ComboFix 12-07-21.01 - Klaudia1 2012-07-22 7:58.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1013.456 [GMT 2:00] Uruchomiony z: c:\documents and settings\Klaudia1\Pulpit\ComboFix.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-22 do 2012-07-22 ))))))))))))))))))))))))))))))) . . 2012-07-20 11:43 . 2012-07-20 11:43 -------- d-----w- c:\program files\Common Files\Skype 2012-07-14 14:34 . 2012-07-14 14:34 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2012-07-14 14:34 . 2012-07-14 14:34 -------- d-----w- c:\documents and settings\Klaudia1\Dane aplikacji\OpenFM . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-13 13:55 . 2010-08-16 07:22 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2010-08-16 07:22 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2010-08-16 07:22 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2010-08-16 07:22 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2010-08-15 21:47 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2010-08-15 21:47 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2010-08-15 21:47 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2009-08-06 18:24 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2010-08-16 07:22 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2010-08-15 21:47 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2010-08-15 21:47 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2009-08-06 18:24 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2010-08-15 21:47 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2010-08-15 21:47 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2009-08-06 18:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:18 . 2011-07-31 01:18 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2011-07-31 01:18 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18 . 2011-07-31 01:18 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2010-08-16 07:22 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2010-08-16 07:22 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44 . 2010-08-16 07:22 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2010-08-16 07:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2010-08-16 07:22 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:14 . 2008-04-14 21:59 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2008-04-14 21:59 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2010-08-15 21:46 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-04-14 12:01 . 2011-01-18 09:57 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-08-23 . C2F259C880A5AFDEBEC61AC0457ECFA1 . 629760 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2010-08-23 . C2F259C880A5AFDEBEC61AC0457ECFA1 . 629760 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [7] 2010-08-23 . C29639BA7410BCEF8898CBCB07A59CB1 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [7] 2008-04-15 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll [7] 2008-04-15 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [7] 2008-04-15 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll . ((((((((((((((((((((((((((((( SnapShot@2012-06-17_21.20.00 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-22 05:27 . 2012-07-22 05:27 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat + 2012-06-21 09:39 . 2012-06-02 13:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll + 2012-06-21 09:39 . 2012-06-02 13:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll + 2010-08-15 21:47 . 2012-06-02 13:19 35864 c:\windows\system32\dllcache\wups.dll + 2010-08-15 21:47 . 2012-06-02 13:19 53784 c:\windows\system32\dllcache\wuauclt.exe + 2010-08-16 07:22 . 2012-06-02 13:19 97304 c:\windows\system32\dllcache\cdm.dll + 2012-07-16 18:08 . 2012-07-16 18:08 22016 c:\windows\Installer\af93483.msi - 2010-12-27 10:49 . 2012-06-14 14:33 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2010-12-27 10:49 . 2012-07-12 11:24 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2010-12-27 10:49 . 2012-07-12 11:24 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2010-12-27 10:49 . 2012-06-14 14:33 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2010-12-27 10:49 . 2012-06-14 14:33 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2010-12-27 10:49 . 2012-07-12 11:24 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2011-07-20 05:28 . 2011-07-20 05:28 54104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCANOST.EXE + 2011-07-20 05:28 . 2011-07-20 05:28 75624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RM.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 38248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RECALL.DLL + 2011-05-26 19:18 . 2011-05-26 19:18 52088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLVBA.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 34208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\DUMPSTER.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 87408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\DLGSETP.DLL + 2010-08-15 23:43 . 2012-07-14 15:00 376856 c:\windows\system32\FNTCACHE.DAT - 2010-08-15 23:43 . 2012-06-15 16:32 376856 c:\windows\system32\FNTCACHE.DAT + 2010-08-15 21:47 . 2012-06-02 13:19 210968 c:\windows\system32\dllcache\wuweb.dll + 2010-08-15 21:47 . 2012-06-02 13:19 329240 c:\windows\system32\dllcache\wucltui.dll + 2010-08-15 21:47 . 2012-06-02 13:19 577048 c:\windows\system32\dllcache\wuapi.dll + 2010-08-16 07:22 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll - 2010-08-15 21:47 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll + 2010-08-15 21:47 . 2012-05-28 18:17 536576 c:\windows\system32\dllcache\msado15.dll + 2012-07-20 11:44 . 2012-07-20 11:44 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe - 2010-12-27 10:49 . 2012-06-14 14:33 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2010-12-27 10:49 . 2012-07-12 11:24 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2010-12-27 10:49 . 2012-06-14 14:33 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2010-12-27 10:49 . 2012-07-12 11:24 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2010-12-27 10:49 . 2012-06-14 14:33 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2010-12-27 10:49 . 2012-07-12 11:24 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2010-12-27 10:49 . 2012-07-12 11:24 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2010-12-27 10:49 . 2012-06-14 14:33 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2010-12-27 10:49 . 2012-07-12 11:24 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2010-12-27 10:49 . 2012-06-14 14:33 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2010-12-27 10:49 . 2012-06-14 14:33 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2010-12-27 10:49 . 2012-07-12 11:24 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2010-12-27 10:49 . 2012-06-14 14:33 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2010-12-27 10:49 . 2012-07-12 11:24 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2011-07-20 05:28 . 2011-07-20 05:28 282032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCNPST64.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 273832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCNPST32.DLL + 2011-07-27 03:55 . 2011-07-27 03:55 410992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RTFHTML.DLL + 2011-07-20 06:06 . 2011-07-20 06:06 770480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\REGFORM.EXE + 2011-07-20 05:28 . 2011-07-20 05:28 421736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PSTPRX32.DLL + 2011-05-31 15:15 . 2011-05-31 15:15 177040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLPH.DLL + 2011-07-27 03:55 . 2011-07-27 03:55 596888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLMIME.DLL + 2011-05-26 19:18 . 2011-05-26 19:18 136536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLCTL.DLL + 2011-07-27 05:03 . 2011-07-27 05:03 194448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OMSXP32.DLL + 2011-07-27 05:03 . 2011-07-27 05:03 661888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OMSMAIN.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 253824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OLKFSTUB.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 340320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MIMEDIR.DLL + 2012-02-22 02:10 . 2012-02-22 02:10 117160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPOMINT.DLL + 2011-07-20 06:06 . 2011-07-20 06:06 176024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPOLK.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 138088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IMPMAIL.DLL + 2009-02-26 11:09 . 2009-02-26 11:09 154000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\ENVELOPE.DLL + 2011-05-26 19:18 . 2011-05-26 19:18 115584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\EMABLT32.DLL + 2011-07-27 03:55 . 2011-07-27 03:55 128376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\CONTAB32.DLL + 2012-07-12 11:00 . 2012-07-12 11:00 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll - 2012-02-22 02:10 . 2012-02-22 02:10 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll + 2010-08-16 07:22 . 2012-06-08 14:25 8491520 c:\windows\system32\shell32.dll + 2010-08-15 21:47 . 2012-06-02 13:19 1933848 c:\windows\system32\dllcache\wuaueng.dll + 2010-08-16 07:22 . 2012-06-13 13:55 1866368 c:\windows\system32\dllcache\win32k.sys + 2010-08-16 07:22 . 2012-06-08 14:25 8491520 c:\windows\system32\dllcache\shell32.dll - 2010-08-16 07:22 . 2009-07-31 08:05 1372672 c:\windows\system32\dllcache\msxml6.dll + 2010-08-16 07:22 . 2012-06-05 15:49 1372672 c:\windows\system32\dllcache\msxml6.dll + 2010-08-16 07:22 . 2012-06-05 15:49 1172480 c:\windows\system32\dllcache\msxml3.dll - 2010-08-16 07:22 . 2010-06-14 07:43 1172480 c:\windows\system32\dllcache\msxml3.dll + 2012-05-30 05:19 . 2012-05-30 05:19 1751040 c:\windows\Installer\6a92def1.msp + 2012-06-19 10:54 . 2012-06-19 10:54 2239488 c:\windows\Installer\6a92dee7.msp + 2012-06-19 10:54 . 2012-06-19 10:54 5009920 c:\windows\Installer\6a92ded0.msp + 2012-04-04 20:37 . 2012-04-04 20:37 2540544 c:\windows\Installer\6a7efa44.msp + 2012-04-04 20:37 . 2012-04-04 20:37 3149824 c:\windows\Installer\6a7efa2d.msp + 2012-07-20 11:44 . 2012-07-20 11:44 1648640 c:\windows\Installer\1e32ae3d.msi - 2010-12-27 10:49 . 2012-06-14 14:33 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2010-12-27 10:49 . 2012-07-12 11:24 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2010-12-27 10:49 . 2012-06-14 14:33 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2010-12-27 10:49 . 2012-07-12 11:24 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2011-07-27 03:55 . 2011-07-27 03:55 3004800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OLMAPI32.DLL + 2011-07-27 04:09 . 2011-07-27 04:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPEDITOR.DLL + 2011-07-27 04:09 . 2011-07-27 04:09 5484416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPDESIGN.DLL + 2011-07-27 04:09 . 2011-07-27 04:09 1460088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\INFOPATH.EXE + 2010-11-14 08:01 . 2012-07-12 11:02 57442464 c:\windows\system32\MRT.exe + 2012-05-30 05:18 . 2012-05-30 05:18 11885056 c:\windows\Installer\6a92df21.msp + 2011-08-03 17:18 . 2011-08-03 17:18 12997488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLOOK.EXE . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-15 39408] "HW_OPENEYE_OUC_PLAY ONLINE"="c:\program files\PLAY ONLINE\UpdateDog\ouc.exe" [2009-04-14 110592] "Gadu-Gadu 10"="c:\programy\Gadu-Gadu 10\gg.exe" [2010-12-16 12984928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "S6000Mnt"="S6000Rmv.dll " [X] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968] "SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-26 337264] "RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392] "LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272] "iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416] "iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584] "EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920] "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-25 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-25 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-25 134656] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\Klaudia1\Menu Start\Programy\Autostart\ Stardock ObjectDock.lnk - d:\programy\ObjectDock\ObjectDock.exe [2012-2-7 3450608] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-16 704032] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AndroidManager] 2010-01-08 09:47 508280 ----a-w- c:\program files\Acer\Android Manager\AML.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10] 2010-12-16 05:19 12984928 ----a-w- c:\programy\Gadu-Gadu 10\gg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-06-05 19:28 136176 ----atw- c:\documents and settings\Klaudia1\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon] 2010-05-26 17:41 349552 ----a-w- c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-08-15 23:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programy\\BitSpirit\\BitSpirit.exe"= "c:\\Programy\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\Acer\\Acer VCM\\VC.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-11-10 691696] R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2010-08-16 17840] R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2010-08-16 15280] R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2010-08-16 58800] R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-08-16 321104] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-08-16 260640] R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-08-16 243232] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-02-13 72576] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-08-16 61552] R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [2010-11-08 3221120] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 135664] S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -/service --> c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -/service [?] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [2010-08-16 95232] S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-08-16 1691480] S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-08-16 82384] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-02-13 102784] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-06-10 117504] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?] S3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-26 305520] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-12-18 137344] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2012-01-12 155344] . Zawartość folderu 'Zaplanowane zadania' . 2012-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 20:05] . 2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 20:05] . 2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091673561-1779672970-72185382-1006Core.job - c:\documents and settings\Klaudia1\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-25 19:28] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091673561-1779672970-72185382-1006UA.job - c:\documents and settings\Klaudia1\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-25 19:28] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://domredi.com/1/ mStart Page = hxxp://startsear.ch/?aff=2&cf=156b5e60-e21a-11e0-99ba-5cac4c064e1d IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Pobierz z &BitSpirit - c:\programy\BitSpirit\bsurl.htm TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{02BE8202-89BE-4E34-A1FB-35C1FE2C5CA5}: NameServer = 213.241.79.38,213.241.79.37 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-22 08:06 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-3091673561-1779672970-72185382-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(3636) c:\windows\system32\WININET.dll d:\programy\ObjectDock\DockShellHook.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll c:\program files\EgisTec MyWinLocker\x86\sysenv.dll c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Czas ukończenia: 2012-07-22 08:09:32 ComboFix-quarantined-files.txt 2012-07-22 06:09 ComboFix2.txt 2012-06-17 21:24 . Przed: 27 124 527 104 bajtów wolnych Po: 27 311 788 032 bajtów wolnych . - - End Of File - - E33B37B8CDAFD69940B86176F433F0F4