ComboFix 12-03-22.01 - gabryna 2012-03-25  22:04:06.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.511.341 [GMT 2:00]
Uruchomiony z: c:\documents and settings\gabryna\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\gabryna\Pulpit\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\gabryna\Dane aplikacji\4.tmp
c:\documents and settings\gabryna\Dane aplikacji\5.tmp
c:\documents and settings\gabryna\Dane aplikacji\6.tmp
c:\documents and settings\gabryna\Dane aplikacji\7.tmp
c:\documents and settings\gabryna\Dane aplikacji\8.tmp
c:\documents and settings\gabryna\Dane aplikacji\9.tmp
c:\documents and settings\gabryna\Dane aplikacji\A.tmp
c:\documents and settings\gabryna\Dane aplikacji\B.tmp
c:\documents and settings\gabryna\Dane aplikacji\C.tmp
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-02-25 do 2012-03-25  )))))))))))))))))))))))))))))))
.
.
2012-03-25 14:44 . 2012-03-25 19:20	--------	d-----w-	C:\UsbFix
2012-03-25 13:13 . 2012-03-25 13:14	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\{5086CFFE-02D3-48D7-8A7C-169CFF056F88}
2012-03-02 00:02 . 2012-03-02 00:02	493080	----a-w-	c:\windows\system32\evr.dll
2012-03-02 00:02 . 2012-03-02 00:02	207360	----a-w-	c:\windows\system32\evrprop.dll
2012-03-02 00:02 . 2012-03-02 00:02	73752	----a-w-	c:\windows\system32\dxva2.dll
2012-03-01 23:58 . 2008-09-10 19:56	144960	----a-w-	c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-03-01 23:58 . 2008-09-10 19:37	94208	----a-w-	c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2012-03-01 23:58 . 2012-03-01 23:58	--------	d-----w-	c:\program files\Real Alternative
2012-03-01 23:58 . 2012-03-01 23:58	--------	d-----w-	c:\documents and settings\gabryna\Ustawienia lokalne\Dane aplikacji\Real
2012-03-01 23:52 . 2012-03-03 20:04	--------	d-----w-	c:\documents and settings\gabryna\Dane aplikacji\NapiProjekt
2012-03-01 22:44 . 2012-03-01 22:44	--------	d-----w-	c:\documents and settings\gabryna\Ustawienia lokalne\Dane aplikacji\ALLConverter
2012-03-01 22:44 . 2012-03-01 22:45	--------	d-----w-	c:\program files\NapiProjekt
2012-03-01 22:44 . 2012-03-01 22:44	--------	d-----w-	c:\program files\ALLConverter PRO
2012-03-01 22:36 . 2012-03-01 22:36	--------	d-----w-	c:\documents and settings\gabryna\Dane aplikacji\Media Player Classic
2012-03-01 22:26 . 2012-03-01 22:26	237	----a-w-	C:\user.js
2012-03-01 22:26 . 2012-03-01 22:26	--------	d-----w-	c:\program files\BabylonToolbar
2012-03-01 22:24 . 2012-03-01 22:24	--------	d-----w-	c:\documents and settings\gabryna\Ustawienia lokalne\Dane aplikacji\Babylon
2012-03-01 22:23 . 2012-03-01 22:23	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Babylon
2012-03-01 22:23 . 2012-03-01 22:23	--------	d-----w-	c:\documents and settings\gabryna\Dane aplikacji\Babylon
2012-03-01 22:22 . 2012-03-01 22:23	--------	d-----w-	c:\program files\MediaCoder PSP Edition
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 00:02 . 2011-04-26 16:45	258048	----a-w-	c:\windows\system32\libFLAC.dll
2012-02-18 01:11 . 2011-11-19 22:08	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-09-10 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot@2012-03-25_18.52.49   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-25 20:44 . 2012-03-25 20:44	16384              c:\windows\temp\Perflib_Perfdata_c8.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2011-03-11 1373512]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54	175912	----a-w-	c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29	1490312	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 344064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-17 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"B2C_AGENT"="c:\documents and settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-27 404568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-09-10 15360]
.
c:\documents and settings\gabryna\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-09-10 69248]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-09-10 212520]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 136176]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-06-23 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-06-23 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-06-23 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-06-23 25088]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 136176]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 00:09]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 00:09]
.
2012-03-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 11:29]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101292&mntrId=fc412d88000000000000001109c8a1de
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\gabryna\Dane aplikacji\Mozilla\Firefox\Profiles\h861kvbz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: extensions.BabylonToolbar_i.id - fc412d88000000000000001109c8a1de
FF - user.js: extensions.BabylonToolbar_i.hardId - fc412d88000000000000001109c8a1de
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15400
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:25
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101292
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-25 22:44
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(240)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\progra~1\ALLPLA~1\Iplex\IPLEXT~1.DLL
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2012-03-25  22:46:34 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-03-25 20:46
ComboFix2.txt  2012-03-25 18:55
.
Przed: 50 858 270 720 bajtów wolnych
Po: 50 850 791 424 bajtów wolnych
.
- - End Of File - - 4C1A7944E5648E8F4125D36B258E7778