ComboFix 11-11-08.02 - kais-x 2011-11-09  16:14:59.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.1007.386 [GMT 1:00]
Uruchomiony z: d:\andy-net\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PLAY ONLINE\PLAY ONLINE.exe
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-10-09 do 2011-11-09  )))))))))))))))))))))))))))))))
.
.
2011-11-08 16:30 . 2011-11-08 16:30	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\RDRM
2011-11-08 16:30 . 2011-11-09 14:36	--------	d-----w-	c:\documents and settings\kais-x\Dane aplikacji\ipla
2011-11-08 16:30 . 2011-11-08 16:30	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ipla
2011-11-08 16:25 . 2011-11-09 14:39	--------	d-----w-	c:\program files\ipla
2011-11-08 16:24 . 2011-11-08 16:24	1060864	----a-w-	c:\windows\system32\mfc71.dll
2011-11-08 16:24 . 2011-11-08 16:24	1700352	----a-w-	c:\windows\system32\gdiplus.dll
2011-11-07 18:50 . 2011-09-16 10:57	189088	----a-w-	c:\program files\Mozilla Firefox\plugins\npVividasPlayer.dll
2011-11-05 21:56 . 2011-11-05 21:56	--------	d-----w-	c:\program files\SIW
2011-11-05 21:48 . 2011-11-05 21:48	--------	d-----w-	c:\windows\Logs
2011-11-05 21:48 . 2011-11-05 21:48	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\DivX
2011-11-05 21:31 . 2011-09-25 09:33	216064	----a-w-	c:\windows\system32\lagarith.dll
2011-11-05 21:31 . 2011-07-16 14:17	151552	----a-w-	c:\windows\system32\ac3acm.acm
2011-11-05 21:31 . 2008-09-24 18:41	839680	----a-w-	c:\windows\system32\lameACM.acm
2011-11-05 21:31 . 2011-06-24 14:44	243200	----a-w-	c:\windows\system32\xvidvfw.dll
2011-11-05 21:31 . 2011-06-24 14:28	650752	----a-w-	c:\windows\system32\xvidcore.dll
2011-11-05 21:31 . 2006-04-02 12:47	630784	----a-w-	c:\windows\system32\vp7vfw.dll
2011-11-05 21:31 . 2011-10-28 08:00	74752	----a-w-	c:\windows\system32\ff_vfw.dll
2011-10-20 20:07 . 2011-10-20 20:08	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PLAY ONLINE
2011-10-20 20:06 . 2011-11-09 15:22	--------	d-----w-	c:\program files\PLAY ONLINE
2011-10-20 20:05 . 2011-11-09 15:29	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\DatacardService
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 17:19 . 2011-05-22 14:24	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2011-05-21 18:15	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2011-06-07 14:51	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-06-07 14:51	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2008-07-29 17:59	614400	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-04 12:00	23040	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-04 12:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2004-08-04 12:00	602624	----a-w-	c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2005-10-06 03:10	1859200	----a-w-	c:\windows\system32\win32k.sys
2011-08-17 21:25 . 2004-08-04 12:00	832512	----a-w-	c:\windows\system32\wininet.dll
2011-08-17 21:25 . 2004-08-04 12:00	1830912	------w-	c:\windows\system32\inetcpl.cpl
2011-08-17 21:25 . 2004-08-04 12:00	78336	----a-w-	c:\windows\system32\ieencode.dll
2011-08-17 21:25 . 2004-08-04 12:00	17408	------w-	c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2004-08-04 12:00	138496	----a-w-	c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-04 12:00	389120	----a-w-	c:\windows\system32\html.iec
2011-08-12 11:51 . 2011-05-21 18:19	26488	----a-w-	c:\windows\system32\spupdsvc.exe
2011-11-09 14:43 . 2011-05-21 18:57	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2004-06-14 417856]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-05-10 102469]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-09 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-09 126976]
"UIExec"="c:\program files\blueconnect\UIExec.exe" [2009-09-15 132608]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"GCXX-Manager-Class"="c:\program files\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2005-02-01 811113]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2010-03-12 2909184]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\kais-x\Menu Start\Programy\Autostart\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Watch.lnk - c:\program files\MUSTEK 1248UB\Driver\WATCH.exe [2011-8-25 364544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-06-14 04:46	180290	----a-w-	c:\windows\system32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-03-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-01-07 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-04-04 297168]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2011-07-15 38976]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -/service --> c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -/service [?]
R2 UI Assistant Service;UI Assistant Service;c:\program files\blueconnect\AssistantServices.exe [2011-05-21 241664]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-02-10 27216]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-10-20 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-10-20 235392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-10-20 73216]
S2 PLAY ONLINE. RunOuc;PLAY ONLINE. OUC;c:\program files\PLAY ONLINE\UpdateDog\ouc.exe [2011-10-20 218624]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-10-20 102784]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys --> c:\windows\system32\DRIVERS\Gt51Ip.sys [?]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys --> c:\windows\system32\DRIVERS\gt72ubus.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-05-21 9728]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\drivers\GCXX.sys [2011-06-19 114944]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\drivers\GCXXNet.sys [2011-06-19 53248]
.
.
------- Skan uzupełniający -------
.
FF - ProfilePath - c:\documents and settings\kais-x\Dane aplikacji\Mozilla\Firefox\Profiles\jtlr4x8p.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://tv.wp.pl/?rfbawp=1187520589.351&amp;ticaid=1d574
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z188&form=ZGAADF&install_date=20111105&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-Mobile Partner - c:\program files\PLAY ONLINE\PLAY ONLINE.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-09 16:28
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\S24EvMon.exe
c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\documents and settings\All Users\Dane aplikacji\PLAY ONLINE\OnlineUpdate\ouc.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\slserv.exe
c:\windows\SOUNDMAN.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\1XConfig.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2011-11-09  16:34:23 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-11-09 15:34
.
Przed: 3 289 391 104 bajtów wolnych
Po: 3 710 746 624 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3A93B3BCA1FB642C46FF836977012F4A