ComboFix 11-10-05.02 - kara 2011-10-05  19:59:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.48.1045.18.3069.2084 [GMT 2:00]
Uruchomiony z: c:\users\kara\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-09-05 do 2011-10-05  )))))))))))))))))))))))))))))))
.
.
2011-10-05 18:07 . 2011-10-05 18:07	--------	d-----w-	c:\users\kara\AppData\Local\temp
2011-10-05 18:07 . 2011-10-05 18:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-05 16:43 . 2011-10-05 16:43	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9564D232-5881-4268-B20A-83B71714A390}\offreg.dll
2011-10-05 16:23 . 2011-09-12 23:14	7269712	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9564D232-5881-4268-B20A-83B71714A390}\mpengine.dll
2011-09-25 16:08 . 2011-09-25 16:08	--------	d-----w-	c:\program files\Intel
2011-09-25 16:08 . 2011-04-15 14:00	53248	----a-w-	c:\windows\system32\CSVer.dll
2011-09-25 16:07 . 2011-09-25 16:07	--------	d-----w-	C:\Intel
2011-09-25 11:25 . 2011-09-25 11:25	53248	----a-r-	c:\users\kara\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-25 11:26 . 2011-05-08 15:02	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2011-09-25 08:25 . 2011-05-16 16:57	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-07 16:10 . 2011-08-07 16:10	161792	----a-w-	c:\windows\system32\msls31.dll
2011-08-07 16:10 . 2011-08-07 16:10	86528	----a-w-	c:\windows\system32\iesysprep.dll
2011-08-07 16:10 . 2011-08-07 16:10	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-08-07 16:10 . 2011-08-07 16:10	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-08-07 16:10 . 2011-08-07 16:10	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-08-07 16:10 . 2011-08-07 16:10	63488	----a-w-	c:\windows\system32\tdc.ocx
2011-08-07 16:10 . 2011-08-07 16:10	367104	----a-w-	c:\windows\system32\html.iec
2011-08-07 16:10 . 2011-08-07 16:10	74752	----a-w-	c:\windows\system32\iesetup.dll
2011-08-07 16:10 . 2011-08-07 16:10	23552	----a-w-	c:\windows\system32\licmgr10.dll
2011-08-07 16:10 . 2011-08-07 16:10	152064	----a-w-	c:\windows\system32\wextract.exe
2011-08-07 16:10 . 2011-08-07 16:10	150528	----a-w-	c:\windows\system32\iexpress.exe
2011-08-07 16:10 . 2011-08-07 16:10	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-08-07 16:10 . 2011-08-07 16:10	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-08-07 16:10 . 2011-08-07 16:10	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2011-08-07 16:10 . 2011-08-07 16:10	11776	----a-w-	c:\windows\system32\mshta.exe
2011-08-07 16:10 . 2011-08-07 16:10	101888	----a-w-	c:\windows\system32\admparse.dll
2011-08-07 16:10 . 2011-08-07 16:10	35840	----a-w-	c:\windows\system32\imgutil.dll
2011-08-07 16:10 . 2011-08-07 16:10	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-08-07 16:08 . 2011-08-07 16:08	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2011-08-07 16:08 . 2011-08-07 16:08	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2011-08-07 16:08 . 2011-08-07 16:08	98816	----a-w-	c:\windows\system32\mfps.dll
2011-08-07 16:08 . 2011-08-07 16:08	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2011-08-07 16:08 . 2011-08-07 16:08	2873344	----a-w-	c:\windows\system32\mf.dll
2011-08-07 16:08 . 2011-08-07 16:08	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-08-07 16:08 . 2011-08-07 16:08	586240	----a-w-	c:\windows\system32\stobject.dll
2011-08-07 16:08 . 2011-08-07 16:08	209920	----a-w-	c:\windows\system32\mfplat.dll
2011-08-07 16:08 . 2011-08-07 16:08	683008	----a-w-	c:\windows\system32\d2d1.dll
2011-08-07 16:08 . 2011-08-07 16:08	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-08-07 16:08 . 2011-08-07 16:08	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-08-07 16:08 . 2011-08-07 16:08	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-08-07 16:08 . 2011-08-07 16:08	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-08-07 16:08 . 2011-08-07 16:08	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-08-07 16:08 . 2011-08-07 16:08	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-08-07 16:08 . 2011-08-07 16:08	638336	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-08-07 16:08 . 2011-08-07 16:08	478720	----a-w-	c:\windows\system32\dxgi.dll
2011-08-07 16:08 . 2011-08-07 16:08	37376	----a-w-	c:\windows\system32\cdd.dll
2011-08-07 16:08 . 2011-08-07 16:08	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-08-07 16:08 . 2011-08-07 16:08	258048	----a-w-	c:\windows\system32\winspool.drv
2011-08-07 16:08 . 2011-08-07 16:08	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-08-07 16:08 . 2011-08-07 16:08	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-08-07 16:08 . 2011-08-07 16:08	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-08-07 16:08 . 2011-08-07 16:08	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-08-07 16:04 . 2011-08-07 16:04	4096	----a-w-	c:\windows\system32\drivers\pl-PL\dxgkrnl.sys.mui
2011-08-07 16:03 . 2011-08-07 16:03	519680	----a-w-	c:\windows\system32\d3d11.dll
2011-08-07 16:03 . 2011-08-07 16:03	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2011-08-07 16:03 . 2011-08-07 16:03	252928	----a-w-	c:\windows\system32\dxdiag.exe
2011-08-07 16:03 . 2011-08-07 16:03	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2011-08-07 16:03 . 2011-08-07 16:03	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2011-08-07 16:03 . 2011-08-07 16:03	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2011-08-07 16:03 . 2011-08-07 16:03	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2011-07-22 02:54 . 2011-08-12 14:05	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-12 14:05	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-12 14:05	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-11 13:25 . 2011-08-24 16:50	2048	----a-w-	c:\windows\system32\tzres.dll
2011-10-01 06:46 . 2011-05-08 14:52	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\kara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Rejestracja produktu.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^kara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Rejestracja produktu.lnk]
path=c:\users\kara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Rejestracja produktu.lnk
backup=c:\windows\pss\Logitech . Rejestracja produktu.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-01-17 12:46	534648	----a-w-	c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2008-08-28 17:34	13145448	----a-w-	c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-02-13 07:30	405504	----a-w-	c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-07 15:49	55416	----a-w-	c:\program files\TOSHIBA\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2006-11-01 07:06	413696	----a-w-	c:\program files\TOSHIBA\Utilities\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-06 16:14	34352	----a-w-	c:\program files\TOSHIBA\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-02-06 13:21	509496	----a-w-	c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-11-01 10:08	438272	----a-w-	c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 05:36	1451304	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-03-02 13:10	577536	----a-w-	c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00	571024	----a-w-	c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28	2153472	----a-w-	c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-07-04 121000]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-04-30 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-04-30 12184]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-01-09 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-10 218688]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://startsear.ch/?aff=1
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\kara\AppData\Roaming\Mozilla\Firefox\Profiles\5iz6eo0w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
.
------- Skojarzenia plików -------
.
.scr=AutoCADScriptFile
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
AddRemove-Shop for HP Supplies - c:\program files\HP\Digital Imaging\HPSSupply\hpzscr01.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-05 20:07
Windows 6.0.6002 Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
.
C:\## aswSnx private storage
.
skanowanie pomyślnie ukończone
ukryte pliki: 1
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Czas ukończenia: 2011-10-05  20:10:57
ComboFix-quarantined-files.txt  2011-10-05 18:10
.
Przed: 22 148 927 488 bajtów wolnych
Po: 22 615 568 384 bajtów wolnych
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 5618B3D1D6CA5C9E05091543F8AD3E21