ComboFix 13-09-02.02 - Łukasz 2013-09-02 21:02:08.1.4 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.3063.1497 [GMT 2:00] Uruchomiony z: c:\users\úukasz\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exe AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\StartSearch plugin c:\program files\StartSearch plugin\IEhelperActiveX.dll c:\program files\StartSearch plugin\startsplg.crx c:\program files\StartSearch plugin\uninst.exe c:\programdata\BrowserDefender c:\programdata\BrowserDefender\2.6.1546.206\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl c:\programdata\BrowserDefender\2.6.1546.206\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings c:\programdata\BrowserDefender\2.6.1546.206\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm c:\programdata\slpcsrj.pad c:\windows\~GLC0000.TMP c:\windows\~GLC0001.TMP c:\windows\~GLC0002.TMP c:\windows\~GLH0000.TMP c:\windows\~GLH0001.TMP c:\windows\~GLH0002.TMP c:\windows\~GLH0003.TMP c:\windows\~GLH0004.TMP c:\windows\~GLH0005.TMP c:\windows\IsUn0415.exe c:\windows\system32\46246e0a.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2013-08-02 do 2013-09-02 ))))))))))))))))))))))))))))))) . . 2013-09-02 19:09 . 2013-09-02 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-02 18:41 . 2013-09-02 18:41 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A346131D-8162-4B69-A888-D9DEE7C1DF43}\offreg.dll 2013-09-02 18:39 . 2013-09-02 18:39 -------- d-----w- c:\program files\Autodesk 2013-09-02 14:32 . 2013-09-02 14:32 -------- d--h--w- c:\users\Łukasz\InstallAnywhere 2013-09-02 14:25 . 2013-09-02 14:25 -------- d-----w- c:\program files\Common Files\Adobe 2013-09-02 13:56 . 2013-09-02 13:56 -------- d-----w- c:\users\Łukasz\AppData\Roaming\BabSolution 2013-09-02 13:56 . 2013-09-02 16:01 -------- d-----w- c:\users\Łukasz\AppData\Roaming\DSite 2013-09-02 12:52 . 2013-09-02 13:00 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2013-09-02 12:52 . 2013-09-02 13:00 -------- d-----w- c:\program files\AutoCAD LT 2010 2013-09-01 21:02 . 2011-06-02 12:39 39736 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2013-09-01 21:02 . 2011-06-02 12:39 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2013-09-01 21:01 . 2013-09-01 21:01 -------- d-----w- c:\windows\ELAMBKUP 2013-09-01 21:01 . 2013-09-01 21:01 -------- d-----w- c:\program files\Common Files\InfoWatch 2013-09-01 21:01 . 2013-09-01 21:01 -------- d-----w- c:\program files\Kaspersky Lab 2013-09-01 21:01 . 2013-09-02 18:46 -------- d-----w- c:\programdata\Kaspersky Lab 2013-09-01 21:01 . 2013-09-01 21:51 74848 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-08-30 19:57 . 2013-08-30 19:57 -------- d-----w- c:\program files\Puran Registry Cleaner 2013-08-30 16:03 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A346131D-8162-4B69-A888-D9DEE7C1DF43}\mpengine.dll 2013-08-29 18:54 . 2013-08-29 18:54 -------- d-----w- c:\users\Łukasz\AppData\Local\COMODO 2013-08-29 18:30 . 2013-08-29 18:30 -------- d-----w- c:\users\Łukasz\IGC 2013-08-29 18:30 . 2013-08-29 18:30 -------- d-----w- c:\users\Łukasz\AppData\Roaming\IGC 2013-08-18 20:40 . 2013-08-18 20:40 -------- d-----w- c:\users\Łukasz\AppData\Roaming\Zeon 2013-08-18 11:52 . 2013-08-18 11:52 -------- d-----w- c:\users\Łukasz\AppData\Local\Lollipop 2013-08-14 04:15 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 04:15 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 04:15 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 04:15 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 04:15 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 04:15 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-14 04:15 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 04:14 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 04:14 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-14 04:14 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 04:14 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 04:14 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-12 17:11 . 2013-08-14 04:53 -------- d-----w- c:\windows\system32\MRT . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-01 21:51 . 2012-10-18 12:50 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-09-01 21:51 . 2012-08-13 14:49 145040 ----a-w- c:\windows\system32\drivers\kneps.sys 2013-08-21 08:29 . 2012-04-21 20:35 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-21 08:29 . 2011-09-29 05:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-13 06:09 . 2013-06-13 06:09 55496 ----a-w- c:\windows\system32\offreg.dll 2013-06-05 03:05 . 2013-07-09 20:14 2347520 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-12-20 16:20 459784 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dtdc"="20" [X] "dtdxy"="0" [X] "Akamai NetSession Interface"="c:\users\Łukasz\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472] "Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248] "USBAudio"="c:\users\Łukasz\Ustawienia\USBAudio.exe" [2012-05-16 1050624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-07-10 4685824] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-07 1602856] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-11 13838952] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-12-11 92776] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "gbrspcontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2013-05-30 1851088] "AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-20 356968] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2013-7-24 49360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 FirebirdGuardianPruszynski;Firebird Guardian - Pruszynski;c:\program files\ZasobyPL\Firebird2_1_PRUSZYNSKI\bin\fbguard.exe [x] R2 SKLService;Run software as Windows service;c:\windows\system32\KAward\rsasws.exe [x] R3 FirebirdServerPruszynski;Firebird Server - Pruszynski;c:\program files\ZasobyPL\Firebird2_1_PRUSZYNSKI\bin\fbserver.exe [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-07-03 12400] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112] R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-11 1343400] R3 WSDScan;Obsługa skanowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480] S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2011-06-02 88632] S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2013-05-07 35064] S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2011-06-02 39736] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 24408] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-09-01 44000] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-09-01 145040] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [2013-07-24 70352] S2 CSObjectsSrv;Usługa zarządzająca CryptoStorage;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040] S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [2013-05-30 1851088] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-06-30 49152] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400] S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-26 316992] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-03 25944] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-03 25944] S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Akamai REG_MULTI_SZ Akamai . Zawartość folderu 'Zaplanowane zadania' . 2013-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 08:29] . 2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 07:46] . 2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 07:46] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.babylon.com/?affID=109217&tt=101012_24_4112_4&babsrc=HP_ss&mntrId=961ff16c00000000000078e4009097eb uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = 127.0.0.1:9421; uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: hp.com\www TCP: DhcpNameServer = 192.168.1.245 TCP: Interfaces\{C61F2805-C363-4E0C-AB73-D66E25B21367}: NameServer = 62.179.1.63,62.179.1.62 TCP: Interfaces\{C61F2805-C363-4E0C-AB73-D66E25B21367}\4505D2C494E4B4F52556D6265746: NameServer = 62.179.1.63,62.179.1.62 TCP: Interfaces\{C61F2805-C363-4E0C-AB73-D66E25B21367}\7445D22433830303025636732602355636572756: NameServer = 62.179.1.63,62.179.1.62 TCP: Interfaces\{C61F2805-C363-4E0C-AB73-D66E25B21367}\84F64756C6: NameServer = 62.179.1.63,62.179.1.62 TCP: Interfaces\{C61F2805-C363-4E0C-AB73-D66E25B21367}\C496675626F687D273645344: NameServer = 62.179.1.63,62.179.1.62 . . ------- Skojarzenia plików ------- . .scr=AutoCADLTScriptFile . - - - - USUNIĘTO PUSTE WPISY - - - - . ShellIconOverlayIdentifiers-{E68D0A50-3C40-4712-B90D-DCFA93FF2534} - (no file) ShellIconOverlayIdentifiers-{E68D0A51-3C40-4712-B90D-DCFA93FF2534} - (no file) ShellIconOverlayIdentifiers-{E68D0A52-3C40-4712-B90D-DCFA93FF2534} - (no file) ShellIconOverlayIdentifiers-{E68D0A53-3C40-4712-B90D-DCFA93FF2534} - (no file) AddRemove-46246e0a - c:\windows\system32\46246e0a.exe AddRemove-Slownik jezyka polskiego 3t - c:\windows\IsUn0415.exe AddRemove-StartSearch Toolbar - c:\program files\StartSearch plugin\uninst.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2013-09-02 21:11:29 ComboFix-quarantined-files.txt 2013-09-02 19:11 . Przed: 7 636 299 776 bajtów wolnych Po: 7 717 306 368 bajtów wolnych . - - End Of File - - 90855046587ACD19FB4CD18A96BD0747 A36C5E4F47E84449FF07ED3517B43A31