ComboFix 12-01-09.03 - user 2012-01-16 23:21:22.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.4095.3292 [GMT 1:00] Uruchomiony z: c:\users\user\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . - TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI - . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\assembly\tmp\U c:\windows\assembly\tmp\U\00000001.@ c:\windows\assembly\tmp\U\000000c0.@ c:\windows\assembly\tmp\U\000000cb.@ c:\windows\assembly\tmp\U\000000cf.@ c:\windows\assembly\tmp\U\80000000.@ c:\windows\assembly\tmp\U\800000c0.@ c:\windows\assembly\tmp\U\800000cb.@ c:\windows\assembly\tmp\U\800000cf.@ . . ((((((((((((((((((((((((( Pliki utworzone od 2011-12-16 do 2012-01-16 ))))))))))))))))))))))))))))))) . . 2012-01-16 22:22 . 2012-01-16 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-16 22:21 . 2012-01-16 22:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECEF0616-0510-44CB-A324-9204C0E65D02}\offreg.dll 2012-01-16 14:39 . 2012-01-16 14:39 -------- d-----w- c:\programdata\CPA_VA 2012-01-16 13:16 . 2012-01-16 17:31 -------- d-----w- c:\program files (x86)\Comodo 2012-01-16 13:16 . 2012-01-16 13:16 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2012-01-16 12:52 . 2009-07-14 00:00 6656 ----a-w- c:\windows\system32\drivers\beep.sys_old 2012-01-15 23:45 . 2012-01-15 23:45 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2012-01-15 23:45 . 2012-01-15 23:45 -------- d-----w- c:\programdata\Malwarebytes 2012-01-15 23:45 . 2012-01-15 23:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-01-15 23:45 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-15 23:29 . 2012-01-15 23:30 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner 2012-01-15 23:22 . 2012-01-15 23:22 -------- d-----w- c:\program files\CCleaner 2012-01-15 23:20 . 2012-01-15 23:25 -------- d-----w- c:\program files (x86)\Google 2012-01-15 23:20 . 2012-01-15 23:20 -------- d-----w- c:\users\user\AppData\Local\Google 2012-01-13 13:53 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECEF0616-0510-44CB-A324-9204C0E65D02}\mpengine.dll 2012-01-11 22:34 . 2012-01-11 22:34 -------- d-----w- c:\users\user\AppData\Roaming\NVIDIA 2012-01-11 22:31 . 2012-01-11 22:31 -------- d-----w- c:\users\user\AppData\Roaming\e-pity 2012-01-11 22:13 . 2012-01-11 22:13 -------- d-----w- c:\users\UpdatusUser 2012-01-11 22:11 . 2012-01-11 22:11 -------- d-----w- C:\NVIDIA 2012-01-11 21:40 . 2012-01-11 21:40 -------- d-----w- c:\programdata\IObit 2012-01-11 21:40 . 2012-01-11 21:40 -------- d-----w- c:\program files (x86)\IObit 2012-01-11 09:59 . 2012-01-11 09:59 -------- d-----w- c:\users\user\AppData\Local\ESET 2012-01-11 09:46 . 2012-01-11 09:46 -------- d-----w- c:\programdata\Avira 2012-01-11 09:46 . 2012-01-11 09:46 -------- d-----w- c:\program files (x86)\Avira 2012-01-11 09:46 . 2011-12-15 14:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-01-11 09:46 . 2011-12-15 14:00 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-01-11 09:46 . 2011-12-15 14:00 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-01-11 08:34 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 08:34 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 08:34 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 08:34 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 08:34 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 08:34 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-11 08:34 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 08:34 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-06 12:45 . 2012-01-06 12:45 -------- d-----w- c:\users\user\AppData\Local\Apps 2012-01-02 12:52 . 2012-01-11 22:23 -------- d-----w- c:\users\user\AppData\Roaming\Applian FLV and Media Player 2012-01-02 12:49 . 2012-01-02 12:49 -------- d-----w- c:\program files (x86)\Applian Technologies 2012-01-02 12:49 . 2012-01-02 12:49 -------- d-----w- c:\users\user\AppData\Roaming\com.w3i.FlipToast 2012-01-02 12:49 . 2012-01-02 12:56 -------- d-----w- c:\program files (x86)\fliptoast 2012-01-02 12:48 . 2012-01-02 12:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-24 04:52 . 2011-12-14 12:21 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-23 12:33 . 2011-05-29 07:56 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-05 05:41 . 2011-12-14 12:24 1188864 ----a-w- c:\windows\system32\wininet.dll 2011-11-05 05:32 . 2011-12-14 12:21 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-05 04:35 . 2011-12-14 12:23 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2011-11-05 04:26 . 2011-12-14 12:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-11-05 03:32 . 2011-12-14 12:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-11-05 02:48 . 2011-12-14 12:23 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-10-26 05:21 . 2011-12-14 12:24 43520 ----a-w- c:\windows\system32\csrsrv.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ fliptoast.lnk - c:\program files (x86)\fliptoast\fliptoast.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "Shell"= explorer.exe,c:\users\user\AppData\Roaming\Amouou.exe . R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-15 136176] R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-22 1030600] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-15 136176] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [x] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x] . . Zawartość folderu 'Zaplanowane zadania' . 2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-15 23:20] . 2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-15 23:20] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192] "lxctmon.exe"="c:\program files (x86)\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs tosrfhid . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = www.v9.com/idg/idg_1326294454_354121 mStart Page = www.v9.com/idg/idg_1326294454_354121 IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html TCP: Interfaces\{33DFCA3C-F4D8-45FA-91B1-27736C4F291C}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{FF5E237A-8074-4BC8-BFED-D5E38163EE29}: NameServer = 193.41.112.18 193.41.112.14 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\43mxtxef.default\ FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4} . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-01-16 23:24:17 ComboFix-quarantined-files.txt 2012-01-16 22:24 ComboFix2.txt 2012-01-11 14:52 . Przed: 18 851 258 368 bajtów wolnych Po: 18 829 561 856 bajtów wolnych . - - End Of File - - 2CB34112BC53126D9A466374AF6011BB