ComboFix 12-07-18.01 - Adam 2012-07-18  15:23:54.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1250.48.1033.18.1978.1560 [GMT 2:00]
Uruchomiony z: c:\users\Adam\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-18 do 2012-07-18  )))))))))))))))))))))))))))))))
.
.
2012-07-18 13:41 . 2012-07-18 13:41	--------	d-----w-	c:\users\Adam\AppData\Local\temp
2012-07-18 13:41 . 2012-07-18 13:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-18 13:41 . 2012-07-18 13:41	--------	d-----w-	c:\users\berberis\AppData\Local\temp
2012-07-18 12:20 . 2012-07-18 12:20	--------	d-----w-	C:\_OTL
2012-07-18 10:32 . 2012-07-03 16:21	353688	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-07-18 10:32 . 2012-07-03 16:21	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-07-18 10:32 . 2012-07-03 16:21	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-07-18 10:32 . 2012-07-03 16:21	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-07-18 10:32 . 2012-07-03 16:21	721000	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-07-18 10:32 . 2012-07-03 16:21	57656	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-07-18 10:32 . 2012-07-03 16:21	41224	----a-w-	c:\windows\avastSS.scr
2012-07-18 10:32 . 2012-07-03 16:21	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-07-18 10:31 . 2012-07-18 11:51	--------	d-----w-	c:\programdata\AVAST Software
2012-07-18 10:31 . 2012-07-18 10:31	--------	d-----w-	c:\program files\AVAST Software
2012-07-17 22:21 . 2012-07-17 20:51	596480	----a-w-	C:\OTL.exe
2012-07-17 17:27 . 2012-07-17 17:27	--------	d-----w-	c:\users\Adam\AppData\Roaming\hellomoto
2012-07-12 01:14 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 23:58 . 2012-07-11 23:58	--------	d-----w-	c:\users\Adam\AppData\Roaming\CyberLink
2012-07-11 23:58 . 2012-07-11 23:58	--------	d-----w-	c:\users\Public\Recorded TV
2012-07-11 23:58 . 2012-07-12 09:24	--------	d-----w-	c:\users\Adam\AppData\Local\QuickPlay
2012-07-11 10:14 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 10:14 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 10:14 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 10:14 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 10:14 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 10:14 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-27 14:43 . 2012-06-27 14:43	--------	d-----w-	c:\program files\ESET
2012-06-25 16:42 . 2012-06-25 16:42	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-06-22 09:38 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-22 09:38 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-22 09:38 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-22 09:38 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-22 09:37 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-22 09:37 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-22 09:37 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-22 09:37 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-22 09:37 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 14:03 . 2012-06-14 09:34	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-14 09:34	984064	----a-w-	c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-14 09:34	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-14 09:34	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-14 22:19 . 2012-06-25 16:42	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2009-09-17 663552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424]
"WiaExtensionHost64"="c:\users\Adam\AppData\Local\Microsoft\Windows\730\WiaExtensionHost64.exe" [2012-07-17 50688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-18 16:21]
.
2012-07-17 c:\windows\Tasks\berberis_backup-84.job
- c:\program files\BMS Creative\berberis_server\script\backup_postgres.bat [2012-05-14 14:03]
.
2012-07-13 c:\windows\Tasks\berberis_vacuum-84.job
- c:\program files\BMS Creative\berberis_server\script\vacuum_postgres.bat [2012-05-14 10:42]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1115362905-2062269425-237218930-1000Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 18:34]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1115362905-2062269425-237218930-1000UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 18:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://domredi.com/1/
mStart Page = hxxp://home.sweetim.com
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 217.67.192.22 213.161.99.99
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\rhwyoc9d.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-18 15:41
Windows 6.0.6002 Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\berberis-postgresql-8.4]
"ImagePath"="C:/Program Files/BMS Creative/berberis_server/postgreSQL/8.4/bin/pg_ctl.exe runservice -N \"berberis-postgresql-8.4\" -D \"C:/Program Files/BMS Creative/berberis_server/postgreSQL/8.4/data\" -w"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\berberis-postgresql-8.4]
"ImagePath"="C:/Program Files/BMS Creative/berberis_server/postgreSQL/8.4/bin/pg_ctl.exe runservice -N \"berberis-postgresql-8.4\" -D \"C:/Program Files/BMS Creative/berberis_server/postgreSQL/8.4/data\" -w"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2012-07-18  15:43:30
ComboFix-quarantined-files.txt  2012-07-18 13:43
ComboFix2.txt  2012-07-17 21:41
.
Przed: 70 144 847 872 bytes free
Po: 70 208 253 952 bytes free
.
- - End Of File - - F5C0F58395ED0D7330D2ECC64B66933E