ComboFix 11-09-21.04 - Mateusz 2011-09-25   7:41.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.48.1045.18.4095.2481 [GMT 2:00]
Uruchomiony z: c:\users\Mateusz\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-08-25 do 2011-09-25  )))))))))))))))))))))))))))))))
.
.
2011-09-25 05:14 . 2011-09-25 05:14	--------	d-----w-	C:\SOPHTEMP
2011-09-25 05:07 . 2011-09-21 07:00	9049936	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB41796B-758A-4196-A671-4803C1DD14AE}\mpengine.dll
2011-09-25 05:05 . 2011-09-25 05:05	--------	d-----w-	c:\programdata\Avira
2011-09-25 05:05 . 2011-09-25 05:05	--------	d-----w-	c:\program files (x86)\Avira
2011-09-25 05:05 . 2011-07-21 10:15	123784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-09-25 05:05 . 2011-07-21 10:15	88288	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-09-23 13:48 . 2011-09-23 13:48	--------	d-----w-	c:\users\Mateusz\AppData\Local\EA Games
2011-09-22 13:55 . 2011-09-22 13:55	--------	d-----w-	c:\users\Mateusz\AppData\Local\SKIDROW
2011-09-22 13:54 . 2011-09-22 13:54	--------	d-----w-	c:\users\Mateusz\AppData\Local\THQ
2011-09-21 11:52 . 2011-09-21 11:52	--------	d-----w-	c:\users\Mateusz\AppData\Local\BitTorrent
2011-09-16 14:39 . 2011-09-18 10:30	--------	d-----w-	c:\users\Mateusz\riotsGamesLogs
2011-09-16 14:39 . 2011-09-16 14:39	--------	d-----w-	c:\users\Mateusz\AppData\Roaming\LolClient
2011-09-16 12:57 . 2011-09-16 12:57	--------	d-----w-	c:\users\Mateusz\AppData\Roaming\OpenOffice.org
2011-09-16 12:55 . 2011-09-16 12:55	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2011-09-16 12:55 . 2011-09-16 12:55	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-09-16 12:54 . 2011-09-16 12:54	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-09-16 12:54 . 2011-09-16 12:54	--------	d-----w-	c:\program files (x86)\Java
2011-09-16 12:48 . 2008-07-12 06:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2011-09-16 12:48 . 2008-07-12 06:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2011-09-16 12:48 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2011-09-15 13:55 . 2011-09-25 05:45	--------	d-----w-	c:\users\Mateusz\AppData\Local\PMB Files
2011-09-15 13:55 . 2011-09-21 12:19	--------	d-----w-	c:\programdata\PMB Files
2011-09-15 13:55 . 2011-09-15 13:55	--------	d-----w-	c:\program files (x86)\Pando Networks
2011-09-12 17:46 . 2011-09-12 17:47	--------	d-----w-	c:\users\Mateusz\AppData\Local\Adobe
2011-09-04 16:04 . 2011-09-04 16:04	--------	d-----w-	c:\program files (x86)\PIXresizer
2011-09-04 16:04 . 2007-04-14 22:05	991232	----a-w-	c:\windows\SysWow64\imageviewer2.ocx
2011-09-04 16:04 . 2004-03-08 21:00	224016	----a-w-	c:\windows\SysWow64\tabctl32.ocx
2011-09-04 16:04 . 2002-08-29 17:00	1703936	----a-w-	c:\windows\SysWow64\gdiplus.dll
2011-09-04 16:04 . 2000-07-09 16:15	106496	----a-w-	c:\windows\SysWow64\mbprgbar.ocx
2011-09-04 16:04 . 2000-05-21 22:00	608448	----a-w-	c:\windows\SysWow64\comctl32.ocx
2011-09-04 16:04 . 2000-05-01 21:02	110592	----a-w-	c:\windows\SysWow64\ccrpbds6.dll
2011-09-04 16:04 . 1999-09-16 07:04	151552	----a-w-	c:\windows\SysWow64\ccrpfd6.ocx
2011-09-04 16:04 . 1998-06-23 22:00	164144	----a-w-	c:\windows\SysWow64\comct232.ocx
2011-09-04 16:04 . 1996-01-11 22:00	200704	----a-w-	c:\windows\SysWow64\threed32.ocx
2011-08-31 10:28 . 2011-08-31 10:28	--------	d-----w-	c:\program files (x86)\MSECache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 09:33 . 2011-08-23 09:33	0	----a-w-	c:\windows\SysWow64\ConduitEngine.tmp
2011-08-12 23:44 . 2011-08-12 23:44	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-08-12 23:44 . 2011-08-12 23:44	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22	176936	----a-w-	c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-28 16:22	176936	----a-w-	c:\program files (x86)\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"ares"="c:\program files (x86)\Ares\Ares.exe" [2010-10-27 1015808]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-15 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 2371584]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
c:\users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R3 ALSysIO;ALSysIO;c:\users\Mateusz\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Mateusz\AppData\Local\Temp\GPU-Z.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef154ecf-9d11-11df-838a-b4fe4040dfe4}]
\shell\AutoRun\command - deads.EXE
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3488090254-473268769-2033524579-1000Core.job
- c:\users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 12:15]
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3488090254-473268769-2033524579-1000UA.job
- c:\users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 12:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Wow6432Node-HKCU-Run-HW_OPENEYE_OUC_PLAY ONLINE - c:\program files (x86)\PLAY ONLINE\UpdateDog\ouc.exe
Wow6432Node-HKLM-Run-StmRst - c:\windows\StmClean.exe
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-{88500EEE-AB29-4A66-B27C-2F50DB92896E}_is1 - f:\program files (x86)\Dead Space 2 PL\unins000.exe
AddRemove-{8B827872-0BCB-4D58-9052-39B7D199435E}_is1 - f:\program files (x86)\Warhammer 40K Space Marine\unins000.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Czas ukończenia: 2011-09-25  07:47:19 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-09-25 05:47
.
Przed: 91 299 659 776 bajtów wolnych
Po: 91 132 743 680 bajtów wolnych
.
- - End Of File - - 3E07923A3141DCE612F0466AC672488D