ComboFix 12-12-23.01 - m 2012-12-25 11:45:11.2.2 - x86 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.2995.2156 [GMT 1:00] Uruchomiony z: d:\users\m\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . d:\programdata\dsgsdgdsgdsgw.pad d:\users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk d:\users\m\wgsdgsdgdsgsd.dll d:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Pliki utworzone od 2012-11-25 do 2012-12-25 ))))))))))))))))))))))))))))))) . . 2012-12-25 10:50 . 2012-12-25 10:50 -------- d-----w- d:\users\m\AppData\Local\temp 2012-12-25 10:50 . 2012-12-25 10:50 -------- d-----w- d:\users\Default\AppData\Local\temp 2012-12-24 21:55 . 2012-12-25 10:28 2791 ----a-w- d:\programdata\dsgsdgdsgdsgw.js 2012-12-24 21:44 . 2012-12-24 21:44 -------- d-----w- d:\program files\AVG Secure Search 2012-12-21 09:47 . 2012-12-16 14:13 295424 ----a-w- d:\windows\system32\atmfd.dll 2012-12-21 09:47 . 2012-12-16 14:13 34304 ----a-w- d:\windows\system32\atmlib.dll 2012-12-13 14:19 . 2012-12-13 14:19 -------- d-----w- d:\program files\Common Files\Skype 2012-12-13 10:53 . 2012-11-22 02:56 2345984 ----a-w- d:\windows\system32\win32k.sys 2012-11-29 21:58 . 2012-11-29 21:58 -------- d-----w- d:\program files\Acon Digital 2012-11-29 19:18 . 2012-11-29 19:18 -------- d-----w- d:\program files\iVocalize Web Conference 4 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-08 10:36 . 2012-09-04 19:53 26984 ----a-w- d:\windows\system32\drivers\avgtpx86.sys 2012-10-16 07:39 . 2012-12-01 14:46 561664 ----a-w- d:\windows\apppatch\AcLayers.dll 2012-10-09 17:40 . 2012-11-16 17:48 44032 ----a-w- d:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-16 17:48 193536 ----a-w- d:\windows\system32\dhcpcore6.dll 2012-10-03 16:58 . 2012-11-16 17:48 1293680 ----a-w- d:\windows\system32\drivers\tcpip.sys 2012-10-03 16:42 . 2012-11-16 17:48 52224 ----a-w- d:\windows\system32\nlaapi.dll 2012-10-03 16:42 . 2012-11-16 17:48 242176 ----a-w- d:\windows\system32\nlasvc.dll 2012-10-03 16:42 . 2012-11-16 17:48 18944 ----a-w- d:\windows\system32\netevent.dll 2012-10-03 16:42 . 2012-11-16 17:48 175104 ----a-w- d:\windows\system32\netcorehc.dll 2012-10-03 16:42 . 2012-11-16 17:48 156672 ----a-w- d:\windows\system32\ncsi.dll 2012-10-03 16:40 . 2012-11-16 17:48 499712 ----a-w- d:\windows\system32\iphlpsvc.dll 2012-10-03 15:21 . 2012-11-16 17:48 35328 ----a-w- d:\windows\system32\drivers\tcpipreg.sys 2012-12-20 08:15 . 2012-12-20 08:15 262112 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "d:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-12-24 21:44 1796552 ----a-w- d:\program files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "d:\program files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll" [2012-12-24 1796552] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-04 39408] "supertintin_skype"="d:\program files\Supertintin for Skype\supertintin_skype.exe" [2012-06-30 1404416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Info Center"="d:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-04-22 24216] "AVG_TRAY"="d:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-28 98304] "Smart File Advisor"="d:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824] "NDSTray.exe"="NDSTray.exe" [BU] "vProt"="d:\program files\AVG Secure Search\vprot.exe" [2012-12-24 997320] "APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "ApnUpdater"="d:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768] "SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "VideoCaptureMaster"="d:\program files\Video Capture Master\VideoCaptureMaster.exe" [2010-12-13 8751104] "ROC_roc_ssl_v12"="d:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-12-24 1020512] . d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [x] R2 avgwd;AVG WatchDog;d:\program files\AVG\AVG2012\avgwdsvc.exe [x] R2 ConfigFree Service;ConfigFree Service;d:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x] R2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [x] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;d:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;d:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] R3 massfilter;ZTE Mass Storage Filter Driver;d:\windows\system32\drivers\massfilter.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x] R3 PGEffect;Pangu effect driver;d:\windows\system32\DRIVERS\pgeffect.sys [x] R3 RTL8167;Realtek 8167 NT Driver;d:\windows\system32\DRIVERS\Rt86win7.sys [x] R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;d:\windows\system32\Wat\WatAdminSvc.exe [x] R3 wxpSvc;webcamXP Service;d:\program files\webcamXP 5\wService.exe [x] S0 AVGIDSHX;AVGIDSHX;d:\windows\system32\DRIVERS\avgidshx.sys [x] S1 Avgtdix;AVG TDI Driver;d:\windows\system32\DRIVERS\avgtdix.sys [x] S1 avgtp;avgtp;d:\windows\system32\drivers\avgtpx86.sys [x] . . Zawartość folderu 'Zaplanowane zadania' . 2012-12-25 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job - d:\program files\Google\Update\GoogleUpdate.exe [2011-07-04 11:58] . 2012-12-25 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job - d:\program files\Google\Update\GoogleUpdate.exe [2011-07-04 11:58] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=128 TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - d:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll FF - ProfilePath - d:\users\m\AppData\Roaming\Mozilla\Firefox\Profiles\zesvji7j.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html?p=128 FF - prefs.js: network.proxy.gopher - FF - prefs.js: network.proxy.gopher_port - 0 FF - prefs.js: network.proxy.type - 0 . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wxpSvc] "ImagePath"="d:\program files\webcamXP 5\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-2082012259-2738947507-4182755986-1000\Software\SecuROM\License information*] "datasecu"=hex:99,64,73,95,42,6d,b3,99,43,ca,9d,86,18,ae,e8,a2,93,eb,70,b3,ea, 27,f0,b9,19,f4,6c,59,ea,35,65,04,2c,91,00,f8,6b,67,1e,08,e8,44,4f,8a,58,10,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-12-25 11:51:47 ComboFix-quarantined-files.txt 2012-12-25 10:51 ComboFix2.txt 2012-12-24 21:54 . Przed: 43 384 557 568 bajtów wolnych Po: 43 367 866 368 bajtów wolnych . - - End Of File - - B37323A6F56BDB790185EAAA776323BE