ComboFix 12-10-29.05 - Tomek 2012-10-29  21:06:03.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2038.1709 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Tomek\Pulpit\ComboFix.exe
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gość\Dane aplikacji\vbscripth.dll
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\Uninstall.exe
c:\windows\msmqinst.log
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\TZLog.log
D:\install.exe
D:\setup.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-09-28 do 2012-10-29  )))))))))))))))))))))))))))))))
.
.
2012-10-29 19:53 . 2012-10-29 19:53	--------	d-----w-	c:\program files\XP TCPIP Repair
2012-10-29 19:53 . 2008-11-13 09:26	616024	----a-w-	c:\windows\system32\COMCTL32.OCX
2012-10-29 19:25 . 2012-10-29 19:25	21361	----a-w-	c:\windows\system32\drivers\AegisP.sys
2012-10-29 19:25 . 2012-10-29 19:25	--------	d-----w-	c:\program files\EDIMAX
2012-10-29 19:25 . 2008-07-29 23:44	619136	----a-w-	c:\windows\system32\drivers\rt2870.sys
2012-10-29 19:25 . 2008-07-29 23:43	217088	----a-w-	c:\windows\system32\RaCoInst.dll
2012-10-29 19:25 . 2008-06-15 22:57	4096	----a-w-	c:\windows\system32\drivers\rt2870.bin
2012-10-29 19:25 . 2012-10-29 19:25	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Edimax Driver
2012-10-09 11:26 . 2012-10-09 12:26	10220472	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:26 . 2012-06-05 16:32	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 12:26 . 2012-06-05 16:32	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-07 15:59 . 2012-09-07 15:59	1409	----a-w-	c:\windows\system32\tmp4E1F5.FOT
2012-09-07 15:59 . 2012-09-07 15:59	1409	----a-w-	c:\windows\system32\tmp59AC5.FOT
2012-08-28 15:18 . 2004-08-04 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-04 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00	385024	------w-	c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-04 12:00	2150400	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-04 00:39	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-22 13:55 . 2012-08-22 13:55	1409	----a-w-	c:\windows\system32\tmp03D54.FOT
2012-08-22 05:20 . 2012-06-06 16:32	664	----a-w-	c:\documents and settings\Gość\Ustawienia lokalne\Dane aplikacji\d3d9caps.tmp
2011-03-30 09:40 . 2011-03-30 09:40	517976	----a-w-	c:\program files\DXSETUP.exe
2011-03-30 09:40 . 2011-03-30 09:40	95576	----a-w-	c:\program files\DSETUP.dll
2011-03-30 09:40 . 2011-03-30 09:40	1566040	----a-w-	c:\program files\dsetup32.dll
2005-12-21 16:31 . 2012-09-07 15:58	651264	------w-	c:\program files\bakoma.exe
2005-12-18 11:57 . 2012-09-07 15:58	1646592	------w-	c:\program files\ME2.dll
2003-07-07 13:14 . 2012-09-07 15:58	876544	------w-	c:\program files\cg.dll
2003-07-07 13:14 . 2012-09-07 15:58	303104	------w-	c:\program files\cgD3D8d.dll
2003-07-07 13:14 . 2012-09-07 15:58	299008	------w-	c:\program files\cgD3D8.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-05-29 07:05	244840	----a-w-	c:\program files\Softonic\Softonic\1.5.24.3\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll" [2012-05-29 253032]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2012-01-05 75624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-12-03 33718272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2012-10-29 1601536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"d:\\agata\\gg\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Heroes VI\\Might & Magic Heroes VI.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1617408]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-01-05 75624]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 250808]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [2009-06-26 1656960]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 12:26]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=10&cc=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-Gadu-Gadu - d:\agata\gg\Gadu-Gadu\Setup.exe
AddRemove-Gadu-Gadu 10 - d:\agata\gg\Gadu-Gadu\Gadu-Gadu 10\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-29 21:08
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Czas ukończenia: 2012-10-29  21:10:19
ComboFix-quarantined-files.txt  2012-10-29 20:10
.
Przed: 73 060 413 440 bajtów wolnych
Po: 73 549 717 504 bajtów wolnych
.
- - End Of File - - A8E4FB4D5A61804DAB852283F07BE117