ComboFix 14-02-05.02 - Mi³y 2014-02-06 22:44:54.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3882.2286 [GMT 1:00] Uruchomiony z: c:\users\TEMP\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usuniêto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\SaveSenseLive c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdate.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_am.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ar.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_bg.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_bn.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ca.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_cs.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_da.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_de.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_el.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_en-GB.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_en.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_es-419.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_es.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_et.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_fa.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_fi.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_fil.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_fr.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_gu.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_hi.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_hr.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_hu.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_id.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_is.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_it.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_iw.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ja.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_kn.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ko.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_lt.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_lv.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ml.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_mr.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ms.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_nl.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_no.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_pl.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-BR.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-PT.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ro.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ru.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sk.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sl.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sr.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sv.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sw.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ta.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_te.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_th.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_tr.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_uk.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ur.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_vi.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-CN.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-TW.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\psmachine.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\psuser.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHelper.msi c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe c:\program files (x86)\SaveSenseLive\Update\SaveSenseLive.exe c:\programdata\SaveSenseLive c:\programdata\SaveSenseLive\Update\Log\SaveSenseLive.log c:\windows\PFRO.log . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Us³ugi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_savesenselive -------\Service_savesenselivem -------\Service_savesenselivem . . ((((((((((((((((((((((((( Pliki utworzone od 2014-01-06 do 2014-02-06 ))))))))))))))))))))))))))))))) . . 2014-02-06 21:53 . 2014-02-06 21:53 -------- d-----w- c:\users\TEMP.destiny 2014-02-06 21:52 . 2014-02-06 21:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-02-06 21:52 . 2014-02-06 21:52 -------- d-----w- c:\users\Mi³y\AppData\Local\temp 2014-02-06 21:52 . 2014-02-06 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-02-06 21:52 . 2014-02-06 21:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2014-02-06 21:28 . 2014-02-06 21:28 -------- d-----w- C:\TDSSKiller_Quarantine 2014-02-05 21:01 . 2012-06-22 10:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys 2014-02-05 21:01 . 2014-02-05 21:01 110080 ----a-r- c:\users\Mi³y\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe 2014-02-05 21:01 . 2014-02-05 21:01 110080 ----a-r- c:\users\Mi³y\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe 2014-02-05 21:01 . 2014-02-05 21:01 110080 ----a-r- c:\users\Mi³y\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe 2014-02-05 21:01 . 2014-02-05 21:01 -------- d-----w- C:\sh4ldr 2014-02-05 21:01 . 2014-02-05 21:01 -------- d-----w- c:\program files\Enigma Software Group 2014-02-05 21:00 . 2014-02-05 21:01 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-02-05 21:00 . 2014-02-05 21:00 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2014-02-05 20:48 . 2014-02-05 20:51 -------- d-----w- C:\AdwCleaner 2014-02-05 14:14 . 2014-02-05 19:44 -------- d-----w- c:\program files (x86)\WinUtilities 2014-02-05 14:14 . 2010-07-25 21:23 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll 2014-02-05 14:14 . 2010-07-25 21:23 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx 2014-02-05 14:14 . 2010-07-25 21:23 33968 ----a-w- c:\windows\SysWow64\anim.dll 2014-02-05 14:14 . 2010-07-25 21:23 258352 ----a-w- c:\windows\SysWow64\unicows.dll 2014-02-05 14:14 . 2010-07-25 21:23 1706800 ----a-w- c:\windows\SysWow64\gdiplus.dll 2014-02-05 14:14 . 2010-07-25 21:23 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL 2014-02-05 14:14 . 2010-07-25 21:23 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL 2014-02-05 14:08 . 2014-02-06 21:38 -------- d-----w- c:\users\Mi³y\AppData\Roaming\Lavasoft 2014-02-04 22:11 . 2014-02-04 22:11 -------- d-----w- c:\program files\SkanerOnline 2014-02-04 21:54 . 2014-02-05 19:59 -------- d-----w- c:\users\Mi³y\AppData\Local\Razer 2014-02-04 21:40 . 2014-02-05 19:59 -------- d-----w- c:\program files (x86)\Razer 2014-02-04 21:40 . 2014-02-05 19:59 -------- d-----w- c:\programdata\Razer 2014-02-04 20:22 . 2014-02-04 20:22 -------- d-----w- c:\program files\CCleaner 2014-02-04 19:57 . 2013-12-16 00:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36DE4A0E-B235-4A72-8FB3-D0DA9FF7C273}\mpengine.dll 2014-01-25 13:06 . 2014-02-01 18:19 -------- d-----w- c:\users\Mi³y\AppData\Roaming\.minecraft 2014-01-25 10:08 . 2014-01-25 10:08 -------- d-----w- c:\users\Mi³y\AppData\Roaming\com.1minus1.socialsafe.D675411CF670AA3EFAC13BDD847989BEDE2115E2.1 2014-01-19 19:48 . 2014-01-19 19:48 -------- d-----w- c:\users\MIY~2 2014-01-19 19:48 . 2014-01-31 23:32 -------- d-----w- c:\program files (x86)\GameforgeLive 2014-01-19 18:20 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2014-01-19 18:20 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2014-01-19 18:20 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2014-01-19 17:52 . 2014-02-04 20:11 -------- d-----w- c:\program files (x86)\Pando Networks 2014-01-19 17:52 . 2014-01-19 17:52 -------- d-----w- c:\users\Mi³y\AppData\Local\SaveSenseLive 2014-01-19 17:52 . 2014-01-19 17:52 -------- d-----w- c:\users\Mi³y\AppData\Roaming\SaveSense 2014-01-19 12:18 . 2014-01-19 12:18 -------- d-----w- c:\users\Mi³y\AppData\Roaming\Riot Games 2014-01-18 02:45 . 2014-01-18 02:45 -------- d-----w- c:\windows\system32\log 2014-01-18 02:45 . 2014-02-04 20:20 -------- d-----w- c:\users\Mi³y\AppData\Roaming\iSafe 2014-01-18 02:42 . 2014-02-06 21:25 -------- d-----w- c:\users\Mi³y\AppData\Roaming\newnext.me 2014-01-18 02:42 . 2014-01-18 02:42 -------- d-----w- c:\users\Mi³y\AppData\Local\cache 2014-01-18 02:42 . 2014-02-04 20:09 -------- d-----w- c:\users\Mi³y\AppData\Local\Mobogenie 2014-01-18 02:42 . 2014-01-18 02:42 -------- d-----w- c:\users\Mi³y\AppData\Local\genienext 2014-01-18 02:38 . 2014-01-18 02:49 -------- d-----w- c:\users\Mi³y\AppData\Local\Oxy 2014-01-18 02:37 . 2014-01-19 12:26 -------- d-----w- c:\users\Mi³y\AppData\Roaming\Oxy 2014-01-17 21:55 . 2014-01-17 21:55 -------- d-----w- c:\program files (x86)\Common Files\Skype 2014-01-17 21:55 . 2014-01-17 21:55 -------- d-----r- c:\program files (x86)\Skype . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-05 21:01 . 2014-02-05 21:01 110080 ----a-r- c:\users\Mi³y\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe 2014-02-05 21:01 . 2014-02-05 21:01 110080 ----a-r- c:\users\Mi³y\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe 2014-02-05 21:01 . 2014-02-05 21:01 110080 ----a-r- c:\users\Mi³y\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe 2014-02-05 21:01 . 2014-02-05 21:01 110080 ----a-r- c:\users\Mi³y\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe 2014-02-05 21:01 . 2014-02-05 21:01 110080 ----a-r- c:\users\Mi³y\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe 2014-02-05 21:01 . 2014-02-05 21:01 110080 ----a-r- c:\users\Mi³y\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe 2014-02-05 19:21 . 2012-08-04 00:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-05 19:21 . 2012-08-04 00:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-01-18 02:45 . 2011-02-19 22:03 421032 ----a-w- c:\windows\SysWow64\msvcp100.dll 2014-01-18 02:45 . 2011-02-18 23:40 773800 ----a-w- c:\windows\SysWow64\msvcr100.dll 2014-01-16 08:59 . 2012-08-03 20:45 270496 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NextLive"="c:\users\Mi³y\AppData\Roaming\newnext.me\nengine.dll" [2014-01-06 1283584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x] R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x] R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x] R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Us³uga Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x] . . Zawartoœæ folderu 'Zaplanowane zadania' . 2014-02-06 c:\windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job - c:\program files (x86)\WinUtilities\ToolMemoryOptimizer.exe [2014-02-05 13:26] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-02 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-02 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-02 415256] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Skan uzupe³niaj¹cy ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.nationzoom.com/?type=hp&ts=1390012754&from=mp3&uid=HitachiXHTS545050B9A300_100924PBN403B70DNSULX mDefault_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390012754&from=mp3&uid=HitachiXHTS545050B9A300_100924PBN403B70DNSULX&q={searchTerms} mDefault_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1390012754&from=mp3&uid=HitachiXHTS545050B9A300_100924PBN403B70DNSULX mStart Page = hxxp://www.nationzoom.com/?type=hp&ts=1390012754&from=mp3&uid=HitachiXHTS545050B9A300_100924PBN403B70DNSULX mSearch Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1390012754&from=mp3&uid=HitachiXHTS545050B9A300_100924PBN403B70DNSULX&q={searchTerms} IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Wyœlij obraz do urz¹dzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyœlij stronê do urz¹dzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: mks.com.pl\www TCP: DhcpNameServer = 62.179.1.62 192.168.0.1 . - - - - USUNIÊTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) SafeBoot-62400995.sys SafeBoot-93228161.sys . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozosta³e uruchomione procesy ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe . ************************************************************************** . Czas ukoñczenia: 2014-02-06 22:57:50 - komputer zosta³ uruchomiony ponownie ComboFix-quarantined-files.txt 2014-02-06 21:57 . Przed: 45 586 681 856 bajtów wolnych Po: 45 081 341 952 bajtów wolnych . - - End Of File - - CE3B3ED4A123A5658FF438B3F87DEC6B