Logi z combofixa:
ComboFix 13-07-09.01 - abc 2013-07-09 20:30:37.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.8174.6015 [GMT 2:00]
Uruchomiony z: C:\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
.
.
((((((((((((((((((((((((( Pliki utworzone od 2013-06-09 do 2013-07-09 )))))))))))))))))))))))))))))))
.
.
2013-07-09 18:38 . 2013-07-09 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-09 06:27 . 2013-07-07 13:16 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 06:26 . 2013-07-09 06:26 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{775D8D0D-A474-476C-AEDB-EAD197386510}\gapaengine.dll
2013-07-09 06:26 . 2013-06-11 18:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DAFFE34-6BB5-4ADF-839D-69EF688375C9}\mpengine.dll
2013-07-08 07:43 . 2013-07-08 07:43 -------- d-----w- c:\users\abc\AppData\Roaming\Apple Computer
2013-07-08 07:43 . 2013-07-08 07:43 -------- d-----w- c:\users\abc\AppData\Local\Apple Computer
2013-07-08 07:43 . 2013-06-14 13:08 700856 ----a-w- c:\windows\SysWow64\TransX.ocx
2013-07-08 07:43 . 2013-07-08 07:43 -------- d-----w- c:\program files (x86)\Trans
2013-07-08 07:43 . 2013-07-08 07:43 -------- d-----w- c:\users\abc\AppData\Roaming\RST
2013-07-07 16:38 . 2013-07-07 16:38 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Ustawienia lokalne
2013-07-07 16:38 . 2013-07-07 16:38 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Dane aplikacji
2013-07-07 16:34 . 2013-07-07 16:34 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2013-07-07 16:34 . 2013-07-07 16:36 -------- d-----w- c:\program files (x86)\CheckPoint
2013-07-07 16:33 . 2013-07-07 16:33 -------- d-----w- c:\programdata\CheckPoint
2013-07-07 16:25 . 2013-07-07 16:25 -------- d-----w- c:\users\abc\AppData\Roaming\Avira
2013-07-07 16:22 . 2013-07-07 16:22 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-07-07 16:21 . 2013-06-20 12:49 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-07-07 16:21 . 2013-06-20 12:49 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-07-07 16:21 . 2013-03-06 14:13 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-07-07 16:21 . 2013-07-07 16:21 -------- d-----w- c:\programdata\Avira
2013-07-07 16:21 . 2013-07-07 16:21 -------- d-----w- c:\program files (x86)\Avira
2013-07-07 16:19 . 2013-07-07 16:19 -------- d-----w- c:\windows\system32\drivers\NSTx64
2013-07-07 16:19 . 2013-07-07 16:19 -------- d-----w- c:\program files (x86)\Norton Safe Web Lite
2013-07-07 16:19 . 2013-07-07 16:19 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-07-07 14:50 . 2012-07-26 08:00 2560 ----a-w- c:\windows\system32\drivers\it-IT\wdf01000.sys.mui
2013-07-07 14:50 . 2012-07-26 05:05 2560 ----a-w- c:\windows\system32\drivers\pl-PL\wdf01000.sys.mui
2013-07-07 14:50 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-07-07 14:50 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-07-07 14:50 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-07-07 14:36 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-07-07 14:17 . 2013-06-02 15:11 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-07-07 14:15 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-07-07 14:15 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-07-07 14:15 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-07-07 14:15 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-07-07 14:15 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-07-07 14:15 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-07-07 14:14 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-07-07 14:14 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-07-07 14:14 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-07-07 14:14 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-07-07 14:14 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-07-07 14:14 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-07-07 14:14 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-07-07 14:08 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-07-07 14:08 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-07-07 14:08 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-07-07 14:08 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-07-07 14:08 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-07-07 14:05 . 2013-07-07 14:05 -------- d-----w- c:\users\abc\AppData\Local\Macromedia
2013-07-07 14:02 . 2013-07-07 14:02 -------- d-----w- c:\program files\Google
2013-07-07 14:02 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-07 14:02 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-07 14:02 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2013-07-07 14:01 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-07 14:01 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-07-07 14:01 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-07-07 14:01 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-07-07 14:01 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-07-07 14:01 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-07-07 14:01 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-07-07 14:01 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2013-07-07 14:01 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2013-07-07 13:59 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-07-07 13:58 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2013-07-07 13:57 . 2011-05-04 05:25 2315776 ----a-w- c:\windows\system32\tquery.dll
2013-07-07 13:56 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-07 13:55 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2013-07-07 13:55 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2013-07-07 13:55 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-07-07 13:55 . 2013-07-07 13:55 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-07 13:55 . 2013-07-07 13:55 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-07 13:55 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-07-07 13:55 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-07-07 13:55 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-07-07 13:55 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-07-07 13:55 . 2013-07-07 13:55 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-07 13:55 . 2013-07-07 13:55 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-07 13:55 . 2013-07-07 13:55 188840 ----a-w- c:\windows\system32\java.exe
2013-07-07 13:54 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-07-07 13:54 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-07-07 13:54 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-07-07 13:54 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2013-07-07 13:54 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2013-07-07 13:54 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2013-07-07 13:54 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2013-07-07 13:51 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-07-07 13:49 . 2013-07-07 13:50 -------- d-----w- c:\program files\Core Temp
2013-07-07 13:48 . 2013-07-07 13:48 -------- d-----w- c:\programdata\APN
2013-07-07 13:48 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-07-07 13:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-07-07 13:48 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-07-07 13:44 . 2013-07-07 13:44 -------- d-----w- c:\users\abc\AppData\Local\Mozilla
2013-07-07 13:44 . 2013-07-07 13:44 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-07-07 13:32 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2013-07-07 13:32 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-07-07 13:31 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-07-07 13:31 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-07-07 13:31 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-07-07 13:31 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-07-07 13:30 . 2013-07-07 13:30 -------- d-----w- c:\program files\Microsoft Silverlight
2013-07-07 13:30 . 2013-07-07 13:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-07-07 13:27 . 2013-07-07 14:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-07 13:27 . 2013-07-07 14:06 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-07 13:27 . 2013-07-07 13:27 -------- d-----w- c:\windows\system32\Macromed
2013-07-07 13:26 . 2013-07-07 14:18 -------- d-----w- c:\users\abc\AppData\Local\Adobe
2013-07-07 13:24 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-07-07 13:24 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-07-07 13:24 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-07-07 13:24 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-07-07 13:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-07-07 13:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-07-07 13:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-07-07 13:23 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-07-07 13:23 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-07-07 13:20 . 2013-07-07 13:20 -------- d-----w- c:\users\abc\AppData\Roaming\GRETECH
2013-07-07 13:18 . 2013-07-07 13:18 -------- d-----w- c:\program files\WOT
2013-07-07 13:18 . 2013-07-07 13:18 -------- d-----w- c:\program files (x86)\WOT
2013-07-07 13:16 . 2013-06-11 18:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-07 13:16 . 2013-05-02 15:29 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-07-07 13:15 . 2013-07-07 13:15 -------- d-----w- c:\users\abc\AppData\Local\Programs
2013-07-07 13:13 . 2010-11-20 03:34 3584 ----a-w- c:\windows\system32\drivers\it-IT\tsusbflt.sys.mui
2013-07-07 13:13 . 2010-11-20 03:44 2560 ----a-w- c:\windows\system32\drivers\it-IT\rdpwd.sys.mui
2013-07-07 13:11 . 2010-11-20 03:45 2560 ----a-w- c:\windows\system32\drivers\pl-PL\rdpwd.sys.mui
2013-07-07 13:11 . 2010-11-20 03:41 3072 ----a-w- c:\windows\system32\drivers\pl-PL\NV_AGP.SYS.mui
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-07 13:55 . 2010-11-17 08:42 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-07 13:52 . 2010-11-17 08:42 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-07 12:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-07-07 12:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-04-13 05:49 . 2013-07-07 14:01 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-07-07 14:01 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-07-07 14:01 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-07-07 14:01 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-07-07 14:01 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-07-07 14:01 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Trans"="c:\program files (x86)\Trans\trans.exe" [2013-06-14 4839968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-28 584760]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-20 345144]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-19 73832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 ALSysIO;ALSysIO;c:\users\abc\AppData\Local\Temp\ALSysIO64.sys;c:\users\abc\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - ALSYSIO
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 12:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-07 13:59]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-07 13:59]
.
2013-07-07 c:\windows\Tasks\HPCeeScheduleForABC-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-08-31 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 217.144.192.2 217.144.192.33
FF - ProfilePath - c:\users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\u3t46pcy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-07-07 18:19; {203FB6B2-2E1E-4474-863B-4C483ECCE78E}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST
FF - ExtSQL: 2013-07-07 18:50;
[email protected]; c:\users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\u3t46pcy.default\extensions\
[email protected]
FF - ExtSQL: 2013-07-07 18:52; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\u3t46pcy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: extensions.zonealarm.hpOld0 -
www.google.pl
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughDev3&Lan={dfltLng}&gu=7f5d28746d2544dc9c67c3b70c7b699a&tu=10G9y008v2B0CO0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 9cc719e5000000000000889ffa694c00
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15893
FF - user.js: extensions.zonealarm.vrsn - 1.8.21.15
FF - user.js: extensions.zonealarm.vrsni - 1.8.21.15
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.21.1518:34
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughDev3
FF - user.js: extensions.zonealarm.instlRef - ZLN118799398271805-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=7f5d28746d2544dc9c67c3b70c7b699a&tu=10G9y008v2B0CO0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=goughDev3&Lan=en&gu=7f5d28746d2544dc9c67c3b70c7b699a&tu=10G9y008v2B0CO0&sku=&tstsId=&ver=&
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2013-07-09 20:43:06
ComboFix-quarantined-files.txt 2013-07-09 18:43
.
Przed: 192*383*385*600 bajtów wolnych
Po: 192*026*894*336 bajtów wolnych
.
- - End Of File - - C4569AD74C2129E912DB9BB7D0ABC6C6
D41D8CD98F00B204E9800998ECF8427E