ComboFix 13-11-23.02 - Robert 2013-11-25  22:01:35.1.2 - x86
Uruchomiony z: c:\documents and settings\Robert\Moje dokumenty\Pobieranie\ComboFix.exe
AV: McAfee Anti-Virus i McAfee Anti-Spyware *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
 * Rezydentny antywirus jest aktywny
.
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Robert\Dane aplikacji\avdrn.dat
c:\documents and settings\Robert\Dane aplikacji\toolplugin\toolbar.dll
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\0004B5DF
c:\program files\myglobalsearch\bar\Cache\0004B88E.bin
c:\program files\myglobalsearch\bar\Cache\0004BD9F.bin
c:\program files\myglobalsearch\bar\Cache\0004C139.bin
c:\program files\myglobalsearch\bar\Cache\04B27B24
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\program files\StartSearch plugin\startsplg.crx
c:\program files\StartSearch plugin\uninst.exe
c:\windows\delus.bat
c:\windows\IsUn0407.exe
c:\windows\IsUn0415.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\FlashPlayerApp.exe
c:\windows\wininit.ini
E:\Autorun.inf
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-10-25 do 2013-11-25  )))))))))))))))))))))))))))))))
.
.
2013-11-15 18:42 . 2013-11-08 09:12	272496	----a-w-	c:\program files\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-11-15 18:42 . 2013-11-08 09:12	75376	----a-w-	c:\program files\Mozilla Firefox\updated\breakpadinjector.dll
2013-11-15 18:42 . 2013-11-08 09:12	20080	----a-w-	c:\program files\Mozilla Firefox\updated\AccessibleMarshal.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-23 10:11 . 2011-07-30 17:37	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-21 21:11 . 2013-10-21 21:12	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-10-21 21:11 . 2013-10-21 21:13	145408	----a-w-	c:\windows\system32\javacpl.cpl
2013-10-13 11:42 . 2004-08-04 08:00	920064	----a-w-	c:\windows\system32\wininet.dll
2013-10-13 07:12 . 2009-02-09 08:08	18944	----a-w-	c:\windows\system32\corpol.dll
2013-10-13 07:12 . 2004-08-04 08:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-10-13 07:12 . 2004-08-04 08:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-10-13 07:00 . 2009-02-09 08:09	385024	----a-w-	c:\windows\system32\html.iec
2013-10-12 15:57 . 2009-02-09 08:08	279552	----a-w-	c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2009-02-09 08:08	287744	----a-w-	c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2009-02-09 08:08	606720	----a-w-	c:\windows\system32\crypt32.dll
2013-10-05 01:42 . 2008-05-05 05:25	7680	----a-w-	c:\windows\system32\xpsp4res.dll
2013-08-29 07:01 . 2009-02-09 08:07	1878912	----a-w-	c:\windows\system32\win32k.sys
2011-04-14 12:01 . 2013-05-24 13:59	24376	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-30 68856]
"Facebook Update"="c:\documents and settings\Robert\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe" [2013-06-23 138096]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"P3000x_S2P"="c:\program files\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe" [2004-10-27 57344]
"PaperPort PTD"="c:\program files\DELL\Dell Laser MFP 1600n\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\DELL\Dell Laser MFP 1600n\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\DELL\Dell Laser MFP 1600n\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"Browsers Protector"="c:\program files\Browsers Protector\regmon32.exe" [2012-02-15 147784]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-04-25 1648264]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\documents and settings\Robert\Menu Start\Programy\Autostart\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41	40960	----a-w-	c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DVD Check.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 18:12	17920	----a-w-	c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2006-02-22 06:03	40960	----a-w-	c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-08-31 03:20	122940	----a-w-	c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41	49208	----a-w-	c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2006-02-14 08:49	454656	----a-w-	c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40	155648	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
2008-06-10 09:14	107248	----a-w-	c:\program files\Livebox\SessionManager\SessionManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2006-02-14 09:56	122880	----a-w-	c:\program files\HPQ\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-12-20 13:51	1187840	----a-w-	c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-01-23 14:11	802816	----a-w-	c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-02-15 13:43	892928	----a-w-	c:\windows\SMINST\Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03	210472	----a-w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16	254336	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-30 19:59	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2005-11-08 10:59	184320	----a-w-	c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-12-01 10:46	204288	------w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Livebox\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Documents and Settings\\Robert\\Ustawienia lokalne\\Dane aplikacji\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-18 84200]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2009-02-09 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-18 271480]
R2 McMPFSvc;McAfee Usługa Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-18 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-18 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2010-10-18 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-18 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-18 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-18 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-10-18 88736]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S2 gupdate1c9cdce40d795e;Usługa Google Update (gupdate1c9cdce40d795e);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 133104]
S2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-10-04 102656]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-10-18 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-18 84488]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance	REG_MULTI_SZ   	ASChannel
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 10:11]
.
2013-11-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1713569996-3838493204-3572695128-1006Core.job
- c:\documents and settings\Robert\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [2013-06-23 18:35]
.
2013-11-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1713569996-3838493204-3572695128-1006UA.job
- c:\documents and settings\Robert\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [2013-06-23 18:35]
.
2013-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 22:07]
.
2013-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 22:07]
.
2013-11-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2013-04-25 15:36]
.
.
------- Skan uzupełniający -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://startsear.ch/?aff=1&cf=af368b60-7044-11e1-bd01-001641ca4d89
mStart Page = hxxp://startsear.ch/?aff=1&cf=af368b60-7044-11e1-bd01-001641ca4d89
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Wyślij do interfejsu &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Robert\Dane aplikacji\Mozilla\Firefox\Profiles\ykvdiqde.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1&cf=af368b60-7044-11e1-bd01-001641ca4d89
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - ExtSQL: !HIDDEN! 2009-09-05 00:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
BHO-{249d1086-0670-c91e-32d0-7cc1a90cfc20} - c:\windows\system32\d24e741a.dll
HKCU-Run-Twoje TVN24 - c:\program files\Pasek TVN24\pasektvn24.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
MSConfigStartUp-BEWINTERNET-PL-IEWSessionManager - c:\program files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe
MSConfigStartUp-BEWINTERNET-PLSessionManager - c:\program files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe
MSConfigStartUp-CardDetectorHUAWEI1752_1552 - c:\program files\CardDetector\HUAWEI1752_1552\CardDetector.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\wianmpa.exe
AddRemove-18 Wheels of Steel Pedal to the Metal - c:\progra~1\18WHEE~1\UNWISE.EXE
AddRemove-AVIConverter - c:\program files\AVIConverter\uninst.exe
AddRemove-House eJay - c:\ejay\House\ejay\ejay\deinstal.exe
AddRemove-StartSearch Toolbar - c:\program files\StartSearch plugin\uninst.exe
AddRemove-toolplugin - c:\docume~1\Robert\USTAWI~1\Temp\WZSE0.TMP\setup.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-25 22:40
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1713569996-3838493204-3572695128-1006\Software\SecuROM\License information*]
"datasecu"=hex:6d,5c,5d,2c,de,24,ec,da,90,bf,bd,06,03,39,59,d6,c0,a1,57,3e,42,
   8e,99,bb,25,1b,5d,c3,24,70,d9,38,26,60,2d,14,f2,d8,e9,a9,83,bd,01,19,ed,d4,\
"rkeysecu"=hex:41,a6,29,7f,10,10,a6,0e,87,7a,3c,17,50,b7,fd,b0
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(1556)
c:\windows\system32\klogon.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll
.
- - - - - - - > 'explorer.exe'(2148)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\DllHost.exe
c:\windows\System32\SCardSvr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Czas ukończenia: 2013-11-25  22:49:58 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2013-11-25 21:49
.
Przed: 6 474 719 232 bajtów wolnych
Po: 10 435 547 136 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - DD6D85D4786178ACE9CB5DE6292B4B86
0C808E7238C810543120B2DC771ED1BA