ComboFix 12-07-06.02 - user 2012-07-06  21:31:12.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.48.1045.18.3068.2465 [GMT 2:00]
Uruchomiony z: c:\users\user\Desktop\Partnerzy\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
c:\users\Public\sdelevURL.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-06 do 2012-07-06  )))))))))))))))))))))))))))))))
.
.
2012-07-06 19:44 . 2012-07-06 19:44	--------	d-----w-	c:\users\user\AppData\Local\temp
2012-07-06 19:44 . 2012-07-06 19:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-06 17:41 . 2012-07-06 17:41	--------	d-----w-	c:\users\user\AppData\Roaming\hellomoto
2012-07-06 11:49 . 2012-07-06 11:49	--------	d-----w-	c:\users\user\AppData\Roaming\MixMeister Technology
2012-06-25 15:48 . 2012-06-25 15:48	--------	d-----w-	c:\program files\3ivx
2012-06-25 15:48 . 2012-06-25 15:48	--------	d-----w-	c:\programdata\Flip Video
2012-06-23 15:04 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-23 15:04 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-23 15:04 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-23 15:04 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-23 15:03 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-23 15:03 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-23 15:03 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-23 15:03 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-23 15:03 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-18 07:11 . 2008-04-25 08:16	89600	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2012-06-16 16:46 . 2012-06-16 16:46	--------	d-----w-	c:\users\user\AppData\Local\Macromedia
2012-06-14 09:18 . 2012-04-23 16:00	984064	----a-w-	c:\windows\system32\crypt32.dll
2012-06-14 09:18 . 2012-04-23 16:00	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-14 09:18 . 2012-04-23 16:00	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-14 09:18 . 2012-05-01 14:03	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-14 09:18 . 2012-05-15 19:51	2045440	----a-w-	c:\windows\system32\win32k.sys
2012-06-11 14:11 . 2012-06-11 14:11	--------	d-----w-	c:\users\Public\Roaming
2012-06-09 16:39 . 2012-06-09 16:39	--------	d-----w-	c:\program files\DynamicPhotoHDR5
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 22:49 . 2012-05-04 21:01	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 22:49 . 2012-05-04 21:01	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 19:36 . 2012-05-05 19:36	7936	----a-w-	c:\windows\system32\drivers\FNETURPX.SYS
2012-05-04 17:59 . 2012-05-04 17:59	161792	----a-w-	c:\windows\system32\msls31.dll
2012-05-04 17:59 . 2012-05-04 17:59	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-05-04 17:59 . 2012-05-04 17:59	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-05-04 17:59 . 2012-05-04 17:59	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-05-04 17:59 . 2012-05-04 17:59	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-05-04 17:59 . 2012-05-04 17:59	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-05-04 17:59 . 2012-05-04 17:59	367104	----a-w-	c:\windows\system32\html.iec
2012-05-04 17:59 . 2012-05-04 17:59	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-05-04 17:59 . 2012-05-04 17:59	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-04 17:59 . 2012-05-04 17:59	152064	----a-w-	c:\windows\system32\wextract.exe
2012-05-04 17:59 . 2012-05-04 17:59	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-05-04 17:59 . 2012-05-04 17:59	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-05-04 17:59 . 2012-05-04 17:59	11776	----a-w-	c:\windows\system32\mshta.exe
2012-05-04 17:59 . 2012-05-04 17:59	101888	----a-w-	c:\windows\system32\admparse.dll
2012-05-04 17:59 . 2012-05-04 17:59	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-05-04 17:59 . 2012-05-04 17:59	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-05-04 17:58 . 2011-03-28 16:36	19352	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-04 16:12 . 2012-05-04 16:12	242240	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 16:11 . 2012-05-04 16:11	123952	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-04 15:11 . 2012-05-04 15:11	319456	----a-w-	c:\windows\DIFxAPI.dll
2012-05-04 15:10 . 2012-05-04 15:10	315392	----a-w-	c:\windows\HideWin.exe
2012-05-04 14:43 . 2012-05-02 09:49	125	----a-w-	c:\windows\xUninstall.bat
2012-05-01 11:21 . 2012-05-01 11:19	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2012-04-22 20:14 . 2012-04-22 20:14	3515392	----a-w-	c:\windows\system32\ffdshow.ax
2012-04-22 20:12 . 2012-04-22 20:12	4424704	----a-w-	c:\windows\system32\ffmpeg.dll
2012-04-08 23:40 . 2012-04-08 23:40	79360	----a-w-	c:\windows\system32\ff_vfw.dll
2012-04-08 23:39 . 2012-04-08 23:39	260608	----a-w-	c:\windows\system32\TomsMoComp_ff.dll
2012-04-08 23:39 . 2012-04-08 23:39	99840	----a-w-	c:\windows\system32\ff_wmv9.dll
2012-04-08 23:39 . 2012-04-08 23:39	158720	----a-w-	c:\windows\system32\ff_unrar.dll
2012-04-08 23:39 . 2012-04-08 23:39	1525248	----a-w-	c:\windows\system32\ff_samplerate.dll
2012-04-08 23:39 . 2012-04-08 23:39	146944	----a-w-	c:\windows\system32\ff_libmad.dll
2012-04-08 23:39 . 2012-04-08 23:39	212480	----a-w-	c:\windows\system32\ff_libdts.dll
2012-04-08 23:39 . 2012-04-08 23:39	115200	----a-w-	c:\windows\system32\ff_liba52.dll
2012-04-08 23:39 . 2012-04-08 23:39	328704	----a-w-	c:\windows\system32\ff_libfaad2.dll
2012-04-08 22:39 . 2012-05-05 11:30	48128	----a-w-	c:\windows\system32\ff_acm.acm
2008-09-11 09:56 . 2008-09-11 09:56	562	----a-w-	c:\program files\layout.bin
2012-04-21 01:18 . 2012-05-01 16:28	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-04-25 202240]
"sqlncli"="c:\users\user\AppData\Local\Microsoft\Windows\2575\sqlncli.exe" [2012-07-06 49664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-13 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-13 92704]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-04-17 842816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-05-19 136488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2009-06-17 40960]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
PC Clone EX.LNK - c:\program files\PcCloneEX\PcCloneEX.EXE [2012-5-7 6193664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= 
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 22:49]
.
.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyOverride = *.local
IE: Dołącz do istniejącego pliku PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Dołącz obiekt docelowy łącza do istniejącego pliku PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Konwertuj do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Konwertuj obiekt docelowy łącza na plik Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zb6eocwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stajnia-wygoda.pl
FF - user.js: extentions.y2layers.installId - d71a4b68-da3b-4f1e-be22-866f0f77c77a
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-AESTFltr - c:\windows\system32\AESTFltr.exe
HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-06 21:44
Windows 6.0.6002 Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'lsass.exe'(524)
c:\windows\system32\DPPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(172)
c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\btncopy.dll
.
Czas ukończenia: 2012-07-06  21:47:22
ComboFix-quarantined-files.txt  2012-07-06 19:47
.
Przed: 292 259 749 888 bajtów wolnych
Po: 292 846 915 584 bajtów wolnych
.
- - End Of File - - 0A26546FB05CF685B1D6E61E4E2B067D