ComboFix 14-12-02.01 - zelek 2014-12-04   7:16.4.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1033.18.4095.3065 [GMT 1:00]
Uruchomiony z: c:\users\zelek\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-11-04 do 2014-12-04  )))))))))))))))))))))))))))))))
.
.
2014-12-04 06:23 . 2014-12-04 06:23	--------	d-----w-	c:\users\HomeGroupUser$\AppData\Local\temp
2014-12-04 06:23 . 2014-12-04 06:23	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2014-12-04 06:23 . 2014-12-04 06:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-12-04 06:23 . 2014-12-04 06:23	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-12-04 06:14 . 2014-12-04 06:14	399780	----a-w-	c:\windows\SysWow64\scryptRedwoodglg2tc4480w64l4.bin
2014-12-03 15:07 . 2014-06-27 02:08	2777088	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2014-12-03 15:07 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2014-12-03 15:04 . 2014-03-09 21:48	171160	----a-w-	c:\windows\system32\infocardapi.dll
2014-12-03 15:04 . 2014-03-09 21:48	1389208	----a-w-	c:\windows\system32\icardagt.exe
2014-12-03 15:04 . 2014-03-09 21:47	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2014-12-03 15:04 . 2014-03-09 21:47	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2014-12-03 15:04 . 2014-06-30 22:24	8856	----a-w-	c:\windows\system32\icardres.dll
2014-12-03 15:04 . 2014-06-30 22:14	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-12-03 15:03 . 2014-06-06 06:16	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-12-03 15:03 . 2014-06-06 06:12	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-12-03 06:03 . 2014-01-29 02:32	484864	----a-w-	c:\windows\system32\wer.dll
2014-12-03 06:03 . 2014-01-29 02:06	381440	----a-w-	c:\windows\SysWow64\wer.dll
2014-12-03 06:02 . 2014-10-10 00:57	3198976	----a-w-	c:\windows\system32\win32k.sys
2014-12-02 15:43 . 2014-10-14 02:13	3241984	----a-w-	c:\windows\system32\msi.dll
2014-12-02 15:43 . 2014-10-14 01:50	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-12-02 15:43 . 2014-06-03 10:02	1941504	----a-w-	c:\windows\system32\authui.dll
2014-12-02 15:43 . 2014-06-03 10:02	112064	----a-w-	c:\windows\system32\consent.exe
2014-12-02 15:43 . 2014-06-03 09:29	1805824	----a-w-	c:\windows\SysWow64\authui.dll
2014-12-02 15:43 . 2014-06-03 10:02	504320	----a-w-	c:\windows\system32\msihnd.dll
2014-12-02 15:43 . 2014-06-03 09:29	337408	----a-w-	c:\windows\SysWow64\msihnd.dll
2014-12-02 15:42 . 2014-09-04 05:23	424448	----a-w-	c:\windows\system32\rastls.dll
2014-12-02 15:42 . 2014-09-04 05:04	372736	----a-w-	c:\windows\SysWow64\rastls.dll
2014-12-02 15:40 . 2014-04-05 02:47	1903552	----a-w-	c:\windows\system32\drivers\tcpip.sys
2014-12-02 15:40 . 2014-04-05 02:47	288192	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2014-12-02 15:39 . 2014-12-02 15:39	--------	d-----w-	c:\users\zelek\AppData\Roaming\TuneUp Software
2014-12-02 15:39 . 2014-10-18 02:05	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-12-02 15:39 . 2014-10-18 01:33	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2014-12-02 15:37 . 2014-10-03 02:12	500224	----a-w-	c:\windows\system32\AUDIOKSE.dll
2014-12-02 15:36 . 2014-07-14 02:02	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-12-02 15:36 . 2014-07-14 01:40	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2014-12-02 15:31 . 2014-08-21 06:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2014-12-02 15:31 . 2014-08-21 06:40	2048	----a-w-	c:\windows\system32\msxml3r.dll
2014-12-02 15:31 . 2014-08-21 06:26	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2014-12-02 15:31 . 2014-08-21 06:23	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2014-12-02 15:30 . 2014-12-02 15:30	--------	d--h--w-	c:\programdata\Common Files
2014-12-02 15:30 . 2014-12-03 05:58	--------	d-----w-	c:\programdata\MFAData
2014-12-02 15:30 . 2014-12-02 15:30	--------	d-----w-	c:\users\zelek\AppData\Local\MFAData
2014-12-02 15:09 . 2014-11-17 01:08	11632448	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C024ECD-DF66-40A6-825C-5DFEA35CF530}\mpengine.dll
2014-12-02 14:34 . 2014-12-02 14:34	754540	----a-w-	c:\windows\SysWow64\scrypt140202Redwoodglg2tc4480w64l4.bin
2014-12-02 14:31 . 2014-12-03 12:03	59913	----a-w-	c:\windows\temp023423.vbe
2014-11-28 22:51 . 2014-11-28 22:53	--------	d-----w-	c:\users\zelek\AppData\Roaming\DarkSoulsII
2014-11-25 20:42 . 2014-11-25 20:42	4443312	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-11-22 09:45 . 2014-11-22 09:45	--------	d-----w-	c:\users\zelek\AppData\Roaming\Fatshark
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-25 20:42 . 2014-01-24 12:59	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-25 20:42 . 2014-01-24 12:59	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-31 22:26 . 2014-01-24 13:26	103374192	----a-w-	c:\windows\system32\MRT.exe
2014-10-05 09:08 . 2014-05-29 18:43	175136	----a-w-	c:\windows\SysWow64\EasyAntiCheat.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-01 3835728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 19:22	1087304	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-24 20:42]
.
2014-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 18:05]
.
2014-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 18:05]
.
.
--------- X64 Entries -----------
.
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&ksportuj do programu Microsoft Excel - d:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - d:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-Flockers_is1 - d:\program files (x86)\Flockers\unins000.exe
AddRemove-Medieval II - Total War_is1 - d:\program files (x86)\SEGA\Medieval II Total War\unins000.exe
AddRemove-Setup - Far Cry 4 - d:\program files (x86)\Ubisoft\Far Cry 4\unins000.exe
AddRemove-Silent Hunter III_is1 - c:\program files (x86)\Kolekcja Klasyki\SilentHunterIII\unins000.exe
AddRemove-Steam App 241930 - d:\program files (x86)\steam.exe
AddRemove-Steam App 65980 - d:\program files (x86)\steam.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2600738763-736059636-1868322239-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:27,ee,69,e9,65,a0,87,20,46,16,f5,64,a3,90,7b,96,17,55,88,92,6f,52,a1,
   07,33,69,4b,8a,b4,36,93,fc,a0,e5,f8,53,1e,65,d4,e9,b2,7e,56,08,9a,ee,b1,4e,\
"??"=hex:cb,d1,2f,38,60,0f,c0,e0,9a,0c,03,aa,c1,47,8a,b1
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2014-12-04  07:25:09
ComboFix-quarantined-files.txt  2014-12-04 06:25
ComboFix2.txt  2014-12-03 15:39
ComboFix3.txt  2014-12-03 14:59
ComboFix4.txt  2014-12-02 15:59
.
Przed: 79 754 383 360 bajtów wolnych
Po: 79 518 044 160 bajtów wolnych
.
- - End Of File - - 19D50D249734F6335B3523A60C376D2B
A36C5E4F47E84449FF07ED3517B43A31