ComboFix 14-10-15.01 - Torunscy 2014-10-15 20:33:33.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1033.18.8041.5859 [GMT 2:00] Uruchomiony z: c:\users\Torunscy\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289} SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Torunscy\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll . . ((((((((((((((((((((((((( Pliki utworzone od 2014-09-15 do 2014-10-15 ))))))))))))))))))))))))))))))) . . 2014-10-15 18:44 . 2014-10-15 18:44 -------- d-----w- c:\users\Dzieci\AppData\Local\temp 2014-10-15 18:44 . 2014-10-15 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-10-15 18:01 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5D0DE6B-4373-4026-828A-1E19D8195036}\mpengine.dll 2014-10-14 20:02 . 2014-10-14 20:02 -------- d-----w- c:\programdata\Malwarebytes 2014-10-11 17:55 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll 2014-10-11 17:55 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll 2014-10-11 17:55 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2014-10-11 17:55 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2014-10-11 17:55 . 2010-02-04 08:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll 2014-10-11 17:54 . 2014-10-11 17:55 -------- d-----w- c:\program files (x86)\Farming Simulator 2013 Demo 2014-10-11 17:48 . 2014-10-11 17:48 -------- d-----w- c:\users\Torunscy\AppData\Roaming\WebExtend 2014-10-11 17:47 . 2014-10-11 17:47 -------- d-----w- c:\programdata\Xunlei 2014-10-11 17:47 . 2014-10-11 17:47 -------- d-----w- c:\programdata\Thunder Network 2014-09-30 18:31 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-30 18:31 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-27 18:12 . 2014-09-27 18:12 -------- d-----w- c:\users\Torunscy\AppData\Local\MediaShow 2014-09-24 08:01 . 2014-09-24 08:01 -------- d-----w- c:\users\Dzieci\AppData\Local\Adobe 2014-09-23 17:01 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-23 17:01 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-15 07:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe 2014-09-11 19:06 . 2014-05-06 21:37 101694776 ----a-w- c:\windows\system32\MRT.exe 2014-09-05 02:10 . 2014-09-10 20:58 578048 ----a-w- c:\windows\system32\aepdu.dll 2014-09-05 02:05 . 2014-09-10 20:58 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-08-23 02:07 . 2014-08-28 14:40 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-23 01:45 . 2014-08-28 14:40 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-08-23 00:59 . 2014-08-28 14:40 3163648 ----a-w- c:\windows\system32\win32k.sys 2014-08-19 18:05 . 2014-09-11 19:08 374968 ----a-w- c:\windows\system32\iedkcs32.dll 2014-08-18 23:01 . 2014-09-11 19:08 23591424 ----a-w- c:\windows\system32\mshtml.dll 2014-08-18 22:29 . 2014-09-11 19:08 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-08-18 22:29 . 2014-09-11 19:08 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-08-18 22:20 . 2014-09-11 19:08 2793984 ----a-w- c:\windows\system32\iertutil.dll 2014-08-18 22:19 . 2014-09-11 19:08 5833728 ----a-w- c:\windows\system32\jscript9.dll 2014-08-18 22:15 . 2014-09-11 19:08 547328 ----a-w- c:\windows\system32\vbscript.dll 2014-08-18 22:15 . 2014-09-11 19:08 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-08-18 22:14 . 2014-09-11 19:08 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-08-18 22:14 . 2014-09-11 19:08 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-08-18 22:08 . 2014-09-11 19:08 51200 ----a-w- c:\windows\system32\jsproxy.dll 2014-08-18 22:08 . 2014-09-11 19:08 4232704 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-08-18 22:08 . 2014-09-11 19:08 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-08-18 22:05 . 2014-09-11 19:08 596480 ----a-w- c:\windows\system32\ieui.dll 2014-08-18 22:03 . 2014-09-11 19:08 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2014-08-18 22:03 . 2014-09-11 19:08 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-08-18 22:03 . 2014-09-11 19:08 758272 ----a-w- c:\windows\system32\jscript9diag.dll 2014-08-18 21:57 . 2014-09-11 19:08 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-08-18 21:56 . 2014-09-11 19:08 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-08-18 21:51 . 2014-09-11 19:08 446464 ----a-w- c:\windows\system32\dxtmsft.dll 2014-08-18 21:46 . 2014-09-11 19:08 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-08-18 21:45 . 2014-09-11 19:08 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-08-18 21:45 . 2014-09-11 19:08 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 21:44 . 2014-09-11 19:08 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-08-18 21:44 . 2014-09-11 19:08 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-08-18 21:40 . 2014-09-11 19:08 195584 ----a-w- c:\windows\system32\msrating.dll 2014-08-18 21:39 . 2014-09-11 19:08 85504 ----a-w- c:\windows\system32\mshtmled.dll 2014-08-18 21:38 . 2014-09-11 19:08 289280 ----a-w- c:\windows\system32\dxtrans.dll 2014-08-18 21:36 . 2014-09-11 19:08 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-08-18 21:35 . 2014-09-11 19:08 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-08-18 21:25 . 2014-09-11 19:08 727040 ----a-w- c:\windows\system32\msfeeds.dll 2014-08-18 21:25 . 2014-09-11 19:08 707072 ----a-w- c:\windows\system32\ie4uinit.exe 2014-08-18 21:23 . 2014-09-11 19:08 2104832 ----a-w- c:\windows\system32\inetcpl.cpl 2014-08-18 21:23 . 2014-09-11 19:08 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-08-18 21:22 . 2014-09-11 19:08 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-08-18 21:16 . 2014-09-11 19:08 13588480 ----a-w- c:\windows\system32\ieframe.dll 2014-08-18 21:15 . 2014-09-11 19:08 2310656 ----a-w- c:\windows\system32\wininet.dll 2014-08-18 21:08 . 2014-09-11 19:08 2014208 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-08-18 21:07 . 2014-09-11 19:08 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-08-18 20:55 . 2014-09-11 19:08 1447424 ----a-w- c:\windows\system32\urlmon.dll 2014-08-18 20:46 . 2014-09-11 19:08 1812992 ----a-w- c:\windows\SysWow64\wininet.dll 2014-08-18 20:38 . 2014-09-11 19:08 775168 ----a-w- c:\windows\system32\ieapfltr.dll 2014-08-03 19:42 . 2014-06-14 16:22 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2014-08-03 19:42 . 2014-06-10 19:12 686416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2014-08-01 11:53 . 2014-09-10 20:58 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-08-01 11:35 . 2014-09-10 20:58 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2014-07-30 17:40 . 2014-05-06 20:53 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-30 17:40 . 2014-05-06 20:53 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-07-25 10:55 . 2014-05-11 07:52 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2014-07-23 20:03 . 2014-06-10 19:12 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2014-07-21 20:14 . 2014-06-14 16:22 686416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2014-03-16 2611808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2013-01-10 379904] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-20 291280] "CLWCSM"="c:\program files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe" [2013-02-20 249096] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-03-01 56088] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2013-07-10 185144] "AccelerometerSysTrayApplet"="c:\program files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" [2013-10-16 77088] "QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2013-10-16 337184] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] . c:\users\Torunscy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2014-7-21 1109344] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x] R2 PLAY ONLINE. RunOuc;PLAY ONLINE. OUC;c:\program files (x86)\PLAY ONLINE\UpdateDog\ouc.exe;c:\program files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [x] R2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [x] R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys [x] R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x] R3 RTSPER;Realtek PCIe CardReader Driver;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x] S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x] S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x] S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x] S3 clwcsm;CyberLink Webcam Sharing Manager 4.2;c:\windows\system32\DRIVERS\clwcsm.sys;c:\windows\SYSNATIVE\DRIVERS\clwcsm.sys [x] S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x] S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x] S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rtsuvc;HP HD Webcam [Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - MBAMSWISSARMY . Zawartość folderu 'Zaplanowane zadania' . 2014-10-12 c:\windows\Tasks\HPCeeScheduleForTorunscy.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "RtsCM"="RTSCM64.EXE" [2013-08-02 147160] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-18 172168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-18 400008] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-18 441992] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-10-07 21720] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mDefault_Search_URL = www.google.com mDefault_Page_URL = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = www.google.com IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 IE: Clip URL - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html TCP: Interfaces\{3BD42BF9-093A-47C4-A94F-E8249C7F9384}: NameServer = 89.108.195.20 89.108.202.20 TCP: Interfaces\{69737F15-7298-4F04-BD22-7E09C9E12C4A}: NameServer = 89.108.195.21 89.108.202.21 TCP: Interfaces\{70B96D16-3D4B-45CF-90CC-1351B62B2BED}: NameServer = 89.108.195.21 89.108.202.21 TCP: Interfaces\{7C5CA98A-C6BC-4953-928B-8B235F7AA598}: NameServer = 89.108.202.21 89.108.195.21 TCP: Interfaces\{F1F4152F-57D3-45F3-AE22-0321D50E0325}: NameServer = 89.108.202.21 89.108.195.21 FF - ProfilePath - c:\users\Torunscy\AppData\Roaming\Mozilla\Firefox\Profiles\ygq8q5s7.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKLM-Run- - (no file) AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.13" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2014-10-15 21:04:00 ComboFix-quarantined-files.txt 2014-10-15 19:03 ComboFix2.txt 2014-04-15 19:14 . Przed: 8 499 884 032 bytes free Po: 8 212 860 928 bytes free . - - End Of File - - 9DE05FDA234802F8D63AD01296A76713