ComboFix 14-05-27.02 - Maniek 2014-05-28 17:37:05.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.8094.6602 [GMT 2:00] Uruchomiony z: c:\users\Maniek\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886} FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming . . ((((((((((((((((((((((((( Pliki utworzone od 2014-04-28 do 2014-05-28 ))))))))))))))))))))))))))))))) . . 2014-05-28 15:40 . 2014-05-28 15:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-05-28 15:40 . 2014-05-28 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-05-28 15:25 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-05-28 15:25 . 2014-05-28 15:27 -------- d-----w- C:\AdwCleaner 2014-05-23 21:43 . 2014-05-23 21:43 -------- d-----w- C:\Drivers 2014-05-23 11:17 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5499AB9F-99AE-49FF-8357-4B9D9AE03181}\mpengine.dll 2014-05-21 15:53 . 2014-05-21 15:53 -------- d-----w- c:\program files\CrystalDiskMark 2014-05-15 12:24 . 2014-05-15 12:24 -------- d-----w- c:\program files\Microsoft SQL Server 2014-05-15 12:24 . 2014-05-15 12:25 -------- d-----w- c:\program files (x86)\Microsoft SQL Server 2014-05-14 15:27 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll 2014-05-14 15:27 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll 2014-05-14 15:27 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-05-14 15:27 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-05-13 11:35 . 2014-05-13 11:35 -------- d-----w- c:\program files (x86)\EaseUS 2014-05-12 12:40 . 2014-05-12 12:40 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2014-05-12 12:40 . 2014-05-12 12:40 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite 2014-05-12 12:38 . 2014-05-12 12:41 -------- d-----w- c:\programdata\DAEMON Tools Lite 2014-05-11 05:30 . 2014-05-28 15:39 -------- d-----w- C:\TMP 2014-05-11 05:30 . 2014-05-28 15:38 -------- d-----w- C:\TEMP 2014-05-11 04:21 . 2014-05-11 04:21 -------- d-----w- c:\program files (x86)\uTorrent 2014-05-08 16:15 . 2014-05-08 16:15 -------- d-----w- c:\program files (x86)\AnvSoft 2014-05-08 16:12 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL 2014-05-08 12:53 . 2014-03-01 04:23 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-05-08 12:50 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2014-05-08 12:50 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2014-05-08 12:50 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2014-05-08 12:50 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll 2014-05-08 10:07 . 2014-05-08 10:07 -------- d-----w- c:\windows\SysWow64\Wat 2014-05-08 10:07 . 2014-05-08 10:07 -------- d-----w- c:\windows\system32\Wat 2014-05-08 10:01 . 2014-05-08 10:01 -------- d-s---w- c:\windows\system32\CompatTel 2014-05-08 09:54 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2014-05-08 09:54 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe 2014-05-08 09:54 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2014-05-08 09:54 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL 2014-05-08 09:54 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll 2014-05-08 09:47 . 2014-05-08 09:47 -------- d-----w- c:\windows\Migration 2014-05-08 09:41 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2014-05-08 09:33 . 2014-05-08 09:33 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-05-08 06:03 . 2012-07-26 05:05 2560 ----a-w- c:\windows\system32\drivers\pl-PL\wdf01000.sys.mui 2014-05-08 05:54 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2014-05-08 05:41 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2014-05-08 05:41 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2014-05-08 05:41 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2014-05-08 05:41 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2014-05-08 05:41 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2014-05-08 05:41 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2014-05-08 05:41 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2014-05-08 05:36 . 2014-05-14 15:26 -------- d-----w- c:\windows\system32\MRT 2014-05-08 05:31 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2014-05-08 05:31 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2014-05-08 05:31 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2014-05-08 05:30 . 2014-05-08 05:30 -------- d-----w- c:\program files\Microsoft Silverlight 2014-05-08 05:30 . 2014-05-08 05:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2014-05-08 05:17 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll 2014-05-08 05:17 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll 2014-05-08 05:17 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2014-05-08 05:17 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll 2014-05-08 05:17 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll 2014-05-08 05:17 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll 2014-05-08 05:17 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2014-05-08 05:17 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2014-05-08 05:17 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2014-05-08 05:17 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2014-05-08 05:17 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll 2014-05-08 05:15 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll 2014-05-08 05:13 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2014-05-08 05:11 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys 2014-05-08 05:11 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2014-05-08 05:11 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-05-08 05:11 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2014-05-08 05:11 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2014-05-08 05:11 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2014-05-07 19:48 . 2014-05-08 16:27 -------- d-----w- c:\program files (x86)\Microsoft Works 2014-05-07 19:47 . 2014-05-07 19:47 -------- d-----w- c:\program files\Microsoft Office 2014-05-07 19:47 . 2014-05-14 15:27 -------- d-----w- c:\programdata\Microsoft Help 2014-05-07 19:47 . 2014-05-07 19:47 -------- d-----r- C:\MSOCache 2014-05-07 19:36 . 2014-05-07 19:37 -------- d-----w- c:\program files (x86)\NapiProjekt 2014-05-07 19:33 . 2014-05-07 19:33 -------- d-----w- c:\program files\VideoLAN 2014-05-07 19:29 . 2014-05-07 19:29 -------- d-----w- c:\program files (x86)\Gadu-Gadu 2014-05-07 19:18 . 2014-05-07 19:30 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-05-07 19:18 . 2014-05-07 19:30 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-05-07 19:18 . 2014-05-07 19:18 -------- d-----w- c:\windows\SysWow64\Macromed 2014-05-07 19:18 . 2014-05-07 19:18 -------- d-----w- c:\windows\system32\Macromed 2014-05-07 17:41 . 2014-05-07 17:41 -------- d-----w- c:\program files\Tracker Software 2014-05-07 17:39 . 2009-07-14 01:41 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LXKPTPRC.DLL 2014-05-07 16:26 . 2014-05-07 16:26 -------- d-----w- c:\programdata\Tlen.pl 2014-05-07 16:19 . 2014-05-07 16:23 -------- d-----w- c:\program files\MyPortal 2014-05-07 15:51 . 2014-05-07 15:51 -------- d-----w- c:\users\Public\CyberLink 2014-05-07 15:44 . 2014-05-07 15:44 -------- d-----w- c:\programdata\EliSoft 2014-05-07 15:43 . 2014-05-07 15:43 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2014-05-07 15:39 . 2014-05-07 15:39 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2014-05-07 15:39 . 2013-05-06 07:13 110176 ----a-w- c:\windows\system32\klfphc.dll 2014-05-07 15:39 . 2014-05-07 15:39 -------- d-----w- c:\windows\ELAMBKUP 2014-05-07 15:39 . 2014-05-28 15:27 -------- d-----w- c:\programdata\Kaspersky Lab 2014-05-07 15:39 . 2014-05-07 15:39 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2014-05-07 15:39 . 2014-05-07 16:01 625248 ----a-w- c:\windows\system32\drivers\klif.sys 2014-05-07 15:39 . 2014-05-07 16:01 115296 ----a-w- c:\windows\system32\drivers\klflt.sys 2014-05-07 15:34 . 2014-05-07 15:46 -------- d-----w- c:\program files (x86)\MozBackup 2014-05-07 15:27 . 2014-05-07 15:27 -------- d-----w- c:\programdata\CyberLink 2014-05-07 15:21 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2014-05-07 15:21 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2014-05-07 15:21 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-07 16:01 . 2013-10-16 00:39 29280 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2014-05-07 16:01 . 2013-06-06 15:38 178272 ----a-w- c:\windows\system32\drivers\kneps.sys 2014-05-07 16:01 . 2013-10-16 00:39 458336 ----a-w- c:\windows\system32\drivers\kl1.sys 2014-05-07 15:18 . 2010-06-24 09:33 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-03-04 09:17 . 2014-05-08 05:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files (x86)\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-12 291608] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440] "331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2011-11-24 548864] "Intelligent Touchpad"="c:\program files\Lenovo\Intelligent Touchpad\TouchZone.exe" [2011-12-08 291272] "EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe" [2014-03-06 2086568] "EaseUS EPM Tray Agent"="c:\program files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe" [2014-02-13 254024] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-2-1 1380128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 NSDSvc;Fast boot service of lenovo;c:\windows\System32\NSDSvc.exe;c:\windows\SYSNATIVE\NSDSvc.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AMPPALP;Protokół Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x] R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x] S0 iusb3hcs;Sterownik przełącznika kontrolera hosta Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x] S0 NSD;NSD;c:\windows\system32\drivers\nsd.sys;c:\windows\SYSNATIVE\drivers\nsd.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S1 Nsdfltr;Nsdfltr;c:\windows\system32\drivers\Nsdfltr.sys;c:\windows\SYSNATIVE\drivers\Nsdfltr.sys [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 MSSQL$ELISOFT;SQL Server (ELISOFT);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x] S3 AMPPAL;Karta wirtualna Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 hswpan;WPAN Driver;c:\windows\system32\DRIVERS\hswpan.sys;c:\windows\SYSNATIVE\DRIVERS\hswpan.sys [x] S3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Sterownik kontrolera hosta Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-05-22 16:44 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2014-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-12 20:25] . 2014-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-12 20:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2012-06-12 20:25 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-02 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-02 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-02 440600] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-27 12343400] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-06-12 8079408] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-06-12 6200368] "OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.99.14.132 192.99.14.132 FF - ProfilePath - c:\users\Maniek\AppData\Roaming\Mozilla\Firefox\Profiles\ytpqvcie.default\ FF - prefs.js: browser.startup.homepage - www.google.pl . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe AddRemove-ELISOFT Faktury 2013_is1 - d:\faktury2013\Faktury2013\unins000.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.13" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2014-05-28 17:41:32 ComboFix-quarantined-files.txt 2014-05-28 15:41 . Przed: 83 992 027 136 bajtów wolnych Po: 83 984 490 496 bajtów wolnych . - - End Of File - - 890DF0CF77478D669E45B8D55900AEDE