ComboFix 12-10-14.03 - angela_koper470 2012-10-15 16:27:18.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.48.1045.18.3032.2303 [GMT 2:00] Uruchomiony z: c:\users\angela_koper470\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Complitly c:\program files\Complitly\chrome\ComplitlyChrome.crx c:\program files\Complitly\FireFoxExtensionWithFF8Fix.exe c:\program files\Complitly\FireFoxUninstaller.exe c:\program files\Complitly\InstTracker.exe c:\program files\Complitly\support@Complitly.com\chrome.manifest c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul c:\program files\Complitly\support@Complitly.com\chrome\content\options.js c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js c:\program files\Complitly\support@Complitly.com\install.rdf c:\program files\Complitly\System.Data.SQLite.dll c:\program files\Complitly\unins000.dat c:\program files\Complitly\unins000.exe c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPlyIE.dll c:\program files\DealPly\DealPlyUpdate.exe c:\program files\DealPly\DealPlyUpdate.log c:\program files\DealPly\DealPlyUpdateRun.exe c:\program files\DealPly\icon.ico c:\program files\DealPly\uninst.exe c:\program files\RewardsArcade c:\program files\RewardsArcade\appAPIinternalWrapper.js c:\program files\RewardsArcade\fb.js c:\program files\RewardsArcade\jquery.js c:\program files\RewardsArcade\json.js c:\program files\RewardsArcade\RewardsArcade.dll c:\program files\RewardsArcade\RewardsArcade.exe c:\program files\RewardsArcade\Uninstall.exe c:\program files\RewardsArcade\UserConfirmation.exe c:\programdata\0tbpw.pad c:\programdata\lsass.exe c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini c:\users\angela_koper470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk c:\windows\iun6002.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Pliki utworzone od 2012-09-15 do 2012-10-15 ))))))))))))))))))))))))))))))) . . 2012-10-15 14:45 . 2012-10-15 14:45 -------- d-----w- c:\users\angela_koper470\AppData\Local\temp 2012-10-15 14:45 . 2012-10-15 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-12 14:47 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A249412-8EDA-4720-AD8B-5AFCC3A93E6D}\mpengine.dll 2012-10-10 13:23 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 13:23 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 13:23 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 13:22 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 13:22 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 13:22 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-10 13:22 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-09-23 09:02 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-23 09:02 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-09-23 09:02 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 14:56 . 2012-04-09 17:33 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 14:56 . 2011-12-30 11:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-02 09:24 . 2012-09-02 09:25 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-02 09:24 . 2010-04-25 09:14 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-26 11:18 . 2011-06-09 11:02 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2012-07-04 13:03 1310040 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120] "Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2011-02-20 370688] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-06-01 13349472] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-19 39408] "Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032] "Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-11 113664] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496] Kreator menedżera zawartości dla PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!] 2010-11-15 12:56 18633728 ----a-w- c:\program files\ipla\ipla.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-03-17 08:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 14:56] . 2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 18:05] . 2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 18:05] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=128 uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={C092B070-ADAA-11E1-860F-001377E0E1BD} uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 89.231.1.206 217.172.224.160 FF - ProfilePath - c:\users\angela_koper470\AppData\Roaming\Mozilla\Firefox\Profiles\cji2iw7x.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_Prot FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q= FF - prefs.js: network.proxy.type - 2 FF - ExtSQL: 2012-09-02 11:25; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2019-09-25 22:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\angela_koper470\AppData\Roaming\Mozilla\Firefox\Profiles\cji2iw7x.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF - ExtSQL: !HIDDEN! 2009-07-22 22:46; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=119999 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 28a763c20000000000000024d2135974 FF - user.js: extensions.BabylonToolbar_i.hardId - 28a763c20000000000000024d2135974 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15393 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:52 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - USUNIĘTO PUSTE WPISY - - - - . URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file) WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file) AddRemove-DealPly - c:\program files\DealPly\uninst.exe AddRemove-Easy CD-DA Extractor 7.0 - c:\windows\iun6002.exe AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe AddRemove-RewardsArcade - c:\program files\RewardsArcade\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-15 16:45 Windows 6.0.6002 Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Czas ukończenia: 2012-10-15 16:48:51 ComboFix-quarantined-files.txt 2012-10-15 14:48 . Przed: 2 822 135 808 bajtów wolnych Po: 2 898 980 864 bajtów wolnych . - - End Of File - - 8003D7C3DFEB49DCA35341E7E3194E99