ComboFix 12-10-26.05 - Andrzej 2012-10-27  12:03:07.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.1919.1516 [GMT 2:00]
Uruchomiony z: G:\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\lsass.exe
c:\documents and settings\All Users\Dane aplikacji\netdislw.pad
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\Andrzej\12.JPG
c:\documents and settings\Andrzej\Recent\Thumbs.db
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\RewardsArcade
c:\program files\RewardsArcade\appAPIinternalWrapper.js
c:\program files\RewardsArcade\fb.js
c:\program files\RewardsArcade\jquery.js
c:\program files\RewardsArcade\json.js
c:\program files\RewardsArcade\RewardsArcade.dll
c:\program files\RewardsArcade\RewardsArcade.exe
c:\program files\RewardsArcade\Uninstall.exe
c:\program files\RewardsArcade\UserConfirmation.exe
c:\windows\ktkm2.dll
c:\windows\ktkm3.dll
c:\windows\ktkm34.dll
c:\windows\ktkm36.dll
c:\windows\ktkm4.dll
c:\windows\ktkm8.dll
c:\windows\system32\AppLog.log
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-09-27 do 2012-10-27  )))))))))))))))))))))))))))))))
.
.
2012-10-27 09:12 . 2012-10-27 09:12	--------	d-----w-	c:\documents and settings\Administrator
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a31ac2d0-a903-45d6-82be-3c0206868997}"= "c:\program files\Softonic.com.PL_FF\prxtbSoft.dll" [2011-05-09 176936]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
"{707db484-2428-402d-afb5-d85b387544c7}"= "c:\program files\Mario_Forever\tbMari.dll" [2009-06-23 2211352]
.
[HKEY_CLASSES_ROOT\clsid\{a31ac2d0-a903-45d6-82be-3c0206868997}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 14:02	3863136	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7}]
2009-06-23 06:53	2211352	----a-w-	c:\program files\Mario_Forever\tbMari.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-01-06 14:06	721840	----a-w-	c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a31ac2d0-a903-45d6-82be-3c0206868997}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Softonic.com.PL_FF\prxtbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
2010-09-12 14:02	3863136	----a-w-	c:\program files\IncrediMail_MediaBar_2\tbIncr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a31ac2d0-a903-45d6-82be-3c0206868997}"= "c:\program files\Softonic.com.PL_FF\prxtbSoft.dll" [2011-05-09 176936]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
"{707db484-2428-402d-afb5-d85b387544c7}"= "c:\program files\Mario_Forever\tbMari.dll" [2009-06-23 2211352]
.
[HKEY_CLASSES_ROOT\clsid\{a31ac2d0-a903-45d6-82be-3c0206868997}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2010-11-02 1432064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-12-16 12984928]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19673736]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-11-24 366024]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"ares"="c:\program files\Ares\Ares.exe" [2012-02-02 3209216]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"GameXN GO"="c:\documents and settings\All Users\Dane aplikacji\GameXN\GameXNGO.exe" [2012-02-09 347008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-11-10 1725440]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
.
c:\documents and settings\Andrzej\Menu Start\Programy\Autostart\
ctfmon.lnk - c:\qoobox\Quarantine\C\Documents and Settings\All Users\Dane aplikacji\lsass.exe.vir [2012-10-26 33280]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2012-02-08 436792]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-03-04 11352]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-04-01 793048]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2010-12-01 24576]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-03-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-02 19472]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2010-12-01 1260672]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 136176]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 136176]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 18:32]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 18:32]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1993962763-682003330-1004Core.job
- c:\documents and settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-04 21:47]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1993962763-682003330-1004UA.job
- c:\documents and settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-04 21:47]
.
2012-10-20 c:\windows\Tasks\Norton Security Scan for Andrzej.job
- c:\progra~1\NORTON~2\Engine\313~1.6\Nss.exe [2011-06-17 01:30]
.
2012-10-24 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-04-01 11:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = pl.v9.com/pbr/pbr_1350068534_594426
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = pl.v9.com/pbr/pbr_1350068534_594426
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.172.224.160 89.231.1.206
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
Toolbar-10 - (no file)
HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe
AddRemove-FoxTab Music Converter - c:\program files\FoxTabMusicConverter\Uninstall\Uninstall.exe
AddRemove-PDF Reader - c:\program files\PDFReader\Uninstall\Uninstall.exe
AddRemove-RewardsArcade - c:\program files\RewardsArcade\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-27 12:16
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
.
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\WISPTIS.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\IncrediMail\Bin\ImApp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Czas ukończenia: 2012-10-27  12:28:07 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-10-27 10:27
.
Przed: 25 227 132 928 bajtów wolnych
Po: 27 083 628 544 bajtów wolnych
.
- - End Of File - - 6C723E292D74BDC410D28395A96A81D3