ComboFix 12-11-16.02 - Użytkownik 2012-11-18  18:24:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.48.1045.18.3069.1842 [GMT 1:00]
Uruchomiony z: c:\users\Użytkownik\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\lsass.exe
c:\windows\PFRO.log
c:\windows\system32\pt
c:\windows\system32\pt\smartfacevcp.dll.mui
.
Zainfekowana kopia c:\windows\system32\userinit.exe została znaleziona. Problem naprawiono 
Plik odzyskano z - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe 
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-10-18 do 2012-11-18  )))))))))))))))))))))))))))))))
.
.
2012-11-18 17:31 . 2012-11-18 17:31	--------	d-----w-	c:\users\UYTKOW~2\AppData\Local\temp
2012-11-18 17:31 . 2012-11-18 17:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-18 17:31 . 2012-11-18 17:31	--------	d-----w-	c:\users\admin\AppData\Local\temp
2012-11-16 17:53 . 2012-10-17 00:32	6918632	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A059B872-7585-49DE-A821-9B74EC01931F}\mpengine.dll
2012-11-12 13:26 . 2012-11-12 13:27	--------	d-----w-	c:\users\Użytkownik\AppData\Roaming\NapiProjekt
2012-11-12 13:26 . 2012-11-12 13:26	--------	d-----w-	c:\program files\NapiProjekt
2012-11-11 00:21 . 2012-11-11 00:21	--------	d-----w-	c:\program files\uTorrent
2012-11-11 00:20 . 2012-11-18 17:32	--------	d-----w-	c:\users\Użytkownik\AppData\Roaming\uTorrent
2012-11-11 00:08 . 2012-11-18 17:19	--------	d-----w-	c:\programdata\Avira
2012-11-10 12:19 . 2012-11-10 12:19	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin7.dll
2012-11-10 12:19 . 2012-11-10 12:19	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin6.dll
2012-11-10 12:19 . 2012-11-10 12:19	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin5.dll
2012-11-10 12:19 . 2012-11-10 12:19	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin4.dll
2012-11-10 12:19 . 2012-11-10 12:19	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin3.dll
2012-11-10 12:19 . 2012-11-10 12:19	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin2.dll
2012-11-10 12:19 . 2012-11-10 12:19	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin.dll
2012-11-10 12:18 . 2012-11-10 12:19	--------	d-----w-	c:\program files\QuickTime
2012-11-10 12:18 . 2012-11-10 12:18	--------	d-----w-	c:\programdata\Apple Computer
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\system32\QuickTime.qts
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 21:12 . 2012-07-13 10:10	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 21:12 . 2012-07-13 10:10	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-30 19:48 . 2012-10-30 19:48	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-11-11 968592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Użytkownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ctfmon.lnk - c:\programdata\lsass.exe [N/A]
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 21:12]
.
2012-11-18 c:\windows\Tasks\User_Feed_Synchronization-{58593197-0F09-4B2F-94F9-BD17CDEADEB5}.job
- c:\windows\system32\msfeedssync.exe [2011-10-06 04:32]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=en_PL
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Użytkownik\AppData\Roaming\Mozilla\Firefox\Profiles\qdzb2wkk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - ExtSQL: !HIDDEN! 2010-06-28 03:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-18 18:36
Windows 6.0.6001 Service Pack 1 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'Explorer.exe'(3268)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Toshiba TEMPRO\TempoSVC.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Czas ukończenia: 2012-11-18  18:39:31 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-11-18 17:39
.
Przed: 68 674 830 336 bajtów wolnych
Po: 69 585 162 240 bajtów wolnych
.
- - End Of File - - 746BC1BDB7110821FDD416AE1059E0B0