ComboFix 14-07-03.01 - Tomash 2014-07-06 11:50:47.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.2047.948 [GMT 2:00] Uruchomiony z: c:\users\Tomash\Downloads\ComboFix.exe AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: Zapora osobista ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\DFX\DFX.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2014-06-06 do 2014-07-06 ))))))))))))))))))))))))))))))) . . 2014-07-06 10:07 . 2014-07-06 10:07 -------- d-----w- c:\users\Tomash\AppData\Local\temp 2014-07-06 10:07 . 2014-07-06 10:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-07-06 07:03 . 2014-07-06 07:03 -------- d-----w- c:\program files\Mozilla Maintenance Service 2014-07-04 11:42 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9621BC1B-0D19-47BA-92FF-106C460CE1E9}\mpengine.dll 2014-06-25 17:57 . 2013-09-30 14:26 2881848 ----a-w- c:\windows\system32\pwNative.exe 2014-06-25 17:57 . 2013-09-30 14:26 15688 ------w- c:\windows\system32\pwdrvio.sys 2014-06-25 17:57 . 2013-09-30 14:26 10320 ------w- c:\windows\system32\pwdspio.sys 2014-06-25 17:56 . 2014-06-25 17:56 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 8.1.1 2014-06-25 09:45 . 2014-06-25 09:45 -------- d-sh--w- c:\users\Tomash\AppData\Local\EmieUserList 2014-06-25 09:45 . 2014-06-25 09:45 -------- d-sh--w- c:\users\Tomash\AppData\Local\EmieSiteList 2014-06-25 08:42 . 2014-06-25 08:42 -------- d-----w- c:\users\Tomash\AppData\Local\GHISLER 2014-06-25 08:41 . 2014-06-25 08:41 -------- d-----w- C:\totalcmd 2014-06-25 08:41 . 2014-06-25 08:41 -------- d-----w- c:\users\Tomash\AppData\Roaming\GHISLER 2014-06-25 08:41 . 2014-04-30 06:51 545 ----a-w- c:\windows\UC.PIF 2014-06-25 08:41 . 2014-04-30 06:51 545 ----a-w- c:\windows\RAR.PIF 2014-06-25 08:41 . 2014-04-30 06:51 545 ----a-w- c:\windows\PKZIP.PIF 2014-06-25 08:41 . 2014-04-30 06:51 545 ----a-w- c:\windows\PKUNZIP.PIF 2014-06-25 08:41 . 2014-04-30 06:51 545 ----a-w- c:\windows\LHA.PIF 2014-06-25 08:41 . 2014-04-30 06:51 545 ----a-w- c:\windows\ARJ.PIF 2014-06-24 17:17 . 2014-06-24 21:00 -------- d-----w- c:\users\Tomash\EREnt 2014-06-24 17:15 . 2014-06-24 17:15 -------- d-----w- c:\program files\Kroll Ontrack 2014-06-24 16:28 . 2014-06-24 16:28 170080 ----a-w- c:\windows\system32\drivers\snapman.sys 2014-06-24 16:27 . 2014-06-24 16:27 -------- d-----w- c:\program files\Acronis 2014-06-24 16:27 . 2014-06-24 21:00 -------- d-----w- c:\program files\Common Files\Acronis 2014-06-24 14:57 . 2014-06-24 21:00 -------- d-----w- c:\program files\CCleaner 2014-06-24 07:00 . 2014-06-24 07:00 -------- d-----w- C:\NVIDIA Corporation 2014-06-24 06:41 . 2014-06-23 16:13 52920 ----a-w- c:\windows\system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys 2014-06-24 00:18 . 2014-06-24 00:18 -------- d-----w- c:\users\Tomash\AppData\Roaming\SupTab 2014-06-24 00:18 . 2014-07-04 12:32 -------- d-----w- c:\program files\SupTab 2014-06-24 00:18 . 2014-06-24 06:59 -------- d-----w- c:\programdata\WindowsProtectManger 2014-06-24 00:18 . 2014-06-24 06:59 -------- d-----w- c:\programdata\IePluginServices 2014-06-24 00:18 . 2014-06-24 21:00 -------- d-----w- c:\users\Tomash\AppData\Roaming\omiga-plus 2014-06-24 00:15 . 2014-06-24 00:17 -------- d-----w- c:\users\Tomash\AppData\Roaming\DAEMON Tools Lite 2014-06-24 00:14 . 2014-06-24 21:00 -------- d-----w- c:\programdata\DAEMON Tools Lite 2014-06-23 20:50 . 2014-06-24 21:00 -------- d-----w- c:\program files\ISO to USB 2014-06-11 23:17 . 2014-06-11 23:17 -------- d-----w- c:\program files\Things & Stuff 2014-06-11 16:05 . 2014-04-05 02:25 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys 2014-06-11 16:05 . 2014-04-05 02:24 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2014-06-11 16:04 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\system32\msxml6.dll 2014-06-11 16:04 . 2014-06-08 08:48 391680 ----a-w- c:\windows\system32\aepdu.dll 2014-06-11 16:04 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\system32\msxml3.dll 2014-06-11 16:04 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml6r.dll 2014-06-11 16:04 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml3r.dll 2014-06-11 16:04 . 2014-06-08 08:43 302592 ----a-w- c:\windows\system32\aeinv.dll 2014-06-11 16:04 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll 2014-06-11 16:04 . 2014-05-08 09:06 919040 ----a-w- c:\windows\system32\rdpcorets.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-06-04 19:28 . 2014-06-04 19:28 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-04-30 18:29 . 2013-11-02 12:23 1081112 ----a-w- c:\windows\system32\nvspcap.dll 2014-04-12 02:15 . 2014-05-15 10:14 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2014-04-12 02:15 . 2014-05-15 10:14 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2014-04-12 02:12 . 2014-05-15 10:14 15872 ----a-w- c:\windows\system32\sspisrv.dll 2014-04-12 02:12 . 2014-05-15 10:14 100352 ----a-w- c:\windows\system32\sspicli.dll 2014-04-12 02:12 . 2014-05-15 10:14 22016 ----a-w- c:\windows\system32\secur32.dll 2014-04-12 02:11 . 2014-05-15 10:14 1059840 ----a-w- c:\windows\system32\lsasrv.dll 2014-04-12 02:11 . 2014-05-15 10:14 22528 ----a-w- c:\windows\system32\lsass.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-05-20 4529944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-04-30 1081112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Users^Tomash^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Touchpad Server.lnk] path=c:\users\Tomash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Touchpad Server.lnk backup=c:\windows\pss\Touchpad Server.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GG] 2014-06-13 15:30 4023360 ----a-w- c:\users\Tomash\AppData\Local\GG\Application\gghub.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend] 2014-04-30 18:30 2199840 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2014-05-07 12:44 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-08-21 84248] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-08-21 182680] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-13 1343400] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 47568] S1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw;{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw;c:\windows\system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys [2014-06-23 52920] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 171680] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 122240] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 46056] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2013-04-12 188176] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2013-04-12 94480] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-03-21 1341664] S2 FPLService;TrueSuiteService;c:\program files\HP SimplePass\TrueSuiteService.exe [2012-08-09 1641320] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-04-30 1618888] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-04-30 19701080] S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2012-10-18 971752] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 27632] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896] S3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2012-12-13 24424] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-04-30 19400] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080] S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2012-07-16 314216] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-04-12 104720] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2013-04-12 115984] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Skan uzupełniający ------- . uStart Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1403569084&from=smt&uid=HitachiXHTS542525K9SA00_080105BB0F00WDHDJA6CX mStart Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1403569084&from=smt&uid=HitachiXHTS542525K9SA00_080105BB0F00WDHDJA6CX IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 194.204.159.1 8.8.8.8 FF - ProfilePath - c:\users\Tomash\AppData\Roaming\Mozilla\Firefox\Profiles\dtif7rd8.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . MSConfigStartUp-DFX - c:\program files\DFX\DFX.exe AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2014-07-06 12:11:46 ComboFix-quarantined-files.txt 2014-07-06 10:11 . Przed: 114 371 457 024 bajtów wolnych Po: 116 149 248 000 bajtów wolnych . - - End Of File - - 75A77DFF8F60CBA74EC2FE921F609F74 A36C5E4F47E84449FF07ED3517B43A31