WIRUS WEBSSEARCHES.COM

[blackthcnetherland]

ZAINSTALOWAŁ MI SIE TAKI WIRUS Istart.webssearches.com TRAGEDIA SIEDZI WE WSZYSTKICH PRZEGLADARKACH ZADNYM SPOSOBEM NIE DA SIE GO WYKOPAC NA ZBITY RYJ CIAGLE OTWIERA DODATKOWE OKNA BLOKUJE INSTALOWANIE OPROGRAMOWAN ITP ITD SKURWIALE BADZIEWIE ZAJEBAC TYCH GNOI CO TO PRODUKUJA I ZAKOPAC WYKOPAC I ZAKOPAC !!!!!!!!!!!!! PROSZE O POMOC BO NIE DAJE Z TYM RADY (((((((((((


ComboFix 14-05-10.01 - marek 2014-05-13 4:01.3.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1043.18.3836.3159 [GMT 2:00]
Uruchomiony z: c:\users\marek\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((( Pliki utworzone od 2014-04-13 do 2014-05-13 )))))))))))))))))))))))))))))))
.
.
2014-05-13 02:09 . 2014-05-13 02:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-13 01:16 . 2014-05-13 01:24 -------- d-----w- c:\users\marek\AppData\Roaming\systweak
2014-05-13 01:16 . 2014-05-13 01:16 -------- d-----w- c:\programdata\Systweak
2014-05-13 01:16 . 2014-05-13 01:17 -------- d-----w- c:\program files (x86)\Advanced System Protector
2014-05-13 01:16 . 2012-07-25 10:03 16896 ----a-w- c:\windows\system32\sasnative64.exe
2014-05-13 01:01 . 2014-05-13 01:01 -------- d-----w- c:\program files (x86)\RegClean Pro
2014-05-12 22:43 . 2012-06-22 09:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2014-05-12 22:43 . 2014-05-12 22:43 110080 ----a-r- c:\users\marek\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconD7F16134.exe
2014-05-12 22:43 . 2014-05-12 22:43 110080 ----a-r- c:\users\marek\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\Icon1226A4C5.exe
2014-05-12 22:43 . 2014-05-12 22:43 110080 ----a-r- c:\users\marek\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconF7A21AF7.exe
2014-05-12 22:43 . 2014-05-12 22:43 -------- d-----w- C:\sh4ldr
2014-05-12 22:43 . 2014-05-12 22:43 -------- d-----w- c:\program files\Enigma Software Group
2014-05-12 22:42 . 2014-05-12 22:43 -------- d-----w- c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-12 22:41 . 2014-05-12 22:41 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-05-12 21:34 . 2014-05-13 01:48 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6016929-1A78-4D5E-94FB-EEBAAED16FEE}\offreg.dll
2014-05-11 18:22 . 2014-05-11 18:24 -------- d-----w- c:\users\marek\AppData\Local\PriceMeter
2014-05-11 18:07 . 2014-05-11 18:07 -------- d-----w- c:\users\marek\AppData\Roaming\SupTab
2014-05-11 18:07 . 2014-05-11 18:08 -------- d-----w- c:\programdata\IePluginService
2014-05-11 18:07 . 2014-05-11 18:07 -------- d-----w- c:\program files (x86)\SupTab
2014-05-11 18:06 . 2014-05-12 20:55 -------- d-----w- c:\programdata\WPM
2014-05-11 18:05 . 2014-05-11 18:05 -------- d-----w- c:\program files (x86)\globalUpdate
2014-05-11 18:05 . 2014-05-11 18:05 -------- d-----w- c:\users\marek\AppData\Local\globalUpdate
2014-05-11 18:05 . 2014-05-12 18:07 -------- d-----w- c:\program files (x86)\Freeven pro 1.2
2014-05-11 18:04 . 2014-05-11 18:04 -------- d-----w- c:\users\marek\AppData\Local\Local_Weather_LLC
2014-05-11 18:04 . 2014-05-12 20:42 -------- d-----w- c:\users\marek\AppData\Roaming\webssearches
2014-05-11 18:03 . 2014-05-13 00:45 -------- d-----w- c:\users\marek\AppData\Local\WeatherAlerts
2014-05-11 01:37 . 2014-05-11 01:37 -------- d-----w- C:\Games
2014-05-09 12:32 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6016929-1A78-4D5E-94FB-EEBAAED16FEE}\mpengine.dll
2014-05-07 22:29 . 2014-05-12 15:27 -------- d-----w- c:\users\marek\AppData\Local\DM
2014-05-06 14:44 . 2014-05-06 14:44 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 12:54 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 12:54 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-04 21:15 . 2013-02-18 16:46 4216840 ----a-w- c:\program files (x86)\Common Files\vcredist_2008_sp1_x86.exe
2014-05-04 21:15 . 2014-05-04 21:52 -------- d-----w- c:\program files (x86)\B1 Free Archiver
2014-05-03 21:25 . 2014-04-29 14:14 19275264 ----a-w- c:\windows\system32\mshtml.dll
2014-05-03 21:25 . 2014-04-29 12:25 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-03 21:25 . 2014-04-29 12:36 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-02 22:26 . 2014-05-02 22:26 -------- d-----w- c:\programdata\BlueStacks
2014-05-02 16:04 . 2014-05-02 16:04 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-02 16:04 . 2014-05-02 16:04 43152 ----a-w- c:\windows\avastSS.scr
2014-05-01 11:53 . 2014-04-28 08:23 61112 ----a-w- c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-01 10:18 . 2014-05-01 10:18 -------- d-----w- c:\program files\WinRAR
2014-05-01 10:16 . 2014-05-01 10:16 -------- d-----w- c:\users\marek\AppData\Local\Programs
2014-04-28 16:30 . 2014-04-28 16:30 -------- d-----w- c:\windows\SysWow64\Adobe
2014-04-27 16:34 . 2014-04-27 16:34 -------- d-----w- c:\users\marek\AppData\Local\CrashRpt
2014-04-27 16:30 . 2014-04-27 16:30 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2014-04-27 16:30 . 2010-06-02 02:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-04-27 16:30 . 2010-06-02 02:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-04-27 16:30 . 2010-05-26 09:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-04-27 16:30 . 2010-05-26 09:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-04-27 16:30 . 2010-05-26 09:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-04-27 16:30 . 2010-05-26 09:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-04-27 16:30 . 2010-02-04 08:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2014-04-27 16:30 . 2010-02-04 08:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2014-04-27 16:30 . 2007-04-04 16:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2014-04-26 17:57 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2014-04-26 17:57 . 2007-01-24 13:27 393576 ----a-w- c:\windows\system32\xactengine2_6.dll
2014-04-26 17:57 . 2007-01-24 13:27 255848 ----a-w- c:\windows\SysWow64\xactengine2_6.dll
2014-04-26 17:57 . 2006-12-08 10:02 251672 ----a-w- c:\windows\SysWow64\xactengine2_5.dll
2014-04-26 17:57 . 2006-12-08 10:00 390424 ----a-w- c:\windows\system32\xactengine2_5.dll
2014-04-26 17:57 . 2006-11-29 11:06 469264 ----a-w- c:\windows\system32\d3dx10.dll
2014-04-26 17:57 . 2006-11-29 11:06 440080 ----a-w- c:\windows\SysWow64\d3dx10.dll
2014-04-24 13:23 . 2014-04-24 13:23 -------- d-----w- c:\users\marek\AppData\Roaming\Unity
2014-04-24 13:18 . 2014-04-24 13:18 -------- d-----w- c:\users\marek\AppData\Local\Unity
2014-04-24 11:19 . 2014-04-26 16:35 291760 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-24 11:19 . 2014-04-24 11:19 -------- d-----w- c:\users\marek\AppData\Local\PunkBuster
2014-04-24 11:13 . 2014-04-27 16:31 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-04-24 11:13 . 2014-04-27 16:31 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-24 11:13 . 2014-04-27 16:30 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-24 11:12 . 2014-04-24 11:12 -------- d-----w- c:\users\marek\AppData\Local\Ubisoft
2014-04-24 11:12 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2014-04-24 11:12 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2014-04-24 11:12 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2014-04-24 11:12 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-04-24 11:12 . 2007-04-04 16:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2014-04-23 15:39 . 2013-11-05 22:11 4797064 ----a-w- c:\windows\SysWow64\GameMon.des
2014-04-23 15:37 . 2005-01-04 09:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2014-04-23 15:37 . 2003-07-20 18:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2014-04-23 15:35 . 2014-04-23 15:35 -------- d-----w- c:\program files\Common Files\INCA Shared
2014-04-23 10:24 . 2014-04-30 09:05 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-04-14 13:26 . 2014-03-13 05:09 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2014-04-14 13:26 . 2014-03-13 06:33 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-04-14 13:26 . 2014-03-13 06:31 39936 ----a-w- c:\windows\system32\iernonce.dll
2014-04-14 13:26 . 2014-03-13 05:09 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-04-14 13:26 . 2014-03-13 03:59 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-04-14 13:26 . 2014-03-13 03:51 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-04-14 13:26 . 2014-03-13 06:31 136704 ----a-w- c:\windows\system32\iesysprep.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-02 16:04 . 2014-02-05 16:37 85328 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-05-02 16:04 . 2013-03-15 14:55 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-02 16:04 . 2012-04-18 17:03 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-05-02 16:04 . 2012-04-18 17:03 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-05-02 16:04 . 2013-03-15 14:55 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-02 16:04 . 2012-04-18 17:03 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-02 16:04 . 2011-10-15 16:30 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-02 16:04 . 2012-04-18 17:03 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-29 08:47 . 2012-04-17 18:07 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 08:47 . 2012-04-17 18:07 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-25 12:49 . 2013-02-17 10:10 20312 ----a-w- c:\windows\system32\roboot64.exe
2014-04-14 22:12 . 2011-11-30 16:54 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 09:17 . 2014-04-14 13:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110511421153}]
2014-05-11 18:07 499560 ----a-w- c:\program files (x86)\Freeven pro 1.2\Freeven pro 1.2-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-04-11 02:05 513648 ----a-w- c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-19 336384]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-03-01 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-03-01 162912]
"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-02 3873704]
.
c:\users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopWeatherAlerts.lnk - c:\users\marek\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe [2014-2-25 550952]
Weather Alerts.lnk - c:\users\marek\AppData\Local\WeatherAlerts\WeatherAlerts.exe /restart [2013-11-13 166072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64;{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64;c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys;c:\windows\SYSNATIVE\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 globalUpdate;globalUpdate Update Service (globalUpdate);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
R2 IePluginService;IePlugin Service;c:\programdata\IePluginService\PluginService.exe;c:\programdata\IePluginService\PluginService.exe [x]
R2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 Realtek87B;Realtek87B;c:\program files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-05-13 c:\windows\Tasks\95957052-71f9-4e65-a359-4f6eedeaf3ca-3.job
- c:\program files (x86)\Freeven pro 1.2\95957052-71f9-4e65-a359-4f6eedeaf3ca-3.exe [2014-05-11 18:05]
.
2014-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 08:48]
.
2014-05-13 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-11 18:05]
.
2014-05-13 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-11 18:05]
.
2014-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149721092-1329347148-580333694-1001Core.job
- c:\users\marek\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 11:46]
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149721092-1329347148-580333694-1001UA.job
- c:\users\marek\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 11:46]
.
2014-05-13 c:\windows\Tasks\RegClean Pro.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2014-05-13 12:49]
.
2014-05-13 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2014-05-13 12:49]
.
2014-05-13 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2014-05-13 12:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-02 16:04 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-03-30 11:43 507904 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-03-30 11:43 507904 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-03-30 11:43 507904 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-03-30 11:43 507904 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-14 11774568]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.pl/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?typ ... VMYLQJ4&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp ... XX9VMYLQJ4
mStart Page = hxxp://istart.webssearches.com/?type=hp ... XX9VMYLQJ4
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?typ ... VMYLQJ4&q={searchTerms}
TCP: DhcpNameServer = 192.168.2.254 195.241.77.55 195.241.77.58
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
AddRemove-Updater Service - c:\programdata\IBUpdaterService\ibsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-149721092-1329347148-580333694-1001)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-149721092-1329347148-580333694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2014-05-13 04:12:16
ComboFix-quarantined-files.txt 2014-05-13 02:12
ComboFix2.txt 2014-05-13 01:55
.
Przed: 176 432 615 424 bytes beschikbaar
Po: 176 370 339 840 bytes beschikbaar
.
- - End Of File - - FBD2C2DC32FBA6C2146BB1655B6E09EB
A36C5E4F47E84449FF07ED3517B43A31

Regulamin forum oraz serwisu hotfix.pl

7. Na forum używamy polskiej pisowni, uwzględniając stosowanie polskich znaków diakrytycznych (ą, ę, ć, ż, ź, ł, ę, ś, ó). Zdania powinny być wolne od błędów ortograficznych, zawierać odpowiednią formę stylistyczną i składniową, nie zapominając o znakach przestankowych.

13. Korzystaj z domyślnej czcionki, nie używaj nagminnie upiększaczy (emotikon itp).

17. Nie używaj wulgaryzmów.

Regulamin Bezpieczeństwa

Proszę nie korzystać z tagów QUOTE oraz CODE
Do wrzucania logów korzystamy tylko i jedynie z serwisu Dostępne tylko dla zarejestrowanych użytkowników
Jest on najlepszy z powodu nie obcinania długich partii tekstu i nie cechuje się ,,duperelami"

Proszę zastosować się do p/w regulaminów,
XMan.

[mity4]

użyj programu adwCleaner

oraz załóż post w zakladce bezpieczeństwie o LOGI