ComboFix 14-08-05.01 - Viola 2014-08-05  18:06:54.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3039.2170 [GMT 2:00]
Uruchomiony z: c:\users\Viola\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
[i] ADS - Windows: deleted 0 bytes in 1 streams. [/i]
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BitAccelerator
c:\program files\BitAccelerator\BitAccelerator.dll
c:\users\Viola\Documents\PrawkoB2013P.tmp
c:\users\Viola\GoogleEarthPluginSetup.exe
c:\windows\IsUn0415.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-07-05 do 2014-08-05  )))))))))))))))))))))))))))))))
.
.
2014-08-05 16:21 . 2014-08-05 16:21	--------	d-----w-	c:\users\Viola\AppData\Local\temp
2014-08-05 16:21 . 2014-08-05 16:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-05 15:52 . 2014-08-05 15:52	39464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0EE048A-2DCF-4284-B15A-DE769908492F}\MpKsl3992d1fd.sys
2014-08-05 15:37 . 2010-08-30 06:34	536576	----a-w-	c:\windows\system32\sqlite3.dll
2014-08-04 18:02 . 2014-07-02 03:11	8217224	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0EE048A-2DCF-4284-B15A-DE769908492F}\mpengine.dll
2014-08-04 16:22 . 2014-08-04 16:22	--------	d-----w-	c:\program files\CCleaner
2014-08-04 16:04 . 2014-07-02 03:11	8217224	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-03 07:31 . 2014-05-02 10:23	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0E49190-FE37-4878-BCBD-D7CF379210CD}\gapaengine.dll
2014-07-20 11:32 . 2014-07-20 11:32	--------	d-----w-	c:\program files\rgcaudio
2014-07-20 11:23 . 2014-07-20 11:23	1060864	----a-w-	c:\windows\system32\mfc71.dll
2014-07-20 11:23 . 2014-07-20 11:32	--------	d-----w-	c:\program files\VstPlugins
2014-07-20 11:23 . 2006-06-20 08:56	225280	----a-w-	c:\windows\system32\rewire.dll
2014-07-20 11:22 . 2009-09-15 09:14	1554944	----a-w-	c:\windows\system32\vorbis.acm
2014-07-20 11:22 . 2014-07-20 11:22	--------	d-----w-	c:\program files\Outsim
2014-07-20 11:08 . 2014-07-20 11:22	--------	d-----w-	c:\program files\Image-Line
2014-07-15 19:30 . 2014-07-15 19:30	--------	d-----w-	c:\program files\Common Files\Skype
2014-07-09 17:29 . 2014-06-03 09:29	1221632	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 17:29 . 2014-06-03 09:29	969216	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 17:29 . 2014-06-03 09:29	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 17:29 . 2014-06-03 09:29	989184	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 17:27 . 2014-06-30 01:40	404480	----a-w-	c:\windows\system32\aepdu.dll
2014-07-09 17:27 . 2014-06-30 01:36	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-07-09 17:27 . 2014-06-05 14:26	1059840	----a-w-	c:\windows\system32\lsasrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 05:09 . 2012-04-01 12:00	699056	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-07-09 05:09 . 2012-03-09 07:23	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-08 09:06 . 2014-06-12 14:01	2742784	----a-w-	c:\windows\system32\rdpcorets.dll
2014-05-08 09:06 . 2014-06-12 14:01	13824	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2013-10-23 10:46	2995712	----a-w-	c:\program files\ALLPlayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 14:27	89184	----a-w-	c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2013-05-13 12:16	3111456	----a-w-	c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-08-21 09:19	450560	----a-w-	c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-08-29 00:23	1861968	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-09 08:12	136176	----atw-	c:\users\Viola\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-14 02:36	2299176	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Service]
2011-09-09 11:37	247016	----a-w-	c:\program files\CyberLink\YouCam\YouCamService.exe
.
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-03-03 136192]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3B69A712-4CBC-40B1-AE55-0203075FD093}\Installer\InstallerService.exe [2012-08-14 118784]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-20 116136]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-25 242240]
S1 MpKsl3992d1fd;MpKsl3992d1fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0EE048A-2DCF-4284-B15A-DE769908492F}\MpKsl3992d1fd.sys [2014-08-05 39464]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 FirebirdGuardianPPublico;Firebird Guardian - PPublico;c:\program files\PPublicoEx8\dbengine\bin\fbguard.exe [2010-09-17 98304]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 MSSQL$ACCUCHEK360;SQL Server (ACCUCHEK360);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 27760]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 FirebirdServerPPublico;Firebird Server - PPublico;c:\program files\PPublicoEx8\dbengine\bin\fbserver.exe [2010-09-17 3735552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - MPKSL3992D1FD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 05:09]
.
2014-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2206638780-1144197696-2613282311-1001Core.job
- c:\users\Viola\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-20 09:48]
.
2014-08-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2206638780-1144197696-2613282311-1001UA.job
- c:\users\Viola\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-20 09:48]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-15 18:03]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-15 18:03]
.
2014-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2206638780-1144197696-2613282311-1001Core.job
- c:\users\Viola\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 08:12]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2206638780-1144197696-2613282311-1001UA.job
- c:\users\Viola\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 08:12]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Viola\AppData\Roaming\Mozilla\Firefox\Profiles\nievr0xy.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - prefs.js: browser.startup.homepage - hxxp://google.pl/
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
AddRemove-Steam App 10 - c:\program files\Steam\steam.exe
AddRemove-Steam App 570 - c:\program files\Steam\steam.exe
AddRemove-Theme Park World - c:\windows\IsUn0415.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2206638780-1144197696-2613282311-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):83,e8,31,ed,a9,00,82,c3,0e,6c,e9,8d,05,74,9f,ab,f5,e2,e6,eb,de,
   88,f2,6b,a6,2e,5a,21,2c,ab,4c,7d,a7,80,3d,55,7e,30,47,cc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2206638780-1144197696-2613282311-1001_Classes\CLSID\{c6b88589-9581-4549-906b-50c02e682014}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bd
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2014-08-05  18:25:03
ComboFix-quarantined-files.txt  2014-08-05 16:25
.
Przed: 90 736 988 160 bajtów wolnych
Po: 90 495 070 208 bajtów wolnych
.
- - End Of File - - 8756AC13D36248101E99C18DC62B5C71
A36C5E4F47E84449FF07ED3517B43A31