ComboFix 12-12-23.01 - Jacek 2012-12-24  20:00:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.48.1045.18.3066.1959 [GMT 1:00]
Uruchomiony z: c:\users\jacek_2\Documents\instalki\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\jacek_2\wgsdgsdgdsgsd.dll
c:\windows\DpInst.log
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-11-24 do 2012-12-24  )))))))))))))))))))))))))))))))
.
.
2012-12-24 19:08 . 2012-12-24 19:10	--------	d-----w-	c:\users\Jacek\AppData\Local\temp
2012-12-24 19:08 . 2012-12-24 19:08	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-12-24 19:08 . 2012-12-24 19:08	--------	d-----w-	c:\users\jacek_2\AppData\Local\temp
2012-12-24 19:08 . 2012-12-24 19:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-24 17:52 . 2012-12-24 17:52	2937	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2012-12-22 08:54 . 2012-12-16 13:12	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 08:54 . 2012-12-16 10:50	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 08:50 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A42D4559-E188-4CDC-A03B-3D0DB2239EB5}\mpengine.dll
2012-12-13 07:34 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-12-13 07:34 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 07:34 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 07:34 . 2009-07-14 12:12	16896	----a-w-	c:\windows\system32\winusb.dll
2012-12-13 07:34 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 07:34 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 07:34 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-12-13 07:34 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-12-13 07:34 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-12-13 07:34 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-12-13 07:34 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-12-05 15:23 . 2012-12-05 15:23	--------	d-----w-	c:\programdata\ChairGun4
2012-12-05 15:23 . 2012-12-05 15:23	--------	d-----w-	c:\program files\ChairGun4
2012-12-05 14:57 . 2012-12-07 09:09	--------	d-----w-	c:\program files\ChairGun2
2012-12-05 14:56 . 2004-08-04 08:00	81920	------w-	c:\windows\system32\msado25.tlb
2012-12-05 14:56 . 2004-08-04 08:00	561179	------w-	c:\windows\system32\dao360.dll
2012-12-05 14:56 . 2004-03-08 23:00	662288	------w-	c:\windows\system32\MSCOMCT2.OCX
2012-12-05 14:56 . 2004-03-08 23:00	440352	------w-	c:\windows\system32\MSHFLXGD.OCX
2012-12-05 14:56 . 2004-03-08 23:00	275216	------w-	c:\windows\system32\MSDATGRD.OCX
2012-12-05 14:56 . 2004-03-08 23:00	212240	------w-	c:\windows\system32\RICHTX32.OCX
2012-12-05 14:56 . 2004-03-08 23:00	132880	------w-	c:\windows\system32\MSINET.OCX
2012-12-05 14:56 . 2004-03-08 23:00	131856	------w-	c:\windows\system32\MSADODC.OCX
2012-12-05 14:56 . 2004-03-08 23:00	1081616	------w-	c:\windows\system32\MSCOMCTL.OCX
2012-12-05 14:56 . 2004-02-22 23:00	78848	------w-	c:\windows\system32\MSBIND.DLL
2012-12-05 14:56 . 2004-02-22 23:00	119808	------w-	c:\windows\system32\MSSTDFMT.DLL
2012-12-05 14:56 . 1998-06-23 23:00	525352	------w-	c:\windows\system32\DBGRID32.OCX
2012-12-05 13:58 . 2012-12-13 11:26	--------	d-----w-	c:\users\jacek_2\AppData\Local\Mozilla Firefox
2012-11-30 15:10 . 2012-11-30 15:10	--------	d-----w-	c:\users\Jacek\AppData\Roaming\AVI ReComp
2012-11-30 14:40 . 2012-11-30 15:08	--------	d-----w-	c:\program files\Gabest
2012-11-30 14:39 . 2011-05-30 13:42	240640	----a-w-	c:\windows\system32\xvidvfw.dll
2012-11-30 14:39 . 2011-05-23 09:52	153088	----a-w-	c:\windows\system32\xvid.ax
2012-11-30 14:39 . 2011-05-23 07:46	645632	----a-w-	c:\windows\system32\xvidcore.dll
2012-11-30 14:39 . 2012-11-30 15:11	--------	d-----w-	c:\program files\AviSynth 2.5
2012-11-30 14:38 . 2012-11-30 15:08	--------	d-----w-	c:\program files\AVI ReComp
2012-11-30 14:30 . 2012-11-30 14:30	--------	d-----w-	c:\users\Jacek\AppData\Roaming\NapiProjekt
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 21:08 . 2012-04-04 15:42	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-11 21:08 . 2011-05-19 16:01	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-27 07:31 . 2012-09-27 07:31	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-27 07:31 . 2012-01-16 20:21	746984	----a-w-	c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-21 68856]
"USBAudio"="c:\users\Jacek\Ustawienia\USBAudio.exe" [2010-03-24 507392]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-16 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-16 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-10-30 296096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:08]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 20:10]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 20:10]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gazeta.pl/0,0.html?p=137
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - 
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-24 20:09
Windows 6.0.6002 Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'Explorer.exe'(620)
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
Czas ukończenia: 2012-12-24  20:16:38
ComboFix-quarantined-files.txt  2012-12-24 19:16
.
Przed: 102 094 524 416 bajtów wolnych
Po: 102 457 376 768 bajtów wolnych
.
- - End Of File - - CD3810DF56100B16C4ED63DEBCDD1E51