ComboFix 13-12-04.04 - Rozmi 2013-12-04 18:01:28.1.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1250.48.1045.18.1015.355 [GMT 1:00] Uruchomiony z: c:\users\Rozmi\Desktop\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\HP\HPBTWD.exe c:\program files\RewardsArcade c:\program files\RewardsArcade\appAPIinternalWrapper.js c:\program files\RewardsArcade\fb.js c:\program files\RewardsArcade\jquery.js c:\program files\RewardsArcade\json.js c:\program files\RewardsArcade\RewardsArcade.dll c:\program files\RewardsArcade\RewardsArcade.exe c:\program files\RewardsArcade\Uninstall.exe c:\program files\RewardsArcade\UserConfirmation.exe c:\users\Rozmi\AppData\Roaming\1738.exe c:\users\Rozmi\AppData\Roaming\1F43.exe c:\users\Rozmi\AppData\Roaming\3A60.exe c:\users\Rozmi\AppData\Roaming\3C15.exe c:\users\Rozmi\AppData\Roaming\40B7.exe c:\users\Rozmi\AppData\Roaming\4671.exe c:\users\Rozmi\AppData\Roaming\4A87.exe c:\users\Rozmi\AppData\Roaming\4EF.exe c:\users\Rozmi\AppData\Roaming\4F95.exe c:\users\Rozmi\AppData\Roaming\52E1.exe c:\users\Rozmi\AppData\Roaming\5C43.exe c:\users\Rozmi\AppData\Roaming\6C2A.exe c:\users\Rozmi\AppData\Roaming\757E.exe c:\users\Rozmi\AppData\Roaming\8065.exe c:\users\Rozmi\AppData\Roaming\8B00.exe c:\users\Rozmi\AppData\Roaming\regsrv64.exe c:\windows\system32\Tasks\BackgroundContainer Startup Task . . ((((((((((((((((((((((((( Pliki utworzone od 2013-11-04 do 2013-12-04 ))))))))))))))))))))))))))))))) . . 2013-12-04 17:22 . 2013-12-04 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-12-04 17:12 . 2013-12-04 17:12 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{518AAEF9-4E5D-49F0-847F-971B9EEC9E42}\offreg.dll 2013-12-04 16:21 . 2013-12-04 16:21 -------- d-----w- c:\users\Rozmi\AppData\Local\Conduit 2013-12-04 16:18 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{518AAEF9-4E5D-49F0-847F-971B9EEC9E42}\mpengine.dll 2013-11-18 10:00 . 2013-10-12 07:03 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-11-18 10:00 . 2013-10-12 07:44 770736 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-11-18 10:00 . 2013-10-12 07:03 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-11-18 09:09 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll 2013-11-16 15:27 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\system32\authui.dll 2013-11-16 15:27 . 2013-10-04 01:58 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll 2013-11-16 15:27 . 2013-10-04 01:56 168960 ----a-w- c:\windows\system32\credui.dll 2013-11-16 15:25 . 2013-09-25 01:57 247808 ----a-w- c:\windows\system32\schannel.dll 2013-11-16 15:25 . 2013-09-25 02:01 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-11-16 15:25 . 2013-07-04 12:16 369848 ----a-w- c:\windows\system32\drivers\cng.sys 2013-11-16 15:25 . 2013-09-25 02:01 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2013-11-16 15:25 . 2013-09-25 01:56 1038848 ----a-w- c:\windows\system32\lsasrv.dll 2013-11-16 15:25 . 2013-09-25 01:57 99840 ----a-w- c:\windows\system32\sspicli.dll 2013-11-16 15:25 . 2013-09-25 01:57 22016 ----a-w- c:\windows\system32\secur32.dll 2013-11-16 15:25 . 2013-09-25 01:56 220160 ----a-w- c:\windows\system32\ncrypt.dll 2013-11-16 15:25 . 2013-09-25 00:49 22016 ----a-w- c:\windows\system32\lsass.exe 2013-11-16 15:25 . 2013-09-25 00:49 15872 ----a-w- c:\windows\system32\sspisrv.dll 2013-11-16 15:23 . 2013-10-03 01:58 305152 ----a-w- c:\windows\system32\gdi32.dll 2013-11-16 15:22 . 2013-10-12 02:01 679424 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-11-16 15:22 . 2013-10-12 02:01 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-11-16 15:22 . 2013-10-12 02:03 656896 ----a-w- c:\windows\system32\nshwfp.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-19 02:33 . 2010-10-12 16:32 230048 ------w- c:\windows\system32\MpSigStub.exe 2013-09-14 00:48 . 2013-10-17 09:14 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2013-09-08 02:07 . 2013-10-17 09:14 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:03 . 2013-10-17 09:14 231424 ----a-w- c:\windows\system32\mswsock.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272] "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2013-11-06 226592] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] 2013-11-06 11:59 226592 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2013-11-06 226592] . [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2013-11-06 226592] . [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2009-08-09 293888] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-01 39408] "BackgroundContainer"="c:\users\Rozmi\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-11-06 319264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-12 1533224] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844] "UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-09 1557160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-01 296056] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-28 74752] . c:\users\Rozmi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "WallpaperStyle"= 2 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-04-28 50688] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-07-27 16984] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\aestsrv.exe [2009-03-02 81920] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-08 323584] S4 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S4 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc . Zawartość folderu 'Zaplanowane zadania' . 2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-01 18:37] . 2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-01 18:37] . 2013-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3261754263-3342866274-1701697279-1000Core.job - c:\users\Rozmi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-12 13:51] . 2013-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3261754263-3342866274-1701697279-1000UA.job - c:\users\Rozmi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-12 13:51] . 2013-12-04 c:\windows\Tasks\ReclaimerUpdateFiles_Rozmi.job - c:\users\Rozmi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-12-04 16:15] . 2013-12-04 c:\windows\Tasks\ReclaimerUpdateXML_Rozmi.job - c:\users\Rozmi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-12-04 16:15] . 2013-12-04 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Rozmi.job - c:\users\Rozmi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-12-04 16:15] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=5ae4c37e0000000000000c607662399d IE: &Wyszukiwarka na pasku narzędzi AOL - c:\programdata\AOL\ieToolbar\resources\pl-PL\local\search.html IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 8.8.8.8 . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) HKCU-Run-Power2GoExpress - (no file) HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe AddRemove-RewardsArcade - c:\program files\RewardsArcade\Uninstall.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-3261754263-3342866274-1701697279-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3261754263-3342866274-1701697279-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2013-12-04 18:26:47 ComboFix-quarantined-files.txt 2013-12-04 17:26 . Przed: 83 938 926 592 bajtów wolnych Po: 85 208 453 120 bajtów wolnych . - - End Of File - - F6600655E46FF0265DA94CB58F283644 59F14F51C379C82E9DD9A3B0F02BBE96