ComboFix 12-12-25.02 - Dominiczeq 2012-12-26  10:33:53.1.4 - x64 NETWORK
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1045.18.3959.3217 [GMT 1:00]
Uruchomiony z: c:\users\Dominiczeq\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Dominiczeq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3RVX.lnk
c:\users\Dominiczeq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
c:\users\Dominiczeq\Desktop\Setup.exe
c:\users\Dominiczeq\wgsdgsdgdsgsd.dll
c:\users\Dominiczeq\wgsdgsdgdsgsd.exe
c:\windows\DPINST.LOG
c:\windows\SysWow64\SysInfo.dll
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-11-26 do 2012-12-26  )))))))))))))))))))))))))))))))
.
.
2012-12-26 09:37 . 2012-12-26 09:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-26 09:37 . 2012-12-26 09:37	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-12-25 21:52 . 2012-12-25 21:52	3014	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2012-12-23 12:54 . 2012-12-26 09:35	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B665E38-6854-4899-B389-2033F780F07B}\offreg.dll
2012-12-23 06:28 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B665E38-6854-4899-B389-2033F780F07B}\mpengine.dll
2012-12-22 01:21 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-22 01:21 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 01:21 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 01:21 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-19 18:42 . 2012-12-25 17:09	--------	d-----w-	c:\users\Dominiczeq\AppData\Local\CrashDumps
2012-12-16 11:07 . 2012-12-16 11:07	--------	d-----w-	c:\users\Dominiczeq\AppData\Roaming\TechSmith
2012-12-16 11:07 . 2012-12-16 11:07	--------	d-----w-	c:\users\Dominiczeq\AppData\Local\TechSmith
2012-12-16 11:05 . 2012-12-16 11:05	--------	d-----w-	c:\program files (x86)\Common Files\TechSmith Shared
2012-12-16 11:05 . 2012-12-16 11:05	--------	d-----w-	c:\programdata\TechSmith
2012-12-15 19:18 . 2012-12-15 19:19	--------	d-----w-	c:\program files (x86)\Sony Media Go Install
2012-12-13 20:15 . 2012-12-13 20:15	--------	d-----w-	c:\users\Dominiczeq\AppData\Roaming\Unity
2012-12-13 19:04 . 2012-12-13 19:04	--------	d-----w-	c:\users\Dominiczeq\AppData\Local\Unity
2012-12-12 21:13 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 17:32 . 2012-12-12 17:32	16363960	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-12-10 09:14 . 2012-12-11 19:08	--------	d-----w-	c:\program files (x86)\IVONA
2012-12-09 19:39 . 2012-12-09 19:39	--------	d-----w-	c:\users\Dominiczeq\AppData\Local\cFos
2012-12-09 19:39 . 2012-07-02 15:15	1312168	----a-w-	c:\windows\system32\drivers\cfosspeed6.sys
2012-12-09 19:39 . 2012-12-09 19:39	--------	d-----w-	c:\program files\cFosSpeed
2012-12-09 19:37 . 2012-12-09 19:37	--------	d-----w-	c:\programdata\cFos
2012-12-09 14:46 . 2011-05-19 16:29	334400	----a-w-	c:\windows\system32\drivers\mcdevice.sys
2012-12-09 14:46 . 2012-12-09 14:48	--------	d-----w-	c:\users\Dominiczeq\AppData\Local\MagicCamera
2012-12-09 12:49 . 2012-12-09 12:49	--------	d--h--w-	c:\windows\msdownld.tmp
2012-12-09 12:49 . 2012-12-09 12:49	143360	----a-w-	c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin7.dll
2012-12-09 12:49 . 2012-12-09 12:49	143360	----a-w-	c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin6.dll
2012-12-09 12:49 . 2012-12-09 12:49	143360	----a-w-	c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin5.dll
2012-12-09 12:49 . 2012-12-09 12:49	143360	----a-w-	c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin4.dll
2012-12-09 12:49 . 2012-12-09 12:49	143360	----a-w-	c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin3.dll
2012-12-09 12:49 . 2012-12-09 12:49	143360	----a-w-	c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin2.dll
2012-12-09 12:49 . 2012-12-09 12:49	143360	----a-w-	c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin.dll
2012-12-09 12:49 . 2012-12-09 12:49	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2012-12-09 12:49 . 2012-12-09 12:49	--------	d-----w-	c:\program files (x86)\QuickTime
2012-12-09 12:49 . 2012-12-09 12:49	--------	d-----w-	c:\programdata\Apple Computer
2012-12-09 12:48 . 2012-12-09 12:48	--------	d-----w-	c:\programdata\Corel
2012-12-09 12:48 . 2012-12-09 12:48	--------	d-----w-	c:\program files (x86)\Common Files\Protexis
2012-12-09 12:47 . 2012-12-09 12:47	--------	d-----w-	c:\program files (x86)\Windows Media Components
2012-12-09 12:47 . 2007-10-22 02:40	411656	----a-w-	c:\windows\system32\xactengine2_10.dll
2012-12-09 12:47 . 2007-10-22 02:39	267272	----a-w-	c:\windows\SysWow64\xactengine2_10.dll
2012-12-08 17:14 . 2012-12-08 17:14	--------	d-----w-	c:\users\Dominiczeq\AppData\Roaming\Ashampoo
2012-12-08 17:14 . 2012-12-08 17:14	--------	d-----w-	c:\users\Dominiczeq\AppData\Local\ashampoo
2012-12-08 17:13 . 2012-12-08 17:14	--------	d-----w-	c:\programdata\Ashampoo
2012-12-08 17:10 . 2012-12-08 17:10	--------	d-----w-	c:\users\Dominiczeq\AppData\Local\Programs
2012-12-08 10:36 . 2012-08-28 15:15	1645320	----a-w-	c:\windows\SysWow64\gdiplus.dll
2012-12-08 10:36 . 2012-12-08 10:36	--------	d-----w-	c:\programdata\BlazeVideo
2012-12-08 10:29 . 2012-12-08 10:29	--------	d-----w-	c:\users\Dominiczeq\AppData\Roaming\Media Player Classic
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 01:44 . 2012-05-26 13:53	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-12 17:32 . 2012-05-14 16:41	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 17:32 . 2012-05-14 16:41	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-23 19:43 . 2012-11-23 19:43	2048	----a-w-	c:\windows\SysWow64\winver.exe
2012-11-23 19:43 . 2012-11-23 19:43	833024	----a-w-	c:\windows\SysWow64\user32.dll
2012-11-23 19:43 . 2012-11-23 19:43	410624	----a-w-	c:\windows\SysWow64\systemcpl.dll
2012-11-23 19:43 . 2012-11-23 19:43	1536	----a-w-	c:\windows\SysWow64\sppcomapi.dll
2012-11-23 19:43 . 2012-11-23 19:43	113543	----a-w-	c:\windows\SysWow64\slmgr.vbs
2012-10-30 22:51 . 2012-10-01 17:36	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-01 17:36	370288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-01 17:36	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-01 17:36	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-10-01 17:36	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-05-15 17:18	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-05-15 17:18	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-10-01 17:36	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-10-01 17:36	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-10-04 16:40 . 2012-12-12 21:13	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-02 22:21 . 2012-10-12 14:03	9146728	----a-w-	c:\windows\system32\nvcuda.dll
2012-10-02 22:21 . 2012-10-12 14:03	7697768	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-10-02 22:21 . 2012-10-12 14:03	7414632	----a-w-	c:\windows\system32\nvopencl.dll
2012-10-02 22:21 . 2012-10-12 14:03	6127464	----a-w-	c:\windows\SysWow64\nvopencl.dll
2012-10-02 22:21 . 2012-10-12 14:03	2747240	----a-w-	c:\windows\system32\nvcuvid.dll
2012-10-02 22:21 . 2012-10-12 14:03	26331496	----a-w-	c:\windows\system32\nvoglv64.dll
2012-10-02 22:21 . 2012-10-12 14:03	2574696	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-10-02 22:21 . 2012-10-12 14:03	25256296	----a-w-	c:\windows\system32\nvcompiler.dll
2012-10-02 22:21 . 2012-10-12 14:03	2218344	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-10-02 22:21 . 2012-10-12 14:03	19906920	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-10-02 22:21 . 2012-10-12 14:03	1867112	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-10-02 22:21 . 2012-10-12 14:03	17559912	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-10-02 22:21 . 2012-10-12 14:03	13443944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-10-02 22:21 . 2012-09-22 10:25	2731880	----a-w-	c:\windows\system32\nvapi64.dll
2012-10-02 22:21 . 2012-09-22 10:25	2428776	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-10-02 22:21 . 2012-09-22 10:25	18252136	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-10-02 22:21 . 2012-09-22 10:25	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2012-09-22 10:25	15309160	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-10-02 22:21 . 2012-09-22 10:25	14922600	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-10-02 22:21 . 2012-09-22 10:25	1482600	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-10-02 22:21 . 2012-09-22 10:25	12501352	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-10-02 19:51 . 2012-09-22 10:26	3293544	----a-w-	c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-09-22 10:26	6200680	----a-w-	c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-09-22 10:26	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-09-22 10:26	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-09-22 10:26	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-09-22 10:26	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-10-02 11:15 . 2012-10-02 11:15	430952	----a-w-	c:\windows\SysWow64\nvStreaming.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-11-20 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-11-23 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03	1310040	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-10-24 00:36	194928	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"="d:\program files (x86)\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048]
"FlashGet 3"="d:\program files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" [2012-03-15 3090056]
"3RVX"="d:\program files (x86)\3RVX\3RVX.exe" [2008-10-13 159232]
"Clock Widget (HTC Home)"="d:\program files (x86)\HTC Home\Clock.exe" [2011-11-28 2036736]
"VistaSwitcher"="d:\program files\VistaSwitcher\vswitch64.exe" [2012-05-12 233088]
"Magic Boss Key"="d:\program files (x86)\Magicboss\mgboss.exe" [2011-02-23 355840]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-09-12 445624]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"V0540Mon.exe"="c:\windows\V0540Mon.exe" [2008-03-03 28672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
.
c:\users\Dominiczeq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DropIt.lnk - d:\program files (x86)\DropIt\DropIt.exe [2012-8-27 873917]
tcbhn.lnk - c:\users\Dominiczeq\AppData\Roaming\BrowserCompanion\tcbhn.exe [2012-6-28 695448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
R2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-11 2312216]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2006-12-22 559104]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-14 14448]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-11-26 151936]
R3 mcdevice;mcdevice;c:\windows\system32\DRIVERS\mcdevice.sys [2011-05-19 334400]
R3 netr7364;Sterownik karty RT73 USB Wireless LAN dla systemu Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 V0540Dev;Creative Camera VF0540 Driver;c:\windows\system32\DRIVERS\V0540Vid.sys [2009-06-15 321376]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-15 1255736]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-17 239616]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 17:32]
.
2012-12-26 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Dominiczeq\AppData\Local\SwvUpdater\Updater.exe [2012-10-24 16:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	d:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-04 9642528]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2012-07-02 1569192]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10012&barid={285658FB-1DF2-11E2-BB4A-0015833D0A57}
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10012&barid={285658FB-1DF2-11E2-BB4A-0015833D0A57}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links by FlashGet3 - d:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download by FlashGet3 - d:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
FF - ProfilePath - c:\users\Dominiczeq\AppData\Roaming\Mozilla\Firefox\Profiles\s4lex40g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - ExtSQL: 2012-11-12 02:43; plugin@yontoo.com; c:\users\Dominiczeq\AppData\Roaming\Mozilla\Firefox\Profiles\s4lex40g.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2012-11-12 02:43; {b64982b1-d112-42b5-b1e4-d3867c4533f8}; c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF - ExtSQL: 2012-12-26 08:40; bbrs_002@blabbers.com; c:\users\Dominiczeq\AppData\Roaming\Mozilla\Firefox\Profiles\s4lex40g.default\extensions\bbrs_002@blabbers.com
FF - ExtSQL: 2019-09-25 22:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\Dominiczeq\AppData\Roaming\Mozilla\Firefox\Profiles\s4lex40g.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - user.js: extentions.y2layers.installId - 7be6160c-fd56-4f71-b188-8abfde6bd352
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
FF - user.js: extentions.y2layers.installId - 9f1b801a-1d89-4fec-9af3-ebd92c734317
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
BHO-{00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files (x86)\BrowserCompanion\jsloader.dll
Wow6432Node-HKCU-Run-uTorrent - d:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKCU-Run-IVONA Reader - c:\program files (x86)\IVONA\IVONA Reader\IVONA Reader.exe
Wow6432Node-HKLM-Run-OtShot - c:\program files (x86)\OtShot\otshot.exe
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-Minecraft Cracked - c:\users\Dominiczeq\AppData\Roaming\.minecraft\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-175059026-4285490264-2774965431-1001\Software\SecuROM\License information*]
"datasecu"=hex:21,e7,77,e9,92,76,ca,eb,52,c1,e1,61,5a,03,82,04,67,d0,f9,ea,0f,
   30,f0,9b,ac,26,d1,7d,86,ed,b7,b4,36,01,1f,5e,90,58,0b,bd,45,b3,69,e5,b2,88,\
"rkeysecu"=hex:ac,5d,09,fa,ba,70,59,af,e9,35,54,21,ae,df,b2,37
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2012-12-26  10:38:49
ComboFix-quarantined-files.txt  2012-12-26 09:38
.
Przed: 9 228 898 304 bajtów wolnych
Po: 17 681 960 960 bajtów wolnych
.
- - End Of File - - 21C4013BC12721230744B632D05A44C2