ComboFix 12-09-22.02 - e-slupno.eu 2012-09-22 18:51:35.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.3984.2646 [GMT 2:00] Uruchomiony z: c:\users\TEMP.Slupno.004\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\StartNow Toolbar c:\program files (x86)\StartNow Toolbar\ReactivateFF.exe c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png c:\program files (x86)\StartNow Toolbar\Resources\installer.xml c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe c:\program files (x86)\StartNow Toolbar\uninstall.dat C:\Thumbs.db c:\windows\msxml4-KB954430-enu.LOG c:\windows\msxml4-KB973688-enu.LOG . . ((((((((((((((((((((((((( Pliki utworzone od 2012-08-22 do 2012-09-22 ))))))))))))))))))))))))))))))) . . 2012-09-22 16:56 . 2012-09-22 16:56 -------- d-----w- c:\users\e-slupno.eu\AppData\Local\temp 2012-09-22 16:56 . 2012-09-22 16:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-22 14:55 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-21 12:53 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{099EC984-8B16-406E-96D8-E2B0FFAAC738}\mpengine.dll 2012-09-12 06:50 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 06:50 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 06:50 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 06:50 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 06:50 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 06:50 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 06:50 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-08 19:39 . 2012-09-09 15:22 -------- d-----w- c:\users\TEMP 2012-09-08 11:04 . 2012-09-08 11:04 -------- d-----w- C:\Riot Games 2012-09-08 08:45 . 2012-09-08 22:09 -------- d-----w- c:\program files (x86)\League of Legends 2012-09-02 16:37 . 2012-09-02 16:37 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-09-02 14:04 . 2012-09-02 14:04 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-09-02 14:04 . 2012-09-02 14:04 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2 2012-09-01 21:30 . 2007-02-03 18:32 41504 ----a-r- c:\windows\SysWow64\drivers\LVUSBSta.sys 2012-09-01 21:14 . 2007-02-03 18:32 527136 ----a-w- c:\windows\SysWow64\LVUI2RC.dll 2012-09-01 21:14 . 2007-02-03 18:32 215840 ----a-w- c:\windows\SysWow64\LVUI2.dll 2012-09-01 21:14 . 2007-02-03 18:30 58528 ----a-w- c:\windows\system32\drivers\LVUSBS64.sys 2012-09-01 21:14 . 2007-02-03 18:30 366368 ----a-w- c:\windows\system32\LVUIRC64.dll 2012-09-01 21:14 . 2007-02-03 18:30 139552 ----a-w- c:\windows\system32\LVUI64.dll 2012-09-01 21:14 . 2007-02-03 18:29 264992 ----a-w- c:\windows\SysWow64\lvcodec2.dll 2012-09-01 21:14 . 2007-02-03 18:28 98592 ----a-w- c:\windows\system32\lvco1051.dll 2012-09-01 21:14 . 2007-02-03 18:27 280864 ----a-w- c:\windows\system32\lvcod64.dll 2012-09-01 21:14 . 2007-02-03 18:27 467616 ----a-w- c:\windows\system32\drivers\LV561V64.sys 2012-09-01 21:14 . 2007-02-03 17:01 13398 ----a-w- c:\windows\system32\Repository.reg 2012-09-01 21:12 . 2012-09-01 21:12 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2012-09-01 21:12 . 2003-11-10 16:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2012-09-01 21:12 . 2003-11-10 16:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2012-09-01 21:12 . 2003-11-10 16:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2012-09-01 21:12 . 2003-11-10 16:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2012-09-01 21:12 . 2003-11-10 16:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2012-09-01 21:12 . 2012-09-01 21:12 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2012-09-01 21:11 . 2012-09-01 21:11 -------- d-----w- c:\programdata\Logishrd 2012-09-01 21:11 . 2012-09-01 21:11 -------- d-----w- c:\programdata\Logitech 2012-09-01 21:11 . 2012-09-01 21:30 -------- d-----w- c:\program files\Common Files\LogiShrd 2012-09-01 21:11 . 2012-09-01 21:12 -------- d-----w- c:\program files (x86)\Common Files\Logishrd 2012-09-01 21:11 . 2012-09-01 21:11 -------- d-----w- c:\program files (x86)\Logitech 2012-09-01 20:39 . 2012-09-01 20:39 -------- d-----w- c:\users\e-slupno.eu\AppData\Local\ElevatedDiagnostics 2012-09-01 17:39 . 2012-09-22 14:48 -------- d-----w- c:\users\e-slupno.eu\AppData\Roaming\Skype 2012-09-01 17:39 . 2012-09-08 22:18 -------- d-----r- c:\program files (x86)\Skype 2012-09-01 17:39 . 2012-09-01 17:39 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-09-01 17:39 . 2012-09-22 15:34 -------- d-----w- c:\programdata\Skype 2012-08-31 12:24 . 2012-09-08 22:18 -------- d-----w- c:\program files (x86)\Metin2 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-14 22:21 . 2012-08-14 22:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 18:15 . 2012-08-15 06:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 22:16 . 2012-08-15 06:08 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-07-04 22:13 . 2012-08-15 06:08 59392 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 22:13 . 2012-08-15 06:08 136704 ----a-w- c:\windows\system32\browser.dll 2012-07-04 21:14 . 2012-08-15 06:08 41984 ----a-w- c:\windows\SysWow64\browcli.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-10-22 895512] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984] "LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008] R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 173344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM52x64.sys [2010-08-13 339728] R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP52X64.sys [2010-08-13 65808] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976] R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [2007-02-06 1013024] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-08-25 31152] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1255736] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-21 279616] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 165032] S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-10-22 1121304] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-12-21 316080] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2007-02-03 58528] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-20 56344] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2012-09-21 c:\windows\Tasks\HPCeeScheduleForSLUPNO$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 417304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.bing.com?pc=CMDTDF uLocal Page = c:\windows\system32\blank.htm uDefault_Page_URL = hxxp://www.bing.com?pc=CMDTDF mStart Page = hxxp://www.bing.com?pc=CMDTDF mLocal Page = c:\windows\SysWOW64\blank.htm FF - ProfilePath - c:\users\TEMP.Slupno.004\AppData\Roaming\Mozilla\Firefox\Profiles\p263ltnl.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Czas ukończenia: 2012-09-22 19:02:24 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-09-22 17:02 . Przed: 428 184 563 712 bajtów wolnych Po: 428 790 878 208 bajtów wolnych . - - End Of File - - 38D711A4E2B8F94D315957E22831D2E9