ComboFix 15-01-08.01 - Joanna 2015-01-09  20:51:34.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.4095.2476 [GMT 1:00]
Uruchomiony z: c:\users\Joanna\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joanna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Rad Rater_iels
c:\users\Joanna\AppData\Roaming\.#
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-12-09 do 2015-01-09  )))))))))))))))))))))))))))))))
.
.
2015-01-09 19:59 . 2015-01-09 19:59	--------	d-----w-	c:\users\Gość\AppData\Local\temp
2015-01-09 19:59 . 2015-01-09 19:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-09 19:49 . 2015-01-09 19:49	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{914655AB-C4B9-461E-9DAA-56F72A6E26D9}\offreg.dll
2015-01-09 11:03 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{914655AB-C4B9-461E-9DAA-56F72A6E26D9}\mpengine.dll
2015-01-09 06:50 . 2014-12-15 03:13	11870360	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F4B2AB5-19F0-4E98-9D3F-232EAD862EDB}\mpengine.dll
2015-01-08 20:09 . 2015-01-08 20:09	--------	d-----w-	c:\programdata\Anvisoft
2015-01-08 20:06 . 2015-01-08 20:06	--------	d-----w-	c:\program files (x86)\Common Files\Anvisoft
2015-01-08 16:41 . 2015-01-08 20:04	--------	d-----w-	C:\Downloads
2015-01-08 16:17 . 2015-01-08 20:08	--------	d-----w-	c:\users\Joanna\AppData\Roaming\Free Download Manager
2015-01-07 18:32 . 2014-12-15 03:13	11870360	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-06 20:57 . 2015-01-06 20:57	--------	d-----w-	c:\users\Joanna\AppData\Roaming\9-lab
2015-01-06 20:56 . 2015-01-06 20:56	--------	d-----w-	c:\programdata\9-lab
2015-01-06 10:01 . 2015-01-06 10:01	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin6.dll
2015-01-06 10:01 . 2015-01-06 10:01	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin5.dll
2015-01-06 10:01 . 2015-01-06 10:01	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin4.dll
2015-01-06 10:01 . 2015-01-06 10:01	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin3.dll
2015-01-06 10:01 . 2015-01-06 10:01	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin2.dll
2015-01-06 10:01 . 2015-01-06 10:01	159744	----a-w-	c:\program files\Internet Explorer\Wtyczki\npqtplugin.dll
2015-01-06 10:01 . 2015-01-06 10:01	--------	d-----w-	c:\program files (x86)\QuickTime
2015-01-06 10:01 . 2015-01-06 10:01	--------	d-----w-	c:\programdata\Apple Computer
2014-12-25 08:49 . 2014-09-05 01:52	5703168	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-12-25 08:49 . 2014-09-05 02:11	6584320	----a-w-	c:\windows\system32\mstscax.dll
2014-12-23 17:45 . 2015-01-09 18:23	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-23 17:44 . 2014-12-23 17:44	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-12-23 17:44 . 2014-12-23 17:44	--------	d-----w-	c:\programdata\Malwarebytes
2014-12-23 17:44 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-12-23 17:44 . 2014-11-21 05:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-12-23 17:44 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-12-22 09:26 . 2015-01-09 19:31	--------	d-----w-	C:\AdwCleaner
2014-12-19 10:12 . 2014-12-19 10:12	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3469D9F-0158-45AB-A8F0-396EFD49B551}\gapaengine.dll
2014-12-19 10:10 . 2014-12-19 10:10	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2014-12-19 10:10 . 2014-12-19 10:10	--------	d-----w-	c:\program files\Microsoft Security Client
2014-12-18 07:20 . 2014-12-13 05:09	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-18 07:20 . 2014-12-13 03:33	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-11 10:08 . 2014-12-11 10:08	--------	d-----w-	c:\windows\system32\appraiser
2014-12-11 07:10 . 2014-07-07 02:06	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2014-12-11 07:10 . 2014-07-07 02:06	24576	----a-w-	c:\windows\system32\mfpmp.exe
2014-12-11 07:10 . 2014-07-07 02:02	2048	----a-w-	c:\windows\system32\mferror.dll
2014-12-11 07:10 . 2014-07-07 01:39	50176	----a-w-	c:\windows\SysWow64\rrinstaller.exe
2014-12-11 07:10 . 2014-07-07 01:39	23040	----a-w-	c:\windows\SysWow64\mfpmp.exe
2014-12-11 07:10 . 2014-07-07 01:37	2048	----a-w-	c:\windows\SysWow64\mferror.dll
2014-12-11 07:10 . 2014-10-18 01:33	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2014-12-11 07:10 . 2014-07-07 02:06	206848	----a-w-	c:\windows\system32\mfps.dll
2014-12-11 07:10 . 2014-07-07 01:40	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2014-12-11 07:10 . 2014-10-18 02:05	4121600	----a-w-	c:\windows\system32\mf.dll
2014-12-11 06:59 . 2014-10-30 02:03	165888	----a-w-	c:\windows\system32\charmap.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-31 11:14 . 2010-01-15 12:23	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-12-14 14:22 . 2012-09-21 20:28	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-14 14:22 . 2011-08-31 05:41	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 10:38 . 2014-08-09 14:44	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-27 15:40 . 2009-12-29 08:59	112710672	----a-w-	c:\windows\system32\MRT.exe
2014-11-27 14:38 . 2012-03-29 10:02	1050432	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-11-27 14:37 . 2014-11-27 14:38	364512	----a-w-	c:\windows\system32\aswBoot.exe
2014-11-27 14:37 . 2014-05-07 05:46	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-11-27 14:37 . 2014-01-09 07:54	116728	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-11-27 14:37 . 2013-03-20 06:53	267632	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-11-27 14:37 . 2013-03-20 06:53	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-11-27 14:37 . 2012-03-29 10:02	436624	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-11-27 14:37 . 2012-03-29 10:02	83280	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-11-27 14:37 . 2014-11-27 14:37	43152	----a-w-	c:\windows\avastSS.scr
2014-11-27 14:37 . 2012-03-29 10:02	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-11-18 13:56 . 2014-11-18 13:56	1202848	----a-w-	c:\windows\SysWow64\FM20.DLL
2014-11-11 03:08 . 2014-11-19 09:41	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 09:41	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 09:41	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 09:41	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-10-25 01:57 . 2014-11-12 07:26	77824	----a-w-	c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 07:26	67584	----a-w-	c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 07:26	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 07:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 07:28	155064	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 07:28	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 07:26	3241984	----a-w-	c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 07:28	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 07:28	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 07:28	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 07:28	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 07:26	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 07:28	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 07:28	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 07:28	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OM2_Monitor"="c:\program files (x86)\Olympus\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-02-04 93376]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2014-06-05 248176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-09 5227112]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2009-11-1 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h [2009-11-1 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2015-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 14:22]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 11:42]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 11:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-27 14:37	860984	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = about:newtab
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
IE: Pobierz plik wideo w FDM - file://d:\tools\Free Download Manager\dlfvideo.htm
IE: Pobierz w FDM - file://d:\tools\Free Download Manager\dllink.htm
IE: Pobierz wszystkie pliki w FDM - file://d:\tools\Free Download Manager\dlall.htm
IE: Pobierz zaznaczone pliki w FDM - file://d:\tools\Free Download Manager\dlselected.htm
TCP: DhcpNameServer = 217.172.224.160 89.231.1.206
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2894854v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2898869 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2901126 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2931368 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2972107 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2972216 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2978128 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2979578v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,20,3a,98,d4,44,d9,48,8f,80,60,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,20,3a,98,d4,44,d9,48,8f,80,60,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2015-01-09  21:03:25
ComboFix-quarantined-files.txt  2015-01-09 20:03
.
Przed: 44 668 289 024 bajtów wolnych
Po: 44 487 864 320 bajtów wolnych
.
- - End Of File - - F1A1945E50C55B8D4175CDD01DC5B6F9
5C616939100B85E558DA92B899A0FC36