ComboFix 12-04-01.03 - Kasia 2012-04-03  21:09:47.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2046.1295 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Kasia\Pulpit\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\sLT.exf
c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\sLT.exf
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-03-03 do 2012-04-03  )))))))))))))))))))))))))))))))
.
.
2012-05-18 13:54 . 2012-05-18 13:54	--------	d-----w-	c:\documents and settings\Kasia\Dane aplikacji\Search Settings
2012-05-18 13:54 . 2012-05-18 13:54	--------	d-----w-	c:\program files\Application Updater
2012-05-18 13:54 . 2012-05-18 13:54	--------	d-----w-	c:\program files\pdfforge Toolbar
2012-05-18 13:54 . 2012-05-18 13:54	--------	d-----w-	c:\program files\Common Files\Spigot
2012-04-03 16:19 . 2012-04-03 16:18	229376	----a-w-	c:\windows\system32\nvidia.exe
2012-04-02 22:20 . 2012-04-02 22:20	--------	d-----w-	c:\documents and settings\NetworkService\Dane aplikacji\McAfee
2012-03-29 06:40 . 2012-03-29 06:40	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-28 21:55 . 2012-03-28 21:55	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\McAfee
2012-03-28 21:55 . 2012-03-28 21:55	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\McAfee Security Scan
2012-03-28 21:55 . 2012-04-02 22:15	--------	d-----w-	c:\program files\McAfee Security Scan
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 18:41 . 2010-02-16 17:59	0	----a-w-	c:\documents and settings\Kasia\Ustawienia lokalne\Dane aplikacji\WavXMapDrive.bat
2010-08-23 13:02 . 2010-08-23 13:01	6259064	----a-w-	c:\program files\Silverlight.exe
2010-02-23 06:59 . 2010-11-12 09:10	549216	----a-w-	c:\program files\AecSetup.dll
2010-02-09 20:48 . 2010-11-12 09:10	1049312	----a-w-	c:\program files\PatchMgr.dll
2010-02-09 20:48 . 2010-11-12 09:09	47328	----a-w-	c:\program files\AcSetup.dll
2010-01-14 12:40 . 2010-11-12 09:11	693096	----a-w-	c:\program files\SetupUi.dll
2010-01-14 12:40 . 2010-11-12 09:11	704360	----a-w-	c:\program files\SetupAcadUi.dll
2010-01-14 12:40 . 2010-11-12 09:10	108392	----a-w-	c:\program files\LiteHtml.dll
2010-01-14 12:40 . 2010-11-12 09:10	544616	----a-w-	c:\program files\DeployUi.dll
2010-01-14 12:40 . 2010-11-12 09:10	85352	----a-w-	c:\program files\CIPUtil.dll
2010-01-14 12:40 . 2010-11-12 09:08	161640	----a-w-	c:\program files\AcDelTree.exe
2010-01-14 12:37 . 2010-11-12 09:11	319248	----a-w-	c:\program files\UPI.dll
2010-01-14 12:36 . 2010-11-12 09:10	375128	----a-w-	c:\program files\MC3Res.dll
2010-01-14 12:36 . 2010-11-12 09:10	1764696	----a-w-	c:\program files\MC3.dll
2010-01-14 12:36 . 2010-11-12 09:09	190688	----a-w-	c:\program files\senddmp.exe
2009-11-19 21:07 . 2010-11-12 09:09	189800	----a-w-	c:\program files\adlmutil.dll
2009-11-19 21:07 . 2010-11-12 09:09	1274728	----a-w-	c:\program files\adlmPIT.dll
2009-10-29 01:18 . 2010-11-12 09:10	653120	----a-w-	c:\program files\msvcr90.dll
2009-10-29 01:18 . 2010-11-12 09:10	569664	----a-w-	c:\program files\msvcp90.dll
2009-10-29 01:18 . 2010-11-12 09:10	225280	----a-w-	c:\program files\msvcm90.dll
2009-06-08 00:37 . 2010-11-12 09:10	3783672	----a-w-	c:\program files\mfc90u.dll
2008-05-05 18:55 . 2010-11-12 09:11	319248	----a-w-	c:\program files\UPI32.dll
2008-04-10 11:31 . 2010-11-12 09:11	1835888	----a-w-	c:\program files\xerces-c_2_8_AEC.dll
2004-05-04 13:53 . 2010-11-12 09:10	1645320	----a-w-	c:\program files\gdiplus.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-04-02_21.15.04   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-03 18:41 . 2012-04-03 18:41	16384              c:\windows\Temp\Perflib_Perfdata_1a4.dat
+ 2008-11-26 01:53 . 2012-04-03 11:18	23157              c:\windows\system32\nvModes.dat
- 2008-11-26 01:53 . 2012-04-02 08:28	23157              c:\windows\system32\nvModes.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-11-11 870400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-10-28 11539048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-25 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-06 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-05 148888]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"GrooveMonitor"="c:\instalki\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
c:\documents and settings\Kasia\Menu Start\Programy\Autostart\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-1-8 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-25 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 15:20	73728	----a-w-	c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\instalki\\utorrent.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\instalki\\Office12\\OUTLOOK.EXE"=
"c:\\instalki\\Office12\\GROOVE.EXE"=
"c:\\instalki\\Office12\\ONENOTE.EXE"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-16 108289]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2008-05-09 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-03-27 70656]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2008-05-09 14336]
S2 DCService.exe;DCService.exe;c:\documents and settings\All Users\Dane aplikacji\DatacardService\DCService.exe [2010-05-08 229376]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-01 116648]
S2 nvidia32;nvidia32;c:\windows\system32\nvidia.exe [2012-04-03 229376]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-03-27 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-03-27 117504]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-01 116648]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 zlportio;zlportio;\??\c:\documents and settings\Kasia\Moje dokumenty\Moja muzyka\Karaoke\USdeluxe\zlportio.sys --> c:\documents and settings\Kasia\Moje dokumenty\Moja muzyka\Karaoke\USdeluxe\zlportio.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-01 18:26]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-01 18:26]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=pl&l=pl&s=pad
IE: E&ksport do programu Microsoft Excel - c:\instalki\OFFICE11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\instalki\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\898j67to.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - prefs.js: network.proxy.http - 10.2.1.208
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Skojarzenia plików -------
.
.scr=AutoCADScriptFile
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-sblxrhoj - c:\windows\System32\sblxrhoj.exe
HKLM-Explorer_Run-1785 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msdubmna.pif
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-03 21:16
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1705175221-2088895020-1574827263-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\S*{]
@Class="Shell"
"a"="c:\\Materiały\\Materiały SEM 5\\ROW\\10.01.12_Szafko\\GP.Funkcje.Ćwiczenia.Materiały.SD_SO.SŻ"
"MRUList"="a"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Czas ukończenia: 2012-04-03  21:17:45
ComboFix-quarantined-files.txt  2012-04-03 19:17
ComboFix2.txt  2012-04-03 05:48
ComboFix3.txt  2012-04-02 21:48
.
Przed: 27 905 875 968 bajtów wolnych
Po: 27 892 248 576 bajtów wolnych
.
- - End Of File - - A0DF5FDAE3F387F5278563A0DD26DE71