ComboFix 15-05-13.01 - Mariusz 2015-05-15 19:24:28.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8048.6250 [GMT 2:00] Running from: c:\users\Mariusz\Downloads\ComboFix.exe AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30} AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Local Settings\Temp c:\programdata\Local Settings\Temp\cscomp.dll c:\programdata\Local Settings\Temp\msaeuwo.pif c:\programdata\Local Settings\Temp\mshayaq.bat c:\programdata\ntuser.pol c:\programdata\Roaming c:\users\Mariusz\AppData\Roaming\76CDF4.exe c:\users\Mariusz\AppData\Roaming\apachesrvin.vbs c:\users\Mariusz\AppData\Roaming\Microsoft\chipset.dat c:\users\Mariusz\AppData\Roaming\Microsoft\connectf1_.dat c:\users\Mariusz\AppData\Roaming\Microsoft\Default.dat c:\users\Mariusz\AppData\Roaming\Microsoft\DirectX.dat c:\users\Mariusz\AppData\Roaming\Microsoft\etc.dat c:\users\Mariusz\AppData\Roaming\Microsoft\jushed.exe c:\users\Mariusz\AppData\Roaming\Microsoft\Res2.dat c:\users\Mariusz\AppData\Roaming\Microsoft\Setup.dat c:\users\Mariusz\AppData\Roaming\Microsoft\snd.dat c:\users\Mariusz\AppData\Roaming\Microsoft\System.dat c:\users\Mariusz\AppData\Roaming\Microsoft\update.exe c:\users\Mariusz\AppData\Roaming\Microsoft\waiter.dat c:\users\Mariusz\AppData\Roaming\Microsoft\Windows.dat c:\users\Mariusz\AppData\Roaming\minerd c:\users\Mariusz\AppData\Roaming\minerd\rar.exe c:\users\Mariusz\AppData\Roaming\minerd\setup.rar c:\windows\SysWow64\SET14A0.tmp c:\windows\SysWow64\SET14E0.tmp c:\windows\SysWow64\SET246F.tmp c:\windows\SysWow64\SETCB7A.tmp c:\windows\SysWow64\SETCDC6.tmp c:\windows\SysWow64\SETDB8.tmp c:\windows\SysWow64\tmp7300.tmp c:\windows\SysWow64\tmp7301.tmp c:\windows\SysWow64\tmp8B9D.tmp c:\windows\SysWow64\tmp8B9E.tmp c:\windows\SysWow64\tmpA841.tmp c:\windows\SysWow64\tmpA851.tmp c:\windows\SysWow64\tmpC3AC.tmp c:\windows\SysWow64\tmpC3AD.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NETHFDRV . . ((((((((((((((((((((((((( Files Created from 2015-04-15 to 2015-05-15 ))))))))))))))))))))))))))))))) . . 2015-05-14 18:54 . 2015-05-14 18:56 -------- d-----w- c:\users\Mariusz\AppData\Local\kaneandlynch 2015-05-11 16:20 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{758C0FC7-BBEA-4112-86CA-483DA47E85AA}\mpengine.dll 2015-05-07 09:42 . 2014-10-16 08:27 27424 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2015-05-03 13:31 . 2015-05-03 13:31 -------- d-----w- C:\Device 2015-05-03 11:33 . 2015-05-03 11:33 142336 ----a-w- c:\windows\system32\poqexec.exe 2015-05-03 11:33 . 2015-05-03 11:33 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2015-05-03 11:32 . 2015-05-03 11:32 72192 ----a-w- c:\windows\system32\aelupsvc.dll 2015-05-03 11:32 . 2015-05-03 11:32 6656 ----a-w- c:\windows\system32\shimeng.dll 2015-05-03 11:32 . 2015-05-03 11:32 5120 ----a-w- c:\windows\SysWow64\shimeng.dll 2015-05-03 11:32 . 2015-05-03 11:32 342016 ----a-w- c:\windows\system32\apphelp.dll 2015-05-03 11:32 . 2015-05-03 11:32 295936 ----a-w- c:\windows\SysWow64\apphelp.dll 2015-05-03 11:32 . 2015-05-03 11:32 23552 ----a-w- c:\windows\system32\sdbinst.exe 2015-05-03 11:32 . 2015-05-03 11:32 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe 2015-04-26 19:44 . 2015-04-26 19:44 -------- d-----w- c:\users\Mariusz\AppData\Local\ali213GameLauncher 2015-04-26 07:30 . 2015-04-26 07:30 -------- d-----w- c:\program files (x86)\R.G. Gamblers 2015-04-24 18:46 . 2015-04-24 18:46 977624 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2015-04-24 18:46 . 2015-04-24 18:46 73800 ----a-w- c:\windows\system32\RtNicProp64.dll 2015-04-21 21:01 . 2015-04-21 21:01 82944 ----a-w- c:\windows\system32\dwmapi.dll 2015-04-21 21:01 . 2015-04-21 21:01 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll 2015-04-21 21:01 . 2015-04-21 21:01 1632768 ----a-w- c:\windows\system32\dwmcore.dll 2015-04-21 21:01 . 2015-04-21 21:01 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll 2015-04-21 21:00 . 2015-04-21 21:00 2543104 ----a-w- c:\windows\system32\wpdshext.dll 2015-04-21 21:00 . 2015-04-21 21:00 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll 2015-04-21 21:00 . 2015-04-21 21:00 1195008 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll 2015-04-19 10:07 . 2015-04-08 20:32 560968 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2015-04-19 10:07 . 2015-04-19 10:07 -------- d-----w- c:\windows\SysWow64\NV 2015-04-19 10:07 . 2015-04-19 10:07 -------- d-----w- c:\windows\system32\NV 2015-04-18 07:55 . 2015-04-18 07:55 -------- d-----w- c:\users\Mariusz\AppData\Roaming\MK10 2015-04-16 20:30 . 2015-04-16 20:30 -------- d-----w- C:\RegBackup 2015-04-16 20:08 . 2015-04-16 20:08 -------- d-----w- c:\users\Mariusz\AppData\Roaming\PDF Producer 2015-04-16 20:07 . 2015-04-16 20:09 -------- d-----w- c:\users\Mariusz\AppData\Roaming\PDF Architect 3 2015-04-16 20:05 . 2015-04-16 20:07 -------- d-----w- c:\program files (x86)\PDF Architect 3 2015-04-16 20:04 . 2015-04-16 20:04 -------- d-----w- c:\programdata\PDF Architect 3 2015-04-16 20:04 . 2015-04-16 20:04 115592 ----a-w- c:\windows\system32\pdfcmon.dll 2015-04-16 20:04 . 2015-04-16 20:07 -------- d-----w- c:\program files\PDFCreator 2015-04-16 19:37 . 2015-04-16 19:37 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2015-04-16 19:37 . 2015-04-16 19:37 2048 ----a-w- c:\windows\system32\msxml3r.dll 2015-04-16 19:37 . 2015-04-16 19:37 1882624 ----a-w- c:\windows\system32\msxml3.dll 2015-04-16 19:37 . 2015-04-16 19:37 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll 2015-04-16 19:36 . 2015-04-16 19:36 79360 ----a-w- c:\windows\system32\clfsw32.dll 2015-04-16 19:36 . 2015-04-16 19:36 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll 2015-04-16 19:36 . 2015-04-16 19:36 367552 ----a-w- c:\windows\system32\clfs.sys 2015-04-16 19:34 . 2015-04-16 19:34 404480 ----a-w- c:\windows\system32\gdi32.dll 2015-04-16 19:34 . 2015-04-16 19:34 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2015-04-16 19:34 . 2015-04-16 19:34 754688 ----a-w- c:\windows\system32\drivers\http.sys 2015-04-15 21:49 . 2015-04-15 21:49 -------- d-----w- c:\program files (x86)\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-05-11 18:45 . 2015-05-11 18:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-05-03 11:32 . 2015-05-03 11:32 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2015-05-03 11:32 . 2015-05-03 11:32 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2015-05-03 11:32 . 2015-05-03 11:32 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2015-05-03 11:32 . 2015-05-03 11:32 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll 2015-05-03 11:32 . 2015-05-03 11:32 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2015-04-24 18:46 . 2013-10-24 16:28 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2015-04-18 09:09 . 2013-03-01 21:21 128913832 ----a-w- c:\windows\system32\MRT.exe 2015-04-15 21:49 . 2014-12-26 21:58 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2015-04-09 00:58 . 2015-02-21 11:39 927440 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2015-04-09 00:58 . 2015-02-21 11:39 154256 ----a-w- c:\windows\SysWow64\nvinit.dll 2015-04-09 00:58 . 2015-02-21 11:39 12689592 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2015-04-09 00:58 . 2015-02-21 11:39 1086424 ----a-w- c:\windows\system32\nvumdshimx.dll 2015-04-09 00:58 . 2015-02-21 11:39 3317344 ----a-w- c:\windows\system32\nvapi64.dll 2015-04-09 00:58 . 2013-04-08 21:25 175880 ----a-w- c:\windows\system32\nvinitx.dll 2015-04-08 21:30 . 2013-01-03 19:47 6841488 ----a-w- c:\windows\system32\nvcpl.dll 2015-04-08 21:30 . 2013-01-03 19:47 3478344 ----a-w- c:\windows\system32\nvsvc64.dll 2015-04-08 21:30 . 2013-01-03 19:47 936264 ----a-w- c:\windows\system32\nvvsvc.exe 2015-04-08 21:30 . 2013-01-03 19:47 75080 ----a-w- c:\windows\system32\nv3dappshextr.dll 2015-04-08 21:30 . 2013-01-03 19:47 62608 ----a-w- c:\windows\system32\nvshext.dll 2015-04-08 21:30 . 2013-01-03 19:47 2558608 ----a-w- c:\windows\system32\nvsvcr.dll 2015-04-08 21:30 . 2013-01-03 19:47 1047696 ----a-w- c:\windows\system32\nv3dappshext.dll 2015-04-08 21:30 . 2013-01-03 19:47 569160 ----a-w- c:\windows\SysWow64\oemdspif.dll 2015-04-08 21:30 . 2013-01-03 19:47 385168 ----a-w- c:\windows\system32\nvmctray.dll 2015-04-08 17:52 . 2013-01-03 19:47 4336074 ----a-w- c:\windows\system32\nvcoproc.bin 2015-03-31 03:58 . 2013-12-17 19:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2015-03-31 03:58 . 2013-12-17 19:55 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2015-03-31 03:58 . 2013-03-12 03:27 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2015-03-30 22:28 . 2013-12-17 19:55 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2015-03-28 03:44 . 2014-11-06 17:37 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll 2015-03-28 03:44 . 2014-03-23 20:32 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll 2015-03-28 03:43 . 2014-11-06 17:37 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll 2015-03-28 03:43 . 2014-03-23 20:32 1570672 ----a-w- c:\windows\system32\nvspcap64.dll 2015-03-13 19:41 . 2015-03-24 22:26 1896136 ----a-w- c:\windows\system32\nvdispco6434788.dll 2015-03-13 19:41 . 2015-03-24 22:26 1557648 ----a-w- c:\windows\system32\nvdispgenco6434788.dll 2015-03-01 15:59 . 2015-03-01 15:59 11532704 ----a-w- c:\windows\system32\drivers\NETwsw01.sys 2015-03-01 15:58 . 2015-03-01 15:58 129312 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys 2015-02-26 03:25 . 2015-03-10 18:28 3204096 ----a-w- c:\windows\system32\win32k.sys 2015-02-24 02:17 . 2013-01-03 17:48 295552 ------w- c:\windows\system32\MpSigStub.exe 2015-02-20 04:41 . 2015-03-10 18:30 41984 ----a-w- c:\windows\system32\lpk.dll 2015-02-20 04:40 . 2015-03-10 18:30 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-02-20 04:40 . 2015-03-10 18:30 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-02-20 04:40 . 2015-03-10 18:30 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-02-20 04:13 . 2015-03-10 18:30 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-02-20 04:13 . 2015-03-10 18:30 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-02-20 04:13 . 2015-03-10 18:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-02-20 04:12 . 2015-03-10 18:30 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-02-20 03:29 . 2015-03-10 18:30 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-02-20 03:09 . 2015-03-10 18:30 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-02-17 14:30 . 2015-02-17 14:30 1691808 ----a-w- c:\windows\system32\FM20.DLL 2015-02-15 13:49 . 2015-02-15 13:49 406528 ----a-w- c:\windows\system32\scesrv.dll 2015-02-15 13:49 . 2015-02-15 13:49 308224 ----a-w- c:\windows\SysWow64\scesrv.dll 2015-02-15 13:42 . 2015-02-15 13:42 950272 ----a-w- c:\windows\system32\perftrack.dll 2015-02-15 13:42 . 2015-02-15 13:42 91136 ----a-w- c:\windows\system32\wdi.dll 2015-02-15 13:42 . 2015-02-15 13:42 76800 ----a-w- c:\windows\SysWow64\wdi.dll 2015-02-15 13:42 . 2015-02-15 13:42 29696 ----a-w- c:\windows\system32\powertracker.dll 2015-02-15 13:42 . 2015-02-15 13:42 861696 ----a-w- c:\windows\system32\oleaut32.dll 2015-02-15 13:42 . 2015-02-15 13:42 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2013-06-28 . E01EBE6A0C7B306763667FDC60A0B25A . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-03-18 12:11 1729752 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-03-18 12:11 1729752 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-03-18 12:11 1729752 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Energy Management.exe"="c:\program files (x86)\lenovo\energy management\energy management.exe" [2013-01-03 8079408] "pcee4.exe"="c:\program files (x86)\dolby home theater v4\pcee4.exe" [2012-07-25 508656] "ETDCtrl.exe"="c:\program files\elantech\etdctrl.exe" [2012-07-29 2862928] "Advanced SystemCare 8"="c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-04-08 2429728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 20 (0x14) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] R3 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] R3 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] R3 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x] R3 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\DRIVERS\jnprvamgr.sys;c:\windows\SYSNATIVE\DRIVERS\jnprvamgr.sys [x] R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] R3 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe [x] R3 PDF Architect 3 Creator;PDF Architect 3 Creator;c:\program files (x86)\PDF Architect 3\creator-ws.exe;c:\program files (x86)\PDF Architect 3\creator-ws.exe [x] R3 PDF Architect 3;PDF Architect 3;c:\program files (x86)\PDF Architect 3\ws.exe;c:\program files (x86)\PDF Architect 3\ws.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 SODA Manager;SODA Manager;c:\programdata\LULU Software\Soda Manager\Soda Manager.exe;c:\programdata\LULU Software\Soda Manager\Soda Manager.exe [x] R3 Soda PDF 7 CrashHandler;Soda PDF 7 CrashHandler;c:\program files (x86)\Soda PDF 7\crash-handler-ws.exe;c:\program files (x86)\Soda PDF 7\crash-handler-ws.exe [x] R3 Soda PDF 7 Creator;Soda PDF 7 Creator;c:\program files (x86)\Soda PDF 7\creator-ws.exe;c:\program files (x86)\Soda PDF 7\creator-ws.exe [x] R3 Soda PDF 7;Soda PDF 7;c:\program files (x86)\Soda PDF 7\ws.exe;c:\program files (x86)\Soda PDF 7\ws.exe [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [x] R3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x] R3 WatAdminSvc;Usluga Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x] R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] R4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20150504.013\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20150504.013\BHDrvx64.sys [x] S1 ccSettings_{60835C41-C832-4374-9ABF-8943075D8D73};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x] S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20150513.011\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20150513.011\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [x] S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [x] S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x] S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [x] S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 cpuz137;cpuz137;c:\users\Mariusz\AppData\Local\Temp\cpuz137\cpuz137_x64.sys;c:\users\Mariusz\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - CPUZ137 *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-05-14 02:56 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = www.google.pl mDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com mStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000 IE: Wyslij &do programu OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Wyslij do Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm Trusted Zone: elektroda.pl TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{3955D9B2-2282-44CE-A120-FAAB256AE3FE}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL . - - - - ORPHANS REMOVED - - - - . AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService] "ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService] "ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{323420B6-65E5-4657-8106-A27392D4D4AA}"=hex:51,66,7a,6c,4c,1d,38,12,d8,23,27, 36,d7,2b,39,03,fe,10,e1,33,97,8a,90,be "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}"=hex:51,66,7a,6c,4c,1d,38,12,d8,cc,36, 7c,38,07,05,06,e0,30,09,3b,59,a2,45,bd "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f, be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:e1,c2,56,7f,13,be,ce,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,4c,b1,f7,7d,00,8c,4f,9a,55,1b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,4c,b1,f7,7d,00,8c,4f,9a,55,1b,\ . [HKEY_USERS\S-1-5-21-2883962111-3297607759-932671933-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:40,13,25,49,bc,a7,5f,a7,4f,ce,81,80,80,98,ee,4a,ff,f3,ea,e0,04,f3,d9, bb,d2,44,30,27,8f,0f,83,12,a2,0d,a0,1e,99,14,48,e5,ea,72,b9,aa,23,6c,f8,7c,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 . [HKEY_USERS\S-1-5-21-2883962111-3297607759-932671933-1000\Software\SecuROM\License information*] "datasecu"=hex:ff,ee,8b,10,7a,cc,1e,1b,79,dc,0a,b2,19,6e,83,3c,e4,98,de,aa,01, 03,81,7d,50,23,78,ff,52,ba,59,81,8f,ff,ce,63,a5,7e,7b,e5,fb,b1,ec,0b,4e,60,\ "rkeysecu"=hex:a0,a7,8e,d4,3c,c8,8c,fd,a4,30,b9,86,15,f2,6c,bc . [HKEY_USERS\S-1-5-21-2883962111-3297607759-932671933-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\Program Files (x86)\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats] "qgif4.dll"=multi:"2011-10-10T17:42\00gif\00\00" "qico4.dll"=multi:"2011-10-10T17:42\00ico\00\00" "qjpeg4.dll"=multi:"2011-10-10T17:42\00jpeg\00jpg\00\00" . [HKEY_USERS\S-1-5-21-2883962111-3297607759-932671933-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\c:\Program Files (x86)\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs] "qcncodecs4.dll"=multi:"2011-10-10T17:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00" "qkrcodecs4.dll"=multi:"2011-10-10T17:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00" "qtwcodecs4.dll"=multi:"2011-10-10T17:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00" . [HKEY_USERS\S-1-5-21-2883962111-3297607759-932671933-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\program files (x86)\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs] "qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T17:42\00\00" "qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" . [HKEY_USERS\S-1-5-21-2883962111-3297607759-932671933-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\program files (x86)\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats] "Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T17:42\00\00" "msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T17:42\00\00" "qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" . [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\IObit\Advanced SystemCare 8\Monitor.exe c:\program files (x86)\Google\Update\GoogleUpdate.exe c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe . ************************************************************************** . Completion time: 2015-05-15 19:54:13 - machine was rebooted ComboFix-quarantined-files.txt 2015-05-15 17:54 . Pre-Run: 59 175 133 184 bajtów wolnych Post-Run: 57 084 923 904 bajtów wolnych . - - End Of File - - C4D2BFA097AB945D9AB10C69B9D99A4E