ComboFix 15-04-28.01 - e6t9i0isdghgj nv 2015-05-03 21:49:58.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1045.18.8142.5058 [GMT 2:00] Running from: d:\download\Pobrane z opery\ComboFix.exe AV: Norton 360 *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB} FW: Norton 360 *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0} SP: Norton 360 *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\windows\msdownld.tmp c:\windows\PFRO.log c:\windows\SysWow64\DEBUG.log . . ((((((((((((((((((((((((( Files Created from 2015-04-03 to 2015-05-03 ))))))))))))))))))))))))))))))) . . 2015-05-03 19:54 . 2015-05-03 19:54 -------- d-----w- c:\users\e6t9i0isdghgj nv\AppData\Local\temp 2015-05-03 19:54 . 2015-05-03 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-05-03 19:08 . 2015-05-03 19:08 -------- d-----w- C:\NPE 2015-05-03 19:06 . 2015-05-03 19:17 -------- d-----w- c:\users\e6t9i0isdghgj nv\AppData\Local\NPE 2015-04-24 20:43 . 2015-04-24 20:43 -------- d-----w- c:\users\e6t9i0isdghgj nv\AppData\Local\Rockstar Games 2015-04-24 20:26 . 2015-04-24 20:26 -------- d-----w- c:\users\e6t9i0isdghgj nv\AppData\Roaming\Grand Theft Auto V 2015-04-24 20:25 . 2015-04-18 17:36 -------- d-----w- c:\program files (x86)\Rockstar Games 2015-04-24 20:25 . 2015-04-18 17:36 -------- d-----w- c:\program files\Rockstar Games 2015-04-20 18:32 . 2015-04-20 18:32 -------- d-----w- c:\users\e6t9i0isdghgj nv\AppData\Local\GHISLER 2015-04-19 17:12 . 2013-09-10 02:47 78936 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2015-04-19 16:08 . 2015-04-19 16:09 -------- d-----w- c:\users\e6t9i0isdghgj nv\AppData\Roaming\GHISLER 2015-04-14 18:20 . 2015-03-17 05:01 3920824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2015-04-14 18:18 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys 2015-04-14 18:18 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll 2015-04-14 18:18 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll 2015-04-13 22:14 . 2015-04-08 20:32 560968 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-21 01:04 . 2014-01-15 16:16 128913832 ----a-w- c:\windows\system32\MRT.exe 2015-04-09 00:58 . 2014-05-06 17:05 78480 ----a-w- c:\windows\system32\OpenCL.dll 2015-04-09 00:58 . 2014-05-06 17:05 66704 ----a-w- c:\windows\SysWow64\OpenCL.dll 2015-04-09 00:58 . 2014-05-06 17:03 3317344 ----a-w- c:\windows\system32\nvapi64.dll 2015-04-09 00:58 . 2014-05-06 17:03 2935416 ----a-w- c:\windows\SysWow64\nvapi.dll 2015-04-09 00:58 . 2014-05-06 17:03 17176128 ----a-w- c:\windows\system32\nvwgf2umx.dll 2015-04-09 00:58 . 2014-05-06 17:03 15818528 ----a-w- c:\windows\system32\nvd3dumx.dll 2015-04-09 00:58 . 2014-05-06 17:03 12689592 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2015-04-08 21:30 . 2014-05-06 17:05 6841488 ----a-w- c:\windows\system32\nvcpl.dll 2015-04-08 21:30 . 2014-05-06 17:05 3478344 ----a-w- c:\windows\system32\nvsvc64.dll 2015-04-08 21:30 . 2014-05-06 17:05 936264 ----a-w- c:\windows\system32\nvvsvc.exe 2015-04-08 21:30 . 2014-05-06 17:05 62608 ----a-w- c:\windows\system32\nvshext.dll 2015-04-08 21:30 . 2014-05-06 17:05 569160 ----a-w- c:\windows\SysWow64\oemdspif.dll 2015-04-08 21:30 . 2014-05-06 17:05 2558608 ----a-w- c:\windows\system32\nvsvcr.dll 2015-04-08 21:30 . 2014-05-06 17:05 385168 ----a-w- c:\windows\system32\nvmctray.dll 2015-04-08 17:52 . 2014-05-07 15:50 4336074 ----a-w- c:\windows\system32\nvcoproc.bin 2015-03-28 03:44 . 2014-06-03 15:34 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll 2015-03-28 03:44 . 2014-05-06 17:06 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll 2015-03-28 03:43 . 2014-06-03 15:34 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll 2015-03-28 03:43 . 2014-05-06 17:06 1570672 ----a-w- c:\windows\system32\nvspcap64.dll 2015-03-17 04:56 . 2015-04-14 18:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-03-13 19:41 . 2015-03-19 14:40 1896136 ----a-w- c:\windows\system32\nvdispco6434788.dll 2015-03-13 19:41 . 2015-03-19 14:40 1557648 ----a-w- c:\windows\system32\nvdispgenco6434788.dll 2015-02-26 03:25 . 2015-03-11 15:12 3204096 ----a-w- c:\windows\system32\win32k.sys 2015-02-20 04:41 . 2015-03-11 19:03 41984 ----a-w- c:\windows\system32\lpk.dll 2015-02-20 04:40 . 2015-03-11 19:03 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-02-20 04:40 . 2015-03-11 19:03 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-02-20 04:40 . 2015-03-11 19:03 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-02-20 04:13 . 2015-03-11 19:03 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-02-20 04:13 . 2015-03-11 19:03 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-02-20 04:13 . 2015-03-11 19:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-02-20 04:12 . 2015-03-11 19:03 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-02-20 03:29 . 2015-03-11 19:03 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-02-20 03:09 . 2015-03-11 19:03 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-02-13 09:42 . 2015-02-13 09:42 462848 ----a-r- c:\windows\SysWow64\HHActiveX.dll 2015-02-13 05:22 . 2015-03-11 15:12 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-02-06 17:40 . 2015-03-06 18:37 26816 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2015-02-06 17:40 . 2015-03-06 18:37 359104 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe 2015-02-06 17:40 . 2015-03-06 18:37 438464 ----a-w- c:\windows\SysWow64\vmnat.exe 2015-02-06 17:40 . 2015-03-06 18:37 66752 ----a-w- c:\windows\system32\drivers\vmx86.sys 2015-02-06 17:39 . 2015-03-06 18:37 931008 ----a-w- c:\windows\system32\vnetlib64.dll 2015-02-06 17:39 . 2015-02-06 17:39 81088 ----a-w- c:\windows\system32\vmnetbridge.dll 2015-02-06 17:39 . 2015-02-06 17:39 49856 ----a-w- c:\windows\system32\vnetinst.dll 2015-02-06 17:39 . 2015-02-06 17:39 48832 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys 2015-02-06 17:39 . 2015-02-06 17:39 28864 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys 2015-02-06 17:39 . 2015-02-06 17:39 27328 ----a-w- c:\windows\system32\drivers\vmnet.sys 2015-02-06 17:39 . 2015-03-06 18:37 33472 ----a-w- c:\windows\system32\drivers\VMkbd.sys 2015-02-05 21:01 . 2015-02-11 08:58 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll 2015-02-05 21:01 . 2015-02-11 08:58 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll 2015-02-04 10:23 . 2015-02-04 10:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2015-02-04 10:13 . 2015-02-04 10:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-02-04 03:16 . 2015-03-11 15:11 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2015-02-04 02:54 . 2015-03-11 15:11 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2015-02-03 03:34 . 2015-03-11 19:02 693176 ----a-w- c:\windows\system32\winload.efi 2015-02-03 03:34 . 2015-03-11 19:02 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-02-03 03:33 . 2015-03-11 19:02 616360 ----a-w- c:\windows\system32\winresume.efi 2015-02-03 03:31 . 2015-03-11 19:02 14632960 ----a-w- c:\windows\system32\wmp.dll 2015-02-03 03:31 . 2015-03-11 19:02 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll 2015-02-03 03:31 . 2015-03-11 19:02 229376 ----a-w- c:\windows\system32\wintrust.dll 2015-02-03 03:31 . 2015-03-11 15:12 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll 2015-02-03 03:31 . 2015-03-11 15:12 215552 ----a-w- c:\windows\system32\ubpm.dll 2015-02-03 03:31 . 2015-03-11 19:02 5120 ----a-w- c:\windows\system32\msdxm.ocx 2015-02-03 03:31 . 2015-03-11 19:02 5120 ----a-w- c:\windows\system32\dxmasf.dll 2015-02-03 03:31 . 2015-03-11 19:02 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2015-02-03 03:31 . 2015-03-11 19:02 1574400 ----a-w- c:\windows\system32\quartz.dll 2015-02-03 03:31 . 2015-03-11 19:02 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll 2015-02-03 03:31 . 2015-03-11 19:02 371712 ----a-w- c:\windows\system32\qdvd.dll 2015-02-03 03:31 . 2015-03-11 19:02 188416 ----a-w- c:\windows\system32\pcasvc.dll 2015-02-03 03:31 . 2015-03-11 19:02 37376 ----a-w- c:\windows\system32\pcadm.dll 2015-02-03 03:31 . 2015-03-11 19:02 9728 ----a-w- c:\windows\system32\spwmp.dll 2015-02-03 03:31 . 2015-03-11 19:02 641024 ----a-w- c:\windows\system32\msscp.dll 2015-02-03 03:31 . 2015-03-11 19:02 325632 ----a-w- c:\windows\system32\msnetobj.dll 2015-02-03 03:31 . 2015-03-11 19:02 11264 ----a-w- c:\windows\system32\msmmsp.dll 2015-02-03 03:31 . 2015-03-11 19:03 4121600 ----a-w- c:\windows\system32\mf.dll 2015-02-03 03:31 . 2015-03-11 19:02 432128 ----a-w- c:\windows\system32\mfplat.dll 2015-02-03 03:31 . 2015-03-11 19:02 206848 ----a-w- c:\windows\system32\mfps.dll 2015-02-03 03:30 . 2015-03-11 19:02 631808 ----a-w- c:\windows\system32\evr.dll 2015-02-03 03:30 . 2015-03-11 19:02 284672 ----a-w- c:\windows\system32\EncDump.dll 2015-02-03 03:30 . 2015-03-11 19:02 1202176 ----a-w- c:\windows\system32\drmv2clt.dll 2015-02-03 03:30 . 2015-03-11 19:02 497664 ----a-w- c:\windows\system32\drmmgrtn.dll 2015-02-03 03:30 . 2015-03-11 19:03 1480192 ----a-w- c:\windows\system32\crypt32.dll 2015-02-03 03:30 . 2015-03-11 19:02 140288 ----a-w- c:\windows\system32\cryptnet.dll 2015-02-03 03:30 . 2015-03-11 19:02 1069056 ----a-w- c:\windows\system32\cryptui.dll 2015-02-03 03:30 . 2015-03-11 19:02 187904 ----a-w- c:\windows\system32\cryptsvc.dll 2015-02-03 03:30 . 2015-03-11 19:02 82432 ----a-w- c:\windows\system32\cryptsp.dll 2015-02-03 03:30 . 2015-03-11 19:02 680960 ----a-w- c:\windows\system32\audiosrv.dll 2015-02-03 03:30 . 2015-03-11 19:02 842240 ----a-w- c:\windows\system32\blackbox.dll 2015-02-03 03:30 . 2015-03-11 19:02 296448 ----a-w- c:\windows\system32\AudioSes.dll 2015-02-03 03:30 . 2015-03-11 19:02 440832 ----a-w- c:\windows\system32\AudioEng.dll 2015-02-03 03:30 . 2015-03-11 19:02 58880 ----a-w- c:\windows\system32\appidapi.dll 2015-02-03 03:30 . 2015-03-11 19:02 32256 ----a-w- c:\windows\system32\appidsvc.dll 2015-02-03 03:30 . 2015-03-11 19:02 55808 ----a-w- c:\windows\system32\rrinstaller.exe 2015-02-03 03:30 . 2015-03-11 19:02 11264 ----a-w- c:\windows\system32\pcawrk.exe 2015-02-03 03:30 . 2015-03-11 19:02 9728 ----a-w- c:\windows\system32\pcalua.exe 2015-02-03 03:30 . 2015-03-11 19:02 24576 ----a-w- c:\windows\system32\mfpmp.exe 2015-02-03 03:30 . 2015-03-11 19:02 126464 ----a-w- c:\windows\system32\audiodg.exe 2015-02-03 03:30 . 2015-03-11 19:02 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe 2015-02-03 03:30 . 2015-03-11 19:02 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe 2015-02-03 03:30 . 2015-03-11 19:02 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2015-02-03 03:29 . 2015-03-11 19:02 8704 ----a-w- c:\windows\system32\pcaevts.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2012-10-01 19:38 1720976 ----a-w- c:\program files (x86)\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2012-10-01 19:38 1720976 ----a-w- c:\program files (x86)\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2012-10-01 19:38 1720976 ----a-w- c:\program files (x86)\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\programy\daemon tools\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-11 292848] "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-08-31 508656] "CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2014-03-25 1284680] "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2013-02-19 453736] "SiemensAutomationFileStorage"="d:\programy\TIA\Portal V12\Bin\Siemens.Automation.ObjectFrame.FileStorage.Server.exe" [2013-07-11 942080] "YouCam Mirage"="d:\programy\youcam\YouCam\YCMMirage.exe" [2010-12-05 136488] "YouCam Tray"="d:\programy\youcam\YouCam\YouCam.exe" [2010-12-05 224352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}w64;{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64;c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys;c:\windows\SYSNATIVE\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys [x] R1 F06DEFF2-5B9C-490D-910F-35D3A91196222;F06DEFF2-5B9C-490D-910F-35D3A91196222;c:\program files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg;c:\program files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R2 IePluginService;IePlugin Service;c:\programdata\IePluginService\PluginService.exe;c:\programdata\IePluginService\PluginService.exe [x] R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x] R2 SystemkService;Systemk Service;c:\program files (x86)\Settings Manager\systemk\SystemkService.exe;c:\program files (x86)\Settings Manager\systemk\SystemkService.exe [x] R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x] R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Usluga Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 zte_cdc_acm;ZTE All CDC-ACM driver;c:\windows\system32\DRIVERS\zte_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cdc_acm.sys [x] R3 zte_cpo;ZTE All Install;c:\windows\system32\DRIVERS\zte_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cpo.sys [x] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x] S0 iusb3hcs;Sterownik przelacznika kontrolera hosta Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1507000.00B\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1507000.00B\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\SYMEFA64.SYS [x] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x] S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150418.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150418.001\BHDrvx64.sys [x] S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\ccSetx64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150501.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150501.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1507000.00B\SYMNETS.SYS [x] S2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\sws\almsrv\almsrv64x.exe;c:\program files\Common Files\Siemens\sws\almsrv\almsrv64x.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 KEPServerEXLoggerV5;KEPServerEX 5.17 Event Logger;d:\programy\KEPServerEX\server_eventlog.exe;d:\programy\KEPServerEX\server_eventlog.exe [x] S2 KEPServerEXV5;KEPServerEX 5.17 Runtime;d:\programy\KEPServerEX\server_runtime.exe;d:\programy\KEPServerEX\server_runtime.exe [x] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.7.0.11\N360.exe;c:\program files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 s7oiehsx64;SIMATIC S7DOS Help Service;c:\program files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe;c:\program files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe [x] S2 s7ousbu64x;SIMATIC USB Service;c:\windows\system32\DRIVERS\s7ousbu64x.sys;c:\windows\SYSNATIVE\DRIVERS\s7ousbu64x.sys [x] S2 s7sn2srtx;PROFINET IO RT-Protocol V2.0;c:\windows\system32\DRIVERS\s7sn2srtx.sys;c:\windows\SYSNATIVE\DRIVERS\s7sn2srtx.sys [x] S2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64X.exe;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64X.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x] S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 dpmconv;SIMATIC NET DP Driver;c:\windows\system32\DRIVERS\dpmconv.sys;c:\windows\SYSNATIVE\DRIVERS\dpmconv.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Sterownik kontrolera hosta Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 KEPServerEXKeySvcV5;KEPServerEX 5.17 Key Service;d:\programy\KEPServerEX\keysvc.exe;d:\programy\KEPServerEX\keysvc.exe [x] S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x] S3 s7odpx2x64;SIMATIC Knotentaufe;c:\windows\system32\DRIVERS\s7odpx2x64.sys;c:\windows\SYSNATIVE\DRIVERS\s7odpx2x64.sys [x] S3 s7oppinx64;SIMATIC PPI Transport;c:\windows\system32\DRIVERS\s7oppinx64.sys;c:\windows\SYSNATIVE\DRIVERS\s7oppinx64.sys [x] S3 s7oserix64;Siemens PC Serial Cable;c:\windows\system32\Drivers\s7oserix64.sys;c:\windows\SYSNATIVE\Drivers\s7oserix64.sys [x] S3 s7osmcax64;SIMATIC PC Adapter RS232;c:\windows\system32\DRIVERS\s7osmcax64.sys;c:\windows\SYSNATIVE\DRIVERS\s7osmcax64.sys [x] S3 s7osobux64;SIMATIC SoftBus;c:\windows\system32\DRIVERS\s7osobux64.sys;c:\windows\SYSNATIVE\DRIVERS\s7osobux64.sys [x] S3 s7otmcd64x;SIMATIC Memory Cards;c:\windows\system32\Drivers\s7otmcd64x.sys;c:\windows\SYSNATIVE\Drivers\s7otmcd64x.sys [x] S3 s7otranx64;SIMATIC Transport;c:\windows\system32\DRIVERS\s7otranx64.sys;c:\windows\SYSNATIVE\DRIVERS\s7otranx64.sys [x] S3 s7otsadx64;SIMATIC TS Adapter RS232;c:\windows\system32\DRIVERS\s7otsadx64.sys;c:\windows\SYSNATIVE\DRIVERS\s7otsadx64.sys [x] S3 vsnl2ada;SIMATIC NET FDL Driver;c:\windows\system32\DRIVERS\vsnl2ada.sys;c:\windows\SYSNATIVE\DRIVERS\vsnl2ada.sys [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2012-10-01 19:37 2322576 ----a-w- d:\programy\office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2012-10-01 19:37 2322576 ----a-w- d:\programy\office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2012-10-01 19:37 2322576 ----a-w- d:\programy\office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672] "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-09-17 184112] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2013-09-19 7818040] "UMonit64"="c:\windows\SysWOW64\UMonit64.exe" [2013-04-09 40960] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2014-05-06 8079408] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2014-05-06 6199128] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-28 13545032] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-05-20 1308232] "BCSSync"="d:\programy\office\Office14\BCSSync.exe" [2010-03-13 112512] "RtsFT"="RTFTrack.exe" [2013-03-15 6346312] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=n360&pvid=21.6.0.32 mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1399488326&from=cor&uid=ST1000LM014-1EJ164_W380R9M9XXXXW380R9M9&q={searchTerms} mDefault_Page_URL = about:blank mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=N360&pvid=21.6.0.32 mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1399488326&from=cor&uid=ST1000LM014-1EJ164_W380R9M9XXXXW380R9M9&q={searchTerms} IE: E&ksportuj do programu Microsoft Excel - d:\programy\office\Office15\EXCEL.EXE/3000 IE: Pobierz z &BitSpirit - d:\programy\bitspirit\BitSpirit\bsurl.htm IE: Wyslij &do programu OneNote - d:\programy\office\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL . - - - - ORPHANS REMOVED - - - - . BHO-{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - (no file) Toolbar-10 - (no file) Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe Wow6432Node-HKLM-Run-fst_pl_117 - (no file) Wow6432Node-HKLM-Run-fst_pl_124 - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-10 - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-genesis_05281348 - c:\users\e6t9i0isdghgj nv\appdata\local\genesis_05281348\genesis_05281348.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.7.0.11\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.7.0.11\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\F06DEFF2-5B9C-490D-910F-35D3A91196222] "ImagePath"="\??\c:\program files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg" "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.7.0.11;c:\program files (x86)\Norton 360\Engine64\21.7.0.11" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-05-03 21:56:38 ComboFix-quarantined-files.txt 2015-05-03 19:56 . Pre-Run: 41 329 840 128 bajtów wolnych Post-Run: 40 800 968 704 bajtów wolnych . - - End Of File - - 6E8F6E9696DE261DCEB5B561541BEDB2 A36C5E4F47E84449FF07ED3517B43A31