ComboFix 12-08-20.02 - RafiPC 2012-08-21  11:27:01.1.1 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.48.1045.18.3067.2025 [GMT 2:00]
Uruchomiony z: c:\users\RafiPC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DownloadnSave
c:\programdata\DownloadnSave\background.html
c:\programdata\DownloadnSave\cehkoehhacahpnhabgcldnhnnakfehio.crx
c:\programdata\DownloadnSave\content.js
c:\programdata\DownloadnSave\settings.ini
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-07-21 do 2012-08-21  )))))))))))))))))))))))))))))))
.
.
2012-08-21 08:48 . 2012-08-21 08:48	--------	d-----w-	c:\program files\CCleaner
2012-08-19 15:01 . 2012-07-03 16:21	355856	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-08-19 15:01 . 2012-07-03 16:21	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-08-19 15:01 . 2012-07-03 16:21	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-08-19 15:01 . 2012-07-03 16:21	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-08-19 15:00 . 2012-07-03 16:21	958400	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-08-19 15:00 . 2012-07-03 16:21	71064	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-08-19 15:00 . 2012-07-03 16:21	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-08-19 14:59 . 2012-07-03 16:21	41224	----a-w-	c:\windows\avastSS.scr
2012-08-19 14:59 . 2012-07-03 16:21	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-08-19 14:59 . 2012-08-19 14:59	--------	d-----w-	c:\programdata\AVAST Software
2012-08-19 14:59 . 2012-08-19 14:59	--------	d-----w-	c:\program files\AVAST Software
2012-08-13 14:34 . 2012-08-13 14:34	--------	d-----w-	c:\program files (x86)\Pando Networks
2012-08-12 13:35 . 2008-07-31 08:41	68616	----a-w-	c:\windows\SysWow64\XAPOFX1_1.dll
2012-08-12 13:35 . 2008-07-31 08:40	509448	----a-w-	c:\windows\SysWow64\XAudio2_2.dll
2012-08-12 13:35 . 2008-07-12 06:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2012-08-12 13:35 . 2008-07-12 06:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2012-08-12 13:35 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2012-08-09 13:59 . 2012-08-09 13:59	--------	d-----w-	c:\program files (x86)\WinHTTrack
2012-08-08 20:26 . 2012-08-08 20:26	--------	d-----w-	c:\program files (x86)\uTorrent
2012-08-06 20:45 . 2012-08-06 20:45	--------	d-----w-	c:\programdata\Premium
2012-08-06 20:41 . 2012-08-06 20:45	--------	d-----w-	c:\programdata\InstallMate
2012-08-06 20:28 . 2012-08-18 09:52	--------	d-----w-	c:\users\Nagrywanie
2012-08-06 10:10 . 2012-08-20 18:43	--------	d-----w-	c:\program files (x86)\Clownfish
2012-08-05 19:39 . 2012-08-05 19:39	--------	d-----w-	c:\programdata\GG
2012-08-04 15:03 . 2012-08-04 15:03	--------	d-----w-	c:\program files (x86)\Opera
2012-08-02 20:25 . 2012-08-02 20:25	--------	d-----w-	c:\program files (x86)\Artisteer 3
2012-08-02 07:57 . 2012-08-08 20:32	--------	d-----w-	c:\program files (x86)\VirtualDJ
2012-08-02 05:41 . 2012-08-20 18:45	--------	d-----w-	c:\program files (x86)\Tibia Auto
2012-08-01 19:24 . 2006-09-13 23:21	2240	----a-w-	c:\windows\LENDIG.sys
2012-08-01 19:20 . 2012-08-01 19:20	--------	d-----w-	c:\program files\Steinberg
2012-08-01 19:15 . 2012-08-01 19:15	--------	d-----w-	c:\program files (x86)\Steinberg
2012-08-01 19:13 . 2012-08-20 18:43	--------	d-----w-	c:\program files (x86)\VstPlugins
2012-08-01 19:13 . 2006-06-20 08:56	225280	----a-w-	c:\windows\SysWow64\rewire.dll
2012-08-01 19:12 . 2009-09-15 09:14	1554944	----a-w-	c:\windows\SysWow64\vorbis.acm
2012-08-01 19:12 . 2012-08-01 19:12	--------	d-----w-	c:\program files (x86)\Outsim
2012-08-01 19:11 . 2012-08-20 18:43	--------	d-----w-	c:\program files (x86)\Image-Line
2012-07-31 12:28 . 2007-11-02 09:07	8704	----a-w-	c:\windows\system32\CoInst_071029.dll
2012-07-31 12:28 . 2012-07-31 12:28	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2012-07-30 18:53 . 2012-08-03 18:53	--------	d-----w-	c:\program files\Cinema4D
2012-07-30 13:19 . 2012-07-30 13:19	--------	d-----w-	c:\programdata\Sony
2012-07-30 13:18 . 2012-07-30 13:18	--------	d-----w-	c:\windows\SysWow64\spool
2012-07-30 13:18 . 2012-07-30 13:18	--------	d-----w-	c:\program files (x86)\Sony
2012-07-29 15:15 . 2012-07-29 15:15	--------	d-----w-	C:\Plugins
2012-07-29 15:14 . 2012-07-29 15:15	--------	d-----w-	c:\program files (x86)\Ganymede
2012-07-28 21:14 . 2012-07-28 21:14	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-07-28 21:14 . 2012-07-28 21:14	--------	d-----r-	c:\program files (x86)\Skype
2012-07-28 21:14 . 2012-08-06 20:37	--------	d-----w-	c:\programdata\Skype
2012-07-27 12:30 . 2012-07-30 19:55	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-07-26 20:52 . 2012-08-18 08:56	--------	d-----w-	c:\users\UpdatusUser
2012-07-26 20:52 . 2012-07-26 20:52	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-07-26 20:51 . 2012-08-21 09:35	--------	d-----w-	c:\programdata\NVIDIA
2012-07-26 20:51 . 2012-05-15 09:29	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-07-26 20:51 . 2012-05-15 09:29	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-07-26 20:51 . 2012-05-15 09:29	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-07-26 20:51 . 2012-05-15 09:29	3149632	----a-w-	c:\windows\system32\nvsvc64.dll
2012-07-26 20:51 . 2012-05-15 09:28	6151488	----a-w-	c:\windows\system32\nvcpl.dll
2012-07-26 20:51 . 2012-05-15 10:48	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-07-26 20:51 . 2012-05-15 10:48	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-07-26 20:51 . 2012-07-26 20:51	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-07-26 20:49 . 2012-07-26 20:52	--------	d-----w-	c:\program files\NVIDIA Corporation
2012-07-26 20:48 . 2012-07-26 20:48	--------	d-----w-	C:\NVIDIA
2012-07-26 14:44 . 2012-08-01 20:00	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2012-07-26 14:44 . 2012-08-21 08:49	--------	d-----w-	c:\program files (x86)\Steam
2012-07-26 14:38 . 2012-07-26 14:38	--------	d-----w-	c:\programdata\McAfee
2012-07-26 14:19 . 2012-07-16 00:40	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8A11878-8178-4BB4-AF59-1886B21557C8}\mpengine.dll
2012-07-26 14:19 . 2012-05-31 10:25	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-07-26 14:18 . 2012-07-26 14:18	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-07-26 14:18 . 2012-07-26 14:18	--------	d-----w-	c:\program files (x86)\Oracle
2012-07-26 14:17 . 2012-07-05 20:06	772544	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-07-26 14:17 . 2012-07-05 20:06	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-07-26 14:17 . 2012-07-26 14:17	--------	d-----w-	c:\program files (x86)\Java
2012-07-26 14:17 . 2012-08-19 15:00	--------	d-sh--w-	c:\windows\Installer
2012-07-26 14:03 . 2012-07-26 14:04	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-07-26 14:01 . 2012-08-15 12:40	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-26 14:01 . 2012-08-15 12:40	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-26 14:01 . 2012-07-26 14:01	--------	d-----w-	c:\windows\SysWow64\Macromed
2012-07-26 14:01 . 2012-07-26 14:01	--------	d-----w-	c:\windows\system32\Macromed
2012-07-26 13:11 . 2012-08-21 08:49	--------	d-----w-	c:\windows\Panther
2012-07-26 13:10 . 2012-07-26 13:10	--------	d-----w-	c:\windows\system32\OEM
2012-07-26 12:59 . 2012-07-26 12:59	--------	d-----w-	C:\Windows.old
2012-07-26 12:34 . 2012-08-18 09:01	--------	d-----w-	c:\users\RafiPC
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 netw5v64;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 64-bitowej;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 12:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 94.251.160.14 94.251.182.11
FF - ProfilePath - c:\users\RafiPC\AppData\Roaming\Mozilla\Firefox\Profiles\1tociq0j.default\
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Czas ukończenia: 2012-08-21  11:41:55 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-08-21 09:41
.
Przed: 25 076 936 704 bajtów wolnych
Po: 25 687 855 104 bajtów wolnych
.
- - End Of File - - 8A14BFDA7C4A6347250548EB7D68757F