ComboFix 13-10-01.03 - admin 2013-10-03   2:07.2.2 - x86
Microsoft® Windows Vista™ Business   6.0.6001.1.1250.48.1045.18.2035.1346 [GMT 2:00]
Uruchomiony z: h:\wirusy\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{eeb35183-541b-6f8d-e765-465aa8af97ce}\0103~1\7154~1\CFFE~1\{eeb35183-541b-6f8d-e765-465aa8af97ce}\@
c:\program files\Google\Desktop\Install\{eeb35183-541b-6f8d-e765-465aa8af97ce}\0103~1\7154~1\CFFE~1\{eeb35183-541b-6f8d-e765-465aa8af97ce}\GoogleUpdate.exe
c:\program files\Google\Desktop\Install\{eeb35183-541b-6f8d-e765-465aa8af97ce}\0103~1\7154~1\CFFE~1\{eeb35183-541b-6f8d-e765-465aa8af97ce}\U\00000001.@
c:\program files\Google\Desktop\Install\{eeb35183-541b-6f8d-e765-465aa8af97ce}\0103~1\7154~1\CFFE~1\{eeb35183-541b-6f8d-e765-465aa8af97ce}\U\00000002.@
c:\program files\Google\Desktop\Install\{eeb35183-541b-6f8d-e765-465aa8af97ce}\0103~1\7154~1\CFFE~1\{eeb35183-541b-6f8d-e765-465aa8af97ce}\U\80000000.@
c:\program files\Google\Desktop\Install\{eeb35183-541b-6f8d-e765-465aa8af97ce}\0103~1\7154~1\CFFE~1\{eeb35183-541b-6f8d-e765-465aa8af97ce}\U\80000001.@
c:\program files\Google\Desktop\Install\{eeb35183-541b-6f8d-e765-465aa8af97ce}\0103~1\7154~1\CFFE~1\{eeb35183-541b-6f8d-e765-465aa8af97ce}\U\800000cb.@
c:\programdata\Xl3Vrn37
c:\programdata\Xl3Vrn37\DD1
c:\programdata\Xl3Vrn37\serv.bat
c:\programdata\Xl3Vrn37\Xl3Vrn37.exe
c:\programdata\Xl3Vrn37\Xl3Vrn37.exe.manifest
c:\programdata\Xl3Vrn37\Xl3Vrn37.ico
c:\programdata\Xl3Vrn37\Xl3Vrn37awixDggg.in
c:\programdata\Xl3Vrn37\Xl3Vrn37awixDggg.lg
c:\programdata\Xl3Vrn37\Xl3Vrn37rg
c:\users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdofiacmpfiofockdjnfngpoemgjidj
c:\users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdofiacmpfiofockdjnfngpoemgjidj\5.10\background.html
c:\users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdofiacmpfiofockdjnfngpoemgjidj\5.10\content.js
c:\users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdofiacmpfiofockdjnfngpoemgjidj\5.10\lsdb.js
c:\users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdofiacmpfiofockdjnfngpoemgjidj\5.10\manifest.json
c:\users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdofiacmpfiofockdjnfngpoemgjidj\5.10\Q8gmgJM.js
c:\users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdofiacmpfiofockdjnfngpoemgjidj\5.10\sqlite.js
c:\users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jgdofiacmpfiofockdjnfngpoemgjidj_0.localstorage-journal
c:\users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jgdofiacmpfiofockdjnfngpoemgjidj_0.localstorage
c:\users\admin\AppData\Local\Google\Desktop\Install
c:\users\admin\AppData\Local\Google\Desktop\Install\{eeb35183-541b-6f8d-e765-465aa8af97ce}\C3C1~1\01C8~1\CFFE~1\{eeb35183-541b-6f8d-e765-465aa8af97ce}\@
c:\users\admin\AppData\Local\Google\Desktop\Install\{eeb35183-541b-6f8d-e765-465aa8af97ce}\C3C1~1\01C8~1\CFFE~1\{eeb35183-541b-6f8d-e765-465aa8af97ce}\GoogleUpdate.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-09-03 do 2013-10-03  )))))))))))))))))))))))))))))))
.
.
2013-09-17 15:00 . 2013-09-19 09:56	--------	d-----w-	c:\programdata\Savensharee
2013-09-17 14:59 . 2013-09-17 14:59	--------	d-----w-	c:\programdata\SummerSoft
2013-09-17 14:58 . 2013-09-17 15:00	--------	d-----w-	c:\programdata\InstallMate
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-08 10:22 . 2013-06-08 11:10	87104095	----a-w-	c:\program files\setupozc.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{670BA3DF-57B2-1B12-10E5-BBCB35590E6B}]
2012-09-17 15:00	227328	----a-w-	c:\programdata\Savensharee\9asrfx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2010-05-06 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-12 13838952]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-05-12 92776]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-09 495708]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 488816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2010-11-25 468288]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /p \??\I:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\aestsrv.exe [2009-03-03 81920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 19:50]
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 19:50]
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211883320-545247881-625460645-1000Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2007-03-07 19:56]
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211883320-545247881-625460645-1000UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2007-03-07 19:56]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 217.116.104.104 217.116.100.100
TCP: Interfaces\{BA17342A-C7DA-41D0-BDD7-C813D1787E8B}: NameServer = 192.168.1.1,192.168.1.2
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-AS2014 - c:\programdata\Xl3Vrn37\Xl3Vrn37.exe
HKLM-Run-AS2014 - c:\programdata\Xl3Vrn37\Xl3Vrn37.exe
AddRemove-Antivirus Security Pro - c:\programdata\Xl3Vrn37\Xl3Vrn37.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-03 02:17
Windows 6.0.6001 Service Pack 1 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  nwiz = nwiz.exe /installquiet????????????????????????????????????????????????????????? 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
.
**************************************************************************
.
Czas ukończenia: 2013-10-03  02:21:38 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2013-10-03 00:21
ComboFix2.txt  2013-09-13 11:18
.
Przed: 26 541 047 808 bajtów wolnych
Po: 26 511 503 360 bajtów wolnych
.
- - End Of File - - BBD07864909091E63B98F46304F5E523
5C616939100B85E558DA92B899A0FC36