ComboFix 12-07-10.01 - Konrad 2012-07-10 10:50:30.1.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.2046.1549 [GMT 2:00] Uruchomiony z: c:\users\Konrad\Downloads\ComboFix.exe * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\StartSearch plugin c:\programdata\iqwexyfh.exe c:\programdata\znsxechhmlgrfab c:\users\Konrad\AppData\Local\07a9fc1d\U c:\users\Konrad\AppData\Local\07a9fc1d\U\80000000.@ c:\users\Konrad\AppData\Local\07a9fc1d\U\800000cb.@ c:\users\Konrad\AppData\Local\07a9fc1d\U\800000cf.@ c:\windows\$NtUninstallKB1099$ c:\windows\$NtUninstallKB1099$\128580637\@ c:\windows\$NtUninstallKB1099$\128580637\L\xadqgnnk c:\windows\$NtUninstallKB1099$\128580637\loader.tlb c:\windows\$NtUninstallKB1099$\128580637\U\@00000001 c:\windows\$NtUninstallKB1099$\128580637\U\@000000c0 c:\windows\$NtUninstallKB1099$\128580637\U\@000000cb c:\windows\$NtUninstallKB1099$\128580637\U\@000000cf c:\windows\$NtUninstallKB1099$\128580637\U\@80000000 c:\windows\$NtUninstallKB1099$\128580637\U\@800000c0 c:\windows\$NtUninstallKB1099$\128580637\U\@800000cb c:\windows\$NtUninstallKB1099$\128580637\U\@800000cf c:\windows\$NtUninstallKB1099$\4243292804 c:\windows\assembly\GAC_MSIL\desktop.ini c:\windows\pkunzip.pif c:\windows\pkzip.pif E:\autorun.inf . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-10 do 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-10 08:55 . 2012-07-10 08:55 -------- d-----w- c:\users\Konrad\AppData\Local\temp 2012-07-10 08:55 . 2012-07-10 08:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-10 08:49 . 2012-07-10 08:49 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{959DDDC0-BCFA-4848-A93E-E7F3064464E2}\offreg.dll 2012-07-08 20:56 . 2012-07-08 20:56 -------- d-----w- c:\users\Konrad\AppData\Roaming\Malwarebytes 2012-07-08 20:56 . 2012-07-08 20:56 -------- d-----w- c:\programdata\Malwarebytes 2012-07-08 20:56 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-08 20:56 . 2012-07-08 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-08 04:55 . 2012-07-08 04:55 -------- d-----w- c:\users\Konrad\AppData\Roaming\hellomoto 2012-07-08 04:54 . 2012-07-08 04:54 -------- d-----w- c:\windows\Sun 2012-07-08 04:34 . 2012-07-08 04:34 -------- d-----w- c:\programdata\ttsqhcoqaxqmtqn 2012-06-29 13:55 . 2012-07-02 10:37 -------- d-----w- c:\program files\Keyboard Driver 2012-06-21 08:18 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 08:18 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 08:18 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 08:18 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 08:18 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 08:18 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 08:18 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 08:18 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 08:18 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-13 22:56 . 2012-06-13 22:56 -------- d-----w- c:\programdata\Premium 2012-06-13 22:55 . 2012-06-13 22:55 -------- d-----w- c:\users\Konrad\AppData\Roaming\SendSpace 2012-06-13 22:55 . 2012-07-02 10:38 -------- d-----w- c:\program files\Optimizer Pro 2012-06-13 22:54 . 2012-06-13 22:56 -------- d-----w- c:\programdata\InstallMate 2012-06-13 14:29 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe 2012-06-13 14:29 . 2008-03-17 16:45 19584 ----a-w- c:\windows\system32\Ckldrv.sys 2012-06-13 14:29 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe 2012-06-13 14:29 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe 2012-06-13 14:29 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll 2012-06-13 14:29 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe 2012-06-13 13:35 . 2012-06-13 13:35 -------- d-----w- C:\Log 2012-06-13 12:50 . 2012-06-24 13:38 -------- d-----w- c:\windows\uninstst 2012-06-13 12:50 . 2006-02-21 22:08 126976 ----a-w- c:\windows\system32\tton.ocx 2012-06-13 12:47 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-06-13 12:47 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 12:46 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 12:46 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 12:46 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 12:46 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-02 08:23 . 2012-04-13 05:21 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-02 08:23 . 2011-11-23 17:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-16 15:45 . 2011-12-03 12:50 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048] "I&F Viewer toolbar"="c:\program files\Photo Toolkit\ivbar\phototoolkitmem.exe" [2006-10-27 65536] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "Facebook Update"="c:\users\Konrad\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-22 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336] "snp325"="c:\windows\vsnp325.exe" [2007-04-25 835584] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "spoolss"="c:\users\Konrad\AppData\Local\Microsoft\Windows\2178\spoolss.exe" [2012-07-08 50176] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x] R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x] R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [x] R2 msrvc;msrvc;c:\ssrcc\msrvc.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R2 ssrcc;ssrcc;c:\ssrcc\ssrcc.exe [x] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2012-07-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1105956435-1657164785-3265594434-1000Core.job - c:\users\Konrad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-22 23:28] . 2012-07-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1105956435-1657164785-3265594434-1000UA.job - c:\users\Konrad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-22 23:28] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-23 00:28] . 2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-23 00:28] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1105956435-1657164785-3265594434-1000Core.job - c:\users\Konrad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21 17:11] . 2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1105956435-1657164785-3265594434-1000UA.job - c:\users\Konrad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21 17:11] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ mLocal Page = uInternet Settings,ProxyOverride = *.local IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 FF - ProfilePath - c:\users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\rosz6zu4.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-iqwexyfhfcxfnln - c:\programdata\iqwexyfh.exe HKLM-Run-FixCamera - c:\windows\FixCamera.exe HKLM-Run-KMCONFIG - c:\program files\Keyboard Driver\StartAutorun.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-07-10 10:56:26 ComboFix-quarantined-files.txt 2012-07-10 08:56 . Przed: 17 394 651 136 bajtów wolnych Po: 17 250 955 264 bajtów wolnych . - - End Of File - - 827C3134E85E27A64195A8D6FFF14F1F