ComboFix 13-10-24.01 - WiesławF 2013-10-25  12:22:40.43.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3327.2641 [GMT 2:00]
Uruchomiony z: C:\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-09-25 do 2013-10-25  )))))))))))))))))))))))))))))))
.
.
2013-10-25 09:47 . 2009-02-24 16:42	116736	----a-w-	c:\windows\system32\drivers\mcdbus.sys
2013-10-25 09:31 . 2013-10-25 09:50	242240	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-10-25 09:27 . 2013-10-25 09:31	--------	d-----w-	c:\documents and settings\WiesławF\Dane aplikacji\DAEMON Tools Pro
2013-10-25 09:27 . 2013-10-25 09:27	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Pro
2013-10-25 08:34 . 2009-02-17 16:22	348160	----a-w-	c:\windows\system32\msvcr71.dll
2013-10-25 08:34 . 2009-02-17 16:22	12416	----a-w-	c:\windows\system32\drivers\asusgsb.sys
2013-10-24 14:12 . 2009-07-30 09:15	14336	----a-w-	c:\windows\system32\drivers\EIO_XP.sys
2013-10-24 13:33 . 2013-10-25 09:03	1125540	----a-w-	c:\windows\system32\nvdrsdb1.bin
2013-10-24 13:33 . 2013-10-25 09:03	1	----a-w-	c:\windows\system32\nvdrssel.bin
2013-10-24 13:33 . 2013-10-25 08:29	1125540	----a-w-	c:\windows\system32\nvdrsdb0.bin
2013-10-24 13:33 . 2013-10-16 00:32	2631680	----a-w-	c:\windows\system32\nvapi.dll
2013-10-24 13:33 . 2013-10-16 00:32	22171648	----a-w-	c:\windows\system32\nvoglnt.dll
2013-10-24 13:32 . 2013-10-16 00:32	9498624	----a-w-	c:\windows\system32\nvcuda.dll
2013-10-24 13:32 . 2013-10-16 00:32	9457664	----a-w-	c:\windows\system32\nvopencl.dll
2013-10-24 13:32 . 2013-10-16 00:32	893728	----a-w-	c:\windows\system32\nvdispgenco3233158.dll
2013-10-24 13:32 . 2013-10-16 00:32	2951968	----a-w-	c:\windows\system32\nvcuvid.dll
2013-10-24 13:32 . 2013-10-16 00:32	2747168	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-10-24 13:32 . 2013-10-16 00:32	17551360	----a-w-	c:\windows\system32\nvcompiler.dll
2013-10-24 13:32 . 2013-10-16 00:32	1049888	----a-w-	c:\windows\system32\nvdispco3233158.dll
2013-10-24 13:31 . 2013-10-24 13:31	--------	d-----w-	C:\NVIDIA
2013-10-21 12:24 . 2013-07-17 00:58	123008	-c----w-	c:\windows\system32\dllcache\usbvideo.sys
2013-10-21 12:24 . 2013-07-17 00:58	46848	-c----w-	c:\windows\system32\dllcache\irbus.sys
2013-10-21 12:22 . 2013-08-09 00:55	32384	-c----w-	c:\windows\system32\dllcache\usbccgp.sys
2013-10-21 12:22 . 2013-08-09 00:55	5376	-c----w-	c:\windows\system32\dllcache\usbd.sys
2013-10-21 12:22 . 2009-03-18 11:02	30336	-c----w-	c:\windows\system32\dllcache\usbehci.sys
2013-10-21 12:22 . 2013-08-09 00:55	144128	-c----w-	c:\windows\system32\dllcache\usbport.sys
2013-10-06 14:27 . 2013-10-06 14:27	--------	d-----w-	c:\program files\Kaspersky Lab
2013-10-06 14:27 . 2013-06-08 18:18	93280	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-09-30 16:37 . 2013-10-02 15:21	--------	d-----w-	c:\documents and settings\WiesławF\Ustawienia lokalne\Dane aplikacji\AppsHat Mobile Apps
2013-09-30 16:36 . 2013-09-30 16:36	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Babylon
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-25 10:17 . 2013-04-14 18:35	5136677	------r-	C:\ComboFix.exe
2013-10-16 00:32 . 2007-05-10 22:03	4077440	----a-w-	c:\windows\system32\nv4_disp.dll
2013-10-16 00:32 . 2007-05-10 22:03	12627104	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2013-10-06 14:37 . 2013-05-06 07:22	135776	----a-w-	c:\windows\system32\drivers\kl1.sys
2013-10-06 14:37 . 2013-05-05 20:42	24160	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2013-10-06 14:37 . 2013-05-05 20:42	24672	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2013-09-23 18:25 . 2004-08-03 22:44	920064	----a-w-	c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2004-08-03 22:44	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2004-08-03 22:44	43520	------w-	c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2004-08-03 22:43	18944	----a-w-	c:\windows\system32\corpol.dll
2013-09-23 18:07 . 2004-08-03 22:36	385024	----a-w-	c:\windows\system32\html.iec
2013-09-20 08:07 . 2012-06-04 18:00	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-09-20 08:07 . 2012-06-04 18:00	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-29 07:01 . 2004-08-03 22:37	1878912	----a-w-	c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2010-12-09 21:15	26240	----a-w-	c:\windows\system32\drivers\usbser.sys
2013-08-09 01:56 . 2004-08-03 22:44	389632	----a-w-	c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2004-08-03 21:08	144128	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2008-02-19 14:12	32384	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2001-08-18 00:03	5376	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2004-08-03 22:44	1289216	----a-w-	c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 19:47	1543680	------w-	c:\windows\system32\wmvdecod.dll
2010-01-31 10:02	164352	--sh--w-	c:\windows\system32\SC.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-02 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\explorer.exe
.
[-] 2008-04-14 . AA16572097E544B985D6B5CBD4CB164C . 227328 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AA16572097E544B985D6B5CBD4CB164C . 227328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2008-04-14 . FD317A23C3EB2A856E74279FBE04B9C2 . 149504 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\regedit.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawidłowe wpisy nie sš pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 135168]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408]
"OODefragTray"="d:\program files\OO Software\Defrag\oodtray.exe" [2010-09-10 2771784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-15 15709984]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2013-10-15 209184]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-10-16 2602784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
.
c:\documents and settings\WiesławF\Menu Start\Programy\Autostart\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe /s [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^WiesławF^Menu Start^Programy^Autostart^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^WiesławF^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\firefox.exe]
2013-10-01 09:03	274840	----a-w-	c:\program files\Mozilla Firefox\firefox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-08-07 12:25	21432	----a-w-	c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-08-07 12:25	960440	----a-w-	c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-08-07 12:25	3524536	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 12:50	532040	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-10-15 22:26	15709984	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-10-15 22:26	209184	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-04-16 11:53	1079808	----a-w-	d:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2009-02-02 23:07	306088	----a-w-	d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2008-04-04 18:37	88584	----a-w-	c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Hamachi2Svc"=2 (0x2)
"IS360service"=2 (0x2)
"dgdersvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"ServiceLayer"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MBAMService"=2 (0x2)
"BBUpdate"=2 (0x2)
"BBSvc"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"Skype C2C Service"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"CTDevice_Srv"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"IDriverT"=3 (0x3)
"MBAMScheduler"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"TuneUp.UtilitiesSvc"=2 (0x2)
"FsUsbExService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"=
"c:\\WINDOWS\\system32\\imapi.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe"=
"d:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"d:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"d:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"e:\\Gry\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"e:\\Program Files\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"c:\\Program Files\\Atari\\AITD\\Alone.exe"=
"o:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"o:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"e:\\Program Files\\Paradox Interactive\\Majesty 2\\Majesty2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"o:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\uTorrent1.8.5\\uTorrent1.8.5.exe"=
"o:\\Program Files\\Medal of Honor\\Binaries\\moh.exe"=
"o:\\Program Files\\Medal of Honor\\Binaries\\MoHUpdater.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20096:TCP"= 20096:TCP:BitComet 20096 TCP
"20096:UDP"= 20096:UDP:BitComet 20096 UDP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [2013-04-12 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-05-14 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-06-06 145120]
R2 OODefragAgent;O&O Defrag Agent;d:\program files\OO Software\Defrag\oodag.exe [2010-09-10 2320712]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-10-01 38656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2013-04-19 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-05-05 24160]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-05-05 24672]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2010-03-11 4224]
S1 AntiLog32;AntiLog32;\??\c:\program files\AntiLogger\AntiLog32.sys --> c:\program files\AntiLogger\AntiLog32.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-01-05 1691480]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\WIESAW~1\USTAWI~1\Temp\aswArKrn.sys --> c:\docume~1\WIESAW~1\USTAWI~1\Temp\aswArKrn.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-04-17 20032]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-12-28 23152]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys --> c:\windows\system32\drivers\ewfiltertdidriver.sys [?]
S3 flashusb;flashusb;c:\windows\system32\drivers\flashusb.sys [2012-08-18 16384]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-09-13 36640]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-06-06 13224]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-03-31 22856]
S3 moraq5aa;Vba32 Armour Driver;c:\windows\system32\drivers\moraq5aa.sys [2010-03-04 70024]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 pbfilter;pbfilter;d:\peerblock_r181__win32_release\pbfilter.sys [2010-01-12 14424]
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2010-12-09 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2010-12-09 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2010-12-09 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2010-12-09 100352]
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys --> c:\windows\System32\Drivers\sunkfilt6.sys [?]
S3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [2004-07-23 46536]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-09-13 217088]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-23 418376]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-03-31 701512]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 04:51	1185744	----a-w-	c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Zawartoœć folderu 'Zaplanowane zadania'
.
2013-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 08:07]
.
2013-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-08 21:20]
.
2013-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-08 21:20]
.
.
------- Skan uzupełniajšcy -------
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: ????3?? - c:\documents and settings\WiesławF\Dane aplikacji\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\WiesławF\Dane aplikacji\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 62.179.1.63 62.179.1.62
DPF: {A1FE3DEF-11D4-CF77-8340-0080C8D7ED4A} - hxxp://cached.gamedesire.com/g_bin/pl/pirate_2_0_0_34.cab
DPF: {A9ED6AA2-4D71-D9D4-9586-E293E2E3580B} - hxxp://cached.gamedesire.com/g_bin/pl/marbles_2_0_0_36.cab
DPF: {AD7013FF-4F36-1D9A-94A6-3CD408A663F9} - hxxp://cached.gamedesire.com/g_bin/pl/breakout_2_0_0_33.cab
DPF: {E23FABEE-33DA-12E3-DA12-195DAC123984} - hxxp://cached.gamedesire.com/g_bin/pl/mahjong_2_0_0_35.cab
FF - ProfilePath - c:\documents and settings\WiesławF\Dane aplikacji\Mozilla\Firefox\Profiles\ai6ahoed.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=winamp-ff&s_qt=sb&tb_uuid=20130518105457318&tb_oid=17-05-2013&tb_mrud=18-05-2013&query=
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxps://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - ExtSQL: 2013-10-06 16:37; anti_banner@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-10-06 16:37; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-10-06 16:37; online_banking@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-10-06 16:37; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-10-06 16:37; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 4491c2fa000000000000001bfc796b2e
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15978
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.618:37
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=124742&tsp=5021
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-25 12:26
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyœlnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,7a,64,d2,32,4a,34,4e,a7,b5,7d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,7a,64,d2,32,4a,34,4e,a7,b5,7d,\
.
[HKEY_USERS\S-1-5-21-1390067357-1844237615-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]
@="c:\\Documents and Settings\\WiesławF\\Dane aplikacji\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1390067357-1844237615-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQčţ”Ľc]
@="c:\\Documents and Settings\\WiesławF\\Dane aplikacji\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1390067357-1844237615-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:93,91,6a,e0,24,a8,cf,8c,9c,00,d1,e5,ba,bd,0f,18,52,ce,76,d4,23,c7,91,
   1e,57,12,6d,6d,8b,eb,f4,d1,23,e1,48,ce,c4,95,2e,9c,71,5f,c5,40,d5,1d,88,a9,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1390067357-1844237615-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c0,99,ae,01,4f,fa,c5,6a,fc,7a,d8,de,0a,b8,4e,4a,26,07,9e,47,71,
   fe,5a,2f,d1,24,fe,81,23,62,d9,60,6f,1e,da,7a,d6,7e,ce,cf,9d,c8,c2,c8,e3,3c,\
"rkeysecu"=hex:42,55,cb,4c,4f,28,a6,fd,ae,eb,f4,8a,e8,d9,9a,8c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="DEFE54DE5D1383524B1422ED6E35E306BC73DDD6D3CD55A945EDF444B5D59991FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794C038D530D6EB3452FEBC9E127BECC74C1B7334E4C324E436278F9E6BEEE295634A5BE9086E620FA1CCEC10A398F951685B76C3408AF28E6A04DBB73ECCADCF277CD79F3DBE476591BAB714835EE032395D9A3F79D2EA3D18E24D53B1CD8093DAB7B05E08BD597E4C062A604750C78B41E4353E663C485A9C4E6D7853671B4964E83CB94D57F860E29E91B44C6ECD9DD687A24FFEFD0A87B920C6205626FC8E0F51DB39198A46C4C7CCBAC4184C556138B242F3E1DEF4179488EBB88DA66BB287856DD699EA2919D2A8F7B7D21306010522F89E4D3F1110B68A7025751B703C616DD902A29E4BFDBF20A12A477F4AD842EA2D3B298DAB2E0D806DBAABCAD8609248091E2B611A492DF591ACE6E052FD5672CA257C5153626A13FEC2708F358E76246802CC8347851F3FA5C2C39C91B510F4412E74A25DCE8244C67C2C57DB674A676AF9C767CA707CE5426418A9BDFA1FFE051B622FE1CA70E6699967A464BCB14A8542FD055E7911A6CBFCBD94D17C97F58CA43B37BBE22FA30E3FCF0D2D1931D9B110F6E5FE480C942F6EB4FD8E9BF18E54F817118B56A275E189B63C56B935F66D89DC2BEF358015598B229AF66F8B54DCB6332736188F2B170414EF468C8B553AC97F87B6CD6662BD9C4DB1D0C32326A7F4F0F364D09DEAE032807A26B8657E9D6051421E54190AD35D229F28955D36BEBCD40B80DA5CAA7909B9C061155ACFA2CF693734BDD86C94FDB0D64C97448C2B8A88113CC53CB51AF322BF2A2F6579541083D34AB4C64100222C58CF314282FECE573E0AD5132E87503F83F6476380C50A7C1E76146C9217E26E3E0B7CA8C74C6F34E024821A0704703C2F7E5197BC8D1F59AA14EFB33B624B703518472C5FAB45325A05766E06D819E4F740F5A8DB43A13FA6C08C6DEF6B5CD37B5695659EB81D8B206E1391495285AB2AFB92205E07D67A4F5E644B36C1085C68681D4F3292381B3B626AE8BFC0E4A8223637ED1A777C78FA14A4E6E577B8726136C7CB17DBCBE4C72B433F2D7AD692D3B9A862B63DC0CD0E4B2E3A2EA24A21646A359EA1BF7F0C79D39A3FA8D671C94493DD353180C4B005B197A4115E8A9801F4B770F765F258132C9FFB2032C14E8E138501D9ED227BEF3929E9E349BFAC5C87D44D948034B86FC9B5EB516EC14860CF00C2D539622DF0996131CF07A1D5AC1B472646424BBDF903F3E5506E667EFBA0DF5E1E978569BF4CF006543DDA2F40E9FE4EB062AE9B37752729859C9562B7A46F1A0041FDF6278EBED741968C79F6F29D7FC99D4D2BB901CD57AB65A783FD3B2B20"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(3236)
c:\windows\system32\WININET.dll
c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll
.
Czas ukończenia: 2013-10-25  12:28:54
ComboFix-quarantined-files.txt  2013-10-25 10:28
.
Przed: 22 472 204 288 bajtów wolnych
Po: 22 530 600 960 bajtów wolnych
.
- - End Of File - - 7F0563596E4D080538FBA3323FFB15CF
32052574BF9F325AE309ABC7BFD04460