ComboFix 14-01-01.01 - acer 2014-01-02  18:58:28.5.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1250.48.1045.18.1526.474 [GMT 1:00]
Uruchomiony z: c:\users\acer\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-12-02 do 2014-01-02  )))))))))))))))))))))))))))))))
.
.
2014-01-02 18:06 . 2014-01-02 18:06	--------	d-----w-	c:\users\acer\AppData\Local\temp
2014-01-02 18:06 . 2014-01-02 18:06	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-01-02 18:06 . 2014-01-02 18:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-02 17:10 . 2014-01-02 17:10	40392	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC654262-6ED2-4958-BC27-8C422E1FE78D}\MpKslf7e4cb42.sys
2014-01-02 16:42 . 2014-01-02 16:42	40392	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC654262-6ED2-4958-BC27-8C422E1FE78D}\MpKslcafb1e53.sys
2014-01-02 16:41 . 2014-01-02 16:41	103680	----a-w-	C:\kgldrpob.sys
2014-01-02 14:12 . 2014-01-02 14:12	--------	d-----w-	c:\users\acer\AppData\Local\Apps
2014-01-02 09:33 . 2013-09-20 09:49	18968	----a-w-	c:\windows\system32\sdnclean.exe
2014-01-02 09:33 . 2014-01-02 09:37	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2014-01-02 09:32 . 2013-12-04 02:57	7760024	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC654262-6ED2-4958-BC27-8C422E1FE78D}\mpengine.dll
2014-01-01 07:26 . 2013-12-04 02:57	7760024	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-28 21:58 . 2013-12-28 21:58	--------	d-----w-	c:\users\acer\AppData\Local\Windows Live Writer
2013-12-28 21:58 . 2013-12-28 21:58	--------	d-----w-	c:\users\acer\AppData\Roaming\Windows Live Writer
2013-12-12 18:34 . 2013-10-30 00:35	2050560	----a-w-	c:\windows\system32\win32k.sys
2013-12-12 18:34 . 2013-10-30 02:12	335360	----a-w-	c:\windows\system32\SysFxUI.dll
2013-12-12 18:34 . 2013-10-30 01:43	130048	----a-w-	c:\windows\system32\drivers\drmk.sys
2013-12-12 18:34 . 2013-10-30 00:43	167936	----a-w-	c:\windows\system32\drivers\portcls.sys
2013-12-12 18:34 . 2013-10-11 02:08	36864	----a-w-	c:\windows\system32\wshcon.dll
2013-12-12 18:34 . 2013-10-11 02:08	131072	----a-w-	c:\windows\system32\wshom.ocx
2013-12-12 18:34 . 2013-10-11 02:08	172032	----a-w-	c:\windows\system32\scrrun.dll
2013-12-12 18:34 . 2013-10-11 00:35	135168	----a-w-	c:\windows\system32\cscript.exe
2013-12-12 18:34 . 2013-10-11 00:35	155648	----a-w-	c:\windows\system32\wscript.exe
2013-12-12 18:32 . 2013-10-22 07:19	158208	----a-w-	c:\windows\system32\imagehlp.dll
2013-12-06 17:38 . 2013-10-17 10:14	719224	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-12-06 17:38 . 2013-10-17 10:14	719224	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39ADFC98-3C7F-4AE8-91EC-20A6B820F121}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 18:36 . 2012-06-08 13:36	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-12-10 18:36 . 2012-06-08 13:36	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-10-02 19:17	230048	------w-	c:\windows\system32\MpSigStub.exe
2013-11-13 05:48 . 2011-03-28 17:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-11-12 20:46 . 2013-11-12 20:46	161792	----a-w-	c:\windows\system32\msls31.dll
2013-11-12 20:46 . 2013-11-12 20:46	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-11-12 20:46 . 2013-11-12 20:46	86528	----a-w-	c:\windows\system32\iesysprep.dll
2013-11-12 20:46 . 2013-11-12 20:46	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-11-12 20:46 . 2013-11-12 20:46	63488	----a-w-	c:\windows\system32\tdc.ocx
2013-11-12 20:46 . 2013-11-12 20:46	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-11-12 20:46 . 2013-11-12 20:46	367104	----a-w-	c:\windows\system32\html.iec
2013-11-12 20:46 . 2013-11-12 20:46	74752	----a-w-	c:\windows\system32\iesetup.dll
2013-11-12 20:46 . 2013-11-12 20:46	23552	----a-w-	c:\windows\system32\licmgr10.dll
2013-11-12 20:46 . 2013-11-12 20:46	152064	----a-w-	c:\windows\system32\wextract.exe
2013-11-12 20:46 . 2013-11-12 20:46	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-11-12 20:46 . 2013-11-12 20:46	35840	----a-w-	c:\windows\system32\imgutil.dll
2013-11-12 20:46 . 2013-11-12 20:46	11776	----a-w-	c:\windows\system32\mshta.exe
2013-11-12 20:46 . 2013-11-12 20:46	101888	----a-w-	c:\windows\system32\admparse.dll
2013-11-12 20:46 . 2013-11-12 20:46	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-10-30 02:13 . 2006-11-02 10:25	1304064	----a-w-	c:\windows\system32\WMALFXGFXDSP.dll
2013-10-14 06:39 . 2013-11-12 19:29	7796464	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B481A58-296E-4C96-8EAC-8C796E2157B0}\mpengine.dll
2013-10-12 12:12 . 2013-11-12 19:19	53760	----a-w-	c:\windows\apppatch\iebrshim.dll
2013-10-11 02:08 . 2013-11-12 19:19	444928	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-12 19:19	596480	----a-w-	c:\windows\system32\FWPUCLNT.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rejestracja Need for Speed™ Undercover.lnk]
path=c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rejestracja Need for Speed™ Undercover.lnk
backup=c:\windows\pss\Rejestracja Need for Speed™ Undercover.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2008-11-24 19:44	869888	----a-w-	c:\program files\ALLPlayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 07:34	81920	----a-w-	c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 20:01	71216	------w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 15:42	20584608	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27	144784	----a-w-	c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tppoll]
2005-03-02 16:12	24576	----a-w-	c:\program files\Topro\tppoll.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 20:48	57344	----a-w-	c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2667545119-3472690662-164064294-1003]
"EnableNotificationsRef"=dword:00000002
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - KGLDRPOB
*NewlyCreated* - MPKSLF7E4CB42
*Deregistered* - kgldrpob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 18:36]
.
2014-01-02 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-01-02 09:57]
.
2013-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2667545119-3472690662-164064294-1003Core.job
- c:\users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-05 18:05]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2667545119-3472690662-164064294-1003UA.job
- c:\users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-05 18:05]
.
2014-01-02 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-01-02 09:49]
.
2014-01-02 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-01-02 09:51]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://pl.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\2bej2i4o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - ExtSQL: !HIDDEN! 2009-09-06 20:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_def&mntrId=F020582C80139263&affID=66896&tsp=5110
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_def&mntrId=F020582C80139263&affID=66896&tsp=5110
FF - user.js: extensions.buenosearch.id - f0208558000000000000582c80139263
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16067
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.722:10
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - orgnl
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - en
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-02 19:06
Windows 6.0.6002 Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2667545119-3472690662-164064294-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-2667545119-3472690662-164064294-1003)
@Denied: (2) (LocalSystem)
"Progid"="Microsoft Internet Mail Message"
.
[HKEY_USERS\S-1-5-21-2667545119-3472690662-164064294-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2667545119-3472690662-164064294-1003\Software\SecuROM\License information*]
"datasecu"=hex:52,2d,62,66,3a,7c,d7,60,7c,45,b6,03,9f,2f,51,94,44,9b,e2,7d,d4,
   4e,65,cd,98,3d,1e,a9,f4,c6,d8,41,04,4b,ef,d6,50,15,53,72,7c,68,8f,e0,83,32,\
"rkeysecu"=hex:3e,f0,5b,45,f6,c6,1c,75,4e,4b,2d,aa,b5,3d,1b,cc
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2014-01-02  19:09:25
ComboFix-quarantined-files.txt  2014-01-02 18:09
ComboFix2.txt  2014-01-02 17:42
ComboFix3.txt  2012-06-08 14:08
ComboFix4.txt  2012-05-19 14:08
ComboFix5.txt  2014-01-02 17:57
.
Przed: 11 011 457 024 bajtów wolnych
Po: 10 849 345 536 bajtów wolnych
.
- - End Of File - - 15E99205FFC882228E64146A19D614CA
6FC6F9186C07BCA94E140F63BFE6E9B4