ComboFix 12-11-06.03 - Kuba 2012-11-06 17:52:56.1.2 - x86 MINIMAL Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.3037.2621 [GMT 1:00] Uruchomiony z: F:\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPlyIE.dll c:\program files\DealPly\icon.ico c:\program files\DealPly\uninst.exe c:\programdata\dsgsdgdsgdsgw.pad c:\programdata\lsass.exe c:\users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk c:\windows\IsUn0415.exe c:\windows\system32\AppLog.log c:\windows\system32\roboot.exe . Zainfekowana kopia c:\windows\System32\autochk.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-10-06 do 2012-11-06 ))))))))))))))))))))))))))))))) . . 2012-11-06 17:02 . 2012-11-06 17:04 -------- d-----w- c:\users\Kuba\AppData\Local\temp 2012-11-06 17:02 . 2012-11-06 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-06 16:46 . 2012-11-06 17:04 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B80738D-843E-4ACF-AB6D-A91E81289BA0}\offreg.dll 2012-11-06 15:49 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B80738D-843E-4ACF-AB6D-A91E81289BA0}\mpengine.dll 2012-11-02 14:41 . 2012-11-02 14:41 -------- d-----w- c:\program files\Common Files\Comodo 2012-10-21 12:40 . 2012-10-21 13:00 -------- d-----w- c:\users\Kuba\AppData\Roaming\PerformerSoft 2012-10-21 12:40 . 2012-10-21 12:40 -------- d-----w- c:\programdata\IBUpdaterService 2012-10-21 12:39 . 2012-11-04 10:15 -------- d-----w- c:\programdata\PC Performer Manager 2012-10-21 12:37 . 2012-10-21 12:37 -------- d-----w- c:\program files\Gadu-Gadu 10 2012-10-21 12:34 . 2012-10-28 12:15 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe 2012-10-21 12:34 . 2012-10-28 12:15 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe 2012-10-18 17:30 . 2012-10-18 17:30 -------- d-----w- c:\programdata\GG 2012-10-18 17:29 . 2012-10-21 12:59 -------- d-----w- c:\users\Kuba\AppData\Roaming\GG 2012-10-18 17:29 . 2012-10-21 12:59 -------- d-----w- c:\users\Kuba\AppData\Local\GG 2012-10-13 12:04 . 2012-10-13 12:04 -------- d-----w- c:\program files\Common Files\Java 2012-10-13 12:04 . 2012-10-13 12:03 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-13 12:04 . 2012-10-13 12:03 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-10 14:13 . 2012-09-14 18:30 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 14:13 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 14:13 . 2012-06-02 04:45 139264 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 14:13 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 14:13 . 2012-06-02 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 14:13 . 2012-08-31 17:21 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-10 14:13 . 2012-08-10 23:54 541184 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 14:13 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-10 14:13 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-06 17:03 . 2011-09-16 17:30 58288 ----a-w- c:\windows\system32\rpcnet.dll 2012-11-06 17:03 . 2011-09-15 16:18 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2012-11-06 17:03 . 2011-09-15 16:17 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2012-10-13 12:03 . 2011-09-16 17:38 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-04 18:30 . 2012-10-01 21:10 38912 ----a-w- c:\windows\system32\identprv.dll 2012-08-24 17:10 . 2012-09-22 07:54 981504 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 17:08 . 2012-09-22 07:54 44544 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-24 16:01 . 2012-09-22 07:54 386048 ----a-w- c:\windows\system32\html.iec 2012-08-24 15:27 . 2012-09-22 07:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-15 11:27 . 2012-08-15 11:27 0 ----a-w- c:\windows\system32\sho751F.tmp 2012-10-28 12:15 . 2011-09-17 11:52 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304] "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-06-06 19:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936] "{1572957a-6f98-4ca0-9602-1579e03393f4}"= "mscoree.dll" [2009-11-25 297808] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304] . [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] . [HKEY_CLASSES_ROOT\clsid\{1572957a-6f98-4ca0-9602-1579e03393f4}] [HKEY_CLASSES_ROOT\IEToolbarEngine.IEToolbarEngine] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304] . [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSTray"="c:\program files\CTS\Tray\CTSTray.exe" [2011-06-07 99840] "WebcamMaxAutoRun"="c:\program files\WebcamMax\wcmmon.exe" [2011-07-17 1038848] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-05-04 12980832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-20 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-20 175640] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-20 166936] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 1474560] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2012-04-18 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe [2012-11-1 49360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\PCPERF~1\24897~1.175\{61D8B~1\pcpmngr.dll . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x] R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [x] R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [x] R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [x] R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [x] R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [x] R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [x] R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\Common Files\Comodo\GeekBuddyRSP.exe [x] S2 PC Performer Manager;PC Performer Manager;c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe [x] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x] S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-17 12:11] . 2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-17 12:11] . 2012-09-25 c:\windows\Tasks\Norton Security Scan for Kuba.job - c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-06-14 09:45] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.claro-search.com/?affID=114506&tt=4212_3&babsrc=HP_clro&mntrId=16b674d10000000000000625d35d1fc8 mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=pbr&from=pbr&uid=5VD0QRPX_ST9320325AS&ts=1346402642 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A3D1637F-B328-4602-8F8E-5FC66B855229}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{A94E7FC8-2EC4-4E6D-AB2D-7C0C1A342F68}: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - c:\users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\xl8n64uh.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.claro-search.com/?affID=114506&tt=4212_3&babsrc=HP_clro&mntrId=16b674d10000000000000625d35d1fc8 FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=114506&tt=4212_3&babsrc=KW_clro&mntrId=16b674d10000000000000625d35d1fc8&q= FF - prefs.js: network.proxy.type - 0 . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) HKCU-Run-MediaGet2 - c:\users\Kuba\AppData\Local\MediaGet2\mediaget.exe HKLM-Run-tvncontrol - c:\program files\Common Files\Comodo\tvnserver.exe AddRemove-DealPly - c:\program files\DealPly\uninst.exe AddRemove-MTA:SA 1.3 - c:\users\Kuba\Downloads\Uninstall.exe AddRemove-Mumble - d:\m\programy\Mumble\Uninstall.exe AddRemove-Szkoła na miarę, klasa 1, semestr 1 - c:\windows\IsUn0415.exe AddRemove-{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1 - d:\m\programy\Need For Speed World\unins000.exe AddRemove-{CB65F1BE-ECF5-4919-96EF-E7DCD444F639}}_is1 - d:\m\programy\CTSCameraViewer\unins000.exe AddRemove-TeamSpeak 3 Client - d:\m\programy\uninstall.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1327637104-3869377355-2950086141-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**Ţ»úÝT] "LP_LastUpdateTime"="0" "LP_LastCheckTime"=dword:503729b8 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\AUDIODG.EXE c:\windows\system32\taskhost.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\rpcnet.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Czas ukończenia: 2012-11-06 18:09:37 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-11-06 17:09 . Przed: 104 420 294 656 bajtów wolnych Po: 106 346 770 432 bajtów wolnych . - - End Of File - - BFE44B938739C1E7C913BA653F5D770C