ComboFix 12-12-04.01 - SEBASTIAN 2012-12-06  16:34:05.3.2 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1250.48.1045.18.4094.2464 [GMT 1:00]
Uruchomiony z: c:\users\SEBASTIAN\Downloads\Programy\ComboFix.exe
Użyto następujących komend :: /u
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-11-06 do 2012-12-06  )))))))))))))))))))))))))))))))
.
.
2012-12-06 15:36 . 2012-12-06 15:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-06 15:05 . 2012-12-06 15:05	--------	d-----w-	c:\users\SEBASTIAN\AppData\Local\ElevatedDiagnostics
2012-12-06 14:59 . 2012-12-06 14:59	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{01A009AC-E0B8-4B7F-8819-86D4303980E2}\offreg.dll
2012-12-06 14:04 . 2012-12-06 14:50	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-12-06 14:04 . 2012-12-06 14:53	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2012-12-06 14:04 . 2012-12-06 14:04	--------	d-----w-	c:\users\SEBASTIAN\AppData\Local\Programs
2012-12-06 13:56 . 2009-03-18 15:35	33856	---ha-w-	c:\windows\system32\hamachi.sys
2012-12-02 08:01 . 2012-12-02 08:01	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-12-02 07:59 . 2012-12-02 07:59	--------	d-----w-	c:\programdata\McAfee
2012-11-28 20:17 . 2012-11-28 20:17	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-11-28 20:17 . 2012-11-28 20:17	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 14:59 . 2011-10-25 16:07	25640	----a-w-	c:\windows\gdrv.sys
2012-10-14 08:13 . 2012-10-14 08:13	413696	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-10-14 08:13 . 2012-10-14 08:13	110592	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-10-14 08:13 . 2012-04-10 20:39	419840	----a-w-	c:\windows\system32\wrap_oal.dll
2012-10-14 08:13 . 2012-04-10 20:39	133632	----a-w-	c:\windows\system32\OpenAL32.dll
2012-10-12 16:27 . 2012-09-23 06:04	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-12 16:27 . 2012-01-02 15:53	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-24 14:32 . 2012-05-07 10:50	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 14:32 . 2012-05-07 10:50	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-10-01 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-10-01 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
c:\program files (x86)\Yontoo\YontooIEClient.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"="e:\programy\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048]
"DAEMON Tools Lite"="e:\programy\Daemon\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"AVG8_TRAY"="e:\programy\AVG.\avgtray.exe" [2011-10-18 2042208]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2011-10-01 185896]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="e:\programy\Adobe Reader 9\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"LogMeIn Hamachi Ui"="e:\hamanhi\hamachi-2-ui.exe" [2012-11-19 2254768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-11-15 117248]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2010-11-15 91136]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-11-15 85504]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-01 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-10-10 871408]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2011-10-07 427016]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-10-07 33416]
S1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-10-01 133640]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 202752]
S2 avg8emc;AVG Free8 E-mail Scanner;e:\programy\AVG.\avgemc.exe [2011-10-07 908056]
S2 avg8wd;AVG Free8 WatchDog;e:\programy\AVG.\avgwdsvc.exe [2011-10-07 297752]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\hamanhi\hamachi-2.exe [2012-11-19 2462128]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\SEBASTIAN\AppData\Roaming\Mozilla\Firefox\Profiles\190l0bq3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/firefox
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100481&babsrc=adbartrp&mntrId=9af624430000000000006cf0490c21c6&q=
FF - ExtSQL: 2012-10-30 17:53; plugin@yontoo.com; c:\users\SEBASTIAN\AppData\Roaming\Mozilla\Firefox\Profiles\190l0bq3.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2012-12-02 09:01; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; e:\programy\firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - user.js: extentions.y2layers.installId - ce767aa3-f40d-4d93-abf8-74419bbeb848
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-Black Thorn - c:\windows\IsUn0415.exe
AddRemove-Little Fighter 2 - k:\nowy folder\LF2_v2.0\uninst.exe
AddRemove-Tribal - c:\users\SEBASTIAN\Downloads\Nowy folder\Tribal\uninst.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-636736226-1304983672-3673126774-1000\Software\SecuROM\License information*]
"datasecu"=hex:93,d4,8a,8c,96,bf,03,8d,09,08,cb,56,07,34,44,ce,7f,47,d6,dd,97,
   2a,05,4d,c9,e3,43,67,7b,f7,ff,96,a5,fb,38,f3,66,58,1b,cf,14,ec,85,54,84,07,\
"rkeysecu"=hex:ca,f1,08,4a,62,2f,7a,b4,25,23,2a,40,ed,cc,6b,07
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2012-12-06  16:37:50
ComboFix-quarantined-files.txt  2012-12-06 15:37
ComboFix2.txt  2012-12-06 15:31
.
Przed: 96 011 632 640 bajtów wolnych
Po: 95 947 956 224 bajtów wolnych
.
- - End Of File - - DF1C2DB8889B6A529464B534DBD702DF