ComboFix 13-01-17.04 - slawek 2013-01-19 17:31:44.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.2036.995 [GMT 1:00] Uruchomiony z: F:\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\6032\AddOnDownloaded\08c66698-ac37-420c-8ea0-a63d0e691e3a.dll c:\programdata\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll c:\programdata\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll c:\programdata\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll c:\programdata\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll c:\programdata\PCDr\6032\AddOnDownloaded\4011a5cd-1208-467b-b149-4c0534295875.dll c:\programdata\PCDr\6032\AddOnDownloaded\489a0734-0bcc-462a-8a9c-29a40f0007b9.dll c:\programdata\PCDr\6032\AddOnDownloaded\59abf7b9-a4a7-4d76-9ad6-13c7bb2f4d0b.dll c:\programdata\PCDr\6032\AddOnDownloaded\5f996ddf-fafd-4f93-b623-a362758305b9.dll c:\programdata\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll c:\programdata\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll c:\programdata\PCDr\6032\AddOnDownloaded\e3146f6d-11b3-4a00-a026-1ba8b4bb00ff.dll c:\programdata\PCDr\6032\AddOnDownloaded\ea058b56-dc30-479c-af0f-bcf27aed08df.dll c:\programdata\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll . . ((((((((((((((((((((((((( Pliki utworzone od 2012-12-19 do 2013-01-19 ))))))))))))))))))))))))))))))) . . 2013-01-19 16:47 . 2013-01-19 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-19 16:13 . 2013-01-19 16:50 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F6703DB-1860-4F86-AAAA-0F2C05E4ADA6}\offreg.dll 2012-12-28 18:05 . 2012-12-28 18:05 -------- d-----w- c:\users\slawek\AppData\Roaming\EurekaLog 2012-12-28 15:47 . 2012-12-28 15:47 -------- d-----w- c:\program files\Rovio . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 16:19 . 2012-05-05 12:31 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 16:19 . 2011-11-05 15:09 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-30 22:51 . 2011-11-23 19:56 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2011-11-23 19:56 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2011-11-23 19:56 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2012-12-01 10:18 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-10-30 22:51 . 2011-11-23 19:56 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2011-11-23 19:56 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2011-11-23 19:55 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-26 19:03 . 2012-12-01 10:26 187736 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-10-26 19:03 . 2012-10-26 19:03 104280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-10-26 19:02 . 2012-12-01 10:26 94040 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-10-26 19:02 . 2012-10-26 19:02 115544 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-10-26 19:02 . 2012-10-26 19:02 174424 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2013-01-19 09:47 . 2013-01-19 09:47 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176] "MSES.exe"="c:\users\slawek\AppData\Roaming\Realtek Semiconductor\Realtek HD Audio Manager\1.0.0.653\MSES.exe" [2012-05-04 2544640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "Dell Magneto Popup"="c:\program files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe" [2010-11-03 111216] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 150552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Dell duo Stage.lnk - c:\program files\Dell\duo Stage\duoStage.exe [2010-10-22 1022016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2011-11-05 16:09 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-12-18 14:28 38112 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray] 2010-11-26 01:28 302240 ----a-w- c:\program files\Atheros\Bluetooth Suite\AthBtTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack] 2010-11-26 01:28 486560 ----a-w- c:\program files\Atheros\Bluetooth Suite\BtvStack.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Location Utility] 2010-02-27 00:11 562504 ----a-w- c:\program files\Dell\Dell Location and GPS\Dell Location Utility\xpscontrolpanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-11-22 17:39 136176 ----atw- c:\users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2010-08-13 05:12 1873192 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . R3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\ax88178.sys [x] R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x] R3 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [x] R3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [x] R3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\DRIVERS\QWARQNet.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Atheros\Ath_CoexAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files\Atheros\Bluetooth Suite\adminservice.exe [x] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [x] S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files\Dell Digital Delivery\DeliveryService.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 KMService;KMService;c:\windows\system32\srvany.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [x] S2 xpssvc;Dell Location Utility;c:\program files\Dell\Dell Location and GPS\Dell Location Utility\xpssvc.exe [x] S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [x] S3 XPSVCOM;XPSVCOM;c:\windows\system32\DRIVERS\XPSVCOM.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}] 2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe . Zawartość folderu 'Zaplanowane zadania' . 2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 16:19] . 2013-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3012217911-991560486-234474863-1000Core.job - c:\users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 17:39] . 2013-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3012217911-991560486-234474863-1000UA.job - c:\users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 17:39] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: Interfaces\{EB04EE45-7A0E-43A4-B006-D9992D7705FC}: NameServer = 192.168.1.1 FF - ProfilePath - c:\users\slawek\AppData\Roaming\Mozilla\Firefox\Profiles\xeuu6ti0.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe AddRemove-Minecraft Cracked - c:\users\slawek\AppData\Roaming\.minecraft\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{E9D79540-57D5953E-06020200}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'Explorer.exe'(3456) c:\program files\Atheros\Bluetooth Suite\AthCopyHook.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\SYSTEM32\WISPTIS.EXE c:\windows\system32\WUDFHost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\WUDFHost.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\program files\Common Files\microsoft shared\ink\TabTip.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\KMService.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Dell DataSafe Local Backup\TOASTER.EXE c:\program files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe . ************************************************************************** . Czas ukończenia: 2013-01-19 17:55:11 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2013-01-19 16:55 . Przed: 231 737 315 328 bajtów wolnych Po: 232 610 770 944 bajtów wolnych . - - End Of File - - 61E459BFE729B480D6674BED93534763