ComboFix 12-09-23.02 - Karora 2012-09-23  19:43:08.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1250.48.1045.18.2814.2293 [GMT 2:00]
Uruchomiony z: f:\others\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\BarLcher.dll
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\program files\StartSearch plugin\ssBarLcher.dll
c:\program files\StartSearch plugin\StartBar.dll
c:\program files\StartSearch plugin\uninst.exe
c:\program files\StartSearch plugin\vShareBar.dll
c:\program files\StartSearch plugin\vshareplg.crx
c:\programdata\Windows
c:\programdata\windows\dsdd.dat
c:\programdata\Windows\nudr.dat
c:\users\Karora\AppData\Roaming\Ynifz\zunit.exe
c:\users\Karora\Favorites\googleupdatesetup.exe
c:\windows\system32\tmp63A4.tmp
c:\windows\system32\tmp673D.tmp
c:\windows\system32\tmp873F.tmp
c:\windows\system32\tmp87CC.tmp
c:\windows\system32\tmpB7B5.tmp
c:\windows\system32\tmpB852.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-08-23 do 2012-09-23  )))))))))))))))))))))))))))))))
.
.
2012-09-23 17:55 . 2012-09-23 17:56	--------	d-----w-	c:\users\Karora\AppData\Local\temp
2012-09-23 17:55 . 2012-09-23 17:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-22 21:13 . 2012-09-22 21:13	--------	d-----w-	c:\users\Karora\AppData\Roaming\hellomoto
2012-09-21 18:57 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{91B5402D-6E35-4637-BB7E-5D5E10D3E62D}\mpengine.dll
2012-08-29 01:02 . 2012-08-29 01:02	--------	d-----w-	c:\program files\Common Files\Skype
2012-08-29 01:02 . 2012-08-29 01:02	--------	d-----r-	c:\program files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 22:24 . 2012-04-15 12:18	696240	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-20 22:24 . 2011-05-18 11:57	73136	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-07-05 19:55	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2010-10-07 10:03	473072	----a-w-	c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-10-30 08:46	89008	----a-w-	c:\progra~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [2011-10-30 89008]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ALLUpdate"="c:\allplayer\ALLUpdate.exe" [2011-08-16 1379840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"xinput1_3"="c:\users\Karora\AppData\Local\Microsoft\Windows\604\xinput1_3.exe" [2012-09-22 92672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-11-04 91648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 106496]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"PWRISOVM.EXE"="c:\poweriso\PWRISOVM.EXE" [2010-04-12 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-07-19 234792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-11 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Mobilt bredbĺnd.lnk - c:\program files\Telenor\Mobilt bredbĺnd\Mobilt bredbĺnd.exe [2008-2-11 876544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll 
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 22:24]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 16:15]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 16:15]
.
2012-09-15 c:\windows\Tasks\HPCeeScheduleForKarora.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-08-26 13:14]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gazeta.pl/0,0.html?p=125
mStart Page = hxxp://startsear.ch/?aff=2&cf=af68095d-358f-11e1-b018-001f164b34cd
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Wyszukiwarka na pasku narzędzi AOL - c:\programdata\AOL\ieToolbar\resources\pl-PL\local\search.html
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-10 - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-{EF015F66-915F-9D83-DC9B-10342ABA4C4D} - c:\users\Karora\AppData\Roaming\Ynifz\zunit.exe
AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe
AddRemove-vShare plugin - c:\program files\StartSearch plugin\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-23 19:56
Windows 6.0.6001 Service Pack 1 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1959957467-214338366-3747030603-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:39,0f,8d,1f,76,c0,c1,78,f5,ef,f9,0c,9f,47,09,6d,df,2e,79,b1,91,52,ad,
   fb,31,88,22,ec,27,8b,07,a2,fe,c9,9e,f2,7d,1a,63,7b,74,dd,5a,25,7a,48,25,34,\
"??"=hex:d2,c0,00,d6,85,17,f2,5b,27,da,eb,ed,34,aa,d3,6b
.
[HKEY_USERS\S-1-5-21-1959957467-214338366-3747030603-1000\Software\SecuROM\License information*]
"datasecu"=hex:ad,5f,9f,d1,12,d8,53,f1,a3,eb,0e,97,5d,26,61,df,28,24,c3,95,61,
   f4,6a,d8,fe,26,6c,c6,d9,94,e6,38,4d,a5,86,d8,d7,ae,2e,bb,3b,90,50,98,92,34,\
"rkeysecu"=hex:ef,a7,37,8b,f3,40,bc,53,d7,20,b9,bf,aa,a7,65,3c
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2012-09-23  19:58:52
ComboFix-quarantined-files.txt  2012-09-23 17:58
.
Przed: 3 639 828 480 bajtów wolnych
Po: 5 867 069 440 bajtów wolnych
.
- - End Of File - - C6F439B8D272245270BFEBBA3A737FD2