ComboFix 17-05-09.01 - Anhell 2017-05-11 18:26:17.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.1790.690 [GMT 2:00] Uruchomiony z: c:\users\Anhell\Desktop\ComboFix.exe SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2017-04-11 do 2017-05-11 ))))))))))))))))))))))))))))))) . . 2017-05-11 16:39 . 2017-05-11 16:39 -------- d-----w- c:\users\Public\AppData\Local\temp 2017-05-11 16:39 . 2017-05-11 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-05-11 13:19 . 2017-05-11 13:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E632073-4018-4B99-A075-E82B32128B38}\offreg.2736.dll 2017-05-11 13:18 . 2017-05-11 13:18 104960 ----a-w- C:\fwrdypob.sys 2017-05-11 12:57 . 2017-05-11 13:09 -------- d-----w- C:\FRST 2017-05-09 08:36 . 2017-05-06 16:43 10510336 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E632073-4018-4B99-A075-E82B32128B38}\mpengine.dll 2017-04-28 07:30 . 2017-04-28 07:30 -------- d-----w- c:\program files\Common Files\Java 2017-04-18 08:54 . 2017-04-18 08:54 -------- d-----w- c:\users\Anhell\AppData\Local\CEF . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-04-28 07:29 . 2014-11-03 09:14 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2017-04-07 06:26 . 2012-04-03 07:12 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2017-04-07 06:26 . 2011-05-17 07:21 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2017-03-19 22:48 . 2017-03-19 22:48 28352 ----a-w- c:\windows\system32\aspnet_counters.dll 2017-03-19 22:48 . 2017-03-19 22:48 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll 2017-03-19 22:48 . 2017-03-19 22:48 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll 2017-03-19 22:48 . 2017-03-19 22:48 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll 2017-02-22 23:29 . 2017-03-15 13:56 71400 ----a-w- c:\windows\system32\CompatTelRunner.exe 2017-02-22 23:24 . 2017-03-15 13:56 971776 ----a-w- c:\windows\system32\aeinv.dll 2017-02-18 14:05 . 2017-03-15 13:56 505344 ----a-w- c:\windows\system32\generaltel.dll 2017-02-18 14:05 . 2017-03-15 13:56 1331200 ----a-w- c:\windows\system32\appraiser.dll 2017-02-11 15:50 . 2017-03-15 13:57 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2017-02-11 15:50 . 2017-03-15 13:57 313856 ----a-w- c:\windows\system32\drivers\srv2.sys 2017-02-11 15:50 . 2017-03-15 13:57 116224 ----a-w- c:\windows\system32\drivers\srvnet.sys . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256] "ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2010-03-03 53248] "HP LaserJet M1522 MFP Series Fax"="c:\program files\HP\hp LaserJet M1522\hppfaxprintersrv.exe" [2009-09-22 2453504] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384] "Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-12-29 941320] "Plus Internet"="c:\program files\Plus Internet\PlusInternetChecker.exe" [2012-03-13 497016] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2017-03-15 587288] . c:\users\Anhell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . R2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2009-07-14 9216] R3 AIRMACS;air macs base 3.0 Driver;c:\windows\system32\drivers\airmbus.sys [2011-06-28 62320] R3 AIRSER2;air macs base 3.0 VCP Driver;c:\windows\system32\drivers\airser2.sys [2011-06-21 73712] R3 bdmako;bdmako;c:\windows\system32\Drivers\bdmako.sys [2009-12-18 33792] R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x] R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\DRIVERS\hidusbf.sys [2010-12-06 5568] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-03-25 103936] R3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_lte.sys [2012-03-13 15896] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-05-30 114904] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-09 1343400] S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-07-22 814344] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 284672] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [2007-11-08 65536] S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-03-03 136192] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [2007-11-08 1515599] S3 fwrdypob;fwrdypob;C:\fwrdypob.sys [2017-05-11 104960] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392] S3 zgdcat;ZTE Datacard AT Port;c:\windows\system32\DRIVERS\zgdcat.sys [2012-03-13 114456] S3 zgdcdiag;ZTE Datacard Diagnostics Port;c:\windows\system32\DRIVERS\zgdcdiag.sys [2012-03-13 114456] S3 zgdcmdm;ZTE Datacard Modem;c:\windows\system32\DRIVERS\zgdcmdm.sys [2012-03-13 114456] S3 zgdcnet;ZTE Datacard Network Adapter;c:\windows\system32\DRIVERS\zgdcnet.sys [2012-03-13 144408] S3 zgdcnmea;ZTE Datacard NMEA Port;c:\windows\system32\DRIVERS\zgdcnmea.sys [2012-03-13 114456] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr utcsvc REG_MULTI_SZ DiagTrack . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2017-04-05 00:38 323664 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=181&d=20141009 mStart Page = hxxp://www.gazeta.pl/0,0.html?p=181&d=20141009 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Anhell\AppData\Roaming\Mozilla\Firefox\Profiles\s2siknrn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - user.js: plugin.state.npcontentblocker - 2 . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.032" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.apd" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.arw" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bay" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (S-1-5-21-2365182464-19884089-4036583124-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bmp" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cr2" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.crw" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cs1" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcr" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcx" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dib" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dng" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.emf" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.erf" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fff" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (S-1-5-21-2365182464-19884089-4036583124-1000) @Denied: (2) (LocalSystem) "Progid"="Applications\\Acrobat.exe" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.hdr" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jfif" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jif" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (S-1-5-21-2365182464-19884089-4036583124-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpe" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (S-1-5-21-2365182464-19884089-4036583124-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpeg" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (S-1-5-21-2365182464-19884089-4036583124-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpg" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.kdc" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mef" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mos" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mrw" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nef" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nrw" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.orf" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcx" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pef" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pic" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (S-1-5-21-2365182464-19884089-4036583124-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.png" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psd" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psp" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspbrush" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspimage" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raf" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raw" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rle" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rw2" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rwl" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sr2" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.srf" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tga" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.thm" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (S-1-5-21-2365182464-19884089-4036583124-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tif" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (S-1-5-21-2365182464-19884089-4036583124-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tiff" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttc" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttf" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30po" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30pp" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30ppf" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbm" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbmp" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wmf" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xbm" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xif" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xmp" . [HKEY_USERS\S-1-5-21-2365182464-19884089-4036583124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2017-05-11 18:42:19 ComboFix-quarantined-files.txt 2017-05-11 16:42 ComboFix2.txt 2017-05-04 09:42 ComboFix3.txt 2015-05-30 09:42 . Przed: 8 975 486 976 bajtów wolnych Po: 9 808 084 992 bajtów wolnych . - - End Of File - - 27517B9D1435A0BF0D48EEF33ACC755D A36C5E4F47E84449FF07ED3517B43A31