ComboFix 13-02-23.01 - Dom 2013-02-23   7:38.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2038.1488 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Dom\Moje dokumenty\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: G Data Personal Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dom\Dane aplikacji\PriceGong
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\1.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\a.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\b.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\c.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\d.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\e.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\f.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\g.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\h.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\i.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\J.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\k.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\l.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\m.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\mru.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\n.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\o.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\p.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\q.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\r.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\s.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\t.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\u.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\v.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\w.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\x.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\y.xml
c:\documents and settings\Dom\Dane aplikacji\PriceGong\Data\z.xml
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-01-23 do 2013-02-23  )))))))))))))))))))))))))))))))
.
.
2013-02-22 21:00 . 2013-02-22 21:00	--------	d-----w-	c:\program files\CCleaner
2013-02-16 16:43 . 2013-02-16 16:43	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\RDRM
2013-02-16 16:43 . 2013-02-16 16:54	--------	d-----w-	c:\documents and settings\Dom\Dane aplikacji\RedApp
2013-02-16 16:43 . 2013-02-16 16:43	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\RedApp
2013-02-16 16:42 . 2011-12-14 06:49	15896	----a-w-	c:\windows\system32\drivers\massfilter_LTE.sys
2013-02-16 16:42 . 2011-12-14 06:49	144408	----a-w-	c:\windows\system32\drivers\zgdcnet3.sys
2013-02-16 16:42 . 2011-12-14 06:49	144408	----a-w-	c:\windows\system32\drivers\zgdcnet2.sys
2013-02-16 16:42 . 2011-12-14 06:49	144408	----a-w-	c:\windows\system32\drivers\zgdcnet.sys
2013-02-16 16:42 . 2011-12-14 06:49	114456	----a-w-	c:\windows\system32\drivers\zgdcvousb.sys
2013-02-16 16:42 . 2011-12-14 06:49	114456	----a-w-	c:\windows\system32\drivers\zgdcnmea.sys
2013-02-16 16:42 . 2011-12-14 06:49	114456	----a-w-	c:\windows\system32\drivers\zgdcmdm.sys
2013-02-16 16:42 . 2011-12-14 06:49	114456	----a-w-	c:\windows\system32\drivers\zgdcdiag.sys
2013-02-16 16:42 . 2011-12-14 06:49	114456	----a-w-	c:\windows\system32\drivers\zgdcatext.sys
2013-02-16 16:42 . 2011-12-14 06:49	114456	----a-w-	c:\windows\system32\drivers\zgdcat.sys
2013-02-16 16:42 . 2013-02-16 16:42	--------	d-----w-	c:\program files\RedApp
2013-02-16 16:41 . 2013-02-16 16:42	--------	d-----w-	c:\windows\system32\SupportAppZXH
2013-02-16 16:41 . 2013-02-16 16:41	--------	d-----w-	c:\program files\Cyfrowy Polsat
2013-02-10 12:26 . 2013-02-10 12:26	16365936	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2013-01-30 17:40 . 2013-02-19 18:45	--------	d-----w-	C:\PIT Format 2012
2013-01-27 12:09 . 2013-01-27 12:09	--------	d-----w-	c:\program files\EA Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 18:18 . 2012-08-30 19:10	33112	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2013-02-10 12:26 . 2012-07-08 11:45	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-10 12:26 . 2011-07-22 07:22	74096	-c--a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2008-04-14 20:50	552448	----a-w-	c:\windows\system32\oleaut32.dll
2013-01-07 07:27 . 2008-04-14 19:59	2150400	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2008-04-14 21:59	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2008-04-14 19:35	1867520	----a-w-	c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-14 20:50	1295872	----a-w-	c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2008-04-14 20:51	148992	----a-w-	c:\windows\system32\mpg2splt.ax
2012-12-27 10:31 . 2008-04-14 20:50	669696	----a-w-	c:\windows\system32\wininet.dll
2012-12-27 10:31 . 2008-04-14 20:48	61952	----a-w-	c:\windows\system32\tdc.ocx
2012-12-27 10:31 . 2008-04-14 20:50	81920	----a-w-	c:\windows\system32\ieencode.dll
2012-12-27 10:26 . 2008-04-14 19:41	370688	----a-w-	c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-14 20:30	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-10 02:28 . 2011-12-23 11:32	142176	----a-w-	c:\windows\system32\drivers\avgidsdriverx.sys
2012-12-02 10:32 . 2012-12-02 10:32	13824	----a-w-	c:\program files\RemoveWGA.exe
2011-01-06 13:13 . 2011-01-06 13:13	3888827	----a-w-	c:\program files\dsj3v170.exe
2010-06-17 12:42 . 2010-06-17 12:42	417248	----a-w-	c:\program files\POKER_2_0_0_53.exe
2010-05-27 12:27 . 2010-05-27 12:27	909176	----a-w-	c:\program files\WGAPluginInstall.exe
2010-05-18 15:51 . 2010-05-18 15:48	15565836	----a-w-	c:\program files\K-Lite_Codec_Pack_590_Full(dobreprogramy.pl).exe
2010-03-22 19:57 . 2010-03-22 19:49	70161760	-c--a-w-	c:\program files\GryPlRomanceOfRomePl_20002.exe.part
2009-12-19 10:56 . 2009-12-19 10:56	1359360	----a-w-	c:\program files\iview425_setup(dobreprogramy.pl).exe
2009-12-16 15:41 . 2009-12-16 15:40	7481904	----a-w-	c:\program files\ork.exe
2012-06-23 05:09 . 2012-04-23 11:20	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-06 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521352]
"{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files\Softonic-Polska\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-02-08 15:47	721288	----a-w-	c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-24 18:16	1883824	----a-w-	c:\program files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Softonic-Polska\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files\Softonic-Polska\prxtbSof2.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-24 1883824]
.
[HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF}"= "c:\program files\Softonic-Polska\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048]
"HW_OPENEYE_OUC_"="c:\program files\blueconnect\UpdateDog\ouc.exe" [2009-06-23 110592]
"IPLA!"="c:\program files\ipla\ipla.exe" [2011-07-27 19781576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-02-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-03-26 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-13 1124016]
"DataCardMonitor"="c:\program files\blueconnect\DataCardMonitor.exe" [2012-02-21 253952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-29 1573576]
"ArgenteRC"="c:\program files\Argente - Registry Cleaner\ArgenteRC.exe" [2012-10-24 2759168]
"zLoader.exe"="c:\program files\Cyfrowy Polsat\MF821\Bin\zLoader.exe" [2012-05-22 26480]
"CancelAutoPlay.exe"="c:\program files\Cyfrowy Polsat\MF821\Bin\CancelAutoPlay.exe" [2012-05-22 74096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-22 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-05-16 19:50	73728	----a-w-	c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dom^Menu Start^Programy^Autostart^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Dom\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2011-11-01 14:40	1053056	-c--a-w-	c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=2 (0x2)
"SkypeUpdate"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\BearShare Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18738:TCP"= 18738:TCP:BitComet 18738 TCP
"18738:UDP"= 18738:UDP:BitComet 18738 UDP
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-04-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-03-16 31952]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-13 721904]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-01-07 250080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-04-04 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-08-30 33112]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [2013-02-13 965296]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [2012-02-22 7552]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2012-02-22 100480]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2009-12-13 812544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-11-02 5174392]
S2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [2012-11-28 580648]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-11 1691480]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-08-31 167264]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2010-11-24 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2010-11-24 51968]
S3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_LTE.sys [2013-02-16 15896]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-05 137472]
S3 zgdcat;ZTE Datacard AT Port;c:\windows\system32\drivers\zgdcat.sys [2013-02-16 114456]
S3 zgdcdiag;ZTE Datacard Diagnostics Port;c:\windows\system32\drivers\zgdcdiag.sys [2013-02-16 114456]
S3 zgdcmdm;ZTE Datacard Modem;c:\windows\system32\drivers\zgdcmdm.sys [2013-02-16 114456]
S3 zgdcnet;ZTE Datacard Network Adapter;c:\windows\system32\drivers\zgdcnet.sys [2013-02-16 144408]
S3 zgdcnmea;ZTE Datacard NMEA Port;c:\windows\system32\drivers\zgdcnmea.sys [2013-02-16 114456]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 12:27]
.
2013-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-22 20:58]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-22 20:58]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-630328440-1177238915-1003Core.job
- c:\documents and settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-07-08 11:30]
.
2013-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-630328440-1177238915-1003UA.job
- c:\documents and settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-07-08 11:30]
.
2013-02-23 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-24 18:16]
.
2013-02-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-10-29 16:22]
.
2013-02-16 c:\windows\Tasks\Wise Care 365 PC Checkup Task.job
- c:\program files\Wise\Wise Care 365\WiseCare365.exe [2012-11-28 13:51]
.
2013-02-23 c:\windows\Tasks\Wise Care 365.job
- c:\program files\Wise\Wise Care 365\WiseTray.exe [2012-11-28 16:24]
.
2013-02-23 c:\windows\Tasks\Wise Memory Optimizer Task.job
- c:\program files\Wise\Wise Care 365\WiseMemoryOptimzer.exe [2012-11-28 16:08]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gazeta.pl/0,0.html?p=128
mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=ST9250827AS_5RG2ADZZ____5RG2ADZZ&ts=1354444359
uSearchAssistant = hxxp://search.bearshare.com//web?src=ieb&appid=133&systemid=2&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{10A7D079-E9A1-43A3-8409-2F7043712412}: NameServer = 213.158.199.1 213.158.199.5
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\4aa6epu2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2417076&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://www.claro-search.com/?affID=117423&tt=4812_8&babsrc=HP_ss&mntrId=c404badb000000000000001a80f3489a
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=117423&tt=4812_8&babsrc=KW_ss&mntrId=c404badb000000000000001a80f3489a&q=
FF - ExtSQL: !HIDDEN! 2009-12-21 22:25; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar_i.id - c404badb000000000000001a80f3489a
FF - user.js: extensions.BabylonToolbar_i.hardId - c404badb000000000000001a80f3489a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15423
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=119999
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtC0AzztD0FtAyEzzzy0A0B0A0D0BtN0D0TzutBtDtCtBtDyBtCtA&cr=17286527
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtC0AzztD0FtAyEzzzy0A0B0A0D0BtN0D0TzutBtDtCtBtDyBtCtA&cr=17286527
FF - user.js: extensions.funmoods.tlbrSrchUrl - 
FF - user.js: extensions.funmoods.id - c404badb000000000000001a80f3489a
FF - user.js: extensions.funmoods.instlDay - 15534
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2222:59
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - iron2
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - iron2
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - c404badb000000000000001a80f3489a
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15673
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1021:26
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - irhnew
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-23 07:44
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\program files\blueconnect\DataCardMonitor.exe????????????????????????E? ?????x???x?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\VESWinlogon.dll
.
Czas ukończenia: 2013-02-23  07:46:23
ComboFix-quarantined-files.txt  2013-02-23 06:46
.
Przed: 50 487 144 448 bajtów wolnych
Po: 50 476 605 440 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BDE4FF959353A945849497F81238275F