ComboFix 13-05-12.01 - Administrator 2013-05-13  16:16:54.3.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.2046.1586 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-04-13 do 2013-05-13  )))))))))))))))))))))))))))))))
.
.
2013-05-13 11:41 . 2013-05-13 11:41	--------	d-----w-	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera
2013-05-13 08:53 . 2013-05-13 08:53	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\Windows Search
2013-05-03 18:09 . 2013-05-03 18:10	--------	d-----w-	c:\program files\A Gnome's Home - The Great Crystal Crusade
2013-04-25 18:06 . 2013-04-25 18:06	--------	d-----w-	c:\program files\e-Deklaracje
2013-04-25 18:06 . 2013-04-25 18:06	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2013-04-17 13:57 . 2013-04-25 18:21	--------	d-----w-	c:\program files\Island Tribe 4
2013-04-16 17:06 . 2013-04-16 17:07	--------	d-----w-	c:\program files\Green City
2013-04-16 17:01 . 2013-04-16 17:02	--------	d-----w-	c:\program files\Sweet Kingdom - Enchanted Princess
2013-04-16 16:58 . 2013-04-16 16:59	--------	d-----w-	c:\program files\Outta This Kingdom
2013-04-16 16:57 . 2013-05-03 18:44	--------	d-----w-	c:\program files\DoubleGames.pl
2013-04-16 10:25 . 2013-04-17 07:14	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AlawarEntertainment
2013-04-16 10:19 . 2013-04-16 10:19	--------	d-----w-	c:\program files\Ballad of Solar
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 15:48 . 2012-11-06 15:17	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-13 15:48 . 2012-11-06 15:17	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2006-03-02 12:00	293888	----a-w-	c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2006-03-02 12:00	2151424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-04 00:39	2030080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:08 . 2006-03-02 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2006-03-02 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2006-03-02 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-03-02 01:58 . 2006-03-02 12:00	1867520	----a-w-	c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2006-03-02 12:00	385024	----a-w-	c:\windows\system32\html.iec
2013-02-27 07:58 . 2008-03-08 23:09	2067456	----a-w-	c:\windows\system32\mstscax.dll
2004-10-01 13:00 . 2008-04-27 15:36	40960	----a-w-	c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26	3908192	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2010-10-18 10:26	3908192	----a-w-	c:\program files\MyPlayCity\tbMyP2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4accc990-3dc7-4456-a734-5cb4b610a7f5}]
2013-01-08 20:23	2087624	----a-w-	c:\program files\Winamp Toolbar\winamppltb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2010-10-18 10:26	3908192	----a-w-	c:\program files\Free_Lunch_Design\tbFre0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
2007-07-31 14:33	1391640	----a-w-	c:\program files\Absolutist_Games\tbAbso.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}]
2011-05-09 09:49	176936	----a-w-	c:\program files\gry\prxtbgr0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "c:\program files\Absolutist_Games\tbAbso.dll" [2007-07-31 1391640]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP2.dll" [2010-10-18 3908192]
"{8532a8b7-c06a-41bb-936a-8ce73e4711ed}"= "c:\program files\gry\prxtbgr0.dll" [2011-05-09 176936]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2010-10-18 3908192]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\AllGamesHome Toolbar\tbcore3.dll" [2011-08-18 2659456]
"{a0b1221c-a3ff-4f7c-a393-dc63af5301e9}"= "c:\program files\Winamp Toolbar\winamppltb.dll" [2013-01-08 2087624]
.
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
.
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
.
[HKEY_CLASSES_ROOT\clsid\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}]
.
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808]
.
[HKEY_CLASSES_ROOT\clsid\{a0b1221c-a3ff-4f7c-a393-dc63af5301e9}]
[HKEY_CLASSES_ROOT\WinampplTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{15881dc0-be28-4dee-a912-ef684d93a9a4}]
[HKEY_CLASSES_ROOT\WinampplTb.AOLToolBand]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"nwiz"="nwiz.exe" [2007-11-06 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-11 149280]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-06-28 32768]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="e:\power dvd\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-28 74752]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-10-8 541976]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\LIMEWIRE\\LimeWire.exe"=
"e:\\GG\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-12-28 20624]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [2008-03-12 146112]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [2008-03-12 6272]
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-06 15:48]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 20:17]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 20:17]
.
.
------- Skan uzupełniający -------
.
mStart Page = hxxp://home.myplaycity.com/
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 95.160.170.92 88.156.222.92
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-13 16:25
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(944)
c:\windows\system32\WININET.dll
.
Czas ukończenia: 2013-05-13  16:27:21
ComboFix-quarantined-files.txt  2013-05-13 14:27
ComboFix2.txt  2013-05-13 13:58
ComboFix3.txt  2013-05-13 12:11
.
Przed: 33 472 757 760 bajtów wolnych
Po: 33 464 217 600 bajtów wolnych
.
- - End Of File - - 2F94928FBFDC5BDB7BD76553FA3D6C37