ComboFix 12-09-22.02 - Shiza 2012-09-22 18:40:54.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.3327.2124 [GMT 2:00] Uruchomiony z: c:\users\Shiza\AppData\Local\Temp\ComboFix.exe AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\chrome.manifest c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\loader.xul c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\install.rdf c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf c:\windows\system32\tmp2913.tmp c:\windows\system32\tmp2914.tmp . . ((((((((((((((((((((((((( Pliki utworzone od 2012-08-22 do 2012-09-22 ))))))))))))))))))))))))))))))) . . 2012-09-22 16:51 . 2012-09-22 16:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-22 16:51 . 2012-09-22 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-22 16:33 . 2009-06-08 23:43 316928 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp092.dll 2012-09-22 16:33 . 2012-09-22 16:33 -------- d-----w- c:\windows\LastGood 2012-09-22 16:31 . 2012-09-22 16:31 -------- d-----w- c:\windows\hpoj4500g510n-z 2012-09-22 16:31 . 2009-06-08 23:43 122880 ----a-w- c:\windows\system32\hpf3l092.dll 2012-09-22 16:29 . 2009-08-17 18:26 716288 ----a-w- c:\windows\system32\hpwwiax9.dll 2012-09-22 16:29 . 2009-08-17 18:26 593920 ----a-w- c:\windows\system32\hpwtscl5.dll 2012-09-22 16:23 . 2012-09-22 16:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-09-21 09:07 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EFB7E8D-4190-4660-93B5-232EE7AAAC0B}\mpengine.dll 2012-09-12 15:16 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 15:16 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 15:16 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-09 10:55 . 2012-09-09 10:55 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-09-08 12:25 . 2012-09-08 12:27 -------- d-----w- c:\users\Public\hp kp 2012-09-07 15:55 . 2012-09-07 15:58 -------- d-----w- c:\program files\Kurs Całki Oznaczone, Niewłaściwe i Zastosowania Całek . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-18 17:04 . 2012-08-18 17:04 318632 ----a-w- c:\windows\system32\appdrvrem01.exe 2012-08-18 17:04 . 2012-08-18 17:04 2279808 ----a-w- c:\windows\system32\drivers\appdrv01.sys 2012-07-18 17:47 . 2012-08-15 14:08 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 21:14 . 2012-08-15 14:08 41984 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 21:14 . 2012-08-15 14:08 102912 ----a-w- c:\windows\system32\browser.dll 2012-06-27 05:53 . 2012-08-15 14:08 981504 ----a-w- c:\windows\system32\wininet.dll 2012-06-27 04:10 . 2012-08-15 14:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-09 10:55 . 2011-12-25 13:53 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2009-12-21 11850344] "IPLA!"="c:\program files\ipla\ipla.exe" [2012-05-11 19858432] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264] "CardDetectorHUAWEI1752_1552"="c:\program files\CardDetector\HUAWEI1752_1552\CardDetector.exe" [2009-10-14 282624] "BEWINTERNET-PLSessionManager"="c:\program files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe" [2009-10-14 140016] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 netr73;Sterownik karty RT73 USB Wireless LAN dla systemu Vista;c:\windows\system32\DRIVERS\netr73.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' . 2012-09-22 c:\windows\Tasks\WebReg HP Officejet 4500 G510n-z.job - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-21 19:40] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtByEzz0CyDzzyEzzyC0A0F0EtA0CtN0D0TzutBtDtCtBtDyBtDyB&cr=1711853476 mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtByEzz0CyDzzyEzzyC0A0F0EtA0CtN0D0TzutBtDtCtBtDyBtDyB&cr=1711853476 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 194.204.152.34 194.204.159.1 FF - ProfilePath - c:\users\Shiza\AppData\Roaming\Mozilla\Firefox\Profiles\k1y4569k.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.pl FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=56defe3c00000000000000248c58486a&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 56defe3c00000000000000248c58486a FF - user.js: extensions.BabylonToolbar_i.hardId - 56defe3c00000000000000248c58486a FF - user.js: extensions.BabylonToolbar_i.instlDay - 15492 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:37 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtByEzz0CyDzzyEzzyC0A0F0EtA0CtN0D0TzutBtDtCtBtDyBtDyB&cr=1711853476 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtByEzz0CyDzzyEzzyC0A0F0EtA0CtN0D0TzutBtDtCtBtDyBtDyB&cr=1711853476 FF - user.js: extensions.funmoods.tlbrSrchUrl - FF - user.js: extensions.funmoods.id - 56defe3c00000000000000248c58486a FF - user.js: extensions.funmoods.instlDay - 15528 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2219:24 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - iron2 FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - iron2 FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-{CB85085F-60F3-427D-BAD2-FDED9F9DC212}_is1 - c:\program files\Kurs Całki Oznaczone . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-09-22 19:00:07 ComboFix-quarantined-files.txt 2012-09-22 17:00 . Przed: 15 750 770 688 bajtów wolnych Po: 15 951 646 720 bajtów wolnych . - - End Of File - - 9EEB0AAF0CD860E26A9A0C07D7476220