ComboFix 12-11-25.01 - Kuba 2012-11-25 19:36:11.1.3 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1033.18.4095.2489 [GMT 1:00] Uruchomiony z: d:\pobieranie\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Asia\AppData\Local\promo.exe c:\users\Asia\AppData\Local\Setup.exe c:\users\Tata\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C70BE87-6358-4382-9BD1-B00ADD01400A}.xps c:\windows\SysWow64\muzapp.exe c:\windows\SysWow64\tmpDC1E.tmp c:\windows\SysWow64\tmpDC1F.tmp c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-10-25 do 2012-11-25 ))))))))))))))))))))))))))))))) . . 2012-11-25 18:44 . 2012-11-25 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-25 18:44 . 2012-11-25 18:44 -------- d-----w- c:\users\Asia\AppData\Local\temp 2012-11-24 12:26 . 2012-11-24 12:29 -------- d-----w- c:\program files (x86)\Real 2012-11-23 13:42 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BE26F5E-51D0-4781-B0E4-F92F45CB95E3}\mpengine.dll 2012-11-19 17:42 . 2012-11-19 17:42 -------- d-----w- c:\program files\CPUID 2012-11-19 17:42 . 2010-11-09 13:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys 2012-11-16 23:31 . 2012-07-26 05:05 2560 ----a-w- c:\windows\system32\drivers\pl-PL\wdf01000.sys.mui 2012-11-16 23:31 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 23:31 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 23:31 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 23:31 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 23:23 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 23:23 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 23:23 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 23:23 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 23:23 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 23:23 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 23:23 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 15:04 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-11-16 15:04 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-16 15:04 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-05 17:24 . 2012-11-05 17:24 -------- d-----w- c:\users\Tata\FLVPlayer 2012-10-30 18:57 . 2012-10-30 18:57 -------- d-----w- c:\users\Kuba\AppData\Roaming\WSPWNOUP2007 2012-10-30 17:38 . 2012-10-30 17:38 -------- d-----w- c:\program files (x86)\PWN . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-24 12:26 . 2010-01-03 20:17 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-11-24 12:26 . 2010-01-03 20:17 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-11-16 23:24 . 2010-01-06 21:57 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-09-14 19:23 . 2012-10-10 13:08 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:30 . 2012-10-10 13:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:02 . 2012-10-10 13:08 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:11 . 2012-10-10 13:08 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:18 . 2012-10-10 13:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:18 . 2012-10-10 13:08 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}] 2010-10-20 14:32 481872 ----a-w- c:\program files (x86)\vShare\vshare_toolbar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 11:47 333192 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] 2011-06-01 15:47 177712 ----a-w- c:\program files (x86)\vShare.tv plugin\BarLcher.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] "{043C5167-00BB-4324-AF7E-62013FAEDACF}"= "c:\program files (x86)\vShare\vshare_toolbar.dll" [2010-10-20 481872] "{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files (x86)\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CLASSES_ROOT\clsid\{043c5167-00bb-4324-af7e-62013faedacf}] [HKEY_CLASSES_ROOT\vShare.PugiObj.1] [HKEY_CLASSES_ROOT\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}] [HKEY_CLASSES_ROOT\vShare.PugiObj] . [HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}] [HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1] [HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}] [HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-25 1353080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 8 for NS\PMSpeed.exe" [2009-03-27 55120] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-15 2245120] "VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-25 64112] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728] . c:\users\Tata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Action Manager 32.lnk - c:\program files (x86)\Plustek\OpticSlim 2420+\AM32.exe [2010-10-7 57344] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-19 1255736] S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\Drivers\Achernar.sys [2010-03-10 34104] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-26 871408] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 202752] S2 ASKService;ASKService;c:\program files (x86)\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264] S2 ASKUpgrade;ASKUpgrade;c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 KMService;KMService;c:\windows\system32\srvany.exe [x] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2011-03-25 81008] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1222144] . . Zawartość folderu 'Zaplanowane zadania' . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3436068033-2149201598-537446070-1000Core.job - c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-23 10:35] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3436068033-2149201598-537446070-1000UA.job - c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-23 10:35] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://startsear.ch/?aff=1 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll TCP: DhcpNameServer = 62.179.1.63 62.179.1.62 Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files (x86)\vShare\vshare_toolbar.dll FF - ProfilePath - c:\users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\4dk68u7e.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/firefox FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKLM-Run-NPSStartup - (no file) WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\.Default\Software\SetID\Internal] @Denied: (A 2) (LocalSystem) "DATA"="" "Device"="yM29zbvPzMnLvrm+x8fPzce+zro=" . [HKEY_USERS\S-1-5-21-3436068033-2149201598-537446070-1000\Software\SecuROM\License information*] "datasecu"=hex:1d,75,32,fe,6a,5b,af,90,be,1b,7f,4d,60,f0,70,e5,eb,95,10,4d,35, 00,61,41,4e,17,a0,d6,4e,85,2d,77,26,89,93,df,91,fc,a8,d2,ea,21,95,a9,d7,ae,\ "rkeysecu"=hex:7e,36,b8,e4,34,f6,0d,65,73,39,80,91,9e,e8,2b,a9 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-11-25 19:46:49 ComboFix-quarantined-files.txt 2012-11-25 18:46 . Przed: 36 180 574 208 bajtów wolnych Po: 35 893 956 608 bajtów wolnych . - - End Of File - - E721A78C64E2587ACEC0C5589898BCF0