ComboFix 15-04-01.01 - Administrator 2015-04-07 5:13.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.8046.4473 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END C:\install.exe c:\program files (x86)\Common Files\Config\uninstinethnfd.exe c:\program files (x86)\Common Files\Config\ver.xml c:\program files (x86)\MediaBuzzV1 c:\program files (x86)\MediaPlayerV1 c:\program files (x86)\MediaViewerV1 c:\program files (x86)\MediaViewV1 c:\program files (x86)\MediaWatchV1 c:\program files (x86)\RichMediaViewV1 c:\program files (x86)\WebexpEnhancedV1 c:\programdata\continuetosave c:\programdata\continuetosave\50f4938a443c2.dll c:\programdata\continuetosave\50f4938a443c2.tlb c:\programdata\continuetosave\settings.ini c:\programdata\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk c:\programdata\ntuser.pol c:\users\Administrator\ebeca771af9dfb9bde7392880b1a2d46.jpg c:\windows\IsUn0415.exe D:\SETUP.EXE . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NETHFDRV -------\Service_globalUpdate . . ((((((((((((((((((((((((( Pliki utworzone od 2015-03-07 do 2015-04-07 ))))))))))))))))))))))))))))))) . . 2015-04-07 12:48 . 2015-04-07 12:48 -------- d-----w- c:\users\Public\AppData\Local\temp 2015-04-07 12:48 . 2015-04-07 12:48 -------- d-----w- c:\users\Nowy folder\AppData\Local\temp 2015-04-07 12:48 . 2015-04-07 12:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-04-07 00:58 . 2015-04-07 00:58 -------- d-----w- c:\programdata\ATI 2015-04-07 00:56 . 2015-04-07 00:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\library_dir 2015-04-07 00:56 . 2015-04-07 01:49 -------- d-----w- c:\users\Administrator\AppData\Roaming\Raptr 2015-04-07 00:56 . 2015-04-07 00:56 -------- d-----w- c:\program files (x86)\Raptr 2015-04-07 00:56 . 2015-04-07 00:56 -------- d-----w- c:\program files (x86)\AMD AVT 2015-04-07 00:54 . 2015-04-07 00:54 -------- d-----w- c:\program files\AMD 2015-04-07 00:48 . 2014-04-18 03:43 78432 ----a-w- c:\windows\system32\atimpc64.dll 2015-04-06 23:30 . 2015-04-06 23:30 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics 2015-04-06 22:41 . 2015-04-06 22:41 -------- d-----w- C:\SymCache 2015-04-06 22:37 . 2015-04-06 22:37 -------- d-----w- C:\symbols 2015-04-06 22:16 . 2015-04-06 22:16 -------- d-----w- c:\program files (x86)\Aurora 2015-04-05 17:01 . 2015-04-05 17:01 -------- d-----w- C:\dx 2015-04-05 14:53 . 2015-04-05 14:53 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2015-04-01 22:28 . 2015-04-01 22:28 -------- d-----w- c:\windows\SysWow64\Adobe 2015-04-01 15:24 . 2015-04-01 15:24 -------- d-----w- c:\program files (x86)\24Seven savings 2015-03-31 03:41 . 2015-03-31 03:42 -------- d-----w- c:\users\Administrator\EAP-6.3.0 2015-03-30 23:16 . 2015-03-30 23:16 -------- d-----w- c:\users\Administrator\.eclipse 2015-03-30 17:12 . 2015-03-24 15:42 104 ----a-w- c:\users\Administrator\add-user.bat 2015-03-30 16:44 . 2015-03-30 16:45 -------- d-----w- c:\users\Administrator\AppData\Roaming\Notepad++ 2015-03-30 16:44 . 2015-03-30 16:44 -------- d-----w- c:\program files (x86)\Notepad++ 2015-03-30 03:39 . 2015-03-30 03:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\MySQL 2015-03-30 02:32 . 2013-10-04 22:58 963232 ----a-w- c:\windows\SysWow64\msvcr120.dll 2015-03-30 01:33 . 2015-03-30 03:38 -------- d-----w- c:\program files (x86)\MySQL 2015-03-30 01:33 . 2015-03-30 01:38 -------- d-----w- c:\programdata\MySQL 2015-03-30 01:24 . 2015-03-30 01:24 -------- d--h--w- c:\users\Administrator\InstallAnywhere 2015-03-26 00:52 . 2015-03-30 17:31 -------- d-----w- c:\users\Administrator\.m2 2015-03-26 00:18 . 2015-03-30 03:35 -------- d-----w- c:\program files\MySQL . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-05 15:29 . 2012-04-04 16:21 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-04-05 15:29 . 2012-04-04 16:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-03-30 13:25 . 2012-07-03 01:31 33856 ---ha-w- c:\windows\system32\hamachi.sys 2015-03-21 15:31 . 2012-11-21 17:54 119296 ----a-w- c:\windows\SysWow64\zlib.dll 2015-03-06 19:35 . 2015-01-25 21:02 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2010-11-20 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2013-02-07 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}] 2013-11-25 09:15 86016 ----a-w- c:\program files (x86)\Better-Surf\ie\BetterSrf.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-17 1967616] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200] "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x] R3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x] R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] R3 dump_wmimmc;dump_wmimmc;d:\gry\Lineage II\system\GameGuard\dump_wmimmc.sys;d:\gry\Lineage II\system\GameGuard\dump_wmimmc.sys [x] R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x] R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x] R3 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [x] R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SaiK3611;SaiK3611;c:\windows\system32\DRIVERS\SaiK3611.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK3611.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x] R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R4 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x] R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x] S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 MySQL56;MySQL56;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld.exe;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld.exe [x] S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [x] S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe;c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [x] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys;c:\windows\SYSNATIVE\DRIVERS\rimssne64.sys [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x] S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] . . Zawartość folderu 'Zaplanowane zadania' . 2015-04-07 c:\windows\Tasks\24seven_savings_notification_service.job - c:\program files (x86)\24Seven savings\24seven_savings_notification_service.exe [2015-04-01 15:24] . 2015-04-07 c:\windows\Tasks\24seven_savings_updating_service.job - c:\program files (x86)\24Seven savings\24seven_savings_updating_service.exe [2015-04-01 15:24] . 2015-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:29] . 2015-04-07 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job - c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-25 13:57] . 2015-04-07 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job - c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-25 13:57] . 2015-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07 21:40] . 2015-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07 21:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184] "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU] "WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2008-03-03 196608] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SYSTEM32\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8csg0rbq.default-1395484777098\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: keyword.URL - . . ------- Skojarzenia plików ------- . inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1 txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1 . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKCU-Run-Steam - d:\gry\Steam\steam.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="divx_avi_file" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.class\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\notepad.exe" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\katalog.dat" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\Photoshop.exe" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice] @Denied: (2) (Administrator) "Progid"="divx_div_file" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice] @Denied: (2) (Administrator) "Progid"="mplayerc.divx" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fsh\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wordpad.exe" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.HLP\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\notepad.exe" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice] @Denied: (2) (Administrator) "Progid"="WinISO.iso" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jar\UserChoice] @Denied: (2) (Administrator) "Progid"="jarfile" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.json\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wordpad.exe" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wordpad.exe" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice] @Denied: (2) (Administrator) "Progid"="divx_mkv_file" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\ALLPlayer.exe" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="mplayerc.mp4" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\notepad.exe" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice] @Denied: (2) (Administrator) "Progid"="FoxitReader.Document" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties\UserChoice] @Denied: (2) (Administrator) "Progid"="properties_auto_file" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice] @Denied: (2) (Administrator) "Progid"="divx_qt_file" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice] @Denied: (2) (Administrator) "Progid"="WinRAR" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgr\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\netbeans.exe" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Sims3Pack\UserChoice] @Denied: (2) (Administrator) "Progid"="Sims3Pack" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice] @Denied: (2) (Administrator) "Progid"="mplayerc.swf" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpp\UserChoice] @Denied: (2) (Administrator) "Progid"="NCH.WavePad.wpp" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\UserChoice] @Denied: (2) (Administrator) "Progid"="Excel.Sheet.12" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.yml\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wordpad.exe" . [HKEY_USERS\S-1-5-21-2948893786-2576746275-1645524499-500\Software\SecuROM\License information*] "datasecu"=hex:15,3f,a7,a6,04,b1,57,f7,a0,5d,f1,bf,5e,f3,05,6c,28,e4,7d,8d,92, e3,c9,d7,e3,29,b3,71,dc,82,db,9c,a8,0c,03,fa,cc,72,5b,16,10,69,29,67,56,a2,\ "rkeysecu"=hex:6f,9e,4c,40,56,6e,8c,b2,aa,b5,2f,a1,9a,f5,81,b8 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\srvany.exe c:\windows\KMService.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\windows\SysWOW64\nisvcloc.exe c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe c:\windows\SysWOW64\vmnat.exe c:\windows\SysWOW64\vmnetdhcp.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe c:\program files\Tablet\Pen\WacomHost.exe . ************************************************************************** . Czas ukończenia: 2015-04-07 15:15:43 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2015-04-07 13:15 ComboFix2.txt 2012-11-20 16:59 . Przed: 26 062 581 760 bajtów wolnych Po: 25 552 953 344 bajtów wolnych . - - End Of File - - 76E83482BEA205B95F6F79CF4650733D