ComboFix 12-10-16.02 - Daniel 2012-10-16  17:11:19.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.48.1045.18.2939.2304 [GMT 2:00]
Uruchomiony z: c:\users\Daniel\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\programdata\lsass.exe
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-09-16 do 2012-10-16  )))))))))))))))))))))))))))))))
.
.
2012-10-16 15:18 . 2012-10-16 15:18	--------	d-----w-	c:\users\Daniel\AppData\Local\temp
2012-10-16 15:18 . 2012-10-16 15:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-16 14:47 . 2012-08-24 06:51	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-10-16 14:28 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-16 14:28 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-16 14:28 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-16 14:28 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-16 14:28 . 2012-09-13 13:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-16 14:28 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-16 14:28 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-15 20:53 . 2012-08-30 13:23	645632	----a-w-	c:\windows\system32\xvidcore.dll
2012-09-29 09:23 . 2012-09-29 09:23	--------	d-----w-	c:\users\Daniel\AppData\Roaming\GRETECH
2012-09-29 09:22 . 2012-09-29 09:22	--------	d-----w-	c:\program files\GRETECH
2012-09-29 08:32 . 2012-09-29 08:32	--------	d-----w-	c:\users\Daniel\AppData\Local\ALLMediaServer
2012-09-29 08:32 . 2012-09-29 08:32	--------	d-----w-	c:\program files\ALLMediaServer
2012-09-29 08:32 . 2007-10-07 13:36	258048	----a-w-	c:\windows\system32\libFLAC.dll
2012-09-29 08:32 . 2012-09-29 08:32	--------	d-----w-	c:\users\Daniel\AppData\Local\ALLPlayer
2012-09-25 19:16 . 2012-09-25 19:16	11776	----a-w-	c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-09-25 19:15 . 2012-09-25 19:15	--------	d-----w-	c:\program files\Common Files\xing shared
2012-09-25 19:15 . 2012-09-25 19:15	150736	----a-w-	c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-09-25 19:15 . 2012-09-25 19:15	129176	----a-w-	c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-09-25 19:15 . 2012-09-25 19:15	--------	d-----w-	c:\program files\Real
2012-09-18 12:07 . 2012-09-18 12:07	--------	d-----w-	c:\program files\NapiProjekt
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 20:35 . 2012-04-01 11:48	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:35 . 2011-05-30 08:05	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-25 19:15 . 2007-06-15 07:21	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-09-25 19:15 . 2003-02-21 03:42	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-09-08 09:12 . 2012-09-08 09:12	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-08 09:12 . 2012-07-01 15:01	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-08 09:12 . 2010-05-02 11:51	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-18 16:05 . 2012-08-17 16:04	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-18 16:05 . 2012-08-17 16:04	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-18 16:05 . 2012-08-17 16:04	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-25 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
"Facebook Update"="c:\users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-09-25 296096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-29 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2011-08-16 18:30	1379840	----a-w-	c:\program files\ALLPlayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 09:33	417792	----a-w-	c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57	369200	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2010-07-07 11:03	16222208	----a-w-	c:\program files\ipla\ipla.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06	290088	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57	1451520	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 07:24	581632	----a-w-	c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07	574864	----a-w-	c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2008-04-24 08:22	103824	----a-w-	c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21	648072	----a-w-	c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:35]
.
2012-10-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2082271411-1683995685-680841680-1000Core.job
- c:\users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-17 16:02]
.
2012-10-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2082271411-1683995685-680841680-1000UA.job
- c:\users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-17 16:02]
.
2012-10-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 19:40]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd9a681380a117.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 22:49]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 22:49]
.
2012-09-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2082271411-1683995685-680841680-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2012-08-18 c:\windows\Tasks\User_Feed_Synchronization-{752C82D9-165C-4CD8-B4F5-C16ACA3170D8}.job
- c:\windows\system32\msfeedssync.exe [2011-04-18 18:44]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gazeta.pl/0,0.html?p=136
mStart Page = hxxp://startsear.ch/?aff=2&cf=ecea767e-fc4d-11e1-a829-815e294ffe2e
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Pobierz wszystko przez FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Pobrane przez FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\pqwidaju.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=ecea767e-fc4d-11e1-a829-815e294ffe2e&q=
FF - ExtSQL: 2012-09-25 21:15; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-09-27 15:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-16 17:18
Windows 6.0.6002 Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2082271411-1683995685-680841680-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2082271411-1683995685-680841680-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2082271411-1683995685-680841680-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AFF89630-FE9E-977C-C678-0D5B940A25E1}*]
"oammhimoinmhkenajghbdcdhbaajip"=hex:6a,61,63,6f,63,65,63,66,6f,68,70,61,67,6d,
   6e,6f,65,6f,61,69,00,ab
"pagnnkfkeedimghcjdeinfnlaananmgl"=hex:6a,61,63,6f,63,65,63,66,6f,68,70,61,67,
   6d,6e,6f,65,6f,61,69,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2012-10-16  17:20:33
ComboFix-quarantined-files.txt  2012-10-16 15:20
ComboFix2.txt  2012-10-16 14:06
.
Przed: 8 653 344 768 bajtów wolnych
Po: 8 702 451 712 bajtów wolnych
.
- - End Of File - - B26AE6A0226E732B29014F2FEFF1B566