ComboFix 12-02-07.01 - user 2012-02-07 23:41:11.2.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.2935.1754 [GMT 1:00] Uruchomiony z: E:\ComboFix.exe AV: Trend Micro Client/Server Security Agent *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} SP: Anti-spyware de Trend Micro Client/Server Security Agent *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2012-01-07 do 2012-02-07 ))))))))))))))))))))))))))))))) . . 2012-02-07 22:47 . 2012-02-07 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-07 22:18 . 2012-02-07 22:18 -------- d-----w- c:\windows\system32\SPReview 2012-02-07 22:10 . 2012-02-07 22:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-02-07 21:47 . 2012-02-07 22:47 -------- d-----w- c:\users\user\AppData\Local\temp 2012-02-07 19:25 . 2010-05-22 13:48 167936 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys 2012-02-07 19:25 . 2010-05-22 13:48 26880 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys 2012-02-07 19:25 . 2010-05-22 13:48 70656 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys 2012-02-07 19:25 . 2010-05-22 13:48 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys 2012-02-07 19:25 . 2010-05-22 13:48 51584 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys 2012-02-07 19:25 . 2010-04-30 15:52 206336 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2012-02-07 19:25 . 2010-03-25 09:08 105984 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2012-02-07 19:25 . 2010-03-20 11:06 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys 2012-02-07 19:25 . 2010-01-18 17:48 27136 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2012-02-07 19:25 . 2010-03-20 10:56 101504 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys 2012-02-07 18:52 . 2012-02-07 18:52 -------- d-----w- c:\windows\system32\EventProviders 2012-02-07 18:19 . 2012-02-07 17:38 172952 ----a-w- c:\windows\BFE.reg 2012-02-07 18:14 . 2011-08-02 22:28 1592320 ----a-w- c:\windows\SetACL.exe 2012-02-07 18:09 . 2012-02-07 17:56 491520 ----a-w- c:\windows\SetACL.ocx 2012-02-07 16:51 . 2012-02-07 16:51 -------- d-----w- c:\program files\CCleaner 2012-02-07 16:00 . 2012-02-07 16:00 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2012-02-07 16:00 . 2012-02-07 16:00 -------- d-----w- c:\programdata\Malwarebytes 2012-02-07 16:00 . 2012-02-07 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-07 16:00 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-07 15:43 . 2009-07-14 11:27 1461992 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll 2012-02-07 15:42 . 2012-02-07 19:25 -------- d-----w- c:\program files\PLAY ONLINE 2012-02-07 15:42 . 2012-02-07 19:25 -------- d-----w- c:\programdata\DatacardService 2012-01-19 18:58 . 2012-01-22 10:53 -------- d-----w- c:\programdata\AVAST Software 2012-01-19 18:58 . 2012-01-19 18:58 -------- d-----w- c:\program files\AVAST Software 2012-01-19 18:29 . 2012-01-19 18:29 -------- d-----w- c:\windows\Sun 2012-01-17 22:59 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-17 22:59 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-01-17 22:59 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys 2012-01-17 22:59 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll 2012-01-17 22:59 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll 2012-01-17 22:59 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll 2012-01-17 22:59 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll 2012-01-17 22:59 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll 2012-01-17 22:59 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-17 22:59 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe 2012-01-16 21:09 . 2011-09-16 10:57 189088 ----a-w- c:\program files\Mozilla Firefox\plugins\npVividasPlayer.dll 2012-01-16 19:31 . 2012-01-16 19:31 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-01-16 19:12 . 2012-02-07 19:59 0 --sha-w- c:\windows\system32\dds_log_trash.cmd 2012-01-13 20:18 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{227211C4-EDD0-4BB3-A0B3-698B52D11C76}\mpengine.dll 2012-01-11 13:04 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 13:04 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll 2012-01-11 13:04 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 13:04 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-07 22:27 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-11-24 04:25 . 2011-12-14 12:21 2342912 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 09:42 . 2011-09-06 15:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-08 22:16 . 2011-09-03 16:15 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-07 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-07 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-07 170520] "FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-11 5249024] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562] "Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9] 2009-07-06 20:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2010-09-04 07:15 240112 ----a-w- c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-30 206336] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-02-07 40776] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 17648] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-29 43888] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 70656] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480] S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-31 247808] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - TMLWF *NewlyCreated* - TMWFP *Deregistered* - TmFilter *Deregistered* - tmlwf *Deregistered* - tmwfp *Deregistered* - VSApiNt . Zawartość folderu 'Zaplanowane zadania' . 2012-01-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09] . 2012-02-07 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=125 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: Interfaces\{4CE1DEF2-30AE-4C79-8865-B7003D7CB265}: NameServer = 89.108.195.21 217.17.34.10 TCP: Interfaces\{E7180779-4E9B-43E7-94C0-E8930283EFE1}: NameServer = 89.108.195.20 217.17.34.10 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r53iutob.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html?p=125 . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'Explorer.exe'(3212) c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll . Czas ukończenia: 2012-02-07 23:49:39 ComboFix-quarantined-files.txt 2012-02-07 22:49 ComboFix2.txt 2012-02-07 21:53 . Przed: 77 689 106 432 bajtów wolnych Po: 77 357 920 256 bajtów wolnych . - - End Of File - - 22651A82AA763F68452ABB8D9C378208