ComboFix 12-10-14.03 - Justyna 2012-10-24 11:32:35.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3037.2178 [GMT 2:00] Uruchomiony z: F:\ComboFix.exe AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania * Rezydentny antywirus jest aktywny . . - TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI - . . ((((((((((((((((((((((((( Pliki utworzone od 2012-09-24 do 2012-10-24 ))))))))))))))))))))))))))))))) . . 2012-10-24 09:34 . 2012-10-24 09:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-24 09:21 . 2012-10-24 09:21 44544 ----a-w- c:\programdata\lsass.exe 2012-10-15 09:47 . 2012-10-24 09:34 -------- d-----w- c:\users\Justyna\AppData\Local\temp 2012-10-12 16:02 . 2012-10-12 20:32 -------- d-----w- c:\users\Justyna\AppData\Roaming\Awdo 2012-10-12 16:02 . 2012-10-12 16:02 -------- d-----w- c:\users\Justyna\AppData\Roaming\Edetbu 2012-10-10 15:59 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-10 15:59 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 15:59 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-10 15:59 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-10 09:39 . 2012-10-10 09:39 -------- d-----w- c:\users\Justyna\AppData\Roaming\Apple Computer 2012-10-08 08:15 . 2012-10-08 08:15 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin7.dll 2012-10-08 08:15 . 2012-10-08 08:15 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin6.dll 2012-10-08 08:15 . 2012-10-08 08:15 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin5.dll 2012-10-08 08:15 . 2012-10-08 08:15 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin4.dll 2012-10-08 08:15 . 2012-10-08 08:15 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin3.dll 2012-10-08 08:15 . 2012-10-08 08:15 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin2.dll 2012-10-08 08:15 . 2012-10-08 08:15 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin.dll 2012-10-08 08:14 . 2012-10-08 08:15 -------- d-----w- c:\program files\QuickTime 2012-10-08 08:14 . 2012-10-08 08:14 -------- d-----w- c:\programdata\Apple Computer 2012-10-08 08:12 . 2012-10-08 08:12 -------- d-----w- c:\program files\Apple Software Update 2012-09-26 16:19 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-10 10:42 . 2012-06-21 18:20 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-10 10:42 . 2011-12-20 17:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-12 09:24 . 2012-09-12 09:24 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-12 09:24 . 2012-05-05 09:18 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-12 09:24 . 2011-08-25 12:13 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-24 06:59 . 2012-09-22 13:03 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-09-22 13:03 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-09-22 13:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 13:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 13:03 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-09-22 13:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-22 17:16 . 2012-09-12 08:34 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 17:16 . 2012-09-12 08:34 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16 . 2012-09-12 08:34 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16 . 2012-09-12 08:34 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-02 16:57 . 2012-09-12 08:34 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2010-09-13 09:01 . 2010-09-13 09:02 680021 ----a-w- c:\program files\unins000.exe 2008-11-30 21:01 . 2010-09-13 09:02 3738624 ----a-w- c:\program files\subedit.exe 2012-10-22 17:02 . 2012-10-22 17:02 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-05-04 13:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2009-11-03 06:55 1410312 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-27 13797920] "VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2009-11-03 3122440] "UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-15 4081480] "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] . c:\users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ctfmon.lnk - c:\programdata\lsass.exe [2012-10-24 44544] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-7-1 795936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x] R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [x] R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x] S1 funfrm;funfrm; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [x] S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP . Zawartość folderu 'Zaplanowane zadania' . 2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 10:42] . 2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 10:35] . 2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 10:35] . 2012-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981148614-1095941574-1848268477-1003Core.job - c:\users\Justyna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 10:45] . 2012-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981148614-1095941574-1848268477-1003UA.job - c:\users\Justyna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 10:45] . 2012-03-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-19 11:22] . 2012-06-30 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-19 11:22] . 2012-10-24 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://lenovo.live.com/ mStart Page = hxxp://lenovo.live.com/ IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm TCP: Interfaces\{A6B5A53B-3F86-43CC-91A0-E0C95D6FFCBD}: NameServer = 85.11.67.250,85.11.66.45 FF - ProfilePath - c:\users\Justyna\AppData\Roaming\Mozilla\Firefox\Profiles\ddguxvvq.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=3F9AFD8E-7B17-4CDD-98B3-08EDDC80ACD3&apn_ptnrs=9M&apn_sauid=7D2BF2DE-18C8-41F6-8090-9910B7AB3017&apn_dtid=OSJ000&&q= FF - ExtSQL: 2012-08-31 11:26; p24ext@przelewy24.pl; c:\users\Justyna\AppData\Roaming\Mozilla\Firefox\Profiles\ddguxvvq.default\extensions\p24ext@przelewy24.pl.xpi FF - ExtSQL: 2012-09-12 11:35; toolbar@ask.com; c:\users\Justyna\AppData\Roaming\Mozilla\Firefox\Profiles\ddguxvvq.default\extensions\toolbar@ask.com FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'Explorer.exe'(3368) c:\windows\system32\IcnOvrly.dll c:\program files\Lenovo\Bluetooth Software\btmmhook.dll . Czas ukończenia: 2012-10-24 11:36:30 ComboFix-quarantined-files.txt 2012-10-24 09:36 ComboFix2.txt 2012-10-15 09:55 . Przed: 177 549 651 968 bajtów wolnych Po: 177 511 034 880 bajtów wolnych . - - End Of File - - 92247AB6F9EADF8FCAC43FAFD05DCE12