ComboFix 14-03-04.03 - Oem5 2014-03-15 16:53:38.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.2667.1890 [GMT 1:00] Uruchomiony z: c:\users\Oem5\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2014-02-15 do 2014-03-15 ))))))))))))))))))))))))))))))) . . 2014-03-15 16:05 . 2014-03-15 16:05 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-03-15 16:05 . 2014-03-15 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-15 15:43 . 2014-03-15 15:43 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79842AEE-D341-4684-B205-A622118AB24A}\MpKsld1eaf629.sys 2014-03-15 09:08 . 2014-03-15 09:08 104960 ----a-w- C:\aftcyaob.sys 2014-03-15 08:56 . 2014-03-15 09:01 -------- d-----w- C:\FRST 2014-03-15 07:24 . 2014-02-20 08:52 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F651C3AA-B877-4EA8-88EA-FA38252792D5}\gapaengine.dll 2014-03-15 07:24 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79842AEE-D341-4684-B205-A622118AB24A}\mpengine.dll 2014-03-13 19:41 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-10 13:16 . 2014-03-10 13:20 -------- d-----w- C:\Angry Birds Rio 2014-03-05 14:49 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2014-03-05 14:45 . 2014-03-11 18:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-03-05 14:45 . 2014-03-11 18:41 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-05 11:23 . 2014-03-05 11:23 -------- d-----w- c:\program files\Enigma Software Group 2014-03-05 11:21 . 2014-03-05 14:07 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP 2014-03-05 11:21 . 2014-03-05 11:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2014-03-04 19:01 . 2014-03-15 16:05 -------- d-----w- c:\users\Oem5\AppData\Local\temp 2014-02-26 19:59 . 2014-02-26 19:59 -------- d-----w- c:\windows\Migration 2014-02-15 17:51 . 2014-02-17 07:48 -------- d-----w- c:\program files\Rovio 2014-02-15 03:38 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-20 08:52 . 2014-02-08 17:47 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-01-19 07:32 . 2013-09-12 12:48 231584 ------w- c:\windows\system32\MpSigStub.exe 2013-12-24 23:09 . 2014-02-13 03:53 1987584 ----a-w- c:\windows\system32\d3d10warp.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\users\Oem5\AppData\Roaming\uTorrent\uTorrent.exe" [2014-01-31 905296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2011-09-15 6253160] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-09-18 280576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2011-08-10 12:51 343168 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2014-01-31 21:49 905296 ----a-w- c:\users\Oem5\AppData\Roaming\uTorrent\uTorrent.exe . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2013-09-13 492000] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 66688] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 33408] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-18 87968] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-05 176128] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 294400] S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-07-14 100880] S3 netr28u;Sterownik karty RT2870 USB Wireless LAN Card dla systemu Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408] S3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-06-18 669912] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - MPKSLD1EAF629 . Zawartość folderu 'Zaplanowane zadania' . 2014-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-05 18:41] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=BA8674DE2BBF5F31&affID=119357&tt=240913_91215&tsp=5019 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Oem5\AppData\Roaming\Mozilla\Firefox\Profiles\thc4x7yt.default\ FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1Qzu0EyEtCtCyD0B0FyE0D0FtAyD0C0C0FtBtN0D0Tzu0CyCtByCtN1L2XzutBtFtBtFyDtFtCtDyByBtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=823971833&ir= FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Funmoods FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=ironpub12&cd=2XzuyEtN2Y1L1Qzu0EyEtCtCyD0B0FyE0D0FtAyD0C0C0FtBtN0D0Tzu0CyCtByCtN1L2XzutBtFtBtFyDtFtCtDyByBtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=823971833&ir= FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=ironpub12&cd=2XzuyEtN2Y1L1Qzu0EyEtCtCyD0B0FyE0D0FtAyD0C0C0FtBtN0D0Tzu0CyCtByCtN1L2XzutBtFtBtFyDtFtCtDyByBtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=823971833&ir=&q= FF - user.js: extensions.funmoods.id - E4115BF4DF35CCF2 FF - user.js: extensions.funmoods.instlDay - 15966 FF - user.js: extensions.funmoods.vrsn - 1.8.20.0 FF - user.js: extensions.funmoods.vrsni - 1.8.20.0 FF - user.js: extensions.funmoods_i.vrsnTs - 1.8.20.08:30 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - ironpub12 FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.appId - {EA28B360-05E0-4F93-8150-02891F1D8D3C} FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods_i.hmpg - true FF - user.js: extensions.funmoods.cr - 823971833 FF - user.js: extensions.funmoods.cd - 2XzuyEtN2Y1L1Qzu0EyEtCtCyD0B0FyE0D0FtAyD0C0C0FtBtN0D0Tzu0CyCtByCtN1L2XzutBtFtBtFyDtFtCtDyByBtN1L1Czu1L1C1F1G1E2Y1StCtB FF - user.js: extensions.irspeeddial.aflt - ironpub12 FF - user.js: extensions.irspeeddial.instlRef - FF - user.js: extensions.irspeeddial.cr - 823971833 FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1Qzu0EyEtCtCyD0B0FyE0D0FtAyD0C0C0FtBtN0D0Tzu0CyCtByCtN1L2XzutBtFtBtFyDtFtCtDyByBtN1L1Czu1L1C1F1G1E2Y1StCtB FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - ba86ccf200000000000074de2bbf5f31 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15976 FF - user.js: extensions.delta.vrsn - 1.8.24.6 FF - user.js: extensions.delta.vrsni - 1.8.24.6 FF - user.js: extensions.delta.vrsnTs - 1.8.24.610:43 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=119357&tt=240913_91215&tsp=5019 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - USUNIĘTO PUSTE WPISY - - - - . ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe MSConfigStartUp-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2014-03-15 17:08:12 ComboFix-quarantined-files.txt 2014-03-15 16:08 ComboFix2.txt 2014-03-04 19:01 ComboFix3.txt 2013-12-06 15:23 . Przed: 135 792 353 280 bajtów wolnych Po: 135 763 886 080 bajtów wolnych . - - End Of File - - A3DAA13A5CFA2CA3F4E3C8594587A7FC A36C5E4F47E84449FF07ED3517B43A31