ComboFix 14-11-25.01 - DOM 2014-12-01 0:53.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.6058.4461 [GMT 1:00] Uruchomiony z: c:\users\DOM\Desktop\1234aa.exe.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\1234aa.exe c:\1234aa.exe\NircmdB.exe C:\END c:\program files\Freecorder extension x64\ScRIpthost.dll c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\ARB\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\CHS\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\CHT\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\CSY\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\DAN\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\DEU\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\ELL\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\ENG\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\ESM\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\ESP\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\FIN\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\FRA\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\FRC\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\HEB\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\HUN\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\ITA\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\JPN\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\KOR\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\NLD\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\NOR\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\PLK\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\PTG\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\RUS\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\SVE\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\THA\Pexplore.lng c:\users\DOM\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Setup\Languages\TRK\Pexplore.lng c:\users\DOM\AppData\Roaming\app c:\users\DOM\AppData\Roaming\app\Jerakine_lang.dat c:\users\DOM\AppData\Roaming\app\Jerakine_lang_vesrion.dat c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf . . ((((((((((((((((((((((((( Pliki utworzone od 2014-11-01 do 2014-12-01 ))))))))))))))))))))))))))))))) . . 2014-11-30 21:14 . 2014-11-30 21:14 -------- d-----w- c:\windows\en 2014-11-30 21:09 . 2014-11-30 21:09 -------- d-----w- c:\windows\pl 2014-11-30 21:03 . 2012-03-08 17:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2014-11-30 21:00 . 2014-11-30 21:00 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9af1a0651d00ce005\MeshBetaRemover.exe 2014-11-30 20:59 . 2014-11-30 20:59 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\98283cc31d00ce004\DSETUP.dll 2014-11-30 20:59 . 2014-11-30 20:59 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\98283cc31d00ce004\DXSETUP.exe 2014-11-30 20:59 . 2014-11-30 20:59 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\98283cc31d00ce004\dsetup32.dll 2014-11-30 20:59 . 2014-11-30 20:59 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8d5451dc1d00ce003\DSETUP.dll 2014-11-30 20:59 . 2014-11-30 20:59 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8d5451dc1d00ce003\DXSETUP.exe 2014-11-30 20:59 . 2014-11-30 20:59 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8d5451dc1d00ce003\dsetup32.dll 2014-11-30 20:49 . 2014-11-29 22:48 48776 ----a-w- c:\windows\system32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys 2014-11-30 20:45 . 2014-11-30 21:27 -------- d-----w- c:\users\DOM\AppData\Local\WMTools Downloaded Files 2014-11-30 20:42 . 2014-11-30 20:42 -------- d-----w- c:\program files (x86)\Movie Maker 2.6 2014-11-30 20:39 . 2014-11-30 20:48 -------- d-----w- c:\program files (x86)\Hold Page 2014-11-30 20:07 . 2014-11-30 20:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\Microsoft 2014-11-30 17:05 . 2011-06-04 23:22 226920 ----a-w- c:\windows\system32\nvinitx.dll 2014-11-30 17:05 . 2011-06-04 23:22 193128 ----a-w- c:\windows\SysWow64\nvinit.dll 2014-11-30 15:50 . 2013-10-02 00:15 1057280 ----a-w- c:\windows\system32\rdvidcrl.dll 2014-11-30 15:50 . 2013-10-01 23:08 855552 ----a-w- c:\windows\SysWow64\rdvidcrl.dll 2014-11-30 15:37 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys 2014-11-30 15:28 . 2014-11-30 21:03 -------- dc----w- c:\windows\system32\DRVSTORE 2014-11-29 23:27 . 2014-11-29 23:33 -------- d-----w- c:\users\DOM\AppData\Local\NVIDIA Corporation 2014-11-29 23:26 . 2014-11-29 23:53 -------- d-----w- c:\users\DOM\AppData\Local\NVIDIA 2014-11-29 23:21 . 2014-11-30 17:14 -------- d-----w- c:\programdata\NVIDIA Corporation 2014-11-29 23:08 . 2014-11-29 23:08 -------- d-----w- C:\NVIDIA 2014-11-29 18:30 . 2014-11-30 19:59 -------- d-----w- c:\program files (x86)\Microsoft OneDrive 2014-11-29 18:30 . 2014-11-30 20:00 -------- d-----r- c:\users\DOM\OneDrive 2014-11-29 18:30 . 2014-11-29 18:30 -------- d-----w- c:\programdata\Microsoft OneDrive 2014-11-29 13:13 . 2014-11-29 13:13 -------- d-----w- c:\users\DOM\AppData\Local\webkit 2014-11-28 21:50 . 2014-11-29 15:29 -------- d-----w- c:\users\DOM\AppData\Local\gtk-2.0 2014-11-28 21:50 . 2014-11-28 21:50 -------- d-----w- c:\users\DOM\.thumbnails 2014-11-28 21:45 . 2014-11-28 21:45 -------- d-----w- c:\users\DOM\AppData\Local\fontconfig 2014-11-28 21:45 . 2014-11-29 15:58 -------- d-----w- c:\users\DOM\.gimp-2.8 2014-11-28 21:45 . 2014-11-28 21:45 -------- d-----w- c:\users\DOM\AppData\Local\gegl-0.2 2014-11-28 21:44 . 2014-11-28 21:45 -------- d-----w- c:\program files\GIMP 2 2014-11-28 21:37 . 2014-11-28 21:39 -------- d-----w- c:\users\DOM\AppData\Roaming\PhotoScape 2014-11-28 12:08 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{559346B1-1FB9-46EF-9545-8BBE350D5DBA}\mpengine.dll 2014-11-19 10:31 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll 2014-11-19 10:31 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-11-19 10:31 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2014-11-19 10:31 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-11-13 22:53 . 2014-11-13 22:53 -------- d-----w- c:\programdata\My Family Tree 2014-11-13 22:53 . 2014-11-13 22:53 -------- d-----w- c:\users\DOM\AppData\Local\Chronoplex_Software 2014-11-13 22:52 . 2014-11-21 16:27 -------- d-----w- c:\users\DOM\AppData\Local\My Family Tree 2014-11-12 10:43 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll 2014-11-12 10:43 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll 2014-11-12 10:43 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-11-12 10:43 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll 2014-11-12 10:43 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2014-11-12 10:43 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-11-12 10:43 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll 2014-11-12 10:43 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll 2014-11-12 10:43 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll 2014-11-12 10:43 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-11-12 10:43 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-11-12 10:43 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll 2014-11-12 10:37 . 2014-09-19 09:42 342016 ----a-w- c:\windows\system32\schannel.dll 2014-11-12 10:36 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys 2014-11-12 10:36 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll 2014-11-12 10:36 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll 2014-11-12 10:35 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll 2014-11-12 10:35 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-30 21:01 . 2011-03-28 17:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-11-25 19:41 . 2012-05-08 07:46 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-11-25 19:41 . 2012-02-29 10:53 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-11-21 19:03 . 2012-01-20 20:01 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-11-12 15:09 . 2011-11-28 09:03 103374192 ----a-w- c:\windows\system32\MRT.exe 2014-11-04 13:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-10-15 13:43 . 2014-10-15 13:44 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-09-25 02:08 . 2014-10-01 07:43 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-25 01:40 . 2014-10-01 07:43 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-09 22:11 . 2014-09-24 08:56 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 21:47 . 2014-09-24 08:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-09-04 05:23 . 2014-10-16 13:52 424448 ----a-w- c:\windows\system32\rastls.dll 2014-09-04 05:04 . 2014-10-16 13:52 372736 ----a-w- c:\windows\SysWow64\rastls.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c14185e-4de6-4a79-985b-19f23fd1e638}] 2014-11-30 20:40 250096 ----a-w- c:\program files (x86)\Hold Page\HoldPagebho.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}] 2012-11-01 13:48 360448 ----a-w- c:\program files (x86)\Freecorder extension\ScriptHost.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-11-29 18:30 223432 ----a-w- c:\users\DOM\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-11-29 18:30 223432 ----a-w- c:\users\DOM\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-11-29 18:30 223432 ----a-w- c:\users\DOM\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="c:\programy\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048] "DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2012-04-11 3672384] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "uTorrent"="c:\users\DOM\AppData\Roaming\uTorrent\uTorrent.exe" [2014-11-28 1385808] "Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-10-15 468192] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "BCSSync"="d:\microsoft office\Office14\BCSSync.exe" [2012-11-05 89184] "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368] "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984] "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "AvastUI.exe"="c:\programy\ AVAST\AvastUI.exe" [2014-08-04 4085896] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744] . c:\users\DOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AMPPALP;Protokół Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 {df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64;{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64;c:\windows\system32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys;c:\windows\SYSNATIVE\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x] S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 Huawei E3272;Huawei E3272;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x] S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 Update Hold Page;Update Hold Page;c:\program files (x86)\Hold Page\updateHoldPage.exe;c:\program files (x86)\Hold Page\updateHoldPage.exe [x] S2 Util Hold Page;Util Hold Page;c:\program files (x86)\Hold Page\bin\utilHoldPage.exe;c:\program files (x86)\Hold Page\bin\utilHoldPage.exe [x] S3 AMPPAL;Karta wirtualna Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2014-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 19:41] . 2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 19:14] . 2014-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 19:14] . 2014-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1480235242-2075340924-4091109271-1001Core.job - c:\users\DOM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 20:37] . 2014-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1480235242-2075340924-4091109271-1001UA.job - c:\users\DOM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 20:37] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-11-29 18:30 262344 ----a-w- c:\users\DOM\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-11-29 18:30 262344 ----a-w- c:\users\DOM\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-11-29 18:30 262344 ----a-w- c:\users\DOM\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-08-04 19:03 634872 ----a-w- c:\programy\ AVAST\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.wp.pl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Block This Image (ABP) - c:\programy\Adblock Pro\blockimg.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - d:\micros~1\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - d:\micros~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-adblock pro - c:\programy\Adblock Pro\abpmain.exe c:\users\DOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VDownloader.lnk - c:\programy\VDownloader\VDownloader.exe /silent HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-[NarutoPlanet.ru] Naruto Shippuden Ultimate Ninja Impact PC NarutoPlanet.ru - d:\naruto ru\[NarutoPlanet.ru] Naruto Shippuden Ultimate Ninja Impact PC\Uninstall.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\programy\ AVAST\AvastSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\windows\SysWOW64\UAService7.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe c:\program files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE . ************************************************************************** . Czas ukończenia: 2014-12-01 01:19:20 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2014-12-01 00:19 . Przed: 166 381 674 496 bajtów wolnych Po: 166 094 704 640 bajtów wolnych . - - End Of File - - 4364A3B2A2D964FC67F80E5FAB93CD50