ComboFix 12-03-27.03 - big 2012-03-28 21:27:43.1.4 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.8190.7313 [GMT 2:00] Uruchomiony z: C:\Users\big\Desktop\ComboFix.exe AV: ArcaVir *Disabled/Updated* {C1A578B7-C3A1-49AC-98B6-AAC30AB239EB} FW: ArcaVir Firewall *Disabled* {F99EF992-89CE-48F4-B3E9-03F6F4617E90} SP: ArcaVir *Enabled/Updated* {7AC49953-E59B-4622-A206-91B171357356} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files (x86)\facemoods.com C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe C:\Windows\assembly\tmp\U ((((((((((((((((((((((((( Pliki utworzone od 2012-02-28 do 2012-03-28 ))))))))))))))))))))))))))))))) 2012-03-28 19:33:44 . 2012-03-28 19:33:44 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-03-27 12:31:24 . 2012-03-20 01:51:22 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{497E8B4B-FB22-4B77-AC4A-211B87FA792D}\mpengine.dll 2012-03-26 08:13:07 . 2011-11-19 15:20:37 5559152 ----a-w- C:\Windows\system32\ntoskrnl.exe 2012-03-26 08:13:06 . 2011-11-19 14:50:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-26 08:13:05 . 2011-11-19 14:50:02 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-26 07:47:55 . 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\system32\win32k.sys 2012-03-26 07:47:52 . 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\system32\DWrite.dll 2012-03-26 07:47:52 . 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-26 07:46:35 . 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\system32\rdpcore.dll 2012-03-26 07:46:35 . 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-26 07:46:35 . 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys 2012-03-26 07:46:35 . 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys 2012-03-26 07:46:33 . 2012-01-25 06:38:39 77312 ----a-w- C:\Windows\system32\rdpwsx.dll 2012-03-26 07:46:33 . 2012-01-25 06:38:38 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll 2012-03-26 07:46:33 . 2012-01-25 06:33:30 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe 2012-03-18 22:08:59 . 2012-03-18 22:08:59 -------- d-----w- C:\Windows\system32\%APPDATA% 2012-03-18 22:04:06 . 2012-03-18 22:04:06 -------- d-sh--w- C:\Users\big\AppData\Local\be37ec03 2012-03-12 22:28:23 . 2012-03-12 22:28:23 -------- d-----w- C:\Program Files (x86)\PITy 2012-03-09 22:57:57 . 2012-03-09 22:57:57 -------- d-----w- C:\Users\big\AppData\Roaming\NVIDIA 2012-03-09 22:57:47 . 2012-03-09 22:58:07 -------- d-----w- C:\Users\big\AppData\Local\Risen 2012-03-09 21:06:11 . 2012-03-09 21:06:11 -------- d-----w- C:\Program Files (x86)\Deep Silver 2012-03-06 19:43:31 . 2012-03-25 22:29:23 -------- d-----w- C:\Windows\Msagent 2012-03-06 19:42:08 . 2012-03-06 19:42:08 -------- d-----w- C:\Users\big\AppData\Roaming\Microsoft Web Folders . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-02-23 07:18:36 . 2010-11-21 03:27:21 279656 ------w- C:\Windows\system32\MpSigStub.exe 2012-01-04 10:44:20 . 2012-02-16 13:04:38 509952 ----a-w- C:\Windows\system32\ntshrui.dll 2012-01-04 08:58:41 . 2012-02-16 13:04:38 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2011-12-30 23:57:38 . 2011-09-25 20:25:21 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-30 06:26:08 . 2012-02-16 13:04:35 515584 ----a-w- C:\Windows\system32\timedate.cpl 2011-12-30 05:27:56 . 2012-02-16 13:04:35 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 11:29:36 1490312] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 14:02:22 3863136] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-05-17 11:29:36 1490312 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] 2010-09-12 14:02:22 3863136 ----a-w- C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 11:29:36 1490312] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 14:02:22 3863136] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-25 20:25:47 39408] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2011-10-13 08:27:14 17351304] "ISUSPM Startup"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30:30 249856] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 09:17:04 3514176] "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 14:40:04 1053056] "Steam"="C:\Program Files (x86)\Steam\Steam.exe" [2012-01-06 16:49:04 1242448] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 11:29:46 395144] "ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 14:30:30 81920] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 06:22:28 59240] "QuickTime Task"="D:\Program Files (x86)\QuickTime\QTTask.exe" [2011-10-24 13:28:52 421888] C:\Users\big\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576] R2 gupdate;Usługa Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-25 20:25:29 136176] R3 7ByteIo;7ByteIo;D:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x] R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 09:14:30 183560] R3 gupdatem;Usługa Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-25 20:25:29 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 12:49:20 227232] R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys [x] R3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys [x] R3 Prot6Flt;Prot6Flt;C:\Windows\system32\DRIVERS\Prot6Flt.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184] S1 ABTDI;ArcaBit Network Driver;C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [2010-10-26 12:04:44 94800] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x] S2 ABConfSV;ArcaBit Config Service;C:\Program Files\ArcaBit\Common\ArcaConfSV.exe [2011-10-27 20:39:05 203344] S2 ABMainSV;ArcaBit Main Service;C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe [2011-10-27 20:39:03 212328] S2 ArcaRemoteService;ArcaBit Control;C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe [2011-12-19 14:29:24 938576] S2 AVBackup;ArcaBit Backup Service;C:\Program Files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe [2011-03-29 12:36:48 252496] S2 AVTasks2;ArcaBit Tasks Service;C:\Program Files\ArcaBit\Common\ArcaTasksService.exe [2011-01-21 12:41:58 198736] S2 AVUpdate;ArcaBit Update Service;C:\Program Files\ArcaBit\ArcaUpdate\update.exe [2011-10-27 20:39:03 188496] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-19 12:19:08 378984] S3 ABFLT;ArcaBit File Monitor Driver;C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys [2011-02-14 16:16:46 67152] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - WS2IFSL Zawartość folderu 'Zaplanowane zadania' 2012-03-28 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-25 20:25:32 . 2011-09-25 20:25:29] 2012-03-28 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-25 20:25:32 . 2011-09-25 20:25:29] --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11:32:36 11545192] "AvMenu"="C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe" [2012-03-26 07:48:57 606800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 ------- Skan uzupełniający ------- uLocal Page = C:\Windows\system32\blank.htm uStart Page = hxxp://www.google.pl/ mLocal Page = C:\Windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Funkcja Google Sidewiki - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 62.179.1.62 62.179.1.63 - - - - USUNIĘTO PUSTE WPISY - - - - URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) Wow6432Node-HKLM-Run-facemoods - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) AddRemove-facemoods - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe