ComboFix 12-07-31.05 - t 2012-08-09 19:24:29.1.4 - x86 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.1791.1080 [GMT 2:00] Uruchomiony z: c:\users\t\Downloads\ComboFix_www.INSTALKI.pl.exe AV: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\t\AppData\Local\Microsoft\Windows\685\serialui.exe c:\users\t\AppData\Local\wduaoo.exe c:\users\t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vqkrb.exe c:\users\t\P-7-78-8964-9648-3874 . . ((((((((((((((((((((((((( Pliki utworzone od 2012-07-09 do 2012-08-09 ))))))))))))))))))))))))))))))) . . 2012-08-09 16:34 . 2012-08-09 16:34 -------- d-----w- C:\_OTL 2012-08-09 16:02 . 2012-08-09 16:02 -------- d-----w- c:\users\t\AppData\Roaming\hellomoto 2012-08-09 10:01 . 2012-08-09 17:28 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04C2E950-253F-4F90-A2B2-66B9BC7F741B}\offreg.dll 2012-08-03 15:28 . 2012-08-03 15:28 -------- d-sh--r- c:\users\t\M-10-6897-8685-3464 2012-08-01 08:29 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04C2E950-253F-4F90-A2B2-66B9BC7F741B}\mpengine.dll 2012-07-25 22:27 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 15:50 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 15:50 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 15:50 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-02 22:19 . 2012-06-21 07:08 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 07:08 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 07:08 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 07:08 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 07:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 07:08 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 07:08 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 07:07 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-21 07:07 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 10:25 . 2010-12-10 22:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-07-19 11:18 . 2012-06-11 17:10 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\prxtbHot0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] 2011-01-17 14:54 175912 ----a-w- c:\program files\Hot_MP3\prxtbHot0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\prxtbHot0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"= "c:\program files\Hot_MP3\prxtbHot0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Facebook Update"="c:\users\t\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Microsoft Windows Manager"="c:\users\t\M-10-6897-8685-3464\winmgr.exe" [2012-08-03 51200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2011-04-24 941320] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-06 3076144] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] 2010-11-02 19:03 1432064 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe . R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x] R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x] R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x] R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x] R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x] R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x] R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x] R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [x] R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [x] R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [x] R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [x] R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [x] R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [x] R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [x] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WSDPrintDevice;Obsługa drukowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\system32\DRIVERS\WSDPrint.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2012-08-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-746984628-4121646860-4111584847-1000Core.job - c:\users\t\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-31 20:52] . 2012-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-746984628-4121646860-4111584847-1000UA.job - c:\users\t\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-31 20:52] . 2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-19 15:48] . 2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-19 15:48] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://domredi.com/1/ uInternet Settings,ProxyOverride = ;*.local IE: &P&obierz &za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\t\AppData\Roaming\Mozilla\Firefox\Profiles\p0bi3it1.default\ FF - prefs.js: browser.startup.homepage - hxxp://domredi.com/1/ . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) HKCU-Run-ypijgfl - c:\users\t\AppData\Local\wduaoo.exe HKCU-Run-Microsoft Windows System - c:\users\t\P-7-78-8964-9648-3874\windll.exe HKCU-Run-serialui - c:\users\t\AppData\Local\Microsoft\Windows\685\serialui.exe AddRemove-Gadu-Gadu 10 - d:\program files\Gadu-Gadu 10\Uninstall.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\taskhost.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Czas ukończenia: 2012-08-09 19:44:43 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-08-09 17:44 . Przed: 26 980 544 512 bajtów wolnych Po: 26 916 970 496 bajtów wolnych . - - End Of File - - 4E5DA9B21EC41B7E1A18F7711FEE5DCA