ComboFix 12-07-08.01 - piotr 2012-07-08  21:15:12.2.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1653 [GMT 2:00]
Uruchomiony z: c:\documents and settings\piotr\Moje dokumenty\Pobieranie\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Poprzednie uruchomienie -------
.
c:\windows\system32\crt.dat
c:\windows\system32\mdhcp32.dll
c:\windows\system32\shimg.dll
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-08 do 2012-07-08  )))))))))))))))))))))))))))))))
.
.
2012-07-08 18:29 . 2012-07-08 18:29	--------	d-----w-	c:\documents and settings\Administrator
2012-07-08 15:27 . 1999-05-13 00:00	1064456	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-07-08 15:22 . 1998-01-23 10:22	304128	----a-w-	c:\windows\IsUninst.exe
2012-06-21 16:50 . 2012-06-21 16:50	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-21 16:50 . 2012-06-21 16:50	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 20:30 . 2012-03-11 10:06	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 20:30 . 2012-03-11 10:06	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-21 16:50 . 2011-10-06 08:07	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"RayV"="c:\program files\RayV\RayV\RayV.exe" [2011-02-15 3442552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-06-26 217088]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-20 16872448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1024000]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"WiaExtensionHost64"="c:\documents and settings\piotr\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1830\WiaExtensionHost64.exe" [2012-07-08 50176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.dll"=
"c:\\Documents and Settings\\piotr\\Dane aplikacji\\RayV\\RayV\\RayV.dll"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-10-21 232512]
S0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-03-11 36000]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-03-11 86224]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\f:\i386\AsProcOb.sys --> f:\i386\AsProcOb.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 113120]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-839522115-1177238915-1003Core.job
- c:\documents and settings\piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-10-10 21:10]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-839522115-1177238915-1003UA.job
- c:\documents and settings\piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-10-10 21:10]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://startsear.ch/?aff=1&cf=2849eee8-f507-11e0-8af5-00235488877f
mStart Page = hxxp://startsear.ch/?aff=1&cf=2849eee8-f507-11e0-8af5-00235488877f
TCP: DhcpNameServer = 194.204.159.1 194.204.152.34
FF - ProfilePath - c:\documents and settings\piotr\Dane aplikacji\Mozilla\Firefox\Profiles\5ftzl4dx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=2849eee8-f507-11e0-8af5-00235488877f&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-08 21:18
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
.
C:\ADSM_PData_0150
.
skanowanie pomyślnie ukończone
ukryte pliki: 1
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1608)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Czas ukończenia: 2012-07-08  21:19:18
ComboFix-quarantined-files.txt  2012-07-08 19:19
.
Przed: 20 777 709 568 bajtów wolnych
Po: 20 768 272 384 bajtów wolnych
.
- - End Of File - - 1433FC80AFE8F975A2CAAAEB3B068889