ComboFix 13-08-22.01 - Maciej 2013-08-23  22:29:02.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3958.2443 [GMT 2:00]
Uruchomiony z: c:\users\Maciej\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\cseDVH.dll
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-07-23 do 2013-08-23  )))))))))))))))))))))))))))))))
.
.
2013-08-23 20:37 . 2013-08-23 20:37	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{83B27E66-2CED-4098-A212-BADA3402B4DD}\offreg.dll
2013-08-23 20:37 . 2013-08-23 20:37	--------	d-----w-	c:\users\Marta\AppData\Local\temp
2013-08-23 20:37 . 2013-08-23 20:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-23 19:49 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-08-23 19:49 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-08-23 19:49 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-08-23 19:49 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-08-23 19:49 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-08-23 19:49 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-08-23 19:49 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-08-23 19:49 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2013-08-23 19:49 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2013-08-23 19:43 . 2010-05-26 09:41	1998168	----a-w-	c:\windows\SysWow64\D3DX9_43.dll
2013-08-23 19:43 . 2010-05-26 09:41	2401112	----a-w-	c:\windows\system32\D3DX9_43.dll
2013-08-23 18:35 . 2009-08-31 16:32	611872	----a-w-	c:\windows\system32\RTSnMg64.cpl
2013-08-23 18:35 . 2009-08-05 14:10	831488	----a-w-	c:\windows\RtlExUpd.dll
2013-08-23 18:35 . 2006-02-07 13:44	65024	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2013-08-23 18:31 . 2013-08-06 08:58	9515512	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{83B27E66-2CED-4098-A212-BADA3402B4DD}\mpengine.dll
2013-08-16 08:44 . 2013-08-16 08:45	--------	d-----w-	c:\program files (x86)\PDF Architect
2013-08-16 08:44 . 2013-08-16 08:44	--------	d-----w-	c:\users\Maciej\AppData\Roaming\pdfforge
2013-08-16 08:44 . 2012-05-05 09:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2013-08-16 08:44 . 2013-04-09 13:13	110264	----a-w-	c:\windows\system32\pdfcmon.dll
2013-08-16 08:44 . 2012-05-05 09:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2013-08-16 08:44 . 2013-08-18 15:45	--------	d-----w-	c:\program files (x86)\PDFCreator
2013-08-14 12:04 . 2013-07-19 01:58	2048	----a-w-	c:\windows\system32\tzres.dll
2013-08-05 20:35 . 2013-08-05 20:35	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2013-08-05 20:33 . 2013-08-05 20:33	--------	d-----w-	c:\users\Maciej\AppData\Local\2K Games
2013-08-05 20:20 . 2013-08-05 20:20	--------	d-----w-	c:\program files (x86)\2K Games
2013-08-04 10:46 . 2013-08-04 10:46	--------	d-----w-	c:\program files\CCleaner
2013-07-25 21:41 . 2013-07-25 21:41	--------	d-----w-	C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-23 19:53 . 2013-05-20 20:27	17920	----a-w-	c:\windows\SysWow64\rpcnetp.dll
2013-08-23 19:53 . 2013-05-20 20:26	17920	----a-w-	c:\windows\SysWow64\rpcnetp.exe
2013-08-23 19:53 . 2013-04-30 22:26	17920	----a-w-	c:\windows\system32\rpcnetp.exe
2013-08-23 18:50 . 2013-05-01 18:14	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-23 18:50 . 2013-05-01 18:14	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-14 17:34 . 2013-05-01 19:05	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-14 12:04	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-06-28 18:07 . 2013-05-01 15:26	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-28 18:07 . 2013-05-01 15:26	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-28 18:07 . 2013-05-01 15:26	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-06 16:58 . 2013-06-06 16:58	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-06-06 16:58 . 2013-06-06 16:58	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-06-06 16:58 . 2013-06-06 16:58	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-06-06 16:58 . 2013-06-06 16:58	81408	----a-w-	c:\windows\system32\icardie.dll
2013-06-06 16:58 . 2013-06-06 16:58	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-06-06 16:58 . 2013-06-06 16:58	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-06-06 16:58 . 2013-06-06 16:58	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-06 16:58 . 2013-06-06 16:58	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-06-06 16:58 . 2013-06-06 16:58	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-06-06 16:58 . 2013-06-06 16:58	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-06-06 16:58 . 2013-06-06 16:58	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-06-06 16:58 . 2013-06-06 16:58	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-06-06 16:58 . 2013-06-06 16:58	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-06-06 16:58 . 2013-06-06 16:58	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-06-06 16:58 . 2013-06-06 16:58	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-06-06 16:58 . 2013-06-06 16:58	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-06-06 16:58 . 2013-06-06 16:58	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-06-06 16:58 . 2013-06-06 16:58	441856	----a-w-	c:\windows\system32\html.iec
2013-06-06 16:58 . 2013-06-06 16:58	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-06-06 16:58 . 2013-06-06 16:58	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-06-06 16:58 . 2013-06-06 16:58	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-06-06 16:58 . 2013-06-06 16:58	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-06 16:58 . 2013-06-06 16:58	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-06-06 16:58 . 2013-06-06 16:58	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-06-06 16:58 . 2013-06-06 16:58	235008	----a-w-	c:\windows\system32\url.dll
2013-06-06 16:58 . 2013-06-06 16:58	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-06-06 16:58 . 2013-06-06 16:58	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-06-06 16:58 . 2013-06-06 16:58	216064	----a-w-	c:\windows\system32\msls31.dll
2013-06-06 16:58 . 2013-06-06 16:58	197120	----a-w-	c:\windows\system32\msrating.dll
2013-06-06 16:58 . 2013-06-06 16:58	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-06-06 16:58 . 2013-06-06 16:58	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-06-06 16:58 . 2013-06-06 16:58	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-06-06 16:58 . 2013-06-06 16:58	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-06-06 16:58 . 2013-06-06 16:58	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-06-06 16:58 . 2013-06-06 16:58	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-06-06 16:58 . 2013-06-06 16:58	149504	----a-w-	c:\windows\system32\occache.dll
2013-06-06 16:58 . 2013-06-06 16:58	144896	----a-w-	c:\windows\system32\wextract.exe
2013-06-06 16:58 . 2013-06-06 16:58	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-06-06 16:58 . 2013-06-06 16:58	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-06-06 16:58 . 2013-06-06 16:58	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-06-06 16:58 . 2013-06-06 16:58	13824	----a-w-	c:\windows\system32\mshta.exe
2013-06-06 16:58 . 2013-06-06 16:58	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-06-06 16:58 . 2013-06-06 16:58	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-06-06 16:58 . 2013-06-06 16:58	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-06-06 16:58 . 2013-06-06 16:58	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-06-06 16:58 . 2013-06-06 16:58	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-06-06 16:58 . 2013-06-06 16:58	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-06-06 16:58 . 2013-06-06 16:58	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-06 16:58 . 2013-06-06 16:58	102912	----a-w-	c:\windows\system32\inseng.dll
2013-06-06 16:56 . 2013-06-06 16:56	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-06-06 16:56 . 2013-06-06 16:56	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-06-06 16:56 . 2013-06-06 16:56	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-06 16:56 . 2013-06-06 16:56	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-06 16:56 . 2013-06-06 16:56	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-06-06 16:56 . 2013-06-06 16:56	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-06-06 16:56 . 2013-06-06 16:56	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-06 16:56 . 2013-06-06 16:56	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-06-06 16:56 . 2013-06-06 16:56	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-06-06 16:56 . 2013-06-06 16:56	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-06-06 16:56 . 2013-06-06 16:56	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-06-06 16:56 . 2013-06-06 16:56	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-06-06 16:56 . 2013-06-06 16:56	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-06-06 16:56 . 2013-06-06 16:56	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-06-06 16:56 . 2013-06-06 16:56	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-06-06 16:56 . 2013-06-06 16:56	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-06-06 16:56 . 2013-06-06 16:56	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-06-06 16:56 . 2013-06-06 16:56	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-06-06 16:56 . 2013-06-06 16:56	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-06-06 16:56 . 2013-06-06 16:56	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-06-06 16:56 . 2013-06-06 16:56	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-06-06 16:56 . 2013-06-06 16:56	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-06-06 16:56 . 2013-06-06 16:56	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-06 16:56 . 2013-06-06 16:56	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:41 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_43f68e03b0fd4b38\ksuser.dll
[-] 2009-07-14 01:41 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\erdnt\cache86\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_e7d7f27ff89fda02\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll
[-] 2009-07-14 01:41 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] .. c:\windows\system32\ksuser.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20681584]
"ChomikBox"="c:\program files (x86)\ChomikBox\chomikbox.exe" [2012-11-15 5979648]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-02 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-5-9 2750376]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /p \??\C:\0autocheck autochk *
.
R0 rpcnetp;rpcnetp;rpcnetp [x]
R2 ATS;Absolute Time Server;c:\program files (x86)\Flexiblesoft\ATS\ats.exe;c:\program files (x86)\Flexiblesoft\ATS\ats.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys;c:\windows\SYSNATIVE\DRIVERS\cdrblock.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-01 18:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-10-15 1050000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-13 16414824]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-31 8095776]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://msn.gazeta.pl/msn/0,0.html?pc=UP97&ocid=UP97DHP
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://192.168.178.103/webrec.cab
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\ATS]
"ImagePath"="c:\program files (x86)\Flexiblesoft\ATS\ats.exe /startedbyscm:C29554C0-40E289BB-ATCService"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2013-08-23  22:40:23
ComboFix-quarantined-files.txt  2013-08-23 20:40
.
Przed: 39 493 013 504 bajtów wolnych
Po: 39 315 853 312 bajtów wolnych
.
- - End Of File - - C7387C14B32740BBB7319FFC2765ED08