ComboFix 12-07-27.01 - Nemeczek 2012-07-26  12:53:41.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1250.48.1045.18.3071.2608 [GMT 2:00]
Uruchomiony z: c:\users\Nemeczek\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nemeczek\AppData\Roaming\Microsoft\Windows\Recent\Sgurl.org - Candid Community - Big Breast Worship.url
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-26 do 2012-07-26  )))))))))))))))))))))))))))))))
.
.
2012-07-26 10:58 . 2012-07-26 10:59	--------	d-----w-	c:\users\Nemeczek\AppData\Local\temp
2012-07-26 10:58 . 2012-07-26 10:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-26 10:43 . 2003-07-30 02:18	3839	----a-w-	c:\windows\system32\drivers\GETPADD.sys
2012-07-25 22:34 . 2012-07-25 22:34	--------	d-----w-	c:\users\Nemeczek\AppData\Roaming\hellomoto
2012-07-25 15:38 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{62EA75BF-E1C9-43B2-A179-542751AF1491}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 21:35 . 2012-01-17 03:10	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-05-31 10:25 . 2012-01-19 00:38	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-07-19 21:22 . 2012-01-31 08:22	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"Facebook Update"="c:\users\Nemeczek\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"TapiMigPlugin"="c:\users\Nemeczek\AppData\Local\Microsoft\Windows\264\TapiMigPlugin.exe" [2012-07-25 50176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-08-28 655360]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 431752]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2012-01-17 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2012-01-17 37232]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1740547080-3395987844-3417426433-1000Core.job
- c:\users\Nemeczek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-26 06:44]
.
2012-07-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1740547080-3395987844-3417426433-1000UA.job
- c:\users\Nemeczek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-26 06:44]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nemeczek\AppData\Roaming\Mozilla\Firefox\Profiles\o5xbx375.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 12:59
Windows 6.0.6000  NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
.
C:\ADSM_PData_0150
.
skanowanie pomyślnie ukończone
ukryte pliki: 1
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'Explorer.exe'(1752)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Czas ukończenia: 2012-07-26  13:01:14
ComboFix-quarantined-files.txt  2012-07-26 11:01
.
Przed: 54 321 717 248 bajtów wolnych
Po: 54 536 450 048 bajtów wolnych
.
- - End Of File - - 4CE1CB076444B6C18AB466A4082F32E7