ComboFix 10-12-07.04 - Tomek 2010-12-08 11:59:10.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.1024.146 [GMT 1:00] Uruchomiony z: G:\ComboFix.exe * Rezydentny antywirus jest aktywny . ((((((((((((((((((((((((( Pliki utworzone od 2010-11-08 do 2010-12-08 ))))))))))))))))))))))))))))))) . 2010-12-08 11:08 . 2010-12-08 11:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-02 21:53 . 2010-12-02 21:53 -------- d-----w- c:\users\Tomek\AppData\Local\ESET 2010-12-02 21:50 . 2010-12-02 21:50 -------- d-----w- c:\program files\ESET 2010-12-01 10:22 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB115F6E-9E77-425A-8B1A-8B009EC59CD1}\mpengine.dll 2010-11-26 13:16 . 2010-10-28 11:23 2217088 ----a-w- c:\windows\system32\BootMan.exe 2010-11-26 13:16 . 2010-07-15 07:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe 2010-11-26 13:16 . 2010-07-15 07:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys 2010-11-26 13:16 . 2010-07-15 07:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys 2010-11-26 13:16 . 2010-07-15 07:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll 2010-11-26 13:16 . 2010-11-26 13:16 -------- d-----w- c:\program files\EASEUS 2010-11-26 12:56 . 2010-11-26 12:56 170080 ----a-w- c:\windows\system32\drivers\snapman.sys 2010-11-26 12:56 . 2010-11-26 12:56 -------- d-----w- c:\program files\Acronis 2010-11-26 12:56 . 2010-11-26 12:56 -------- d-----w- c:\program files\Common Files\Acronis 2010-11-26 01:03 . 2010-11-26 01:03 -------- d-----w- c:\programdata\NVIDIA 2010-11-26 00:57 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll 2010-11-26 00:52 . 2010-11-26 00:52 -------- d-----w- c:\programdata\NVIDIA Corporation 2010-11-26 00:52 . 2010-11-26 00:53 -------- d-----w- c:\program files\NVIDIA Corporation 2010-11-26 00:40 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-11-26 00:40 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-11-26 00:40 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-11-26 00:40 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-11-26 00:40 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-11-26 00:40 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2010-11-26 00:40 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys 2010-11-26 00:39 . 2010-11-26 00:39 -------- d-----w- c:\program files\MSXML 4.0 2010-11-26 00:30 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll 2010-11-26 00:25 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-11-26 00:25 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-11-26 00:25 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-11-26 00:23 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-11-26 00:23 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-11-26 00:23 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll 2010-11-26 00:05 . 2010-11-26 00:05 -------- d-----w- c:\program files\Gemalto 2010-11-26 00:03 . 2004-09-15 13:28 24576 ------w- c:\windows\system32\gemstrmw.exe 2010-11-26 00:00 . 2010-11-26 00:01 -------- d-----w- c:\program files\Gemplus 2010-11-25 23:59 . 2010-11-25 23:59 -------- d-----w- c:\program files\Common Files\InstallShield 2010-11-25 14:49 . 2010-11-25 14:50 -------- d-----w- c:\users\Tomek\AppData\Roaming\Nokia 2010-11-25 14:48 . 2010-11-25 14:48 -------- d-----w- c:\program files\Common Files\PCSuite 2010-11-25 14:48 . 2010-11-25 14:48 -------- d-----w- c:\program files\Common Files\Nokia 2010-11-25 14:47 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2010-11-25 14:46 . 2010-11-25 14:48 -------- d-----w- c:\program files\Nokia 2010-11-25 14:43 . 2010-11-25 14:43 -------- d-----w- c:\programdata\Installations 2010-11-25 14:21 . 2010-11-25 14:59 -------- d-----w- c:\programdata\BVRP Software 2010-11-25 01:05 . 2010-11-25 01:05 -------- d-----w- c:\users\Tomek\AppData\Roaming\QuickScan 2010-11-25 00:59 . 2010-11-25 00:59 -------- d-----w- c:\windows\BDOSCAN8 2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-22 16:32 . 2010-05-16 19:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2010-10-19 09:41 . 2010-04-29 20:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-18 21:17 . 2010-05-17 20:49 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2010-09-15 03:50 . 2010-08-19 16:59 472808 ----a-w- c:\windows\system32\deployJava1.dll . ------- Sigcheck ------- [-] 2010-05-24 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-09-04 . C7B21BEF09EC7249556BEE19F9D314CB . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16400_none_cd604238ce73b38f\user32.dll [7] 2009-09-04 . AE2B4D47934D3798C984D51B1694A490 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.20496_none_cd8e8f8de7d4e9b5\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-12-22 8966760] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2010-11-04 423632] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-10-09 107864] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "DataCardMonitor"="c:\program files\blueconnect\DataCardMonitor.exe" [2010-10-21 253952] "gemstrmw"="c:\windows\system32\gemstrmw.exe" [2004-09-15 24576] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064] c:\users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-02-04 30240] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 89600] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-02-04 96416] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-02-04 12704] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-02-04 121504] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-09 238952] S2 GemSAFE Card Server;GemSAFE Card Server;c:\program files\Gemplus\GemSafe Libraries User\BIN\GCardSrvNT.exe [2004-11-30 94208] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-10-05 36608] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - FSUSBEXDISK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . . ------- Skan uzupełniający ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2010-12-08 12:11:33 ComboFix-quarantined-files.txt 2010-12-08 11:11 ComboFix2.txt 2010-12-04 19:05 Przed: 16 198 209 536 bajtów wolnych Po: 16 015 351 808 bajtów wolnych - - End Of File - - B42A4C65A5F7E18E3D8480EC9115102F