ComboFix 15-11-05.01 - boss 2015-11-07 18:57:37.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1435 [GMT 1:00] Uruchomiony z: c:\documents and settings\boss\Pulpit\1.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\ntuser.pol c:\documents and settings\boss\Pulpit\Adware_Removal_Tool_by_TSA.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2015-10-07 do 2015-11-07 ))))))))))))))))))))))))))))))) . . 2015-11-05 12:02 . 2015-11-02 16:40 916600 ----a-w- c:\windows\system32\nvdispgenco3235887.dll 2015-11-05 12:02 . 2015-11-02 16:40 37874176 ----a-w- c:\windows\system32\nvcompiler.dll 2015-11-05 12:02 . 2015-11-02 16:40 1053304 ----a-w- c:\windows\system32\nvdispco3235887.dll 2015-11-02 17:14 . 2015-11-02 17:14 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage 2015-11-01 16:51 . 2015-11-01 16:51 -------- d-----w- c:\windows\Sun 2015-11-01 16:50 . 2015-11-01 16:50 -------- d-----w- c:\program files\Common Files\Java 2015-11-01 16:50 . 2015-11-01 16:49 146432 ----a-w- c:\windows\system32\javacpl.cpl 2015-11-01 16:50 . 2015-11-01 16:50 -------- d-----w- c:\documents and settings\boss\Ustawienia lokalne\Dane aplikacji\Sun 2015-11-01 16:50 . 2015-11-01 16:50 -------- d-----w- c:\documents and settings\boss\.oracle_jre_usage 2015-11-01 16:49 . 2015-11-01 16:49 97888 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2015-11-01 16:49 . 2015-11-01 16:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Oracle 2015-11-01 16:49 . 2015-11-01 16:49 -------- d-----w- c:\program files\Java 2015-11-01 16:48 . 2015-11-01 16:48 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\Oracle 2015-10-31 22:17 . 2015-10-31 22:24 290304 ----a-w- c:\windows\system32\subinacl.exe 2015-10-31 22:17 . 2015-10-31 22:17 -------- d-----w- c:\program files\Adware Removal Tool by TSA 2015-10-31 13:07 . 2015-10-31 23:22 -------- d--h--w- c:\windows\system32\GroupPolicy 2015-10-14 17:32 . 2015-10-18 13:32 3996360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-11-07 17:43 . 2014-06-05 15:56 106496 ----a-w- c:\windows\DUMP8dd8.tmp 2015-11-06 16:36 . 2014-06-06 10:27 794952 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2015-11-06 16:36 . 2014-06-06 10:27 435464 ----a-w- c:\windows\system32\drivers\aswsp.sys 2015-11-02 23:30 . 2014-06-05 16:08 926520 ----a-w- c:\windows\system32\nvhdagenco3220103.dll 2015-11-02 23:30 . 2014-06-05 16:08 35984 ----a-w- c:\windows\system32\nvhdap32.dll 2015-11-02 23:30 . 2014-06-05 16:08 138040 ----a-w- c:\windows\system32\drivers\nvhda32.sys 2015-11-02 16:40 . 2014-06-05 16:11 73728 ----a-w- c:\windows\system32\OpenCL.dll 2015-11-02 16:40 . 2014-06-05 16:08 3499264 ----a-w- c:\windows\system32\nv4_disp.dll 2015-11-02 16:40 . 2014-06-05 16:08 3067904 ----a-w- c:\windows\system32\nvapi.dll 2015-11-02 16:40 . 2014-06-05 16:08 2398896 ----a-w- c:\windows\system32\nvcuvid.dll 2015-11-02 16:40 . 2014-06-05 16:08 17289216 ----a-w- c:\windows\system32\nvoglnt.dll 2015-11-02 16:40 . 2014-06-05 16:08 13381632 ----a-w- c:\windows\system32\nvopencl.dll 2015-11-02 16:40 . 2014-06-05 16:08 11890688 ----a-w- c:\windows\system32\nvcuda.dll 2015-11-02 16:40 . 2014-06-05 16:08 11241112 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2015-11-02 13:29 . 2014-06-05 16:11 258048 ----a-w- c:\windows\system32\nvrstr.dll 2015-11-02 13:29 . 2014-06-05 16:11 258048 ----a-w- c:\windows\system32\nvrssl.dll 2015-11-02 13:29 . 2014-06-05 16:11 253952 ----a-w- c:\windows\system32\nvrsth.dll 2015-11-02 13:29 . 2014-06-05 16:11 253952 ----a-w- c:\windows\system32\nvrssv.dll 2015-11-02 13:29 . 2014-06-05 16:11 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2015-11-02 13:29 . 2014-06-05 16:11 126976 ----a-w- c:\windows\system32\nvrszht.dll 2015-11-02 13:29 . 2014-06-05 16:11 282624 ----a-w- c:\windows\system32\nvrsit.dll 2015-11-02 13:29 . 2014-06-05 16:11 274432 ----a-w- c:\windows\system32\nvrspt.dll 2015-11-02 13:29 . 2014-06-05 16:11 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2015-11-02 13:29 . 2014-06-05 16:11 274432 ----a-w- c:\windows\system32\nvrsja.dll 2015-11-02 13:29 . 2014-06-05 16:11 270336 ----a-w- c:\windows\system32\nvrsru.dll 2015-11-02 13:29 . 2014-06-05 16:11 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2015-11-02 13:29 . 2014-06-05 16:11 266240 ----a-w- c:\windows\system32\nvrsko.dll 2015-11-02 13:29 . 2014-06-05 16:11 258048 ----a-w- c:\windows\system32\nvrssk.dll 2015-11-02 13:29 . 2014-06-05 16:11 258048 ----a-w- c:\windows\system32\nvrspl.dll 2015-11-02 13:29 . 2014-06-05 16:11 253952 ----a-w- c:\windows\system32\nvrsno.dll 2015-11-02 13:29 . 2014-06-05 16:11 335872 ----a-w- c:\windows\system32\nvrshe.dll 2015-11-02 13:29 . 2014-06-05 16:11 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2015-11-02 13:29 . 2014-06-05 16:11 282624 ----a-w- c:\windows\system32\nvrses.dll 2015-11-02 13:29 . 2014-06-05 16:11 282624 ----a-w- c:\windows\system32\nvrsel.dll 2015-11-02 13:29 . 2014-06-05 16:11 278528 ----a-w- c:\windows\system32\nvrsde.dll 2015-11-02 13:29 . 2014-06-05 16:11 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2015-11-02 13:29 . 2014-06-05 16:11 262144 ----a-w- c:\windows\system32\nvrshu.dll 2015-11-02 13:29 . 2014-06-05 16:11 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2015-11-02 13:29 . 2014-06-05 16:11 249856 ----a-w- c:\windows\system32\nvrseng.dll 2015-11-02 13:29 . 2014-06-05 16:11 335872 ----a-w- c:\windows\system32\nvrsar.dll 2015-11-02 13:29 . 2014-06-05 16:11 253952 ----a-w- c:\windows\system32\nvrsda.dll 2015-11-02 13:29 . 2014-06-05 16:11 249856 ----a-w- c:\windows\system32\nvrscs.dll 2015-11-02 13:27 . 2014-06-05 16:11 54272 ----a-w- c:\windows\system32\nvwddi.dll 2015-11-02 13:27 . 2014-06-05 16:11 375088 ----a-w- c:\windows\system32\nvmctray.dll 2015-11-02 13:27 . 2014-06-05 16:11 15208056 ----a-w- c:\windows\system32\nvcpl.dll 2015-11-02 13:27 . 2014-06-05 16:11 144504 ----a-w- c:\windows\system32\nvsvc32.exe 2015-11-02 13:27 . 2014-06-05 16:11 142968 ----a-w- c:\windows\system32\nvcolor.exe 2015-10-31 22:37 . 2015-08-12 19:59 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-10-18 13:32 . 2014-06-05 15:52 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-10-18 13:32 . 2014-06-05 15:52 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-10-05 07:50 . 2015-08-12 19:59 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-10-05 07:50 . 2015-08-12 19:59 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-10-03 03:50 . 2015-10-07 13:11 916600 ----a-w- c:\windows\system32\nvdispgenco3235850.dll 2015-10-03 03:49 . 2015-10-07 13:11 1053488 ----a-w- c:\windows\system32\nvdispco3235850.dll 2015-09-01 14:35 . 2015-04-04 11:16 73272 ----a-w- C:\wow_helper.exe 2015-09-01 14:35 . 2015-04-04 11:16 45066296 ----a-w- C:\libcef.dll 2015-09-01 14:35 . 2015-04-04 11:16 967736 ----a-w- C:\ffmpegsumo.dll 2015-09-01 14:35 . 2015-04-04 11:16 80952 ----a-w- C:\libEGL.dll 2015-09-01 14:35 . 2015-04-04 11:16 1649208 ----a-w- C:\libGLESv2.dll 2015-09-01 14:35 . 2015-04-04 11:16 98360 ----a-w- C:\SpotifyLauncher.exe 2015-09-01 14:35 . 2015-04-04 11:16 839224 ----a-w- C:\SpotifyCrashService.exe 2015-09-01 14:35 . 2015-04-04 11:16 3457592 ----a-w- C:\d3dcompiler_47.dll 2015-09-01 14:35 . 2015-04-04 11:16 2106424 ----a-w- C:\d3dcompiler_43.dll 2015-09-01 14:35 . 2015-04-04 11:16 2018360 ----a-w- C:\SpotifyWebHelper.exe 2015-09-01 14:35 . 2015-04-04 11:16 7389752 ----a-w- C:\Spotify.exe 2015-08-13 10:43 . 2014-06-06 10:27 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2015-08-13 10:43 . 2015-08-13 10:43 161472 ----a-w- c:\windows\system32\drivers\aswStmXP.sys 2015-08-13 10:43 . 2014-06-06 10:27 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-08-13 10:43 . 2014-06-06 10:27 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-08-13 10:43 . 2014-06-06 10:27 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-08-13 10:43 . 2014-06-06 10:27 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-08-13 10:43 . 2014-06-06 10:27 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2015-08-13 10:43 . 2015-08-13 10:43 313472 ----a-w- c:\windows\system32\aswBoot.exe 2015-08-13 10:43 . 2015-08-13 10:43 43112 ----a-w- c:\windows\avastSS.scr . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-08-13 10:43 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624] "SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200] "Spotify Web Helper"="c:\documents and settings\boss\Dane aplikacji\Spotify\SpotifyWebHelper.exe" [2015-10-21 2030912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-27 2634872] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-06 6111312] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576] "RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-10-06 597040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2015-11-02 15208056] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2015-11-02 375088] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2015-11-02 2591888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ AdFender.lnk - c:\program files\AdFender\AdFender.exe -autostart [2013-5-29 3225712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Documents and Settings\\boss\\Dane aplikacji\\Spotify\\spotify.exe"= "d:\\gry\\steam\\Steam.exe"= "d:\\gry\\steam\\SteamApps\\common\\Defy Gravity\\DefyGravity.exe"= "c:\\Program Files\\Sony Mobile\\Update Engine\\Sony Mobile Update Engine.exe"= "d:\\gry\\steam\\bin\\steamwebhelper.exe"= "d:\\gry\\steam\\SteamApps\\common\\Broforce The Expendables Missions\\Expendabros.exe"= "d:\\gry\\steam\\SteamApps\\common\\Deadlight\\Binaries\\Win32\\LOTDGame.exe"= "d:\\gry\\steam\\SteamApps\\common\\Doom 3\\Doom3.exe"= "d:\\gry\\steam\\SteamApps\\common\\Quake Live\\quakelive_steam.exe"= "d:\\gry\\steam\\SteamApps\\common\\Nosferatu The Wrath of Malachi\\Nosferatu.exe"= "c:\\Program Files\\Raptr\\raptr_im.exe"= "d:\\gry\\steam\\SteamApps\\common\\RBS\\Really Big Sky.exe"= "d:\\gry\\steam\\SteamApps\\common\\nosgoth\\Binaries\\Win32\\Nosgoth.exe"= "d:\\gry\\steam\\SteamApps\\common\\DefenseGridTheAwakening\\DefenseGrid.exe"= "c:\\Spotify.exe"= "d:\\gry\\steam\\SteamApps\\common\\Dark Forces\\DosBox\\dosbox.exe"= "d:\\gry\\steam\\SteamApps\\common\\PAYDAY The Heist\\payday_win32_release.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\gry\\steam\\SteamApps\\common\\Double Action\\hl2.exe"= "d:\\gry\\steam\\SteamApps\\common\\Double Action\\bin\\hammer.exe"= "d:\\gry\\steam\\SteamApps\\common\\Double Action\\bin\\hlmv.exe"= "d:\\gry\\steam\\SteamApps\\common\\dota 2 beta\\game\\bin\\win32\\dota2.exe"= "d:\\gry\\steam\\SteamApps\\common\\CastleCrashers\\castle.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"= "d:\\gry\\steam\\SteamApps\\common\\FreeStyle2\\LauncherSteam.exe"= "d:\\gry\\steam\\SteamApps\\common\\FreeStyle2\\FreeStyle2.exe"= "d:\\gry\\steam\\SteamApps\\common\\Pid\\Pid.exe"= "d:\\gry\\steam\\SteamApps\\common\\Splinter Cell\\system\\splintercell.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-06-06 49776] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-06-06 208664] R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-06-06 794952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-06-06 435464] R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-06-06 24016] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-06-06 76000] R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-06-05 1872504] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-08-12 1738168] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-08-12 2088408] R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2015-08-13 161472] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-08-12 23256] S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624] S2 KMService;KMService;c:\windows\system32\srvany.exe [2014-06-06 8192] S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-08-12 1135416] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-08-12 171928] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2014-06-05 1691480] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-10-24 16:02 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2015-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-05 13:32] . 2015-11-07 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-13 10:43] . 2015-11-07 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2015-08-12 09:52] . 2015-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-06-05 21:33] . 2015-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-06-05 21:33] . 2015-08-12 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2015-08-12 08:41] . 2015-10-31 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2015-08-12 08:42] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 217.113.224.134 217.113.224.35 FF - ProfilePath - c:\documents and settings\boss\Dane aplikacji\Mozilla\Firefox\Profiles\13g3ahcf.default\ FF - prefs.js: browser.search.selectedEngine - piesearch FF - prefs.js: browser.startup.homepage - about:home . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-11-07 19:02 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . Czas ukończenia: 2015-11-07 19:04:13 ComboFix-quarantined-files.txt 2015-11-07 18:04 ComboFix2.txt 2015-08-13 13:00 ComboFix3.txt 2015-08-12 22:32 . Przed: 106 760 523 776 bajtów wolnych Po: 106 758 979 584 bajtów wolnych . - - End Of File - - F16F5518C28B3176DCE23B53641B18C4 32052574BF9F325AE309ABC7BFD04460