ComboFix 12-02-10.03 - Piotrek 2012-02-11  11:00:39.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3033.2063 [GMT 1:00]
Uruchomiony z: c:\users\Piotrek\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
Następujące pliki zostały wyłączone z działania w czasie skanowania:
c:\windows\system32\win32sta.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iplus
c:\program files\iplus\commanderFix.exe
c:\program files\iplus\countries.eng
c:\program files\iplus\countries.pl
c:\program files\iplus\Drivers\difxapi.dll
c:\program files\iplus\Drivers\Driver\Huawei\ewdcsc.cat
c:\program files\iplus\Drivers\Driver\Huawei\ewdcsc.inf
c:\program files\iplus\Drivers\Driver\Huawei\ewdcsc.sys
c:\program files\iplus\Drivers\Driver\Huawei\ewmdm2k.cat
c:\program files\iplus\Drivers\Driver\Huawei\ewmdm2k.inf
c:\program files\iplus\Drivers\Driver\Huawei\ewnet.inf
c:\program files\iplus\Drivers\Driver\Huawei\ewser2k.cat
c:\program files\iplus\Drivers\Driver\Huawei\ewser2k.inf
c:\program files\iplus\Drivers\Driver\Huawei\ewusbdev.cat
c:\program files\iplus\Drivers\Driver\Huawei\ewusbdev.inf
c:\program files\iplus\Drivers\Driver\Huawei\ewusbdev.sys
c:\program files\iplus\Drivers\Driver\Huawei\ewusbmdm.sys
c:\program files\iplus\Drivers\Driver\Huawei\ewusbnet.cat
c:\program files\iplus\Drivers\Driver\Huawei\ewusbnet.sys
c:\program files\iplus\Drivers\driverInstallation.log
c:\program files\iplus\Drivers\driverInstaller.exe
c:\program files\iplus\Drivers\huawei-drivers-list-vista.txt
c:\program files\iplus\en\iplus.mo
c:\program files\iplus\eng.lang
c:\program files\iplus\help\IPlus_Manager_User_Manual.pdf
c:\program files\iplus\help\Podrecznik_Uzytkownika_IPlus_Manager.pdf
c:\program files\iplus\iPlusChecker.exe
c:\program files\iplus\iPlusManager.exe
c:\program files\iplus\iPlusManager.ini
c:\program files\iplus\license.rtf
c:\program files\iplus\log\openssl.exe
c:\program files\iplus\log\plus.pem
c:\program files\iplus\NDISAPI.dll
c:\program files\iplus\networks.dat
c:\program files\iplus\PaseczekControlAPI.dll
c:\program files\iplus\pl.lang
c:\program files\iplus\pl\iplus.mo
c:\program files\iplus\resources.dat
c:\program files\iplus\SysConfig.dat
c:\program files\iplus\tools.exe
c:\program files\iplus\unins000.dat
c:\program files\iplus\unins000.exe
c:\program files\iplus\uninstallTool.exe
c:\program files\iplus\update.exe
c:\program files\iplus\update\update.ini
c:\program files\iplus\userPrefs.def
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_defender_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\IsUn0415.exe
c:\windows\system32\win32sta.dll
c:\windows\update.7.1
c:\windows\update.7.1\S.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddservice
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-01-11 do 2012-02-11  )))))))))))))))))))))))))))))))
.
.
2012-02-11 10:27 . 2012-02-11 10:31	--------	d-----w-	c:\users\Piotrek\AppData\Local\temp
2012-02-11 10:27 . 2012-02-11 10:27	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-02-11 10:27 . 2012-02-11 10:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-11 10:27 . 2012-02-11 10:27	--------	d-----w-	c:\users\Angalika\AppData\Local\temp
2012-02-10 09:24 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF714D34-2C80-4650-B344-51B38FD5D713}\mpengine.dll
2012-02-08 12:57 . 2012-02-08 12:57	--------	d-----w-	c:\users\Piotrek\AppData\Local\Aspyr
2012-02-08 12:57 . 2012-02-08 12:57	--------	d-----w-	c:\programdata\Aspyr
2012-02-07 04:05 . 2012-02-07 04:05	--------	d-----w-	c:\programdata\Premium
2012-02-07 04:05 . 2012-02-07 04:05	--------	d-----w-	c:\programdata\InstallMate
2012-02-07 03:47 . 2012-02-07 05:18	--------	d--h--w-	c:\users\Piotrek\AppData\Local\MicrosoftNT
2012-02-07 03:47 . 2012-02-07 03:47	--------	d-----w-	c:\users\Piotrek\AppData\Roaming\SkyMonk
2012-02-07 03:46 . 2012-02-08 05:07	--------	d-----w-	c:\program files\Mail.Ru
2012-02-07 02:45 . 2012-02-07 02:45	--------	d-----w-	c:\users\Piotrek\AppData\Roaming\ProtectDisc
2012-02-06 01:42 . 2012-02-06 01:42	--------	d-----w-	c:\programdata\Z-Software
2012-02-06 01:42 . 2012-02-06 01:42	--------	d-----w-	c:\users\Piotrek\AppData\Roaming\Z-Software
2012-01-22 16:56 . 2011-11-17 05:41	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-22 16:56 . 2011-11-17 05:41	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-01-22 16:56 . 2011-11-17 05:39	369352	----a-w-	c:\windows\system32\drivers\cng.sys
2012-01-22 16:56 . 2011-11-17 05:35	314880	----a-w-	c:\windows\system32\webio.dll
2012-01-22 16:56 . 2011-11-17 05:34	15872	----a-w-	c:\windows\system32\sspisrv.dll
2012-01-22 16:56 . 2011-11-17 05:34	100352	----a-w-	c:\windows\system32\sspicli.dll
2012-01-22 16:56 . 2011-11-17 05:34	224768	----a-w-	c:\windows\system32\schannel.dll
2012-01-22 16:56 . 2011-11-17 05:34	22016	----a-w-	c:\windows\system32\secur32.dll
2012-01-22 16:56 . 2011-11-17 05:32	1038848	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-22 16:56 . 2011-11-17 05:29	22528	----a-w-	c:\windows\system32\lsass.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2010-12-12 19:46	237072	----a-w-	c:\windows\system32\MpSigStub.exe
2011-11-24 04:25 . 2011-12-15 17:13	2342912	----a-w-	c:\windows\system32\win32k.sys
2011-11-19 14:01 . 2012-01-11 12:18	67072	----a-w-	c:\windows\system32\packager.dll
2011-11-17 05:38 . 2012-01-11 12:18	1288472	----a-w-	c:\windows\system32\ntdll.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-07-16 . 921F8B3FF01501C9934CCB3C270833D7 . 868352 . . [6.1.7601.21772] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll
[7] 2011-07-16 . E570CBD732848438EAC574EB3442A2A8 . 868352 . . [6.1.7601.17651] . . c:\windows\ERDNT\cache\kernel32.dll
[7] 2011-07-16 . E570CBD732848438EAC574EB3442A2A8 . 868352 . . [6.1.7601.17651] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll
[7] 2011-05-14 . 5717FC9D2A1DAA0596DC7D940F2D613C . 868352 . . [6.1.7601.21728] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll
[7] 2011-05-14 . 02D5E2D9D9497F314C97E082A1CB9808 . 868352 . . [6.1.7601.17617] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll
[-] 2010-11-20 . 3C9AB2C90201380E1034D71AD5670E01 . 868352 . . [6.1.7600.16385] . . c:\windows\System32\kernel32.dll
[7] 2010-11-20 . 5553784D774CA845380650E010BBDA2C . 857600 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2011-02-20 370688]
"EA Core"="d:\zainstalowanee\EADM\Core.exe" [2009-09-03 3342336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
.
c:\users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI3C8A~1\Datamngr\datamngr.dll c:\progra~1\WI3C8A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0aswBoot.exe /A:* /L:1045 /KBD:2 /dir:d:\zainstalowanee\avast
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 135664]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2010-01-04 101120]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-12 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-18 691696]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-05-31 1052480]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-01-04 112640]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;Sterownik miniportu NDIS6.2 dla kontrolera Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 16:18]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 16:18]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.mail.ru/cnt/9514
mStart Page = about:blank
IE: E&ksport do programu Microsoft Excel - d:\zainst~1\OFFICE11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 212.2.96.53 212.2.96.51
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-iPlusManager - c:\program files\iPlus\iPlusChecker.exe
AddRemove-iPlus manager_is1 - c:\program files\iPlus\unins000.exe
AddRemove-Tzar - c:\windows\IsUn0415.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\taskhost.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Czas ukończenia: 2012-02-11  11:35:41 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-02-11 10:35
ComboFix2.txt  2011-08-20 22:24
.
Przed: 71 526 428 672 bajtów wolnych
Po: 71 489 753 088 bajtów wolnych
.
- - End Of File - - 9569CAB0F8B3F851131DA600B2B1E6B8