ComboFix 12-06-21.01 - twojnet 2012-06-21 13:27:22.2.2 - x86 MINIMAL Microsoft Windows 7 Professional 6.1.7600.0.1250.48.1045.18.1911.1306 [GMT 2:00] Uruchomiony z: C:\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\twojnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum c:\users\twojnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk c:\users\twojnet\Desktop\Live Security Platinum.lnk . . ((((((((((((((((((((((((( Pliki utworzone od 2012-05-21 do 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 11:31 . 2012-06-21 11:31 -------- d-----w- c:\users\twojnet\AppData\Local\temp 2012-06-21 11:31 . 2012-06-21 11:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-21 11:24 . 2012-06-21 10:07 881475 ----a-w- C:\SecurityCheck.exe 2012-06-21 10:55 . 2012-06-21 10:55 100864 ----a-w- C:\pwryipow.sys 2012-06-21 10:00 . 2012-06-21 09:58 139264 ----a-w- C:\SystemLook.exe 2012-06-21 10:00 . 2012-06-21 09:56 338199 ----a-w- C:\FSS.exe 2012-06-21 09:59 . 2012-06-21 09:59 -------- d-----w- C:\gmer 2012-06-13 15:23 . 2012-04-28 03:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 15:23 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 15:23 . 2012-05-15 01:12 2342400 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 15:23 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 15:23 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 15:23 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 15:23 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 15:22 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 15:22 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 15:22 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-12 10:51 . 2012-06-12 10:51 -------- d-----w- c:\program files\Common Files\Java 2012-06-12 10:51 . 2012-06-12 10:51 476960 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-12 10:03 . 2012-06-12 10:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-12 10:03 . 2012-06-12 10:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-06-12 10:02 . 2012-06-12 08:50 16409960 ----a-w- C:\spybotsd162.exe 2012-06-12 10:02 . 2012-06-12 08:46 596480 ----a-w- C:\OTL.exe 2012-06-10 09:23 . 2012-06-20 21:52 -------- d-----w- c:\programdata\F4D55F38001167CF000C9AC5A6014588 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-12 10:51 . 2010-12-04 13:00 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-02 04:46 . 2012-05-09 20:06 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-02 04:46 . 2012-05-09 20:06 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-30 10:29 . 2012-05-09 20:06 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-10 20:58 . 2012-03-10 20:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-14_13.32.50 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-04 13:16 . 2012-06-21 10:35 41578 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2012-06-21 10:35 46674 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-03-07 13:03 . 2012-06-21 10:35 14642 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116037218-1793735601-312851930-1000_UserData.bin + 2011-03-15 13:20 . 2012-06-14 22:06 6778 c:\windows\System32\wdi\ERCQueuedResolutions.dat - 2011-06-21 14:58 . 2011-12-12 10:59 1942 c:\windows\System32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin + 2011-06-21 14:58 . 2012-06-14 16:23 1942 c:\windows\System32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin + 2012-06-21 10:53 . 2012-06-21 10:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-14 06:59 . 2012-06-14 06:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-14 06:59 . 2012-06-14 06:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-06-21 10:53 . 2012-06-21 10:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-03-21 11:03 . 2012-06-21 10:42 230020 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2011-03-10 11:00 . 2012-06-19 18:55 311648 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 04:47 . 2012-06-13 20:52 385876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:47 . 2012-06-21 10:36 385876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-06-14 22:06 . 2012-06-14 22:06 386644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4116037218-1793735601-312851930-1000-12288.dat + 2009-07-14 02:03 . 2012-06-20 06:22 7340032 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:03 . 2012-06-14 07:14 7340032 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 08:07 . 2012-06-21 11:24 5289456 c:\windows\System32\perfh015.dat + 2009-07-14 02:05 . 2012-06-21 11:24 2235790 c:\windows\System32\perfh009.dat + 2009-07-14 08:07 . 2012-06-21 11:24 1737838 c:\windows\System32\perfc015.dat + 2009-07-14 02:05 . 2012-06-21 11:24 1654414 c:\windows\System32\perfc009.dat + 2011-04-19 17:38 . 2012-06-21 09:46 1412456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4116037218-1793735601-312851930-1000-8192.dat + 2012-06-18 21:19 . 2012-06-18 21:19 2208768 c:\windows\Installer\4374b.msi . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 170008] "FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-12-04 5249024] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562] "NSCSysTrayUI_XEROX"="c:\program files\XEROX\NetworkScan\NSCSysUI_XEROX.exe" [2009-01-13 266240] "MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE" [2009-12-15 484760] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\twojnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-30 136176] R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-10-28 5120] R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-30 136176] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-08 1343400] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-07-09 17648] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-07-09 43888] S3 pwryipow;pwryipow;C:\pwryipow.sys [2012-06-21 100864] . . Zawartość folderu 'Zaplanowane zadania' . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-30 12:01] . 2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-30 12:01] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://home.sweetim.com/?barid={D2D5B65D-6AAF-45FA-812F-F3E957249A62} uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 213.241.79.37 DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/pi/components/bph/SignActivX.cab FF - ProfilePath - c:\users\twojnet\AppData\Roaming\Mozilla\Firefox\Profiles\9m2bz8lk.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - hxxp://sail2sun.pl/ FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: network.proxy.type - 0 . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-06-21 13:33:03 ComboFix-quarantined-files.txt 2012-06-21 11:33 . Przed: 154 144 579 584 bajtów wolnych Po: 154 098 176 000 bajtów wolnych . - - End Of File - - 7E117D825E638F1ABC2842FBF0A7167B