ComboFix 12-07-07.02 - Monia 2012-07-07 15:26:18.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3062.1674 [GMT 2:00] Uruchomiony z: c:\users\Monia\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\program files (x86)\autorun.inf c:\program files (x86)\Setup.exe c:\users\Monia\AppData\Roaming\cacaoweb c:\users\Monia\AppData\Roaming\cacaoweb\cacaoweb.exe c:\users\Monia\AppData\Roaming\cacaoweb\npdfile.dat c:\users\Monia\AppData\Roaming\cacaoweb\replicating216D6E365CA4EECCFCE6AF6757257631.cacao c:\users\Monia\AppData\Roaming\cacaoweb\replicating4519A9177A5EA2DCF504967ABEBE41F8.cacao c:\users\Monia\AppData\Roaming\cacaoweb\replicating4A71F6891C69F2BD4C5F796D0C32724F.cacao c:\users\Monia\AppData\Roaming\cacaoweb\replicating6848EEA4484D07EE7C7653F462A17162.cacao c:\users\Monia\AppData\Roaming\cacaoweb\replicating99F9481FD33E0D0C663A81B8D291E96D.cacao c:\users\Monia\AppData\Roaming\cacaoweb\replicatingC7A6D19165B1886B665C49411A5EA674.cacao c:\users\Monia\AppData\Roaming\cacaoweb\replicatingE52A33C726904CA918CD7CFC5AD006E5.cacao c:\users\Monia\AppData\Roaming\cacaoweb\storage.db c:\users\Monia\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db c:\windows\iun6002.exe c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-07 do 2012-07-07 ))))))))))))))))))))))))))))))) . . 2012-07-07 13:36 . 2012-07-07 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-07 11:46 . 2012-07-07 13:15 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer 2012-07-06 18:25 . 2012-07-06 18:25 -------- d-----w- c:\users\Monia\AppData\Roaming\hellomoto 2012-07-05 13:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-07-05 13:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-05 13:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-07-05 13:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-07-05 13:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-07-05 13:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-07-05 13:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-07-05 13:02 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-07-05 13:02 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-13 11:27 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-13 11:27 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-13 11:25 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-13 11:25 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-13 11:25 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-13 11:24 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 11:24 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 11:24 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 11:24 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 11:21 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-18 08:53 . 2009-06-18 08:53 26403352 ----a-w- c:\program files\PDFCO.exe 2009-02-09 08:07 . 2011-05-29 20:16 1049240 ----a-w- c:\program files (x86)\PatchMgr.dll 2009-02-09 08:07 . 2011-05-29 20:16 87704 ----a-w- c:\program files (x86)\AcSetup.dll 2009-02-04 05:39 . 2011-05-29 20:17 674664 ----a-w- c:\program files (x86)\SetupUi.dll 2009-02-04 05:39 . 2011-05-29 20:17 672616 ----a-w- c:\program files (x86)\SetupAcadUi.dll 2009-02-04 05:39 . 2011-05-29 20:16 106344 ----a-w- c:\program files (x86)\LiteHtml.dll 2009-02-04 05:39 . 2011-05-29 20:16 550248 ----a-w- c:\program files (x86)\DeployUi.dll 2009-02-04 05:39 . 2011-05-29 20:16 161640 ----a-w- c:\program files (x86)\AcDelTree.exe 2009-02-03 22:16 . 2011-05-29 20:16 182632 ----a-w- c:\program files (x86)\adlmutil.dll 2009-02-03 22:16 . 2011-05-29 20:16 1245032 ----a-w- c:\program files (x86)\adlmPIT.dll 2008-05-05 23:55 . 2011-05-29 20:17 319248 ----a-w- c:\program files (x86)\UPI32.dll 2007-11-07 08:19 . 2011-05-29 20:16 655872 ----a-w- c:\program files (x86)\msvcr90.dll 2007-11-07 08:19 . 2011-05-29 20:16 568832 ----a-w- c:\program files (x86)\msvcp90.dll 2007-11-07 03:23 . 2011-05-29 20:16 224768 ----a-w- c:\program files (x86)\msvcm90.dll 2004-05-04 18:53 . 2011-05-29 20:16 1645320 ----a-w- c:\program files (x86)\gdiplus.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "AQQ"="c:\progra~2\WapSter\WAPSTE~1\AQQ.exe" [2011-11-28 10211328] "PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-01-13 37888] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 129976] R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16640] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-28 1255736] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-11-11 503352] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-06-18 635416] S3 netw5v64;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 64-bitowej;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 127.0.0.1:9421 IE: &P&obierz &za pomocą BitComet - c:\program files (x86)\BitComet\BitComet_x64.exe/AddLink.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Pobierz wszystko za pomocą BitComet - c:\program files (x86)\BitComet\BitComet_x64.exe/AddAllLink.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Monia\AppData\Roaming\Mozilla\Firefox\Profiles\57hlohl1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f64ca68000000000000000218687669b&tlver=1.4.35.10&affID=100474 . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKCU-Run-cacaoweb - c:\users\Monia\AppData\Roaming\cacaoweb\cacaoweb.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) "AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\" "DataDir"="ESET\\ESET NOD32 Antivirus\\" "EditionName"=" " "InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\" "LanguageId"=dword:00000415 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000000 "ProductCode"="{D7647425-7A6F-4DC6-9F9A-71148AB424CD}" "ProductName"="ESET NOD32 Antivirus" "ProductType"="eav" "ProductVersion"="4.2.71.2" "UniqueId"="0007672B4DE1043A" "ScannerBuild"=dword:00002160 "ScannerVersionId"=dword:00001696 "ScannerVersion"="Open window for status." "ei2"=hex(b):f7,db,3d,84,95,c4,75,15 "ei1"=hex(b):00,1e,68,e6,6e,88,00,00 "ei3"=hex(b):6d,04,e1,4d,00,00,00,00 "ei4"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-07-07 15:49:13 ComboFix-quarantined-files.txt 2012-07-07 13:49 . Przed: 12 785 401 856 bajtów wolnych Po: 12 287 696 896 bajtów wolnych . - - End Of File - - 1F41ED522E968573F8D08E97A5CD397C