ComboFix 12-08-20.02 - Mariusz 2012-08-20  21:58:25.3.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1250.48.1045.18.3070.1965 [GMT 2:00]
Uruchomiony z: c:\users\Mariusz\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: Zapora osobista *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Rezydentny antywirus jest aktywny
.
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-07-20 do 2012-08-20  )))))))))))))))))))))))))))))))
.
.
2012-08-20 20:05 . 2012-08-20 20:05	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-08-20 20:05 . 2012-08-20 20:05	--------	d-----w-	c:\users\Tomek\AppData\Local\temp
2012-08-20 20:05 . 2012-08-20 20:05	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-08-20 20:05 . 2012-08-20 20:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-20 19:47 . 2012-08-20 20:05	--------	d-----w-	c:\users\Mariusz\AppData\Local\temp
2012-08-20 19:38 . 2010-11-20 21:29	187904	----a-w-	c:\windows\system32\drivers\netbt.sys
2012-08-20 17:31 . 2012-08-20 17:45	--------	d-----w-	c:\programdata\xml_param
2012-08-20 17:28 . 2012-08-20 17:28	--------	d-----w-	c:\users\Mariusz\AppData\Roaming\Wondershare Video Converter Ultimate
2012-08-20 17:27 . 2012-08-20 17:27	--------	d-----w-	c:\users\Mariusz\AppData\Local\Wondershare
2012-08-20 17:27 . 2012-08-20 17:27	--------	d-----w-	c:\program files\Common Files\Wondershare
2012-08-20 17:27 . 2012-03-26 12:24	892928	----a-w-	c:\windows\system32\iconv.dll
2012-08-20 17:27 . 2012-03-26 12:24	496640	----a-w-	c:\windows\system32\xvid.ax
2012-08-15 08:59 . 2012-07-18 17:47	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 08:59 . 2012-07-04 21:14	41984	----a-w-	c:\windows\system32\browcli.dll
2012-08-15 08:59 . 2012-07-04 21:14	102912	----a-w-	c:\windows\system32\browser.dll
2012-08-15 08:59 . 2012-02-11 05:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2012-08-15 08:59 . 2012-05-05 07:46	400896	----a-w-	c:\windows\system32\srcore.dll
2012-08-15 08:59 . 2012-02-11 05:37	317440	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-15 08:59 . 2012-05-14 04:33	769024	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-19 08:17 . 2012-03-30 15:45	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-19 08:17 . 2012-01-18 21:03	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 06:49 . 2012-06-06 06:49	1070152	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05 . 2012-07-11 18:20	1390080	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 18:20	1236992	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 18:20	805376	----a-w-	c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-23 05:40	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 05:40	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 05:40	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 05:40	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 05:40	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 05:40	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 05:40	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 05:40	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-23 05:40	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-11 18:20	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 18:20	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 18:20	369336	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 18:20	225280	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 18:20	219136	----a-w-	c:\windows\system32\ncrypt.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Mariusz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Mariusz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Mariusz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Mariusz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06	3481408	----a-w-	d:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CDAServer"=c:\program files\Common Files\Common Desktop Agent\CDASrv.exe
.
R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;d:\programy\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FXDrv32;FXDrv32;c:\program files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [x]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\programy\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer7;TeamViewer 7;d:\programy\TeamViewer 7\TeamViewer_Service.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 17:37]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 17:37]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://gazeta.hit.gemius.pl/hitredir/id=1_2aoau32zKrY2K8AzHtuKPMXfaG5wd126fPuctBzrP.67/stparam=loptipgnqn/url=http://www.gazeta.pl/0,0.html?promocja=pit2011_wyb01&utm_campaign=p_124
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - d:\programy\MICROS~1\Office14\EXCEL.EXE/3000
LSP: d:\programy\VMware\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\3eu5qptc.default\
FF - prefs.js: browser.startup.homepage - hxxp://gazeta.hit.gemius.pl/hitredir/id=1_2aoau32zKrY2K8AzHtuKPMXfaG5wd126fPuctBzrP.67/stparam=loptipgnqn/url=http://www.gazeta.pl/0,0.html?promocja=pit2011_wyb01&utm_campaign=p_124
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'Explorer.exe'(2344)
c:\users\Mariusz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Czas ukończenia: 2012-08-20  22:09:57
ComboFix-quarantined-files.txt  2012-08-20 20:09
.
Przed: 96 412 299 264 bajtów wolnych
Po: 96 353 837 056 bajtów wolnych
.
- - End Of File - - 4C504407AC9E580AA77AE92290C453E0