ComboFix 14-05-27.02 - sebek 2014-05-28  15:28:51.8.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.48.1045.18.3583.2675 [GMT 2:00]
Uruchomiony z: d:\instalki\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-04-28 do 2014-05-28  )))))))))))))))))))))))))))))))
.
.
2014-05-28 13:34 . 2014-05-28 13:34	--------	d-----w-	c:\users\sebek\AppData\Local\temp
2014-05-28 13:34 . 2014-05-28 13:34	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-05-28 13:34 . 2014-05-28 13:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-28 13:22 . 2014-05-28 13:34	--------	d-----w-	c:\program files\Microsoft
2014-05-28 13:18 . 2014-05-28 13:19	--------	d-----w-	c:\users\sebek\AppData\Local\VirtualStore
2014-05-27 12:47 . 2014-05-27 12:47	--------	d-----w-	c:\users\sebek\AppData\Roaming\Tropico 5
2014-05-26 21:59 . 2014-05-26 21:59	--------	d-----w-	c:\program files\AGEIA Technologies
2014-05-26 21:59 . 2014-05-19 23:11	603592	----a-w-	c:\windows\system32\nvStreaming.exe
2014-05-26 21:58 . 2014-05-14 02:20	3774821	----a-w-	c:\windows\system32\nvcoproc.bin
2014-05-26 21:54 . 2014-05-20 02:39	9697640	----a-w-	c:\windows\system32\nvopencl.dll
2014-05-26 21:54 . 2014-05-20 02:39	9735256	----a-w-	c:\windows\system32\nvcuda.dll
2014-05-26 21:54 . 2014-05-20 02:39	908744	----a-w-	c:\windows\system32\nvdispgenco3233788.dll
2014-05-26 21:54 . 2014-05-20 02:39	866592	----a-w-	c:\windows\system32\NvIFR.dll
2014-05-26 21:54 . 2014-05-20 02:39	861128	----a-w-	c:\windows\system32\NvFBC.dll
2014-05-26 21:54 . 2014-05-20 02:39	2953672	----a-w-	c:\windows\system32\nvcuvid.dll
2014-05-26 21:54 . 2014-05-20 02:39	2413344	----a-w-	c:\windows\system32\nvcuvenc.dll
2014-05-26 21:54 . 2014-05-20 02:39	24024408	----a-w-	c:\windows\system32\nvoglv32.dll
2014-05-26 21:54 . 2014-05-20 02:39	1056200	----a-w-	c:\windows\system32\nvdispco3233788.dll
2014-05-26 21:54 . 2014-05-20 02:39	10533152	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2014-05-26 21:54 . 2014-05-20 02:39	17559384	----a-w-	c:\windows\system32\nvcompiler.dll
2014-05-26 21:50 . 2014-05-26 21:50	--------	d-----w-	C:\NVIDIA
2014-05-26 11:18 . 2005-06-24 14:24	438272	----a-r-	c:\windows\system32\vp6vfw.dll
2014-05-26 11:18 . 2004-12-10 07:06	327680	----a-w-	c:\windows\system32\vp6dec.ax
2014-05-26 07:28 . 2014-05-26 07:34	--------	d-----w-	c:\users\sebek\AppData\Local\TeknoGods
2014-05-25 10:57 . 2014-05-28 13:24	--------	d-----w-	C:\FRST
2014-05-25 10:50 . 2014-05-25 10:50	30976	----a-w-	c:\windows\system32\drivers\hitmanpro37.sys
2014-05-24 19:00 . 2014-05-24 19:03	107736	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-24 19:00 . 2014-04-03 13:50	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-20 11:37 . 2014-05-20 11:37	--------	d-----w-	c:\programdata\Hewlett-Packard
2014-05-20 11:37 . 2009-07-14 01:15	280064	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2014-05-18 15:02 . 2014-05-18 15:02	--------	d-----w-	c:\users\sebek\AppData\Roaming\CadSoft
2014-05-15 05:51 . 2014-05-15 11:34	--------	d-----w-	c:\users\sebek\AcunetixScanner
2014-05-14 13:04 . 2014-05-14 13:04	--------	d-----w-	c:\users\sebek\AppData\Local\Skype
2014-05-14 13:03 . 2014-05-14 13:03	--------	d-----w-	c:\program files\Common Files\Skype
2014-05-14 13:03 . 2014-05-14 13:03	--------	d-----r-	c:\program files\Skype
2014-05-13 10:50 . 2014-05-13 10:50	--------	d-----w-	c:\users\sebek\AppData\Local\Mega Limited
2014-05-13 09:45 . 2014-05-13 09:45	--------	d-----w-	c:\users\sebek\AppData\Roaming\Hex-Rays
2014-05-13 09:43 . 2014-05-13 09:43	--------	d-----w-	c:\program files\NASM
2014-05-13 09:34 . 2014-05-26 12:18	--------	d-----w-	C:\totalcmd
2014-05-13 09:34 . 2014-05-13 09:34	--------	d-----w-	c:\users\sebek\AppData\Roaming\GHISLER
2014-05-13 09:34 . 2014-04-30 06:51	545	----a-w-	c:\windows\UC.PIF
2014-05-13 09:34 . 2014-04-30 06:51	545	----a-w-	c:\windows\RAR.PIF
2014-05-13 09:34 . 2014-04-30 06:51	545	----a-w-	c:\windows\LHA.PIF
2014-05-13 09:34 . 2014-04-30 06:51	545	----a-w-	c:\windows\ARJ.PIF
2014-05-13 05:13 . 2014-05-13 05:21	--------	d-----w-	c:\users\sebek\AppData\Roaming\CodeBlocks
2014-05-11 14:51 . 2014-05-11 14:51	--------	d-----w-	C:\SOPHTEMP
2014-05-11 14:37 . 2014-05-11 14:37	--------	d-----w-	c:\program files\HitmanPro
2014-05-11 14:36 . 2014-05-24 13:50	--------	d-----w-	c:\programdata\HitmanPro
2014-05-11 12:09 . 2014-05-11 12:09	--------	d-----w-	c:\users\sebek\AppData\Roaming\MPC-HC
2014-05-11 12:09 . 2014-05-11 12:09	--------	d-----w-	c:\program files\MPC-HC
2014-05-11 11:06 . 2014-01-25 12:07	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-05-11 07:34 . 2014-05-11 07:34	--------	d-----w-	c:\windows\system32\BestPractices
2014-05-11 07:02 . 2014-05-24 19:00	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-11 06:58 . 2014-05-11 08:12	--------	d-----w-	c:\program files\NortonInstaller
2014-05-11 06:58 . 2014-05-11 08:08	--------	d-----w-	c:\programdata\NortonInstaller
2014-05-11 00:06 . 2014-05-22 11:01	--------	d-----w-	c:\program files\Illusion
2014-05-10 18:52 . 2014-05-10 18:52	--------	d-----w-	c:\users\sebek\AppData\Local\Microsoft_Corporation
2014-05-10 18:29 . 2014-05-11 08:06	--------	d-----w-	c:\users\Classic .NET AppPool
2014-05-10 18:27 . 2014-05-11 07:34	--------	d-----w-	C:\inetpub
2014-05-10 15:13 . 2014-05-10 15:43	--------	d-----w-	c:\users\sebek\AppData\Roaming\Notepad++
2014-05-10 15:11 . 2014-05-10 15:17	--------	d-----w-	c:\users\sebek\AppData\Local\LightTable
2014-04-30 12:48 . 2014-04-30 12:48	--------	d-----w-	c:\users\sebek\AppData\Roaming\Gadu-Gadu
2014-04-30 09:39 . 2014-04-30 09:43	--------	d-----w-	c:\users\sebek\Gadu-Gadu
2014-04-30 09:39 . 2014-04-30 09:39	--------	d-----w-	c:\program files\Gadu-Gadu
2014-04-29 07:43 . 2014-04-29 07:44	--------	d-----w-	c:\users\sebek\AppData\Roaming\DarkSoulsII
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-20 02:39 . 2014-03-16 14:36	52056	----a-w-	c:\windows\system32\OpenCL.dll
2014-05-20 02:39 . 2013-11-09 11:12	2730208	----a-w-	c:\windows\system32\nvapi.dll
2014-05-20 02:39 . 2013-11-09 11:12	16003912	----a-w-	c:\windows\system32\nvwgf2um.dll
2014-05-20 02:39 . 2013-11-09 11:12	14434704	----a-w-	c:\windows\system32\nvd3dum.dll
2014-05-20 00:04 . 2014-03-16 14:36	4379592	----a-w-	c:\windows\system32\nvcpl.dll
2014-05-20 00:04 . 2014-03-16 14:36	3055560	----a-w-	c:\windows\system32\nvsvc.dll
2014-05-20 00:04 . 2014-03-16 14:36	668104	----a-w-	c:\windows\system32\nvvsvc.exe
2014-05-20 00:04 . 2014-03-16 14:36	2555168	----a-w-	c:\windows\system32\nvsvcr.dll
2014-05-20 00:04 . 2014-03-16 14:36	61784	----a-w-	c:\windows\system32\nvshext.dll
2014-05-20 00:04 . 2014-03-16 14:36	376096	----a-w-	c:\windows\system32\nvmctray.dll
2014-05-14 15:20 . 2013-11-09 11:12	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 15:20 . 2013-11-09 11:12	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-13 05:39 . 2013-11-11 10:35	112832	----a-w-	c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2014-05-11 15:00 . 2012-11-20 22:32	3116032	----a-w-	c:\windows\system32\pbsvc.exe
2014-05-11 15:00 . 2014-03-19 17:47	356352	----a-w-	c:\windows\system32\nvusmu.exe
2014-05-11 15:00 . 2014-03-19 17:47	356352	----a-w-	c:\windows\system32\nvunrm.exe
2014-05-11 15:00 . 2014-03-19 17:46	356352	----a-w-	c:\windows\system32\NVUNINST.EXE
2014-05-11 15:00 . 2011-09-08 14:00	338944	----a-w-	c:\windows\system32\gdsmux.exe
2014-05-11 15:00 . 2009-07-13 23:17	398336	------w-	c:\windows\regedit.exe
2014-04-10 13:58 . 2014-04-10 13:55	132880	----a-w-	c:\windows\system32\MSINET.OCX
2014-03-25 16:04 . 2014-01-21 20:49	139584	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2014-03-25 16:04 . 2014-01-21 20:53	291760	----a-w-	c:\windows\system32\PnkBstrB.xtr
2014-03-25 16:04 . 2014-01-21 20:48	291760	----a-w-	c:\windows\system32\PnkBstrB.exe
2014-03-25 15:54 . 2014-01-21 20:48	291488	----a-w-	c:\windows\system32\PnkBstrB.ex0
2014-03-20 18:49 . 2014-01-21 20:49	138904	----a-w-	c:\users\sebek\AppData\Roaming\PnkBstrK.sys
2014-03-20 18:48 . 2014-01-21 20:48	76888	----a-w-	c:\windows\system32\PnkBstrA.exe
2014-03-06 21:35 . 2014-03-01 22:26	5632	----a-w-	c:\windows\system32\merrsend.exe
2014-03-04 14:29 . 2014-03-16 14:45	894296	----a-w-	c:\windows\system32\nvdispgenco3233523.dll
2014-03-04 14:29 . 2014-03-16 14:45	1049888	----a-w-	c:\windows\system32\nvdispco3233523.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-07-19 10783336]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0bootdelete\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk]
backup=c:\windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16	254336	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2014-05-11 15:30	1272400	------w-	c:\users\sebek\AppData\Roaming\uTorrent\uTorrent.exe
.
R3 apf004;apf004;c:\windows\system32\apf004.sys [2013-12-24 15112]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-05-25 30976]
R3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 SIVDriver;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2014-02-14 121336]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-05-24 107736]
S2 ftpsvc;Usługa FTP firmy Microsoft;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-02-05 1593632]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-02-05 15904544]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-19 410968]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-02-23 1500160]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-27 34080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ftpsvc	REG_MULTI_SZ   	ftpsvc
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-09 15:20]
.
.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyOverride = <local>
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 62.179.1.62 62.179.1.63
FF - ProfilePath - c:\users\sebek\AppData\Roaming\Mozilla\Firefox\Profiles\7swdtaol.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
AddRemove-Notepad++ - c:\program files\Notepad++\uninstall.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2014-05-28  15:35:23
ComboFix-quarantined-files.txt  2014-05-28 13:35
ComboFix2.txt  2014-05-11 15:14
ComboFix3.txt  2014-05-11 08:26
ComboFix4.txt  2014-04-27 16:28
ComboFix5.txt  2014-05-28 13:27
.
Przed: 10 256 678 912 bajtów wolnych
Po: 10 205 417 472 bajtów wolnych
.
- - End Of File - - 8743A5229B7BF867507A38AE1CBD20C9
A36C5E4F47E84449FF07ED3517B43A31