ComboFix 14-09-22.01 - Mirek 2014-09-25   9:52.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3066.1534 [GMT 2:00]
Uruchomiony z: c:\users\Mirek\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\IePluginServices
c:\programdata\IePluginServices\PluginService.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_IePluginServices
-------\Service_IePluginServices
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-08-25 do 2014-09-25  )))))))))))))))))))))))))))))))
.
.
2014-09-25 08:55 . 2014-09-25 08:55	--------	d-----w-	c:\users\Gość\AppData\Local\temp
2014-09-25 08:55 . 2014-09-25 08:55	--------	d-----w-	c:\users\Dom\AppData\Local\temp
2014-09-25 08:55 . 2014-09-25 08:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-23 19:03 . 2012-06-22 10:01	22704	----a-w-	c:\windows\system32\drivers\EsgScanner.sys
2014-09-23 19:01 . 2014-09-23 19:01	110080	----a-r-	c:\users\Mirek\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-09-23 19:01 . 2014-09-23 19:01	110080	----a-r-	c:\users\Mirek\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-09-23 19:01 . 2014-09-23 19:01	110080	----a-r-	c:\users\Mirek\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-09-23 19:00 . 2014-09-23 19:00	--------	d-----w-	C:\sh4ldr
2014-09-23 19:00 . 2014-09-23 19:00	--------	d-----w-	c:\program files\Enigma Software Group
2014-09-23 18:55 . 2014-09-23 19:03	--------	d-----w-	c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-23 18:55 . 2014-09-23 18:55	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2014-09-14 21:28 . 2014-09-21 19:23	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2014-09-13 20:01 . 2014-09-13 20:01	--------	d-----w-	c:\users\Mirek\AppData\Roaming\WebExtend
2014-09-13 20:01 . 2014-09-22 20:06	--------	d-----w-	c:\users\Mirek\AppData\Roaming\VOPackage
2014-09-13 19:59 . 2014-09-13 20:01	--------	d-----w-	c:\users\Mirek\AppData\Local\Opera Software
2014-09-13 19:59 . 2014-09-13 19:59	--------	d-----w-	c:\users\Mirek\AppData\Roaming\Opera Software
2014-09-13 19:58 . 2014-09-13 20:01	--------	d-----w-	c:\program files (x86)\Opera
2014-09-13 19:58 . 2014-09-14 18:24	--------	d-----w-	c:\programdata\WindowsMangerProtect
2014-09-13 19:58 . 2014-09-20 16:22	--------	d-----w-	c:\program files (x86)\SupTab
2014-09-13 19:56 . 2014-09-14 20:07	--------	d-----w-	c:\program files (x86)\globalUpdate
2014-09-13 19:56 . 2014-09-13 19:56	--------	d-----w-	c:\users\Mirek\AppData\Local\globalUpdate
2014-09-10 10:35 . 2014-07-07 02:06	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-09-10 10:35 . 2014-07-07 02:06	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-09-01 16:41 . 2014-09-15 19:01	--------	d-----w-	c:\users\Mirek\AppData\Local\Adobe
2014-08-28 09:42 . 2014-08-23 00:59	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-08-28 09:42 . 2014-08-23 02:07	404480	----a-w-	c:\windows\system32\gdi32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 17:13 . 2012-04-01 06:39	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 17:13 . 2011-06-10 17:24	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 07:06 . 2011-07-17 20:27	278152	------w-	c:\windows\system32\MpSigStub.exe
2014-09-10 10:40 . 2011-06-11 06:34	101694776	----a-w-	c:\windows\system32\MRT.exe
2014-09-09 02:05 . 2014-09-20 16:26	11578928	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{87E68DE7-1585-4AB4-9A01-C91FABAC9CA3}\mpengine.dll
2014-08-23 01:45 . 2014-08-28 09:42	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-18 22:08 . 2014-09-10 10:53	4232704	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-08-18 21:57 . 2014-09-10 10:53	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:46 . 2014-09-10 10:53	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-08-18 21:45 . 2014-09-10 10:53	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-08-18 21:44 . 2014-09-10 10:53	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-10 10:53	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36 . 2014-09-10 10:53	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35 . 2014-09-10 10:53	597504	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:22 . 2014-09-10 10:53	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:08 . 2014-09-10 10:53	2014208	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07 . 2014-09-10 10:53	1068032	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46 . 2014-09-10 10:53	1812992	----a-w-	c:\windows\SysWow64\wininet.dll
2014-08-17 20:48 . 2014-08-17 20:48	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47	869544	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-17 20:50	2048	----a-w-	c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-17 20:50	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-17 20:45	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-17 20:45	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2014-07-09 18:14 . 2014-03-12 10:43	427360	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-07-09 18:14 . 2014-03-12 10:43	92008	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-07-09 18:14 . 2014-05-02 16:30	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-07-09 18:14 . 2014-03-12 10:43	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-07-09 18:14 . 2014-03-12 10:43	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-07-09 18:14 . 2014-03-12 10:43	224896	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-07-09 18:14 . 2014-03-12 10:43	1041168	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-07-09 18:14 . 2014-02-28 21:32	307344	----a-w-	c:\windows\system32\aswBoot.exe
2014-07-09 18:14 . 2014-03-12 10:43	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-07-09 18:14 . 2014-07-09 18:14	43152	----a-w-	c:\windows\avastSS.scr
2014-07-09 18:14 . 2014-03-22 14:44	28184	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2014-07-09 18:14 . 2014-07-09 18:14	448400	----a-w-	c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-07 01:40 . 2014-09-10 10:35	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-07-07 01:40 . 2014-09-10 10:35	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-07-07 01:39 . 2014-09-10 10:35	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-06-30 22:24 . 2014-08-17 20:53	8856	----a-w-	c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-17 20:53	8856	----a-w-	c:\windows\SysWow64\icardres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-09-13 19:58	515464	----a-w-	c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE" [2012-02-29 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-09-26 3568640]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"KMCONFIG"="c:\program files (x86)\Keyboard Driver\StartAutorun.exe" [2008-05-30 212992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2011-01-28 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2011-01-28 181480]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\users\Mirek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
aluagent.lnk - c:\programdata\Acer\Acer Updater\aluagent.exe [2012-4-23 711272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mtkmbim;D-Link Mobile Broadband NDIS 6.20 Miniport Driver;c:\windows\system32\DRIVERS\mtkmbim7_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mtkmbim7_x64.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdf_usb;wdf_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
R4 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files (x86)\Fingerprint Sensor\AtService.exe;c:\program files (x86)\Fingerprint Sensor\AtService.exe [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe;c:\program files (x86)\Acer Bio Protection\BASVC.exe [x]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Keyboard Driver\KMWDSrv.exe;c:\program files (x86)\Keyboard Driver\KMWDSrv.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:15]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17 21:58]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17 21:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-09 18:14	634872	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-26 818720]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1410638242&from=ild&uid=WDCXWD6400BEVT-22A0RT0_WD-WX31EC00488204882
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410638242&from=ild&uid=WDCXWD6400BEVT-22A0RT0_WD-WX31EC00488204882&q={searchTerms}
mDefault_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1410638242&from=ild&uid=WDCXWD6400BEVT-22A0RT0_WD-WX31EC00488204882
mStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1410638242&from=ild&uid=WDCXWD6400BEVT-22A0RT0_WD-WX31EC00488204882
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1410638242&from=ild&uid=WDCXWD6400BEVT-22A0RT0_WD-WX31EC00488204882&q={searchTerms}
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mirek\AppData\Roaming\Mozilla\Firefox\Profiles\fcmgjka9.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Czas ukończenia: 2014-09-25  11:39:49 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2014-09-25 09:39
ComboFix2.txt  2014-03-11 12:10
.
Przed: 446 703 259 648 bajtów wolnych
Po: 447 115 104 256 bajtów wolnych
.
- - End Of File - - 26DF0232C6FB3B1885E95EB59D620E41
5C616939100B85E558DA92B899A0FC36