ComboFix 12-04-06.03 - Renata 2012-04-07 0:05.1.2 - x86 NETWORK Microsoft Windows 7 Professional 6.1.7600.0.1250.48.1045.18.3039.2579 [GMT 2:00] Uruchomiony z: c:\users\Renata\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\autorun.inf c:\program files\Setup.exe c:\users\Renata\avira_antivir_personal_en.exe c:\users\Renata\Default.SFX c:\users\Renata\Uninstall.exe c:\users\Renata\WinCon.SFX c:\users\Renata\Zip.SFX c:\windows\$NtUninstallKB15282$ c:\windows\$NtUninstallKB15282$\2315617662 c:\windows\$NtUninstallKB15282$\634330749\@ c:\windows\$NtUninstallKB15282$\634330749\cfg.ini c:\windows\$NtUninstallKB15282$\634330749\Desktop.ini c:\windows\$NtUninstallKB15282$\634330749\L\xadqgnnk c:\windows\$NtUninstallKB15282$\634330749\twl.dll c:\windows\$NtUninstallKB15282$\634330749\U\00000001.@ c:\windows\$NtUninstallKB15282$\634330749\U\00000002.@ c:\windows\$NtUninstallKB15282$\634330749\U\00000004.@ c:\windows\$NtUninstallKB15282$\634330749\U\80000000.@ c:\windows\$NtUninstallKB15282$\634330749\U\80000004.@ c:\windows\$NtUninstallKB15282$\634330749\U\80000032.@ c:\windows\$NtUninstallKB15282$\634330749\version c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\dds_trash_log.cmd . Zainfekowana kopia c:\windows\system32\drivers\tdx.sys została znaleziona. Problem naprawiono Plik odzyskano z - The cat found it :) . ((((((((((((((((((((((((( Pliki utworzone od 2012-03-06 do 2012-04-06 ))))))))))))))))))))))))))))))) . . 2012-04-06 22:13 . 2012-04-06 22:13 -------- d-----w- c:\users\Renata\AppData\Local\temp 2012-04-06 22:13 . 2012-04-06 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-25 18:46 . 2012-03-23 18:49 74240 ----a-w- c:\windows\system32\drivers\tdx.sys 2012-03-22 20:49 . 2012-03-22 20:49 -------- d-----w- c:\users\Renata\AppData\Roaming\Malwarebytes 2012-03-22 20:49 . 2012-03-22 20:49 -------- d-----w- c:\programdata\Malwarebytes 2012-03-22 20:49 . 2012-03-22 20:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-22 20:49 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-16 18:29 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1D1B20B-D640-4314-8B82-D6FC9ABEE9D3}\mpengine.dll 2012-03-13 22:31 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-13 22:31 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-13 17:24 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 17:24 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 17:24 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-13 17:24 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-13 17:24 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-13 17:24 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-13 17:20 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 17:20 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 17:20 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 17:20 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 17:20 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 17:20 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-23 18:49 . 2012-04-06 22:03 74240 ----a-w- c:\windows\system32\drivers\tdx.svs 2012-03-03 13:22 . 2012-03-03 13:22 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-03-03 13:22 . 2012-03-03 13:22 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-03-03 13:22 . 2012-03-03 13:22 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-03-03 13:22 . 2012-03-03 13:22 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-03-03 13:22 . 2012-03-03 13:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-03-03 13:22 . 2012-03-03 13:22 367104 ----a-w- c:\windows\system32\html.iec 2012-03-03 13:22 . 2012-03-03 13:22 161792 ----a-w- c:\windows\system32\msls31.dll 2012-03-03 13:22 . 2012-03-03 13:22 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-03-03 13:22 . 2012-03-03 13:22 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-03-03 13:22 . 2012-03-03 13:22 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-03-03 13:22 . 2012-03-03 13:22 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-03-03 13:22 . 2012-03-03 13:22 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-03-03 13:22 . 2012-03-03 13:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-03-03 13:22 . 2012-03-03 13:22 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-03 13:22 . 2012-03-03 13:22 1798656 ----a-w- c:\windows\system32\jscript9.dll 2012-03-03 13:22 . 2012-03-03 13:22 152064 ----a-w- c:\windows\system32\wextract.exe 2012-03-03 13:22 . 2012-03-03 13:22 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-03-03 13:22 . 2012-03-03 13:22 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-03-03 13:22 . 2012-03-03 13:22 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-03-03 13:22 . 2012-03-03 13:22 11776 ----a-w- c:\windows\system32\mshta.exe 2012-03-03 13:22 . 2012-03-03 13:22 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-23 08:18 . 2010-02-13 20:42 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-15 19:21 . 2011-12-24 18:30 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys 2007-08-26 06:00 . 2007-08-26 06:00 1328408 ------w- c:\program files\Lexicon.exe 2007-08-26 06:00 . 2007-08-26 06:00 1217816 ------w- c:\program files\LexWin.exe 2007-08-26 06:00 . 2007-08-26 06:00 1164568 ------w- c:\program files\libsnd.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2009-08-10 284592] "Komunikator"="d:\programy\Tlen.pl\tlen.exe" [2009-01-17 5853672] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Sage Komunikator"="c:\program files\Sage\Komunikator\SageUpdt.exe" [2010-11-15 247008] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\Renata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2007-8-26 275736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-08-04 07:58 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-14 691696] R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 36000] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 136176] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2009-06-11 303104] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-09-08 83312] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1343400] R3 yukonw7;Sterownik miniportu NDIS6.2 dla kontrolera Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] S3 netw5v32;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 32-bitowej;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-02-13 9344] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - TDX *NewlyCreated* - WS2IFSL . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs s217obex kerbkey KMWDFilter patrolagent zpcache amdk7 caboagp dlaudf_m roxwatch9 lp6nds35 matlabserver lanusb ispwdsvc SQLBrowser nmwcdcm atinrvxx ftrtsvc sysdown UBHelper rp32service elbydelay lsdiorw w200mdm W700obex n558 ozoneinstallerservice rwbackupsrv entertainment cdfsvc VRcore wg4n se2Eunic isapisearch dtscsi slabser pdlndldl webupdate NVNET Xponaut_WBD pavsrv atchksrv PTDCBus plscsi rimvserport vcdsecs Wtcls2k MTsensor ipssvc epsonbidirectionalagent pml SE26bus w200mgmt . Zawartość folderu 'Zaplanowane zadania' . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 13:53] . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 13:53] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://start.facemoods.com/?a=iron uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyServer = w3c.2a.pl:8080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-Lexicon5 - c:\program files\Setup.exe AddRemove-WinRAR archiver - c:\users\Renata\uninstall.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-04-07 00:15:05 ComboFix-quarantined-files.txt 2012-04-06 22:15 . Przed: 70 092 595 200 bajtów wolnych Po: 71 091 003 392 bajtów wolnych . - - End Of File - - 95C78E448E9669E568DD09ACAC04E46C