ComboFix 13-03-21.02 - Administrator 2013-03-22 11:52:35.2.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.3036.1875 [GMT 1:00] Uruchomiony z: c:\users\Administrator\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2013-02-22 do 2013-03-22 ))))))))))))))))))))))))))))))) . . 2013-03-22 11:01 . 2013-03-22 11:01 -------- d-----w- c:\users\jdrzymala\AppData\Local\temp 2013-03-22 11:01 . 2013-03-22 11:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-22 10:39 . 2013-03-22 10:40 -------- d-----w- c:\users\Administrator 2013-03-21 10:43 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-19 10:50 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{367C6F10-4F99-465D-961E-294ACB71A3D1}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-15 09:46 . 2012-09-25 11:04 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-15 09:46 . 2011-07-14 06:52 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-19 07:59 . 2013-01-07 12:41 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-02-12 04:48 . 2013-03-15 08:07 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-15 08:07 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-17 00:28 . 2010-10-28 09:50 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-05 05:00 . 2013-02-13 09:25 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-13 09:25 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-04 04:50 . 2013-02-13 09:25 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 03:00 . 2013-02-13 09:26 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-01-03 05:05 . 2013-02-13 09:25 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 05:04 . 2013-02-13 09:25 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-03-28 00:04 . 2013-03-11 08:42 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2012-03-28 00:47 . 2013-03-11 08:42 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2012-03-28 00:06 . 2013-03-11 08:42 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2012-03-28 00:05 . 2013-03-11 08:42 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2012-03-28 00:05 . 2013-03-11 08:42 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2012-03-28 00:03 . 2013-03-11 08:42 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2012-03-28 00:05 . 2013-03-11 08:42 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2012-03-28 00:05 . 2013-03-11 08:42 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2012-03-19 07:21 . 2013-03-11 08:42 903096 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2012-03-28 00:06 . 2013-03-11 08:42 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2013-03-11 08:42 . 2013-03-11 08:42 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-14 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-09 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-09 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-09 150552] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "HpNetDrv"="HpNetDrv.exe" [2009-05-25 884736] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-03-28 309184] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzzHPSETUP] d:\setup.exe \RESET [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager] 2009-12-21 12:07 446464 ----a-w- c:\program files\iPlus\iPlusChecker.exe . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x] R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [x] R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [x] R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 GtDetectSc;GtDetectSc Service;c:\program files\iPlus\Drivers\driverVista\GTMax3.6\GtDetectSc.exe [x] S2 GtFlashSwitch;GtFlashSwitch Service;c:\program files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe [x] S2 HPSSEHCD;Network Scanner Driver;c:\windows\system32\Drivers\hpssec.sys [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x] S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HPSSVBus;Network Scanner Detector;c:\windows\system32\DRIVERS\hpssvbus.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc HsfXAudioService REG_MULTI_SZ HsfXAudioService HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-15 08:23 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2013-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 09:46] . 2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-14 17:47] . 2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-14 17:47] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ TCP: DhcpNameServer = 192.168.1.1 DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn-fr-be.mpsa.com/+CSCOL+/csvrloader32.cab FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bayy1gb.default\ . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-2485021694-3745909351-2671486652-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,45,da,a8,7b,23,ee,4c,a0,f1,24,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,45,da,a8,7b,23,ee,4c,a0,f1,24,\ . [HKEY_USERS\S-1-5-21-2485021694-3745909351-2671486652-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-2485021694-3745909351-2671486652-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-2485021694-3745909351-2671486652-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-2485021694-3745909351-2671486652-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-2485021694-3745909351-2671486652-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.URL" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2013-03-22 12:07:37 ComboFix-quarantined-files.txt 2013-03-22 11:07 ComboFix2.txt 2013-03-22 10:11 . Przed: 216 187 326 464 bajtów wolnych Po: 216 154 644 480 bajtów wolnych . - - End Of File - - 87F57D802F28E5A0E83569FFD7B31D15