ComboFix 12-12-29.02 - szeffel 2012-12-30   2:19.55.2 - x86 NETWORK
Uruchomiony z: F:\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
c:\documents and settings\szeffel\wgsdgsdgdsgsd.exe
c:\windows\msmqinst.log
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\34da4415d86ee8ba.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\TZLog.log
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-11-28 do 2012-12-30  )))))))))))))))))))))))))))))))
.
.
2012-12-30 00:41 . 2012-12-30 00:41	--------	d-----w-	c:\documents and settings\Administrator
2012-12-30 00:33 . 2012-12-30 00:41	3009	----a-w-	c:\documents and settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.js
2012-12-28 17:22 . 2012-12-28 17:22	--------	d-----w-	c:\program files\pazera-software
2012-12-24 00:51 . 2012-12-24 00:53	--------	d-----w-	c:\program files\Unlocker
2012-12-22 15:06 . 2012-12-22 15:06	--------	d-----w-	c:\documents and settings\szeffel\Dane aplikacji\InstallShield
2012-12-02 16:58 . 2012-12-02 16:58	--------	d-----w-	c:\documents and settings\szeffel\Dane aplikacji\Ashampoo
2012-12-02 16:57 . 2012-12-02 16:58	--------	d-----w-	c:\documents and settings\szeffel\Ustawienia lokalne\Dane aplikacji\ashampoo
2012-12-02 16:57 . 2012-12-02 16:57	--------	d-----w-	c:\program files\Ashampoo
2012-12-02 16:18 . 2012-12-02 16:18	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Browser Manager
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-02 16:17 . 2006-09-18 14:25	466008	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-11-13 11:55 . 2003-04-16 12:00	1866624	----a-w-	c:\windows\system32\win32k.sys
2012-11-08 16:24 . 2012-09-30 10:53	26984	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2012-11-02 02:03 . 2003-04-16 12:00	375296	----a-w-	c:\windows\system32\dpnet.dll
2012-11-01 12:13 . 2003-04-16 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-11-01 12:13 . 2003-04-16 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-11-01 12:13 . 2003-04-16 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2005-07-27 18:46	385024	------w-	c:\windows\system32\html.iec
2012-10-02 18:04 . 2003-04-16 12:00	58368	----a-w-	c:\windows\system32\synceng.dll
2012-10-14 08:17 . 2011-08-23 19:57	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-08 16:24	1796552	----a-w-	c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstantTray"="c:\program files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-05-06 772096]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-05-04 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-08 997320]
"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-30 856160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\szeffel\Menu Start\Programy\Autostart\
runctf.lnk - c:\windows\system32\rundll32.exe [2003-4-16 33280]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^szeffel^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\documents and settings\szeffel\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Winamp\\winamp.exe"=
.
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w300mgmt.sys [x]
R3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 vobiw;vobiw; [x]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
S3 cdrdrv;cdrdrv;c:\windows\system32\Drivers\Cdrdrv.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
vproeventmonitor
fpjojfbda
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-19 18:40]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-19 18:40]
.
2012-12-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1532298954-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-12-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1532298954-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481033
mStart Page = 
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.179.1.63 62.179.1.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\szeffel\Dane aplikacji\Mozilla\Firefox\Profiles\nrkore1j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110000&tt=060612_7_&babsrc=KW_ss&mntrId=74a2dd37000000000000003005bfb55e&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Gyiluqe - c:\documents and settings\szeffel\Dane aplikacji\Qykut\iwubm.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 02:32
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(1864)
c:\windows\system32\WININET.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Czas ukończenia: 2012-12-30  02:38:16 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-12-30 01:38
.
Przed: 55 432 155 136 bajtów wolnych
Po: 55 670 632 448 bajtów wolnych
.
- - End Of File - - BF751F1A9A29801D08E7A1ED643159CC