ComboFix 12-09-30.01 - Sylwek 2012-09-30 15:35:56.1.1 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.4094.2912 [GMT 2:00] Uruchomiony z: c:\users\Sylwek\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . [i] ADS - Windows: deleted 192 bytes in 1 streams. [/i] . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\0F822C9161.sys c:\users\Sylwek\Documents\~WRL3604.tmp c:\users\Sylwek\Favorites\bookmarks.html c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\SysWow64\SilverEfexPro2FC32.dll.tmp D:\resycled d:\resycled\boot.com E:\Uninstall.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-08-28 do 2012-09-30 ))))))))))))))))))))))))))))))) . . 2012-09-30 13:43 . 2012-09-30 13:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-30 13:43 . 2012-09-30 13:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-09-30 06:47 . 2012-09-30 06:47 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51BFD9DB-9F52-402C-ACE4-402C8AB65411}\offreg.dll 2012-09-29 22:27 . 2012-09-29 22:31 -------- d-----w- c:\users\Sylwek\AppData\Roaming\TrueCrypt 2012-09-29 22:26 . 2012-09-29 22:26 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2012-09-29 22:26 . 2012-09-29 22:26 -------- d-----w- c:\program files\TrueCrypt 2012-09-25 15:15 . 2012-09-26 14:08 -------- d-----w- c:\programdata\ASGVIS 2012-09-25 14:56 . 2012-09-25 14:56 -------- d-----w- c:\users\Sylwek\AppData\Roaming\Progrupa sp. z o.o 2012-09-18 11:32 . 2012-09-18 11:32 -------- d-----w- c:\program files (x86)\Sure Delete 2012-09-13 11:44 . 2012-09-13 11:44 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-09-03 16:30 . 2012-09-03 16:30 -------- d-----w- c:\users\Sylwek\AppData\Roaming\OpenOffice.org 2012-09-03 16:10 . 2012-09-03 16:10 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 2012-09-01 20:14 . 2012-09-01 20:14 -------- d-----w- c:\windows\{3CEEB3E8-E6B3-4ABD-BEF9-0AF51120A42D} 2012-09-01 13:58 . 2012-09-01 20:15 -------- d-----w- c:\program files (x86)\ASUS 2012-09-01 13:58 . 2012-09-01 13:58 -------- d-----w- c:\windows\{7DB25343-6BF1-44DB-9659-D2B40A1A45B0} 2012-09-01 11:53 . 2012-09-01 12:15 -------- d-----w- c:\users\Sylwek\AppData\Roaming\Epson 2012-09-01 11:51 . 2012-09-01 11:51 -------- d-----w- c:\program files\Common Files\EPSON 2012-09-01 11:48 . 2012-09-01 11:48 -------- d-----w- c:\users\Sylwek\AppData\Local\ABBYY 2012-09-01 11:47 . 2012-09-01 11:48 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint 2012-09-01 11:47 . 2012-09-01 11:47 -------- d-----w- c:\programdata\ABBYY 2012-09-01 11:47 . 2012-09-01 11:47 -------- d-----w- c:\program files (x86)\Common Files\ABBYY 2012-09-01 11:45 . 2012-09-01 11:45 -------- d-----w- c:\programdata\UDL 2012-09-01 11:44 . 2012-09-01 11:44 -------- d-----w- c:\program files\Epson Software 2012-09-01 11:44 . 2012-09-01 11:44 -------- d-----w- c:\users\Sylwek\AppData\Roaming\InstallShield 2012-09-01 11:43 . 2012-09-01 11:45 -------- d-----w- c:\program files (x86)\Epson Software 2012-09-01 11:43 . 2007-04-10 11:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL 2012-09-01 11:43 . 2008-11-12 12:00 118784 ----a-w- c:\windows\system32\E_ILMHJE.DLL 2012-09-01 11:43 . 2009-10-01 13:01 88064 ----a-w- c:\windows\system32\E_IBCBHJE.DLL 2012-09-01 11:42 . 2012-09-01 12:03 -------- d-----w- c:\programdata\EPSON 2012-09-01 11:42 . 2009-12-08 22:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll 2012-09-01 11:42 . 2009-10-15 22:00 13824 ----a-w- c:\windows\system32\esxcdev.dll 2012-09-01 11:42 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe 2012-09-01 11:42 . 2012-09-01 11:43 -------- d-----w- c:\program files (x86)\epson 2012-08-31 16:23 . 2012-08-31 16:23 -------- d-----w- c:\program files\Chaos Group 2012-08-31 15:12 . 2012-08-31 15:12 -------- d-----w- c:\program files\Turbo Squid Tentacles 2012-08-31 15:09 . 2012-08-31 15:09 -------- d-----w- c:\program files (x86)\Turbo Squid Tentacles 2012-08-31 14:57 . 2012-08-31 14:57 -------- d-----w- c:\program files\Autodesk . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 13:46 . 2012-07-04 16:44 183112 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-07-04 16:44 . 2012-07-04 16:44 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisallowCpl"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R3 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-13 114144] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-03-10 687136] R4 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files (x86)\Autodesk\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536] R4 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;e:\trtrttttr\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-09 65536] R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-02-21 66560] R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-29 834544] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 202752] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928] S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] . . Zawartość folderu 'Zaplanowane zadania' . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksport do programu Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - e:\office~1\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Sylwek\AppData\Roaming\Mozilla\Firefox\Profiles\6dvcn9ij.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) "AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\" "DataDir"="ESET\\ESET NOD32 Antivirus\\" "EditionName"=" " "InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\" "LanguageId"=dword:00000415 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000000 "ProductCode"="{16CC554E-7E33-4C60-9EE4-A781DCAB65A8}" "ProductName"="ESET NOD32 Antivirus" "ProductType"="eav" "ProductVersion"="4.2.64.12" "UniqueId"="000557334D261BF6" "ScannerBuild"=dword:000021dd "ScannerVersionId"=dword:000016d4 "ScannerVersion"="Open window for status." "ei2"=hex(b):44,d8,0b,bf,20,7b,8b,6b "ei1"=hex(b):00,1a,4d,9a,81,5e,00,00 "ei3"=hex(b):bf,c5,58,4d,00,00,00,00 "ei4"=dword:00000002 "FixId"=dword:00000007 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-09-30 15:52:19 ComboFix-quarantined-files.txt 2012-09-30 13:52 . Przed: 718 983 168 bajtów wolnych Po: 997 658 624 bajtów wolnych . - - End Of File - - 57A77754FC38F10FB4BA6A0885F5FAF1