ComboFix 12-07-06.02 - Tomas 2012-07-07   1:03.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.3263.2925 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Tomas.WOLFGANG-1F52A2\Pulpit\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Dane aplikacji\hpe28.dll
c:\documents and settings\Tomas.WOLFGANG-1F52A2\Ustawienia lokalne\Dane aplikacji\promo.exe
c:\documents and settings\Tomas.WOLFGANG-1F52A2\WINDOWS
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\windows\system32\SET43.tmp
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-06 do 2012-07-06  )))))))))))))))))))))))))))))))
.
.
2012-07-06 14:02 . 2012-07-06 14:02	--------	d-----w-	c:\documents and settings\Tomas.WOLFGANG-1F52A2\Dane aplikacji\hellomoto
2012-07-04 13:06 . 2012-07-04 13:06	--------	d-----w-	c:\documents and settings\Tomas.WOLFGANG-1F52A2\Ustawienia lokalne\Dane aplikacji\ALLMediaServer
2012-07-04 13:06 . 2012-07-04 13:06	--------	d-----w-	c:\program files\ALLMediaServer
2012-06-29 22:23 . 2012-06-29 22:23	--------	d-----w-	c:\documents and settings\Tomas.WOLFGANG-1F52A2\Dane aplikacji\NapiProjekt
2012-06-17 12:55 . 2060-08-18 17:02	2023424	------w-	c:\windows\system32\Vcl50.bpl
2012-06-17 12:55 . 2060-08-18 17:02	1496064	------w-	c:\windows\system32\Cc3250mt.dll
2012-06-17 12:55 . 2060-08-18 17:02	248832	------w-	c:\windows\system32\Vclx50.bpl
2012-06-17 12:55 . 2000-01-24 03:01	101888	------w-	c:\windows\system32\vcljpg50.bpl
2012-06-17 12:55 . 2060-08-18 16:40	909824	------w-	c:\windows\system32\Cp3245mt.dll
2012-06-17 12:55 . 2060-08-18 16:40	24064	------w-	c:\windows\system32\Borlndmm.dll
2012-06-17 12:55 . 2012-06-17 12:55	--------	d-----w-	c:\program files\Common Files\GraphBoard 2.00
2012-06-17 12:55 . 2000-02-25 10:00	49152	----a-w-	c:\windows\system32\vvrtkclients.dll
2012-06-17 12:55 . 2000-02-25 10:00	421888	----a-w-	c:\windows\system32\setresuk.dll
2012-06-17 12:55 . 2000-02-25 10:00	317952	----a-w-	c:\windows\system32\roboex32.dll
2012-06-17 12:55 . 2000-02-25 10:00	18944	----a-w-	c:\windows\system32\VVRtkReg.dll
2012-06-17 12:55 . 2000-02-25 10:00	167936	----a-w-	c:\windows\system32\setnote.cpl
2012-06-17 12:52 . 2005-03-11 06:31	614532	----a-w-	c:\program files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
2012-06-17 00:35 . 2012-06-17 00:35	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2012-06-07 00:17 . 2012-06-07 00:17	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-07 00:17 . 2012-06-07 00:17	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 13:49 . 2010-11-25 22:10	80384	----a-w-	c:\windows\system32\mkzlib.dll
2012-07-03 13:49 . 2010-11-25 22:10	24576	----a-w-	c:\windows\system32\mkunicode.dll
2012-06-02 13:19 . 2010-04-28 20:04	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-04-28 20:04	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-04-28 20:04	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-06 17:24	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24	24088	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-04-28 20:04	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-04-28 20:04	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-03-02 12:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24	16408	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-04-28 20:04	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-04-28 20:04	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-08-06 17:23	18968	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18 . 2010-05-01 14:31	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-05-01 14:31	214256	----a-w-	c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-05-01 14:31	18160	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-03-02 12:00	602624	----a-w-	c:\windows\system32\crypt32.dll
2012-05-15 13:55 . 2006-03-02 12:00	1863424	----a-w-	c:\windows\system32\win32k.sys
2012-05-05 03:14 . 2006-03-02 12:00	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 00:38	2028032	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47 . 2010-04-28 20:02	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-30 15:18 . 2012-04-30 15:18	4608	----a-w-	c:\windows\system32\w95inf32.dll
2012-04-30 15:18 . 2012-04-30 15:18	2272	----a-w-	c:\windows\system32\w95inf16.dll
2012-06-16 07:07 . 2012-03-29 20:50	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50	1197448	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	123536	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2009-01-17 5853672]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"TapiMigPlugin"="c:\documents and settings\Tomas.WOLFGANG-1F52A2\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\164\TapiMigPlugin.exe" [2012-07-06 49664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"e:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"d:\\Program Files\\Wiedźmin 2\\bin\\witcher2.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\1ClickDownload\\1ClickDownload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [2010-04-28 210304]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2010-04-28 28672]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-04-16 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-04-28 337880]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-04-28 20696]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-30 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-04-26 2218600]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2011-09-03 90112]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-30 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 113120]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-04-26 119272]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-09-03 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-09-03 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-09-03 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-09-03 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-09-03 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-09-03 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-09-03 123504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 12:43	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-30 10:55]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-30 10:55]
.
2012-07-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gazeta.pl/0,0.html?p=136
uInternet Connection Wizard,ShellNext = hxxp://registration.ubi.com/redirect.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 95.160.170.92 88.156.222.92
FF - ProfilePath - c:\documents and settings\Tomas.WOLFGANG-1F52A2\Dane aplikacji\Mozilla\Firefox\Profiles\57u24th3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html?p=136
FF - user.js: extensions.BabylonToolbar_i.id - 8494707e00000000000000161775503d
FF - user.js: extensions.BabylonToolbar_i.hardId - 8494707e00000000000000161775503d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15361
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-07 01:09
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2012-07-07  01:10:42
ComboFix-quarantined-files.txt  2012-07-06 23:10
.
Przed: 3 739 099 136 bajtów wolnych
Po: 8 471 982 080 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 97D4803C50302905C10A5DA486B93FE8