ComboFix 12-10-18.03 - andrzej 2012-10-19  14:45:08.2.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1669 [GMT 2:00]
Uruchomiony z: c:\documents and settings\andrzej\Pulpit\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\0tbpw.pad
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\All Users\Dane aplikacji\xml129.tmp
c:\documents and settings\All Users\Dane aplikacji\xml12A.tmp
c:\documents and settings\All Users\Dane aplikacji\xml12B.tmp
c:\documents and settings\All Users\Dane aplikacji\xml12C.tmp
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\program files\StartSearch plugin\ssBarLcher.dll
c:\program files\StartSearch plugin\StartBar.dll
c:\program files\StartSearch plugin\uninst.exe
c:\program files\StartSearch plugin\vshareplg.crx
c:\windows\system32\cc32100mt.dll
c:\windows\system32\tmp297.tmp
c:\windows\system32\tmp298.tmp
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_nvsvc
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-09-19 do 2012-10-19  )))))))))))))))))))))))))))))))
.
.
2012-10-19 12:55 . 2012-10-19 12:55	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP
2012-10-13 10:37 . 2012-10-13 10:37	--------	d-----w-	c:\program files\Mozilla Thunderbird
2012-10-10 14:59 . 2012-10-11 10:25	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AlawarWrapper
2012-10-10 14:59 . 2012-10-14 10:33	--------	d-----w-	c:\program files\Alawar
2012-09-30 08:40 . 2012-09-30 08:40	--------	d-----w-	c:\documents and settings\LocalService\Dane aplikacji\TuneUp Software
2012-09-25 16:09 . 2012-09-25 16:09	--------	d-----w-	c:\documents and settings\andrzej\Ustawienia lokalne\Dane aplikacji\Identities
2012-09-25 16:09 . 2012-10-01 07:39	--------	d-----w-	c:\documents and settings\andrzej\Dane aplikacji\Geifw
2012-09-25 16:09 . 2012-09-30 08:37	--------	d-----w-	c:\documents and settings\andrzej\Dane aplikacji\Uradim
2012-09-25 16:09 . 2012-09-25 16:09	--------	d-----w-	c:\documents and settings\andrzej\Dane aplikacji\Ezanqu
2012-09-24 13:07 . 2012-09-24 13:07	242240	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-24 13:07 . 2012-09-24 13:07	--------	d-----w-	c:\program files\DAEMON Tools Lite
2012-09-23 18:32 . 2012-09-19 10:10	31584	----a-w-	c:\windows\system32\TURegOpt.exe
2012-09-23 18:32 . 2012-09-23 18:32	--------	d-----w-	c:\documents and settings\andrzej\Dane aplikacji\TuneUp Software
2012-09-23 18:32 . 2012-09-23 18:32	--------	d-----w-	c:\program files\TuneUp Utilities 2013
2012-09-23 18:31 . 2012-09-23 18:32	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\TuneUp Software
2012-09-23 18:31 . 2012-09-23 18:35	--------	d-sh--w-	c:\documents and settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-09-23 16:33 . 2012-09-23 18:16	--------	d-----w-	c:\documents and settings\andrzej\Dane aplikacji\Auslogics
2012-09-23 16:33 . 2012-09-23 18:30	--------	d-----w-	c:\program files\Auslogics
2012-09-23 14:09 . 2012-09-23 14:09	--------	d-----w-	c:\documents and settings\andrzej\Dane aplikacji\InstallShield
2012-09-21 13:43 . 2012-09-21 13:46	--------	d-----w-	c:\program files\HDD Regenerator
2012-09-21 13:43 . 2012-09-23 18:35	--------	d-----w-	c:\documents and settings\andrzej\Ustawienia lokalne\Dane aplikacji\Downloaded Installations
2012-09-21 13:28 . 2012-09-21 13:28	--------	d-----w-	c:\program files\Disk Checker
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 19:15 . 2012-06-12 16:43	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-08 19:15 . 2011-07-11 09:24	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-02 10:43 . 2012-09-02 10:43	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-02 10:43 . 2012-04-04 19:36	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-09-02 10:43 . 2012-08-17 19:11	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-02 10:43 . 2011-02-03 17:57	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-28 15:18 . 2006-03-02 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2006-03-02 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2006-03-02 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-02 12:00	385024	------w-	c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-03-02 12:00	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 13:43 . 2010-09-07 02:49	301920	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2012-08-23 06:27 . 2006-03-02 12:00	2150400	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-04 00:39	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-07-26 01:21 . 2010-09-07 02:48	237408	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2012-10-12 10:24 . 2012-10-12 10:24	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2003-04-02 12288]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"CTSyncService"="c:\program files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"AMBDef"="AMBDef.exe" [2008-01-23 53248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-06 273544]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"HDD Regenerator"="c:\program files\HDD Regenerator\HDD Regenerator.exe" [2010-10-19 2421016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\andrzej\Menu Start\Programy\Autostart\
ctfmon.lnk - c:\documents and settings\All Users\Dane aplikacji\lsass.exe [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"e:\\Gry zainstalowane\\pes2012\\pes2012.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\gry\\Re-Volt\\REVOLT.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"e:\\Gry zainstalowane\\pes2013\\PeSBoX Anatolia 2013.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-04-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-09-07 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-09-07 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-09-07 301920]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-09-24 242240]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2012-09-19 1699168]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-02-03 1684736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-02-03 45056]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-02-04 79360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-09-18 10088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 250808]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\Drivers\AsrCDDrv.sys --> c:\windows\system32\Drivers\AsrCDDrv.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-04 79360]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-10 115168]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 19:15]
.
2012-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-10-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-838170752-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-10-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-838170752-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-10-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-02-03 21:18]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://startsear.ch/?aff=2&cf=1983cc9c-db2c-11e1-98f3-0025227a0679
mStart Page = hxxp://startsear.ch/?aff=2&cf=1983cc9c-db2c-11e1-98f3-0025227a0679
uInternet Settings,ProxyOverride = *.local
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\documents and settings\andrzej\Pulpit\PartyCasino.lnk
TCP: DhcpNameServer = 95.160.170.92 88.156.222.92
FF - ProfilePath - c:\documents and settings\andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\eo6lm9fr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://onet.pl/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112471&babsrc=KW_ss&mntrId=74602b830000000000000025227a0679&q=
FF - ExtSQL: !HIDDEN! 2011-02-09 00:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-Asrsetup - J:\ASRSetup.exe
AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe
AddRemove-BankBrowser - c:\documents and settings\andrzej\Moje dokumenty\Pobieranie\bankbrowser_3_6.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-19 14:55
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  AMBDef = AMBDef.exe?|?????$?|U$?|??????? 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(3028)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\NVIDIA Corporation\nView\NVWRSPL.DLL
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\docume~1\andrzej\USTAWI~1\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\rundll32.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2012-10-19  14:59:56 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-10-19 12:59
.
Przed: 5 709 971 456 bajtów wolnych
Po: 5 708 984 320 bajtów wolnych
.
- - End Of File - - C83F0A734F29DA4E43FC8F4BCBC339C8