ComboFix 13-04-18.03 - Anna 2013-04-18 22:42:48.1.4 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1250.48.1045.18.1012.191 [GMT 2:00] Uruchomiony z: c:\users\Anna\Downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2013-03-18 do 2013-04-18 ))))))))))))))))))))))))))))))) . . 2013-04-18 20:56 . 2013-04-18 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-18 19:46 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-04-18 19:46 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-04-18 18:55 . 2013-04-18 19:32 -------- d-----w- c:\users\Anna\Doctor Web 2013-04-18 18:41 . 2013-04-18 18:41 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{847D1BD9-BD72-404E-842D-D983B9008EAC}\offreg.dll 2013-04-18 18:34 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{847D1BD9-BD72-404E-842D-D983B9008EAC}\mpengine.dll 2013-04-18 11:21 . 2013-04-18 11:21 -------- d-----w- C:\TMP . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-02 17:36 . 2012-08-31 07:17 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-02 17:36 . 2012-08-31 07:17 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-11 23:10 . 2012-08-23 17:45 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-03-06 22:33 . 2013-02-09 13:38 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-06 22:33 . 2012-08-23 19:20 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-03-06 22:33 . 2012-08-23 19:20 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-03-06 22:33 . 2013-02-09 13:39 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-03-06 22:33 . 2012-08-23 19:20 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-06 22:33 . 2012-08-23 19:20 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-03-06 22:32 . 2013-02-09 13:38 41664 ----a-w- c:\windows\avastSS.scr 2013-03-06 22:32 . 2012-08-23 19:19 228600 ----a-w- c:\windows\system32\aswBoot.exe 2013-02-18 15:00 . 2012-10-21 19:15 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-02-11 09:25 . 2013-02-11 09:25 86528 ----a-w- c:\windows\system32\iesysprep.dll 2013-02-11 09:25 . 2013-02-11 09:25 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-02-11 09:25 . 2013-02-11 09:25 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-02-11 09:25 . 2013-02-11 09:25 74752 ----a-w- c:\windows\system32\iesetup.dll 2013-02-11 09:25 . 2013-02-11 09:25 63488 ----a-w- c:\windows\system32\tdc.ocx 2013-02-11 09:25 . 2013-02-11 09:25 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-02-11 09:25 . 2013-02-11 09:25 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-11 09:25 . 2013-02-11 09:25 367104 ----a-w- c:\windows\system32\html.iec 2013-02-11 09:25 . 2013-02-11 09:25 35840 ----a-w- c:\windows\system32\imgutil.dll 2013-02-11 09:25 . 2013-02-11 09:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-11 09:25 . 2013-02-11 09:25 23552 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-11 09:25 . 2013-02-11 09:25 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-11 09:25 . 2013-02-11 09:25 161792 ----a-w- c:\windows\system32\msls31.dll 2013-02-11 09:25 . 2013-02-11 09:25 152064 ----a-w- c:\windows\system32\wextract.exe 2013-02-11 09:25 . 2013-02-11 09:25 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-02-11 09:25 . 2013-02-11 09:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-11 09:25 . 2013-02-11 09:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-11 09:25 . 2013-02-11 09:25 11776 ----a-w- c:\windows\system32\mshta.exe 2013-02-11 09:25 . 2013-02-11 09:25 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-11 09:25 . 2013-02-11 09:25 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-02-11 09:25 . 2013-02-11 09:25 101888 ----a-w- c:\windows\system32\admparse.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2013-02-18 15:00 1929392 ----a-w- c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 22:32 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-21 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-18 2217256] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-05-11 11:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray] 2011-03-01 13:42 302240 ----a-w- c:\program files\Bluetooth Suite\AthBtTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack] 2011-03-01 13:42 490656 ----a-w- c:\program files\Bluetooth Suite\BtvStack.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-08-23 19:00 116648 ----atw- c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2010-11-02 01:18 173592 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch] 2010-11-09 13:20 586296 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPConnectionManager] 2011-02-15 13:49 94264 ----a-w- c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPOSD] 2011-01-27 10:38 318520 ----a-w- c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon] 2010-11-05 21:54 283160 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2010-11-02 01:18 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2010-11-02 01:18 150552 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2012-08-17 04:41 336992 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_ssl_v12] 2012-10-21 19:14 1020512 ----a-w- c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2012-10-21 19:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] 2011-06-30 13:26 1138780 ----a-w- c:\program files\IDT\WDM\sttray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2013-02-18 15:00 1151152 ----a-w- c:\program files\AVG Secure Search\vprot.exe . R3 aswVmm;aswVmm; [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R4 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x] R4 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] R4 WMCoreService;Mobile Broadband Service;c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x] S0 aswRvrt;aswRvrt; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwanuss.sys [x] S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwanussf.sys [x] S3 Mbm3CBus;HP lc2010 Mobile Broadband Module USB Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [x] S3 Mbm3DevMt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [x] S3 Mbm3mdfl;HP Mobile Broadband Module Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [x] S3 Mbm3Mdm;HP Mobile Broadband Module Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . Zawartość folderu 'Zaplanowane zadania' . 2013-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 17:36] . 2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-21 19:16] . 2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-21 19:16] . 2013-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2491630047-2582432448-1581325960-1000Core.job - c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 19:00] . 2013-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2491630047-2582432448-1581325960-1000UA.job - c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 19:00] . . ------- Skan uzupełniający ------- . uStart Page = https://isearch.avg.com/?cid={5996A3F1-ADBE-449F-B810-1EBB645BEC67}&mid=278f1441236c47d0bc28a5976d4bc002-62a576d30077ced3e05f98677f5a6b8552dbb03f&lang=pl&ds=xn011&pr=sa&d=2012-10-21 21:15&v=13.2.0.3&sap=hp mStart Page = about:blank IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.1.62 62.179.1.63 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2013-04-18 23:00:14 ComboFix-quarantined-files.txt 2013-04-18 21:00 . Przed: 231 545 344 000 bajtów wolnych Po: 232 031 911 936 bajtów wolnych . - - End Of File - - 2DF06C95F308DE9C78C22A478C7A7694