ComboFix 15-09-03.01 - Mat 2015-09-05 22:00:22.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.8112.6303 [GMT 2:00] Uruchomiony z: C:\Users\Mat\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289} SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files (x86)\14c44f08-b5e6-46da-9d28-aef18cc46810\14c44f08-b5e6-46da-9d28-aef18cc46810.dll C:\Program Files (x86)\14c44f08-b5e6-46da-9d28-aef18cc46810\82a7b599-8ea2-4093-93d1-83db0b4ec2b0.dll C:\Program Files (x86)\14c44f08-b5e6-46da-9d28-aef18cc46810\93695411-71d8-4ed6-88a4-bea731369af2.dll C:\Program Files (x86)\14c44f08-b5e6-46da-9d28-aef18cc46810\9d9db655-426c-46c4-888f-26aa3d67b896.dll C:\Program Files (x86)\CinemaP-1.9cV05.09\e8d291e1-443c-435b-a8a1-5d13f4be3947.dll C:\ProgramData\ntuser.pol C:\Users\Mat\AppData\Local\unins000.exe ((((((((((((((((((((((((( Pliki utworzone od 2015-08-05 do 2015-09-05 ))))))))))))))))))))))))))))))) 2099-06-11 14:04:09 . 2099-06-11 14:04:09 -------- d-----w- C:\Users\Mat\AppData\Local\Logishrd 2099-06-11 14:01:56 . 2014-04-25 02:34:59 801280 ----a-w- C:\Windows\system32\usp10.dll 2099-06-11 14:01:56 . 2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2099-06-11 14:01:55 . 2014-04-05 02:37:43 1897408 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2099-06-11 14:01:55 . 2014-04-05 02:37:41 376768 ----a-w- C:\Windows\system32\drivers\netio.sys 2099-06-11 14:01:55 . 2014-04-05 02:37:37 288192 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS 2099-06-11 14:01:55 . 2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\system32\msxml6.dll 2099-06-11 14:01:54 . 2014-03-26 14:41:39 2048 ----a-w- C:\Windows\system32\msxml6r.dll 2099-06-11 14:01:54 . 2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll 2099-06-11 14:01:54 . 2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll 2015-09-05 20:18:15 . 2015-09-05 20:18:15 -------- d-----w- C:\Users\Default\AppData\Local\temp 2015-09-05 20:05:14 . 2015-09-05 20:05:14 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1BF85F4D-867D-4035-A02E-E03A636704C2}\offreg.3504.dll 2015-09-05 19:26:12 . 2015-09-05 19:26:12 -------- d-----w- C:\Users\Mat\AppData\Local\ESET 2015-09-05 16:05:11 . 2015-09-05 20:08:21 -------- d-----w- C:\Program Files (x86)\14c44f08-b5e6-46da-9d28-aef18cc46810 2015-09-05 16:04:44 . 2015-09-05 16:04:44 -------- d-----w- C:\Users\Mat\AppData\Local\globalUpdate 2015-09-05 16:04:44 . 2015-09-05 16:04:44 -------- d-----w- C:\Program Files (x86)\globalUpdate 2015-09-05 16:04:04 . 2015-09-05 20:08:32 -------- d-----w- C:\Program Files (x86)\CinemaP-1.9cV05.09 2015-09-05 16:02:59 . 2015-09-05 19:41:08 -------- d-----w- C:\Users\Mat\AppData\Roaming\cpuminer 2015-09-05 16:01:01 . 2015-09-05 19:51:16 -------- d-----w- C:\Users\Mat\AppData\Local\Installer 2015-09-05 16:00:49 . 2015-09-05 16:00:49 -------- d-----w- C:\Users\Mat\AppData\Local\CrashRpt 2015-09-05 15:56:37 . 2015-09-05 19:20:40 -------- d-----w- C:\Users\Mat\AppData\Local\00000000-1441475797-0000-0000-448A5B4013F5 2015-09-05 15:55:42 . 2015-09-05 15:56:24 -------- d-----w- C:\Program Files (x86)\00000000-1441468542-0000-0000-448A5B4013F5 2015-09-05 15:41:56 . 2015-09-05 15:41:56 -------- d-sh--w- C:\Users\Mat\AppData\Local\icsxml 2015-09-05 15:39:20 . 2015-09-05 15:39:20 -------- d-sh--w- C:\Users\Mat\AppData\Local\ms-drivers 2015-09-05 15:39:18 . 2015-09-05 15:47:56 -------- d-----w- C:\Users\Mat\AppData\Local\MetaGeek,_LLC 2015-09-01 20:18:14 . 2015-09-01 20:18:14 -------- d-----w- C:\Windows\SysWow64\NV 2015-09-01 20:18:14 . 2015-09-01 20:18:14 -------- d-----w- C:\Windows\system32\NV 2015-08-31 18:18:09 . 2015-08-11 04:52:30 69416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll 2015-08-31 18:18:09 . 2015-08-11 04:52:30 50472 ----a-w- C:\Windows\system32\drivers\nvvad64v.sys 2015-08-24 14:43:07 . 2015-09-05 19:40:38 -------- d-----w- C:\ProgramData\ALLPlayer 2015-08-15 08:31:37 . 2015-08-25 18:46:21 2627704 ----a-w- C:\Windows\SysWow64\nvcuvid.dll 2015-08-15 08:31:37 . 2015-08-25 18:46:21 12185152 ----a-w- C:\Windows\SysWow64\nvcuda.dll 2015-08-15 08:31:37 . 2015-08-07 11:06:30 1898104 ----a-w- C:\Windows\system32\nvdispco6435560.dll 2015-08-15 08:31:37 . 2015-08-07 11:06:30 1558832 ----a-w- C:\Windows\system32\nvdispgenco6435560.dll 2015-08-15 08:14:03 . 2015-08-15 08:14:03 9284296 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) 2015-08-27 00:37:01 . 2014-06-03 08:18:30 1316000 ----a-w- C:\Windows\SysWow64\nvspbridge.dll 2015-08-27 00:37:01 . 2014-04-12 17:57:01 1423120 ----a-w- C:\Windows\SysWow64\nvspcap.dll 2015-08-27 00:36:47 . 2014-06-03 08:18:30 1756424 ----a-w- C:\Windows\system32\nvspbridge64.dll 2015-08-27 00:36:47 . 2014-04-12 17:57:01 1710568 ----a-w- C:\Windows\system32\nvspcap64.dll 2015-08-25 18:46:21 . 2015-06-25 16:29:48 3112904 ----a-w- C:\Windows\SysWow64\nvapi.dll 2015-08-25 18:46:21 . 2014-05-09 19:35:30 944736 ----a-w- C:\Windows\SysWow64\nvumdshim.dll 2015-08-25 18:46:21 . 2014-05-09 19:35:30 1106672 ----a-w- C:\Windows\system32\nvumdshimx.dll 2015-08-25 18:46:21 . 2014-05-09 19:35:29 176904 ----a-w- C:\Windows\system32\nvinitx.dll 2015-08-25 18:46:21 . 2014-05-09 19:35:29 155792 ----a-w- C:\Windows\SysWow64\nvinit.dll 2015-08-25 18:46:21 . 2014-05-09 19:35:28 12515016 ----a-w- C:\Windows\SysWow64\nvd3dum.dll 2015-08-25 18:46:21 . 2014-05-09 19:35:26 3527696 ----a-w- C:\Windows\system32\nvapi64.dll 2015-08-25 14:24:20 . 2014-05-09 19:39:09 937776 ----a-w- C:\Windows\system32\nvvsvc.exe 2015-08-25 14:24:20 . 2014-05-09 19:39:09 75056 ----a-w- C:\Windows\system32\nv3dappshextr.dll 2015-08-25 14:24:20 . 2014-05-09 19:39:09 62584 ----a-w- C:\Windows\system32\nvshext.dll 2015-08-25 14:24:20 . 2014-05-09 19:39:09 385144 ----a-w- C:\Windows\system32\nvmctray.dll 2015-08-25 14:24:20 . 2014-05-09 19:39:09 3496752 ----a-w- C:\Windows\system32\nvsvc64.dll 2015-08-25 14:24:20 . 2014-05-09 19:39:09 2558584 ----a-w- C:\Windows\system32\nvsvcr.dll 2015-08-25 14:24:20 . 2014-05-09 19:39:09 1062520 ----a-w- C:\Windows\system32\nv3dappshext.dll 2015-08-25 14:24:19 . 2014-05-09 19:39:09 6884984 ----a-w- C:\Windows\system32\nvcpl.dll 2015-08-25 12:35:29 . 2014-05-09 19:39:09 5165808 ----a-w- C:\Windows\system32\nvcoproc.bin 2015-08-15 08:14:07 . 2014-05-09 08:35:51 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2015-08-15 08:14:07 . 2014-05-09 08:35:51 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2015-08-11 04:52:30 . 2014-04-12 17:51:46 72504 ----a-w- C:\Windows\system32\nvaudcap64v.dll 2015-07-23 04:06:23 . 2015-07-30 19:22:41 1898128 ----a-w- C:\Windows\system32\nvdispco6435362.dll 2015-07-23 04:06:23 . 2015-07-30 19:22:41 1557648 ----a-w- C:\Windows\system32\nvdispgenco6435362.dll 2015-07-14 13:29:08 . 2015-07-14 13:29:08 255240 ----a-w- C:\Windows\system32\drivers\eamonm.sys 2015-07-14 13:29:08 . 2015-07-14 13:29:08 251632 ----a-w- C:\Windows\system32\drivers\edevmon.sys 2015-07-14 13:29:08 . 2015-07-14 13:29:08 178520 ----a-w- C:\Windows\system32\drivers\ehdrv.sys 2015-07-14 13:29:08 . 2015-07-14 13:29:08 168208 ----a-w- C:\Windows\system32\drivers\epfwwfpr.sys 2015-07-09 17:58:56 . 2015-07-15 17:25:14 37888 ----a-w- C:\Windows\system32\wups2.dll 2015-07-09 17:58:56 . 2015-07-15 17:25:14 36864 ----a-w- C:\Windows\system32\wups.dll 2015-07-09 17:58:56 . 2015-07-15 17:25:14 192000 ----a-w- C:\Windows\system32\wuwebv.dll 2015-07-09 17:58:55 . 2015-07-15 17:25:14 98304 ----a-w- C:\Windows\system32\wudriver.dll 2015-07-09 17:58:55 . 2015-07-15 17:25:14 696320 ----a-w- C:\Windows\system32\wuapi.dll 2015-07-09 17:58:55 . 2015-07-15 17:25:14 3154944 ----a-w- C:\Windows\system32\wucltux.dll 2015-07-09 17:58:55 . 2015-07-15 17:25:14 2603008 ----a-w- C:\Windows\system32\wuaueng.dll 2015-07-09 17:58:34 . 2015-07-15 17:25:14 91136 ----a-w- C:\Windows\system32\WinSetupUI.dll 2015-07-09 17:58:25 . 2015-07-15 17:25:14 12288 ----a-w- C:\Windows\system32\wu.upgrade.ps.dll 2015-07-09 17:58:20 . 2015-07-15 17:25:14 37376 ----a-w- C:\Windows\system32\wuapp.exe 2015-07-09 17:58:20 . 2015-07-15 17:25:14 139776 ----a-w- C:\Windows\system32\wuauclt.exe 2015-07-09 17:43:25 . 2015-07-15 17:25:14 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll 2015-07-09 17:43:25 . 2015-07-15 17:25:14 30208 ----a-w- C:\Windows\SysWow64\wups.dll 2015-07-09 17:43:25 . 2015-07-15 17:25:14 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2015-07-09 17:43:24 . 2015-07-15 17:25:14 566784 ----a-w- C:\Windows\SysWow64\wuapi.dll 2015-07-09 17:42:47 . 2015-07-15 17:25:14 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe 2015-07-04 18:07:11 . 2015-07-15 17:25:42 2087424 ----a-w- C:\Windows\system32\ole32.dll 2015-07-04 17:48:36 . 2015-07-15 17:25:42 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll 2015-07-03 18:05:54 . 2015-07-15 17:07:11 41984 ----a-w- C:\Windows\system32\lpk.dll 2015-07-03 18:05:43 . 2015-07-15 17:07:11 100864 ----a-w- C:\Windows\system32\fontsub.dll 2015-07-03 18:05:34 . 2015-07-15 17:07:11 14336 ----a-w- C:\Windows\system32\dciman32.dll 2015-07-03 18:05:26 . 2015-07-15 17:07:11 46080 ----a-w- C:\Windows\system32\atmlib.dll 2015-07-03 17:56:59 . 2015-07-15 17:07:11 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2015-07-03 17:56:56 . 2015-07-15 17:07:11 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll 2015-07-03 17:56:52 . 2015-07-15 17:07:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2015-07-03 17:55:42 . 2015-07-15 17:07:11 25600 ----a-w- C:\Windows\SysWow64\lpk.dll 2015-07-03 16:52:31 . 2015-07-15 17:07:11 372224 ----a-w- C:\Windows\system32\atmfd.dll 2015-07-03 16:42:38 . 2015-07-15 17:07:11 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll 2015-07-03 06:43:04 . 2014-04-12 18:16:32 130333168 ----a-w- C:\Windows\system32\MRT.exe 2015-07-02 21:08:53 . 2015-07-15 17:26:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2015-07-02 20:49:43 . 2015-07-15 17:26:17 25193984 ----a-w- C:\Windows\system32\mshtml.dll 2015-07-02 20:40:34 . 2015-07-15 17:26:19 2724864 ----a-w- C:\Windows\system32\mshtml.tlb 2015-07-02 20:23:52 . 2015-07-15 17:26:16 2885632 ----a-w- C:\Windows\system32\iertutil.dll 2015-07-02 20:12:26 . 2015-07-15 17:26:18 615936 ----a-w- C:\Windows\system32\ieui.dll 2015-07-02 19:20:29 . 2015-07-15 17:26:18 14453248 ----a-w- C:\Windows\system32\ieframe.dll 2015-07-02 18:59:40 . 2015-07-15 17:26:18 1545728 ----a-w- C:\Windows\system32\urlmon.dll 2015-07-01 18:25:20 . 2015-07-15 17:25:41 95680 ----a-w- C:\Windows\system32\drivers\ksecdd.sys 2015-07-01 18:25:20 . 2015-07-15 17:25:41 155584 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys 2015-07-01 18:21:04 . 2015-07-15 17:25:41 210944 ----a-w- C:\Windows\system32\wdigest.dll 2015-07-01 18:21:02 . 2015-07-15 17:25:41 86528 ----a-w- C:\Windows\system32\TSpkg.dll 2015-07-01 18:21:00 . 2015-07-15 17:25:41 136192 ----a-w- C:\Windows\system32\sspicli.dll 2015-07-01 18:21:00 . 2015-07-15 17:25:40 29184 ----a-w- C:\Windows\system32\sspisrv.dll 2015-07-01 18:20:59 . 2015-07-15 17:25:40 28160 ----a-w- C:\Windows\system32\secur32.dll 2015-07-01 18:20:58 . 2015-07-15 17:25:41 342016 ----a-w- C:\Windows\system32\schannel.dll 2015-07-01 18:20:58 . 2015-07-15 17:25:41 190464 ----a-w- C:\Windows\system32\rpchttp.dll 2015-07-01 18:20:58 . 2015-07-15 17:25:41 1216512 ----a-w- C:\Windows\system32\rpcrt4.dll 2015-07-01 18:20:54 . 2015-07-15 17:25:41 309760 ----a-w- C:\Windows\system32\ncrypt.dll 2015-07-01 18:20:53 . 2015-07-15 17:25:41 316416 ----a-w- C:\Windows\system32\msv1_0.dll 2015-07-01 18:20:50 . 2015-07-15 17:25:41 730112 ----a-w- C:\Windows\system32\kerberos.dll 2015-07-01 18:20:50 . 2015-07-15 17:25:41 1464832 ----a-w- C:\Windows\system32\lsasrv.dll 2015-07-01 18:20:45 . 2015-07-15 17:25:41 44032 ----a-w- C:\Windows\system32\cryptbase.dll 2015-07-01 18:20:45 . 2015-07-15 17:25:40 22016 ----a-w- C:\Windows\system32\credssp.dll 2015-07-01 18:20:44 . 2015-07-15 17:25:41 463872 ----a-w- C:\Windows\system32\certcli.dll 2015-07-01 18:20:08 . 2015-07-15 17:25:40 31232 ----a-w- C:\Windows\system32\lsass.exe 2015-07-01 18:19:50 . 2015-07-15 17:25:40 64000 ----a-w- C:\Windows\system32\auditpol.exe 2015-07-01 18:15:22 . 2015-07-15 17:25:40 60416 ----a-w- C:\Windows\system32\msobjs.dll 2015-07-01 18:14:59 . 2015-07-15 17:25:40 146432 ----a-w- C:\Windows\system32\msaudite.dll 2015-07-01 18:10:21 . 2015-07-15 17:25:40 690688 ----a-w- C:\Windows\system32\adtschema.dll 2015-07-01 17:52:55 . 2015-07-15 17:25:41 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll 2015-07-01 17:52:51 . 2015-07-15 17:25:41 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll 2015-07-01 17:52:48 . 2015-07-15 17:25:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2015-07-01 17:52:47 . 2015-07-15 17:25:41 248832 ----a-w- C:\Windows\SysWow64\schannel.dll 2015-07-01 17:52:47 . 2015-07-15 17:25:41 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll 2015-07-01 17:52:43 . 2015-07-15 17:25:41 260608 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2015-07-01 17:52:43 . 2015-07-15 17:25:41 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2015-07-01 17:52:38 . 2015-07-15 17:25:41 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll 2015-07-01 17:52:31 . 2015-07-15 17:25:41 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll 2015-07-01 17:52:31 . 2015-07-15 17:25:40 17408 ----a-w- C:\Windows\SysWow64\credssp.dll 2015-07-01 17:52:30 . 2015-07-15 17:25:41 342528 ----a-w- C:\Windows\SysWow64\certcli.dll 2015-07-01 17:51:44 . 2015-07-15 17:25:40 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe 2015-07-01 17:51:31 . 2015-07-15 17:25:41 665600 ----a-w- C:\Windows\SysWow64\rpcrt4.dll ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="C:\Users\Mat\AppData\Roaming\uTorrent\uTorrent.exe" [2015-08-28 09:52:33 1696096] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 16:57:26 959904] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2000-01-01 00:00:00 296208] C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ SCM.lnk - C:\Program Files\Mat\SCM\SCM.exe [2013-7-5 399528] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2015-2-27 113664] Qualcomm Atheros Killer Network Manager.lnk - C:\Program Files\Mat\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2013-5-16 554496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=C:\Windows\SysWOW64\nvinit.dll R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 giqozewi;URL Read;C:\Program Files (x86)\00000000-1441468542-0000-0000-448A5B4013F5\knsc8267.tmpfs;C:\Program Files (x86)\00000000-1441468542-0000-0000-448A5B4013F5\knsc8267.tmpfs [x] R2 jimocoso;Cool Barcode;C:\Program Files (x86)\00000000-1441468542-0000-0000-448A5B4013F5\jnsnD05E.tmp;C:\Program Files (x86)\00000000-1441468542-0000-0000-448A5B4013F5\jnsnD05E.tmp [x] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x] R2 totyseku;Delete Exit;C:\Program Files (x86)\00000000-1441468542-0000-0000-448A5B4013F5\hnsdEFD2.tmp;C:\Program Files (x86)\00000000-1441468542-0000-0000-448A5B4013F5\hnsdEFD2.tmp [x] R3 ampa;ampa;C:\Windows\system32\ampa.sys;C:\Windows\SYSNATIVE\ampa.sys [x] R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x] R3 IntcDAud;Audio dla wyświetlaczy Intel(R);C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x] R3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys;C:\Windows\SYSNATIVE\drivers\massfilter.sys [x] R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 pwdrvio;pwdrvio;C:\Windows\system32\pwdrvio.sys;C:\Windows\SYSNATIVE\pwdrvio.sys [x] R3 pwdspio;pwdspio;C:\Windows\system32\pwdspio.sys;C:\Windows\SYSNATIVE\pwdspio.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys;C:\Windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x] R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys;C:\Windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys;C:\Windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys;C:\Windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys;C:\Windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\system32\DRIVERS\ZTEusbnet.sys;C:\Windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x] S0 iusb3hcs;Sterownik przełącznika kontrolera hosta Intel(R) USB 3.0;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys;C:\Windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\system32\DRIVERS\bflwfx64.sys;C:\Windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x] S1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys;C:\Windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys;C:\Windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x] S2 ekrn;ESET Service;C:\Program Files\Mat\ESET\x86\ekrn.exe;C:\Program Files\Mat\ESET\x86\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys;C:\Windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x] S2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe;C:\Program Files\Elantech\ETDService.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\system32\igfxCUIService.exe;C:\Windows\SYSNATIVE\igfxCUIService.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe;C:\Program Files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 Micro Star SCM;Micro Star SCM;C:\Program Files\Mat\SCM\MSIService.exe;C:\Program Files\Mat\SCM\MSIService.exe [x] S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x] S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Mat\Qualcomm Atheros\Killer Network Manager\BFNService.exe;C:\Program Files\Mat\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys;C:\Windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys;C:\Windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Sterownik kontrolera hosta Intel(R) USB 3.0 eXtensible;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\e22w7x64.sys;C:\Windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x] S3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys;C:\Windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\system32\drivers\nvvad64v.sys;C:\Windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTSPER;Realtek PCIE Card Reader - PER;C:\Windows\system32\DRIVERS\RtsPer.sys;C:\Windows\SYSNATIVE\DRIVERS\RtsPer.sys [x] S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\system32\DRIVERS\rtwlane.sys;C:\Windows\SYSNATIVE\DRIVERS\rtwlane.sys [x] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-09-05 15:12:44 997704 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe Zawartość folderu 'Zaplanowane zadania' 2015-09-05 C:\Windows\Tasks\560773e2-7ae7-4099-9909-43862e692b5e-1-7.job - C:\Program Files (x86)\CinemaP-1.9cV05.09\560773e2-7ae7-4099-9909-43862e692b5e-1-7.exe [2015-09-05 16:07:28 . 2015-09-05 16:07:28] 2015-09-05 C:\Windows\Tasks\560773e2-7ae7-4099-9909-43862e692b5e-10_user.job - C:\Program Files (x86)\CinemaP-1.9cV05.09\560773e2-7ae7-4099-9909-43862e692b5e-10.exe [2015-09-05 16:04:29 . 2015-09-05 16:04:29] 2015-09-05 C:\Windows\Tasks\560773e2-7ae7-4099-9909-43862e692b5e-3.job - C:\Program Files (x86)\CinemaP-1.9cV05.09\560773e2-7ae7-4099-9909-43862e692b5e-3.exe [2015-09-05 16:04:58 . 2015-09-05 16:04:58] 2015-09-05 C:\Windows\Tasks\560773e2-7ae7-4099-9909-43862e692b5e-5.job - C:\Program Files (x86)\CinemaP-1.9cV05.09\560773e2-7ae7-4099-9909-43862e692b5e-5.exe [2015-09-05 16:09:01 . 2015-09-05 16:09:01] 2015-09-05 C:\Windows\Tasks\560773e2-7ae7-4099-9909-43862e692b5e-5_user.job - C:\Program Files (x86)\CinemaP-1.9cV05.09\560773e2-7ae7-4099-9909-43862e692b5e-5.exe [2015-09-05 16:09:01 . 2015-09-05 16:09:01] 2015-09-05 C:\Windows\Tasks\560773e2-7ae7-4099-9909-43862e692b5e-7.job - C:\Program Files (x86)\CinemaP-1.9cV05.09\560773e2-7ae7-4099-9909-43862e692b5e-7.exe [2015-09-05 16:05:28 . 2015-09-05 16:05:28] 2015-09-05 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-09 08:35:51 . 2015-08-15 08:14:07] 2015-09-05 C:\Windows\Tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe [2015-04-12 11:42:19 . 2015-04-12 11:42:19] 2015-09-05 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12 17:20:23 . 2015-08-28 10:44:25] 2015-09-05 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12 17:20:23 . 2015-08-28 10:44:25] 2015-09-05 C:\Windows\Tasks\TOC2X9lWExfLstn8hZEZsdt.job - C:\Users\Mat\AppData\Roaming\TOC2X9lWExfLstn8hZEZsdt.exe [2015-04-20 14:05:14 . 2015-04-20 14:05:14] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-27 00:37:44 2634872] "ShadowPlay"="C:\Windows\system32\nvspcap64.dll" [2015-08-27 00:36:47 1710568] "BCSSync"="C:\Program Files\Mat\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 13:27:52 108144] "EvtMgr6"="C:\Program Files\Mat\Logitech\SetPointP\SetPoint.exe" [2011-10-07 09:38:38 1744152] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 00:00:00 13774040] "egui"="C:\Program Files\Mat\ESET\egui.exe" [2015-07-08 13:22:20 5595848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=C:\Windows\System32\nvinitx.dll ------- Skan uzupełniający ------- uLocal Page = C:\Windows\system32\blank.htm mLocal Page = C:\Windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\Mat\MICROS~1\Office14\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\BfLLR.dll TCP: Interfaces\{EC6D98E8-35A8-4DF7-9655-22A4503A461A}: NameServer = 192.168.0.1 - - - - USUNIĘTO PUSTE WPISY - - - - AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - C:\Users\Mat\AppData\Local\unins000.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\giqozewi] "ImagePath"="C:\Program Files (x86)\00000000-1441468542-0000-0000-448A5B4013F5\knsc8267.tmpfs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jimocoso] "ImagePath"="C:\Program Files (x86)\00000000-1441468542-0000-0000-448A5B4013F5\jnsnD05E.tmp" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\totyseku] "ImagePath"="C:\Program Files (x86)\00000000-1441468542-0000-0000-448A5B4013F5\hnsdEFD2.tmp" --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.18" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) Czas ukończenia: 2015-09-05 22:53:33 ComboFix-quarantined-files.txt 2015-09-05 20:53:22 Przed: 23 104 106 496 bajtów wolnych Po: 22 695 190 528 bajtów wolnych - - End Of File - - 7AE499433C714533F0E26B85A55B94CD 5FB38429D5D77768867C76DCBDB35194