0CEB-480A-B535-5F64A3F960D7}\mpengine.dll 2012-03-01 14:16 . 2012-03-01 14:16 -------- d-----w- c:\program files\LogMeIn Hamachi 2012-02-16 15:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-16 15:29 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-16 15:29 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-16 15:24 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-02-10 14:35 . 2012-02-10 14:35 -------- d-----w- c:\program files\Common Files\Skype 2012-02-10 14:35 . 2012-02-10 14:35 -------- d-----w- c:\program files\Common Files\Overwolf 2012-02-10 10:53 . 2011-10-17 15:40 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-10 10:53 . 2012-02-10 10:52 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4728E2C5-FB9F-4E26-9144-754C69F6A03B}\gapaengine.dll 2012-02-09 20:03 . 2012-02-09 20:03 -------- d-----w- c:\programdata\Overwolf 2012-02-09 17:36 . 2012-02-09 17:36 -------- d-----w- c:\users\x\AppData\Local\Chromium 2012-02-09 15:31 . 2012-02-10 14:35 -------- d-----w- c:\program files\Overwolf 2012-02-09 15:02 . 2012-02-13 15:05 -------- d-----w- c:\users\x\AppData\Local\Overwolf 2012-02-06 16:49 . 2012-02-06 17:33 -------- d-----w- c:\users\x\AppData\Roaming\Miranda 2012-02-06 16:48 . 2012-02-06 17:31 -------- d-----w- c:\program files\Miranda IM 2012-02-06 14:37 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys 2012-02-05 20:03 . 2012-02-05 20:04 -------- d-----w- c:\program files\Tasker 2012-02-04 18:43 . 2012-02-04 18:51 -------- d-----w- c:\users\x\AppData\Roaming\Tibia . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-08 06:03 . 2011-10-17 15:40 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-01-31 12:44 . 2010-10-15 12:55 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-11 20:07 . 2012-01-11 20:07 0 ---ha-w- c:\users\x\AppData\Local\BITCEB4.tmp 2011-12-14 17:11 . 2011-12-14 17:11 686416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-12-13 18:03 . 2011-12-13 18:02 1073152 ----a-w- c:\windows\system32\Indy70.bpl 2012-02-17 21:07 . 2011-05-20 21:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" "sleep" "Google Update"="c:\users\x\AppData\Local\Google\Update\GoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 136176] R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] R3 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-19 29416] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 136176] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - MPKSLFAF4C5ED . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 13:52] . 2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 13:52] . 2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725041692-303553113-1489231641-1000Core.job - c:\users\x\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-10 18:22] . 2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725041692-303553113-1489231641-1000UA.job - c:\users\x\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-10 18:22] . . ------- Skan uzupełniający ------- . uStart Page = google.pl mStart Page = google.pl mSearch bar = google.pl uInternet Settings,ProxyServer = 88.199.92.130:8080 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\x\AppData\Roaming\Mozilla\Firefox\Profiles\taxuqupi.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - kurnik.pl FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=d5c1e390-1e0a-11e1-9803-6cf04912e0ea&q= FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-Theme Park World - c:\windows\IsUn0415.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-03-05 18:24:58 ComboFix-quarantined-files.txt 2012-03-05 17:24 . Przed: 89 457 164 288 bajtów wolnych Po: 89 411 096 576 bajtów wolnych