ComboFix 10-12-12.03 - Maria 2010-12-13  17:52:33.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1250.48.1045.18.2038.904 [GMT 1:00]
Uruchomiony z: c:\users\Maria\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\jrfiy.pif

.
(((((((((((((((((((((((((   Pliki utworzone od 2010-11-13 do 2010-12-13  )))))))))))))))))))))))))))))))
.

2010-12-13 17:13 . 2010-12-13 17:13	--------	d-----w-	c:\users\Maria_2\AppData\Local\temp
2010-12-13 17:13 . 2010-12-13 17:13	--------	d-----w-	c:\users\Gość\AppData\Local\temp
2010-12-13 17:13 . 2010-12-13 17:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-13 14:56 . 2010-12-13 15:41	--------	d-----w-	C:\penkartA
2010-12-13 14:50 . 2010-12-13 14:50	--------	d-----w-	C:\GPWInfoReader1.35
2010-12-13 14:48 . 2010-12-13 14:48	--------	d-----w-	c:\users\Maria\AppData\Local\GPWInfoReader
2010-12-12 17:41 . 2010-12-12 17:41	--------	d-----w-	C:\na chwile!
2010-12-12 05:21 . 2010-12-12 05:21	--------	d-----w-	c:\users\Maria\AppData\Roaming\Netia
2010-12-11 20:01 . 2010-12-11 20:01	--------	d-----w-	c:\program files\ESET
2010-12-10 20:14 . 2010-11-10 04:33	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{10E9AF7E-13C5-4F2D-BCD6-01E79F0DF6E8}\mpengine.dll
2010-11-13 20:55 . 2002-12-05 13:10	155648	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-11-13 20:55 . 2002-12-02 12:33	32768	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2010-11-13 20:55 . 2002-12-02 12:33	237568	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-11-13 20:55 . 2010-11-13 20:55	163972	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-11-13 20:55 . 2003-02-27 15:12	696320	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-11-13 20:55 . 2002-12-02 14:22	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-11-13 20:55 . 2002-12-02 12:33	57344	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-11-13 20:55 . 2010-11-13 20:55	282756	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 17:22 . 2010-12-13 17:21	103140	--sh--r-	C:\aueme.exe
2010-10-19 09:41 . 2010-02-01 13:11	222080	------w-	c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2010-02-17 11534336]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-07 26186752]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-12-11 102752]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1549312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPrinter 2.0 monitor"="c:\program files\QPrinter Bookmaker\qprintmon --server" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 236056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 203288]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 270336]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2010-12-11 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 122880]
"Domino"="c:\windows\Domino.exe" [2006-07-04 122880]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-08-06 159744]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 718136]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 180224]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-04-12 335872]
"ISTray"="c:\program files\Metin2 i priv\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 109680]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 808600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

R3 dsnpfdMP;dsnpfdMP;c:\windows\system32\DRIVERS\dsnpfd.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 nssusb;%nssusb.SvcDesc%;c:\windows\system32\Drivers\nssusb.sys [2006-09-27 34575]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-06-23 480128]
R3 WSDPrintDevice;Obsługa drukowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\system32\DRIVERS\WSDPrint.sys [2006-11-02 16896]
R3 WSDScan;Obsługa skanowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\system32\DRIVERS\WSDScan.sys [2006-11-02 19968]
R3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys [2007-05-15 1472768]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-22 691696]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-06-26 204800]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Metin2 i priv\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-09-07 1373480]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: mbank.pl
FF - ProfilePath - c:\users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\e9g0dqxv.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: infoRSS: {f65bf62a-5ffc-4317-9612-38907a779583} - %profile%\extensions\{f65bf62a-5ffc-4317-9612-38907a779583}
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe
HKLM-Run-iPlusManager - c:\program files\iPlus\iPlusChecker.exe
AddRemove-iPlus manager_is1 - c:\program files\iPlus\unins000.exe
AddRemove-League of Legends_is1 - c:\program files\League of Legends\unins000.exe
AddRemove-Sniper Elite PL_is1 - c:\program files\Snajper Elite\Sniper Elite\unins000.exe
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 18:21
Windows 6.0.6000  NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H?&???????&??4&???^w????????????0???<???????|?????Xw??\w????3 ^w!?^w??????&???&???????F?L???~zrw??&?????x?&?????+?A???&?????J?A??$????????????F?$l@?`???????????? A?P???????J?A?[?@???&??v@???&??$????@???&???? 
  LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????H?&???????&??4&???^w????????????0???<???????|?????Xw??\w????3 ^w!?^w??????&???&???????F?L???~zrw??&?????x?&?????+?A???&?????J?A??$????????????F?$l@?`???????????? A?P???????J?A?[?@???&??v@???&??$????@???&???? 
  Wbutton = c:\program files\Launch Manager\WButton.exe?????H?&???????&??4&???^w????????????0???<???????|?????Xw??\w????3 ^w!?^w??????&???&???????F?L???~zrw??&?????x?&?????+?A???&?????J?A??$????????????F?$l@?`???????????? A?P???????J?A?[?@???&??v@???&??$????@???&???? 

skanowanie ukrytych plików ...  


c:\windows\system.ini 279 bytes
c:\users\Maria\AppData\Local\Temp\0ahfayhh.0.cs 14213 bytes
c:\users\Maria\AppData\Local\Temp\0ahfayhh.cmdline 585 bytes
c:\users\Maria\AppData\Local\Temp\0ahfayhh.dll 0 bytes
c:\users\Maria\AppData\Local\Temp\0ahfayhh.err 0 bytes
c:\users\Maria\AppData\Local\Temp\0ahfayhh.out 668 bytes
c:\users\Maria\AppData\Local\Temp\0ahfayhh.tmp 0 bytes

skanowanie pomyślnie ukończone
ukryte pliki: 7

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'Explorer.exe'(5680)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\java.exe
c:\program files\Metin2 i priv\Spyware Doctor\pctsSvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\conime.exe
c:\program files\QPrinter Bookmaker\qprintmon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Nowe Gadu-Gadu\spellchecker_gg.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Czas ukończenia: 2010-12-13  18:33:58 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2010-12-13 17:33

Przed: 361 290 911 744 bajtów wolnych
Po: 388 305 932 288 bajtów wolnych

- - End Of File - - A86EA76D7CAB659B4D539DE563F1ABF6