ComboFix 15-05-31.01 - Beata 2015-06-01  19:55:13.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.2668.1221 [GMT 2:00]
Uruchomiony z: c:\users\Beata\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
	/wow section - STAGE 3
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\auth.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\burnlib.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\dsp_sps.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\enc_fhgaac.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\enc_flac.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\enc_lame.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\enc_vorbis.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\enc_wav.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\enc_wma.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\gen_classicart.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\gen_crasher.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\gen_ff.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\gen_hotkeys.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\gen_jumpex.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\gen_ml.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\gen_nopro.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\gen_skinmanager.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\gen_timerestore.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\gen_tray.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\gen_undo.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_avi.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_cdda.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_dshow.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_flac.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_flv.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_linein.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_midi.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_mkv.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_mod.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_mp3.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_mp4.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_nsv.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_swf.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_vorbis.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_wav.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_wave.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_wm.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\in_wv.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_autotag.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_bookmarks.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_cloud.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_devices.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_disc.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_downloads.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_enqplay.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_history.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_impex.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_local.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_nowplaying.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_online.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_playlists.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_plg.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_pmp.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_rg.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_transcode.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ml_wire.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\ombrowser.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\out_disk.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\out_ds.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\out_wave.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\playlist.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\pmp_activesync.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\pmp_android.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\pmp_cloud.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\pmp_ipod.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\pmp_njb.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\pmp_p4s.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\pmp_usb.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\pmp_wifi.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\tagz.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\vis_avs.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\vis_milk2.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\vis_nsfs.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\winamp.lng
c:\users\Beata\AppData\Local\Temp\WPLC58C.tmp\winampa.lng
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2015-05-01 do 2015-06-01  )))))))))))))))))))))))))))))))
.
.
2015-06-01 18:11 . 2015-06-01 18:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-06-01 05:46 . 2015-06-01 05:46	--------	d-----w-	c:\program files (x86)\HD Tune
2015-06-01 05:17 . 2015-06-01 05:17	--------	d-----w-	c:\program files\Recuva
2015-05-30 16:34 . 2015-05-30 16:34	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{89B32D31-9880-40E6-99CD-C92A6C55EB9C}\offreg.2796.dll
2015-05-30 16:26 . 2015-05-31 20:41	--------	d-----w-	c:\program files (x86)\StrongRecovery
2015-05-30 16:18 . 2015-05-30 16:18	--------	d-----w-	c:\program files (x86)\CleverFiles
2015-05-30 16:13 . 2015-05-30 16:16	--------	d-----w-	C:\AdwCleaner
2015-05-30 07:52 . 2015-05-30 07:52	--------	d-----w-	c:\programdata\{BCB05473-EC32-85F5-5DB4-F5778D3626F9}
2015-05-29 06:40 . 2015-05-18 02:57	12214312	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{89B32D31-9880-40E6-99CD-C92A6C55EB9C}\mpengine.dll
2015-05-25 08:41 . 2015-05-25 08:41	--------	d-----w-	c:\program files (x86)\PhotoScape
2015-05-25 08:16 . 2009-09-04 15:29	1892184	----a-w-	c:\windows\SysWow64\D3DX9_42.dll
2015-05-25 08:16 . 2006-09-28 14:05	2414360	----a-w-	c:\windows\SysWow64\d3dx9_31.dll
2015-05-25 08:13 . 2015-05-25 08:13	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2015-05-25 08:12 . 2015-05-25 08:17	--------	d-----w-	c:\program files (x86)\Winamp
2015-05-23 13:44 . 2015-05-23 13:44	--------	d-----w-	c:\program files\Microsoft Silverlight
2015-05-22 21:03 . 2015-05-22 21:03	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2015-05-22 17:13 . 2015-05-22 17:20	--------	d-----w-	c:\windows\system32\MRT
2015-05-21 20:43 . 2010-09-17 08:52	525792	----a-w-	c:\windows\DIFxAPI.dll
2015-05-21 20:43 . 2010-09-17 08:52	232272	----a-w-	c:\windows\TmNSCIns.dll
2015-05-21 20:36 . 2015-05-21 20:35	272248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-05-21 20:36 . 2015-05-21 20:35	137288	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-05-21 20:36 . 2015-05-21 20:35	65736	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-05-21 20:36 . 2015-05-21 20:35	442264	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-05-21 20:36 . 2015-05-21 20:35	93528	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-05-21 20:36 . 2015-05-21 20:35	89944	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-05-21 20:36 . 2015-05-21 20:35	29168	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-05-21 20:36 . 2015-05-21 20:35	1047320	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2015-05-21 20:36 . 2015-05-21 20:35	364472	----a-w-	c:\windows\system32\aswBoot.exe
2015-05-21 20:35 . 2015-05-21 20:35	43112	----a-w-	c:\windows\avastSS.scr
2015-05-21 20:34 . 2015-05-21 20:34	--------	d-----w-	c:\program files\AVAST Software
2015-05-21 20:31 . 2015-05-21 20:31	--------	d-----w-	c:\programdata\AVAST Software
2015-05-21 06:52 . 2015-02-24 02:17	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-05-21 02:24 . 2015-05-21 02:24	--------	d-s---w-	c:\windows\system32\CompatTel
2015-05-21 02:24 . 2015-05-21 02:24	--------	d-----w-	c:\windows\system32\appraiser
2015-05-21 02:24 . 2015-05-21 02:24	--------	d-----w-	c:\windows\Migration
2015-05-21 01:22 . 2012-07-26 05:05	2560	----a-w-	c:\windows\system32\drivers\pl-PL\wdf01000.sys.mui
2015-05-21 01:06 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2015-05-21 01:06 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2015-05-21 01:06 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2015-05-21 01:06 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2015-05-21 01:06 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2015-05-21 01:06 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2015-05-21 01:06 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2015-05-21 01:02 . 2014-06-27 02:08	2777088	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2015-05-21 01:02 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2015-05-20 18:48 . 2015-05-20 21:07	--------	d-----w-	c:\program files (x86)\Windows Sidebar
2015-05-20 12:51 . 2015-05-20 12:51	--------	d-----w-	c:\windows\SysWow64\Wat
2015-05-20 12:51 . 2015-05-20 12:51	--------	d-----w-	c:\windows\system32\Wat
2015-05-20 06:37 . 2015-04-21 16:26	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2015-05-20 06:37 . 2011-02-25 06:19	2871808	----a-w-	c:\windows\explorer.exe
2015-05-20 06:37 . 2011-02-25 05:30	2616320	----a-w-	c:\windows\SysWow64\explorer.exe
2015-05-20 06:35 . 2011-03-11 06:33	2565632	----a-w-	c:\windows\system32\esent.dll
2015-05-20 06:35 . 2011-03-11 06:30	96768	----a-w-	c:\windows\system32\fsutil.exe
2015-05-20 06:35 . 2011-03-11 05:33	1699328	----a-w-	c:\windows\SysWow64\esent.dll
2015-05-20 06:35 . 2011-03-11 06:41	148352	----a-w-	c:\windows\system32\drivers\nvraid.sys
2015-05-20 06:35 . 2011-03-11 06:41	410496	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2015-05-20 06:35 . 2011-03-11 06:41	27008	----a-w-	c:\windows\system32\drivers\amdxata.sys
2015-05-20 06:35 . 2011-03-11 06:41	166272	----a-w-	c:\windows\system32\drivers\nvstor.sys
2015-05-20 06:35 . 2011-03-11 06:41	107904	----a-w-	c:\windows\system32\drivers\amdsata.sys
2015-05-20 06:35 . 2011-03-11 05:31	74240	----a-w-	c:\windows\SysWow64\fsutil.exe
2015-05-20 06:35 . 2011-03-11 04:37	91648	----a-w-	c:\windows\system32\drivers\USBSTOR.SYS
2015-05-20 02:31 . 2015-04-20 03:17	1179136	----a-w-	c:\windows\system32\FntCache.dll
2015-05-20 02:31 . 2015-04-20 03:17	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-05-20 02:31 . 2015-04-20 02:56	1250816	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-05-20 01:51 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2015-05-20 01:51 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2015-05-20 01:50 . 2015-02-03 03:31	1424896	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-05-20 01:50 . 2015-02-03 03:12	1230848	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2015-05-19 16:09 . 2015-02-04 03:16	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-05-19 16:09 . 2015-02-04 02:54	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-05-19 14:13 . 2015-05-19 14:13	--------	d-----w-	c:\programdata\NortonInstaller
2015-05-18 11:48 . 2015-05-21 02:24	--------	d-s---w-	c:\windows\SysWow64\GWX
2015-05-18 11:48 . 2015-05-21 02:24	--------	d-s---w-	c:\windows\system32\GWX
2015-05-18 10:04 . 2012-07-06 20:07	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
2015-05-18 10:04 . 2011-04-28 03:54	80384	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2015-05-18 07:10 . 2013-10-14 16:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2015-05-17 16:30 . 2015-05-17 16:30	942592	----a-w-	c:\windows\system32\jsIntl.dll
2015-05-17 15:43 . 2015-05-17 15:43	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-17 10:42 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 10:42 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 10:13 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2015-05-17 10:13 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2015-05-17 10:13 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2015-05-17 01:07 . 2014-03-09 21:48	171160	----a-w-	c:\windows\system32\infocardapi.dll
2015-05-17 01:07 . 2014-03-09 21:48	1389208	----a-w-	c:\windows\system32\icardagt.exe
2015-05-17 01:07 . 2014-03-09 21:47	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2015-05-17 01:07 . 2014-03-09 21:47	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2015-05-17 01:07 . 2014-06-30 22:24	8856	----a-w-	c:\windows\system32\icardres.dll
2015-05-17 01:07 . 2014-06-30 22:14	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2015-05-17 01:07 . 2014-06-06 06:16	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2015-05-17 01:07 . 2014-06-06 06:12	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2015-05-16 15:13 . 2015-05-16 15:13	--------	d-----w-	c:\program files (x86)\TeamViewer
2015-05-16 13:18 . 2015-05-16 13:18	--------	d-----w-	c:\programdata\CodeMeter
2015-05-16 05:23 . 2015-01-09 03:14	91136	----a-w-	c:\windows\system32\wdi.dll
2015-05-16 05:23 . 2015-01-09 03:14	950272	----a-w-	c:\windows\system32\perftrack.dll
2015-05-16 05:23 . 2015-01-09 03:14	29696	----a-w-	c:\windows\system32\powertracker.dll
2015-05-16 05:23 . 2015-01-09 02:48	76800	----a-w-	c:\windows\SysWow64\wdi.dll
2015-05-16 05:19 . 2013-07-04 12:50	633856	----a-w-	c:\windows\system32\comctl32.dll
2015-05-16 05:19 . 2013-07-04 11:50	530432	----a-w-	c:\windows\SysWow64\comctl32.dll
2015-05-16 05:19 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2015-05-16 05:17 . 2015-05-05 01:29	342016	----a-w-	c:\windows\system32\schannel.dll
2015-05-16 05:17 . 2015-05-05 01:12	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-05-16 05:17 . 2015-04-18 03:10	460800	----a-w-	c:\windows\system32\certcli.dll
2015-05-16 05:17 . 2015-04-18 02:56	342016	----a-w-	c:\windows\SysWow64\certcli.dll
2015-05-16 05:17 . 2015-04-13 03:28	328704	----a-w-	c:\windows\system32\services.exe
2015-05-16 05:16 . 2015-02-20 03:29	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-05-16 05:16 . 2015-02-20 03:09	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-05-16 05:16 . 2015-02-20 04:41	41984	----a-w-	c:\windows\system32\lpk.dll
2015-05-16 05:16 . 2015-02-20 04:40	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-05-16 05:16 . 2015-02-20 04:40	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-05-16 05:16 . 2015-02-20 04:40	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-05-16 05:16 . 2015-02-20 04:13	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-05-16 05:16 . 2015-02-20 04:13	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-05-16 05:16 . 2015-02-20 04:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-05-16 05:16 . 2015-02-20 04:12	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-05-16 05:11 . 2015-02-03 03:31	325632	----a-w-	c:\windows\system32\msnetobj.dll
2015-05-16 05:10 . 2013-10-19 02:18	81408	----a-w-	c:\windows\system32\imagehlp.dll
2015-05-16 05:10 . 2013-10-19 01:36	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2015-05-16 05:10 . 2014-10-14 02:13	683520	----a-w-	c:\windows\system32\termsrv.dll
2015-05-16 05:08 . 2013-05-27 05:50	571904	----a-w-	c:\program files\Windows Defender\MpClient.dll
2015-05-16 05:06 . 2015-03-05 05:12	404480	----a-w-	c:\windows\system32\gdi32.dll
2015-05-16 05:06 . 2015-03-05 04:05	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-05-16 05:06 . 2015-03-10 03:25	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-05-16 05:06 . 2015-03-10 03:08	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-05-16 05:06 . 2015-03-10 03:21	2048	----a-w-	c:\windows\system32\msxml3r.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-15 17:00 . 2010-06-24 18:33	23776	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-04-27 19:04 . 2015-05-16 05:04	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-03-04 04:41 . 2015-05-16 04:29	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-16 04:29	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-05-16 04:29	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-16 04:29	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-16 04:29	2560	----a-w-	c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-04-17 31282816]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-01 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-14 336384]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-21 5515496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe -d [2015-5-16 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cfbackd;DiskDrill Watcher;c:\program files (x86)\CleverFiles\Disk Drill\cfbackd.w32.exe;c:\program files (x86)\CleverFiles\Disk Drill\cfbackd.w32.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk-x64.sys;c:\program files\A-FF Find and Mount\slicedisk-x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-15 17:42	988488	----a-w-	c:\program files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2015-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-15 17:41]
.
2015-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-15 17:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-21 20:35	722400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-28 2264168]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dregol.com/?f=1&a=drg_ir_15_22&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0BzzzzyEtCyD0DyDzy0EtBtN0D0Tzu0StCtByEyDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtDtC0E0CyDtBtBtGtCzy0A0BtG0DyDyBtDtGyEtByDzztG0A0F0FyCyEtBtAtAtD0D0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0F0CzztCtDtB0AtG0CzztD0FtGyE0AzztCtG0ByD0FyDtGyCtCyDtB0CtCyByByDzyyC0F2QtN0A0LzuyE&cr=1450662872&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1 - c:\program files (x86)\Asus\Game Park\GameConsole\unins000.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Czas ukończenia: 2015-06-01  20:25:01 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2015-06-01 18:24
.
Przed: 82 304 987 136 bajtów wolnych
Po: 82 155 364 352 bajtów wolnych
.
- - End Of File - - 7F87B88482329F4A2BC3796D8F787354
A36C5E4F47E84449FF07ED3517B43A31