ComboFix 13-12-29.01 - SAMSUNG 2013-12-30 18:15:53.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.6041.4398 [GMT 1:00] Uruchomiony z: J:\1.exe AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usuniźto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\1.exe C:\2.exe c:\programdata\Roaming c:\users\SAMSUNG\AppData\Roaming\BDL+D c:\users\SAMSUNG\AppData\Roaming\BDL+D\MANGAGAMER.COM\39FD8254-8737-4AFF-9C31-D593D385AFD3\____.hld c:\users\SAMSUNG\AppData\Roaming\BDL+D\MANGAGAMER.COM\39FD8254-8737-4AFF-9C31-D593D385AFD3\____.sys c:\users\SAMSUNG\AppData\Roaming\BDL+D\MANGAGAMER.COM\activation_log.dat c:\users\SAMSUNG\AppData\Roaming\BDL+D\MANGAGAMER.COM\activation_log.dat.1 c:\users\SAMSUNG\AppData\Roaming\BDL+D\MANGAGAMER.COM\activation_log.dat.2 c:\users\SAMSUNG\AppData\Roaming\BDL+D\MANGAGAMER.COM\activation_log.dat.3 c:\users\SAMSUNG\AppData\Roaming\BDL+D\MANGAGAMER.COM\B60AD237-1634-401B-BB3E-406FD6699ACA\____.hld c:\users\SAMSUNG\AppData\Roaming\BDL+D\MANGAGAMER.COM\B60AD237-1634-401B-BB3E-406FD6699ACA\____.sys c:\windows\IsUn0411.exe c:\windows\security\Database\tmp.edb c:\windows\SysWow64\SARCheck.dll . . ((((((((((((((((((((((((( Pliki utworzone od 2013-11-28 do 2013-12-30 ))))))))))))))))))))))))))))))) . . 2013-12-30 17:24 . 2013-12-30 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-12-30 16:39 . 2013-12-30 16:39 -------- d-----w- c:\users\SAMSUNG\AppData\Local\ElevatedDiagnostics 2013-12-30 16:33 . 2013-12-30 16:33 -------- d-----w- c:\programdata\Kaspersky Lab 2013-12-29 10:54 . 2013-12-24 02:06 117024 ----a-w- c:\windows\system32\BootDefrag.exe 2013-12-29 10:54 . 2013-12-30 17:27 -------- d-----w- c:\program files (x86)\Glary Utilities 4 2013-12-29 09:02 . 2013-12-29 09:02 -------- d-----w- c:\windows\SysWow64\NV 2013-12-29 09:02 . 2013-12-29 09:02 -------- d-----w- c:\windows\system32\NV 2013-12-29 09:02 . 2013-12-29 09:02 -------- d-----w- c:\programdata\NVIDIA 2013-12-29 08:59 . 2013-11-11 15:02 6674208 ----a-w- c:\windows\system32\nvcpl.dll 2013-12-29 08:59 . 2013-11-11 15:02 3490080 ----a-w- c:\windows\system32\nvsvc64.dll 2013-12-29 08:59 . 2013-11-11 15:01 922912 ----a-w- c:\windows\system32\nvvsvc.exe 2013-12-29 08:59 . 2013-11-11 15:01 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll 2013-12-29 08:59 . 2013-11-11 15:01 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-12-29 08:59 . 2013-11-11 15:01 2559776 ----a-w- c:\windows\system32\nvsvcr.dll 2013-12-29 08:59 . 2013-11-11 15:01 1065248 ----a-w- c:\windows\system32\nv3dappshext.dll 2013-12-29 08:59 . 2013-11-11 15:01 3467927 ----a-w- c:\windows\system32\nvcoproc.bin 2013-12-29 08:59 . 2013-11-11 15:01 219424 ----a-w- c:\windows\system32\nvmctray.dll 2013-12-29 08:39 . 2013-12-29 08:39 -------- d-----w- c:\users\SAMSUNG\AppData\Local\NVIDIA Corporation 2013-12-29 08:39 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll 2013-12-29 08:39 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2013-12-29 08:39 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll 2013-12-29 08:39 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2013-12-29 08:39 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2013-12-29 08:39 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll 2013-12-29 08:38 . 2013-12-10 02:13 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll 2013-12-29 08:38 . 2013-12-10 02:13 1100248 ----a-w- c:\windows\system32\nvspcap64.dll 2013-12-29 08:37 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-12-29 08:36 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-12-29 08:36 . 2013-12-29 08:38 -------- d-----w- c:\users\SAMSUNG\AppData\Local\Skyrim 2013-12-29 07:59 . 2013-12-29 08:11 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim 2013-12-27 15:50 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9697DC87-EB71-440A-ADA1-22C7B854BCF5}\mpengine.dll 2013-12-26 17:36 . 2013-12-26 17:36 -------- d-----w- c:\users\SAMSUNG\minecraft 2013-12-26 16:41 . 2013-12-26 16:41 -------- d-----w- C:\Warrior Gamez 2013-12-26 12:19 . 2013-12-26 12:19 82744 ----a-w- c:\windows\system32\drivers\aswstm.sys 2013-12-25 14:26 . 2013-12-25 14:26 1 ----a-w- c:\windows\SysWow64\SI.bin 2013-12-22 16:18 . 1997-01-15 23:00 71680 ----a-w- c:\windows\ST5UNST.EXE 2013-12-22 16:18 . 1997-01-15 23:00 29696 ----a-w- c:\windows\SysWow64\VB5StKit.dll 2013-12-22 16:09 . 2013-12-22 16:09 82960 ----a-w- c:\windows\SysWow64\PICCLP32.OCX 2013-12-22 16:09 . 2013-12-22 16:09 645616 ----a-w- c:\windows\SysWow64\Mscomct2.ocx 2013-12-22 16:09 . 2013-12-22 16:09 609584 ----a-w- c:\windows\SysWow64\COMCTL32.OCX 2013-12-22 16:09 . 2013-12-22 16:09 414944 ----a-w- c:\windows\SysWow64\comct332.ocx 2013-12-22 16:09 . 2013-12-22 16:09 39424 ----a-w- c:\windows\SysWow64\NInput.ocx 2013-12-22 16:09 . 2013-12-22 16:09 209408 ----a-w- c:\windows\SysWow64\TABCTL32.OCX 2013-12-22 16:09 . 2013-12-22 16:09 164144 ----a-w- c:\windows\SysWow64\COMCT232.OCX 2013-12-20 07:23 . 2013-12-20 07:23 -------- d-----w- c:\users\SAMSUNG\AppData\Local\Help 2013-12-19 12:52 . 2013-12-30 17:28 -------- d-----w- c:\users\SAMSUNG\AppData\Local\LogMeIn Hamachi 2013-12-19 12:52 . 2013-12-19 12:52 -------- d-----w- c:\users\SAMSUNG\AppData\Local\LogMeIn 2013-12-19 12:52 . 2013-12-19 12:52 -------- d-----w- c:\programdata\LogMeIn 2013-12-18 21:12 . 2013-12-18 21:12 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2013-12-16 09:23 . 2013-12-26 18:19 -------- d-----w- c:\users\SAMSUNG\AppData\Roaming\.minecraft 2013-12-13 02:04 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2013-12-13 02:04 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe 2013-12-13 02:04 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2013-12-13 02:04 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL 2013-12-13 02:04 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll 2013-12-12 03:13 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-12-10 21:14 . 2013-12-10 21:14 9293192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-12-10 08:00 . 2013-12-10 08:00 -------- d-----w- c:\program files (x86)\Nival Interactive 2013-12-04 02:07 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2013-12-01 04:20 . 2013-12-01 04:20 -------- d-----w- c:\users\SAMSUNG\AppData\Roaming\Kalypso Media . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-26 12:19 . 2013-07-03 17:24 422216 ----a-w- c:\windows\system32\drivers\aswsp.sys 2013-12-26 12:19 . 2013-07-03 17:24 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-26 12:19 . 2013-07-03 17:24 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-26 12:19 . 2013-07-03 17:24 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-26 12:19 . 2013-07-03 17:24 334136 ----a-w- c:\windows\system32\aswBoot.exe 2013-12-26 12:19 . 2013-07-03 17:23 43152 ----a-w- c:\windows\avastSS.scr 2013-12-14 09:15 . 2013-09-06 06:10 90708896 ----a-w- c:\windows\system32\MRT.exe 2013-12-10 21:14 . 2013-07-03 17:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-10 21:14 . 2013-07-03 17:27 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-12-05 08:42 . 2013-10-01 16:24 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-11-19 18:14 . 2013-10-30 17:46 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-11-19 18:14 . 2013-11-19 18:14 312744 ----a-w- c:\windows\system32\javaws.exe 2013-11-19 18:14 . 2013-10-30 17:46 189352 ----a-w- c:\windows\system32\javaw.exe 2013-11-19 18:14 . 2013-10-30 17:46 189352 ----a-w- c:\windows\system32\java.exe 2013-11-19 18:12 . 2013-10-16 17:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-11-19 02:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe 2013-11-10 12:37 . 2013-11-10 12:37 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2013-10-22 03:39 . 2013-07-03 17:24 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-10-22 03:39 . 2013-07-03 17:24 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-10-18 01:42 . 2013-10-07 04:54 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys 2013-10-18 01:42 . 2013-10-07 04:54 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2013-10-12 02:30 . 2013-11-13 21:19 830464 ----a-w- c:\windows\system32\nshwfp.dll 2013-10-12 02:29 . 2013-11-13 21:19 859648 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-10-12 02:29 . 2013-11-13 21:19 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-10-12 02:03 . 2013-11-13 21:19 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll 2013-10-12 02:01 . 2013-11-13 21:19 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL 2013-10-08 01:52 . 2013-10-08 01:51 376320 ----a-r- c:\users\SAMSUNG\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe 2013-10-05 20:25 . 2013-11-13 21:20 1474048 ----a-w- c:\windows\system32\crypt32.dll 2013-10-05 19:57 . 2013-11-13 21:20 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-10-04 02:28 . 2013-11-13 21:19 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll 2013-10-04 02:25 . 2013-11-13 21:19 197120 ----a-w- c:\windows\system32\credui.dll 2013-10-04 02:24 . 2013-11-13 21:19 1930752 ----a-w- c:\windows\system32\authui.dll 2013-10-04 01:58 . 2013-11-13 21:19 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll 2013-10-04 01:56 . 2013-11-13 21:19 168960 ----a-w- c:\windows\SysWow64\credui.dll 2013-10-04 01:56 . 2013-11-13 21:19 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-10-03 02:23 . 2013-11-13 21:19 404480 ----a-w- c:\windows\system32\gdi32.dll 2013-10-03 02:00 . 2013-11-13 21:19 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2013-10-02 09:17 . 2013-10-09 09:34 174968 ----a-w- c:\windows\system32\drivers\idmwfp.sys . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"= "c:\program files\AVAST Software\Avast\aswWebRepIE.dll" [2013-12-26 1138536] . [HKEY_CLASSES_ROOT\clsid\{cc1a175a-e45b-41ed-a30c-c9b1d7a0c02f}] [HKEY_CLASSES_ROOT\TypeLib\{6B795924-95E7-4D31-8521-407360C3AA0B}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-26 3764024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk * . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x] R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files (x86)\VMLaunch\BuddyVM.sys;c:\program files (x86)\VMLaunch\BuddyVM.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Us³uga Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x] S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x] S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x] S2 SWUpdateService;SW Update Service;c:\program files (x86)\Samsung\SW Update\SWMAgent.exe;c:\program files (x86)\Samsung\SW Update\SWMAgent.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 AMPPAL;Karta wirtualna Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-07 21:12 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Zawartoœę folderu 'Zaplanowane zadania' . 2013-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-03 21:14] . 2013-12-30 c:\windows\Tasks\GlaryInitialize 4.job - c:\program files (x86)\Glary Utilities 4\Initialize.exe [2013-12-24 02:02] . 2013-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03 16:50] . 2013-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03 16:50] . 2013-07-03 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41] . 2013-12-30 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"= "c:\program files\AVAST Software\Avast\aswWebRepIE64.dll" [2013-12-26 1372864] . [HKEY_CLASSES_ROOT\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-12-26 12:19 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Skan uzupe³niaj¹cy ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://aartemis.com/?type=hp&ts=1387613786&from=wpc&uid=ST1000LM024XHN-M101MBB_S2RQJ9FC502077 mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1387613786&from=wpc&uid=ST1000LM024XHN-M101MBB_S2RQJ9FC502077&q={searchTerms} mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1387613786&from=wpc&uid=ST1000LM024XHN-M101MBB_S2RQJ9FC502077 mStart Page = hxxp://aartemis.com/?type=hp&ts=1387613786&from=wpc&uid=ST1000LM024XHN-M101MBB_S2RQJ9FC502077 mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1387613786&from=wpc&uid=ST1000LM024XHN-M101MBB_S2RQJ9FC502077&q={searchTerms} IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Wyœlij &do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Œci¹gnij przez IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: Œci¹gnij wideo FLV przez IDM z 10 ostatnio æ¹danych - c:\program files (x86)\Internet Download Manager\IEGetVL2.htm IE: Œci¹gnij wszystkie linki przez IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Œci¹gnij zawartoœę wideo FLV przez IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm TCP: DhcpNameServer = 10.0.1.1 . - - - - USUNIŹTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) c:\users\SAMSUNG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk - c:\users\SAMSUNG\AppData\Local\Temp\_uninst_.bat HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) Toolbar-10 - (no file) AddRemove-m_yakata - c:\windows\IsUn0411.exe AddRemove-ƒn[ƒŒƒ€•ƒn[ƒŒƒ€ - c:\windows\IsUn0411.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-3183270048-2252803029-1860483952-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:72,84,09,a7,87,0f,76,e1,4a,12,d0,59,5b,0c,3d,2f,8a,13,2d,e6,23,ea,74, 79,db,14,86,a5,dd,f4,38,a0,88,0d,f7,78,57,c9,98,e0,74,bd,de,14,38,18,4b,ef,\ "??"=hex:57,0a,ce,d9,e4,b1,32,e6,55,d4,a5,35,af,35,75,2f . [HKEY_USERS\S-1-5-21-3183270048-2252803029-1860483952-1001_Classes\Wow6432Node\CLSID\{48ee278f-7a69-4267-a3ac-98d80d69f4aa}] @Denied: (Full) (Everyone) . [HKEY_USERS\S-1-5-21-3183270048-2252803029-1860483952-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):e7,fb,d8,ce,b2,25,94,1e,18,1c,aa,5f,95,1f,6e,ab,c2,3c,7c,43,b4, a1,05,8e,e9,7f,9a,e5,3b,89,0c,ec,1a,2f,8e,fb,c8,66,20,63,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ƒ*A**[*ƒ*N*ƒ*V*ƒ*F*ƒ*9 \ƒ*n**[*ƒ*Zƒ*¬ *" ƒ*n**[*ƒ*Zƒ*¬ \1.00.000] "srcpath"="f:\\h2\\" "dstpath"="c:\\ƒA[ƒNƒVƒFƒ‹\\ƒn[ƒŒƒ€•ƒn[ƒŒƒ€" "Version"="0" DUMPHIVE0.003 (REGF) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozosta³e uruchomione procesy ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Glary Utilities 4\Integrator.exe c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe . ************************************************************************** . Czas ukończenia: 2013-12-30 18:34:44 - komputer zosta³ uruchomiony ponownie ComboFix-quarantined-files.txt 2013-12-30 17:34 . Przed: 232 238 071 808 bajtów wolnych Po: 232 605 368 320 bajtów wolnych . - - End Of File - - 3C1FD25490253A9B6F179F2D4748683C