ComboFix 12-10-18.03 - Mariola 2012-10-19   0:06.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.48.1045.18.2813.2327 [GMT 2:00]
Uruchomiony z: c:\users\Mariola\Downloads\ComboFix.exe
AV: McAfee  Anti-Virus i Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus i Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPly.xpi
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdate.log
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\startsplg.crx
c:\programdata\0tbpw.pad
c:\programdata\lsass.exe
c:\users\Mariola\AppData\Roaming\.#
c:\users\Public\sdelevURL.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-09-18 do 2012-10-18  )))))))))))))))))))))))))))))))
.
.
2012-10-06 16:02 . 2012-10-06 16:02	--------	d--h--w-	c:\programdata\Common Files
2012-10-06 15:46 . 2012-10-06 15:47	--------	d-----w-	c:\windows\system32\world
2012-10-06 15:44 . 2012-10-08 19:37	--------	d-----w-	c:\programdata\SweetIM
2012-10-06 14:34 . 2012-10-06 14:34	--------	d-----w-	c:\users\Mariola\AppData\Roaming\.spoutcraft
2012-09-20 17:38 . 2008-07-31 08:41	68616	----a-w-	c:\windows\system32\XAPOFX1_1.dll
2012-09-20 17:38 . 2008-07-31 08:40	509448	----a-w-	c:\windows\system32\XAudio2_2.dll
2012-09-20 17:38 . 2008-07-12 06:18	467984	----a-w-	c:\windows\system32\d3dx10_39.dll
2012-09-20 17:38 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\system32\D3DX9_39.dll
2012-09-20 17:38 . 2008-07-12 06:18	1493528	----a-w-	c:\windows\system32\D3DCompiler_39.dll
2012-09-20 16:46 . 2012-09-20 21:30	--------	d-----w-	c:\users\Mariola\AppData\Local\PMB Files
2012-09-20 16:46 . 2012-09-20 16:46	--------	d-----w-	c:\programdata\PMB Files
2012-09-20 16:46 . 2012-09-20 16:46	--------	d-----w-	c:\program files\Pando Networks
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 11:13 . 2012-09-04 11:14	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 11:13 . 2011-12-25 18:23	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-03 21:09 . 2012-04-06 06:18	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-03 21:09 . 2011-12-14 15:30	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 07:24 . 2012-08-23 07:24	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-10-12 21:53 . 2012-10-12 21:53	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-07-04 130904]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03	1310040	----a-r-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"syshost32"="c:\users\Mariola\AppData\Local\{0D35A451-F5C2-1DA8-B1AD-95D2916F5562}\syshost.exe" [2012-09-01 356864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2008-12-18 690720]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-21 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-21 92704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-09 870920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"UnlockerAssistant"="c:\users\Mariola\Pictures\NIE WCHODZIĆ\xD\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Browsers Protector"="c:\program files\Browsers Protector\regmon32.exe" [2012-02-15 147784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\users\Mariola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\programdata\lsass.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
2007-09-12 11:17	340136	----a-w-	d:\programy\Ulead\uvPL.exe
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2738033213-3962626636-1705431899-1000Core.job
- c:\users\Mariola\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-05 16:00]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2738033213-3962626636-1705431899-1000UA.job
- c:\users\Mariola\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-05 16:00]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://startsear.ch/?aff=1&cf=4b7fef9f-364c-11e1-b10f-00235a523612
mStart Page = hxxp://home.sweetim.com/?st=6&barid={B90FBE1F-5CB6-11E1-9CC3-00235A523612}
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.204.152.34 194.204.159.1
FF - ProfilePath - c:\users\Mariola\AppData\Roaming\Mozilla\Firefox\Profiles\xihgilqf.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1&cf=4b7fef9f-364c-11e1-b10f-00235a523612
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF - ExtSQL: 2012-08-23 09:24; {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-06 18:04; {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}; c:\users\Mariola\AppData\Roaming\Mozilla\Firefox\Profiles\xihgilqf.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - ExtSQL: !HIDDEN! 2012-01-30 18:46; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
user_pref('extensions.dealply.partner', 'sft3');
user_pref('extensions.dealply.channel', 'sft3soft32');
user_pref('extensions.dealply.installId', 'v24300217815436370528582012100618042220');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '0');
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Legion - c:\program files\Legion\Legion.exe
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-PaintToolSAI - c:\users\Mariola\Desktop\Music (Yuuki)\.My favourite fots\PaintToolSAI\PaintToolSAI\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-19 00:30
Windows 6.0.6001 Service Pack 1 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'Explorer.exe'(1504)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Acer\Acer ePower Management\ePowerSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\windows\system32\mfevtps.exe
c:\windows\system32\rundll32.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\system32\conime.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\agent\McUpdate.exe
.
**************************************************************************
.
Czas ukończenia: 2012-10-19  00:34:08 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-10-18 22:33
.
Przed: 17 490 575 360 bajtów wolnych
Po: 17 359 605 760 bajtów wolnych
.
- - End Of File - - D8DCA614A52CA5DFC75A13BA2E5F29EC