ComboFix 11-09-07.04 - Damian 2011-09-08 1:31.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.4096.2768 [GMT 2:00] Uruchomiony z: c:\users\Damian\Desktop\ComboFix.exe AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Dealio Toolbar c:\program files (x86)\Dealio Toolbar\FF\chrome.manifest c:\program files (x86)\Dealio Toolbar\FF\chrome\content\chevron.js c:\program files (x86)\Dealio Toolbar\FF\chrome\content\chevron.xul c:\program files (x86)\Dealio Toolbar\FF\chrome\content\login.js c:\program files (x86)\Dealio Toolbar\FF\chrome\content\login.xul c:\program files (x86)\Dealio Toolbar\FF\chrome\content\parser.js c:\program files (x86)\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js c:\program files (x86)\Dealio Toolbar\FF\chrome\content\searchbox.js c:\program files (x86)\Dealio Toolbar\FF\chrome\content\searchbox.xul c:\program files (x86)\Dealio Toolbar\FF\chrome\content\utils.js c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgichevron.js c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgicomm.js c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgihandling.js c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgilisteners.js c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgiui.js c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\amazon.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\apple.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\barnes.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\bestbuy.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\chevron.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\ebay.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\icon_settings.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\macys.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\newegg.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\overstock.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-button.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-chevron.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_amazon.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_dealio.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_ebay.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\searchbox.css c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\splitter.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\target.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\walmart.gif c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css c:\program files (x86)\Dealio Toolbar\FF\install.rdf c:\program files (x86)\Dealio Toolbar\IE\4.4\config.ini c:\program files (x86)\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll c:\program files (x86)\Dealio Toolbar\Res\amazon.gif c:\program files (x86)\Dealio Toolbar\Res\apple.gif c:\program files (x86)\Dealio Toolbar\Res\barnes.gif c:\program files (x86)\Dealio Toolbar\Res\bestbuy.gif c:\program files (x86)\Dealio Toolbar\Res\dealio_logo.gif c:\program files (x86)\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files (x86)\Dealio Toolbar\Res\ebay.gif c:\program files (x86)\Dealio Toolbar\Res\icon_settings.gif c:\program files (x86)\Dealio Toolbar\Res\macys.gif c:\program files (x86)\Dealio Toolbar\Res\newegg.gif c:\program files (x86)\Dealio Toolbar\Res\overstock.gif c:\program files (x86)\Dealio Toolbar\Res\search-button-hover.gif c:\program files (x86)\Dealio Toolbar\Res\search-button.gif c:\program files (x86)\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files (x86)\Dealio Toolbar\Res\search-chevron.gif c:\program files (x86)\Dealio Toolbar\Res\search_amazon.gif c:\program files (x86)\Dealio Toolbar\Res\search_dealio.gif c:\program files (x86)\Dealio Toolbar\Res\search_ebay.gif c:\program files (x86)\Dealio Toolbar\Res\search_yahoo.gif c:\program files (x86)\Dealio Toolbar\Res\target.gif c:\program files (x86)\Dealio Toolbar\Res\walmart.gif c:\program files (x86)\Dealio Toolbar\Res\widgets.xml c:\program files (x86)\Dealio Toolbar\WidgiHelper.exe c:\program files (x86)\Mozilla Firefox\extensions\dealio@mybrowserbar.com c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\burnlib.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\dsp_sps.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\enc_aacplus.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\enc_flac.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\enc_flake.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\enc_lame.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\enc_vorbis.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\enc_wav.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\enc_wma.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\gen_crasher.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\gen_dropbox.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\gen_ff.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\gen_hotkeys.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\gen_ml.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\gen_tray.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_cdda.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_dshow.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_flac.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_flv.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_linein.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_midi.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_mod.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_mp3.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_mp4.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_nsv.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_swf.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_vorbis.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_wav.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_wave.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_wm.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\in_wv.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_autotag.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_bookmarks.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_disc.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_history.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_impex.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_local.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_nowplaying.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_online.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_playlists.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_plg.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_pmp.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_rg.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_transcode.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\ml_wire.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\out_disk.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\out_ds.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\out_wave.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\playlist.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\pmp_activesync.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\pmp_ipod.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\pmp_njb.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\pmp_p4s.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\pmp_usb.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\tagz.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\vis_avs.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\vis_milk2.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\vis_nsfs.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\winamp.lng c:\users\Damian\AppData\Local\Temp\WLZC9E8.tmp\winampa.lng c:\windows\system32\consrv.dll c:\windows\System64 c:\windows\SysWow64\mfc100deu.dll . . ((((((((((((((((((((((((( Pliki utworzone od 2011-08-07 do 2011-09-07 ))))))))))))))))))))))))))))))) . . 2011-09-07 23:35 . 2011-09-07 23:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-07 17:55 . 2011-09-07 17:55 -------- d-----w- c:\users\Damian\AppData\Local\ElevatedDiagnostics 2011-09-03 21:41 . 2011-09-03 21:42 -------- d-----w- C:\totalcmd 2011-09-03 21:41 . 2011-09-03 21:41 -------- d-----w- c:\users\Damian\AppData\Roaming\GHISLER 2011-09-03 21:41 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF 2011-09-03 21:41 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF 2011-09-03 21:41 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF 2011-09-03 21:41 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF 2011-09-03 21:41 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF 2011-09-03 21:41 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF 2011-09-03 21:41 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF 2011-08-30 16:56 . 2011-08-30 17:10 -------- d-----w- c:\users\Damian\AppData\Local\Wheelman 2011-08-30 16:56 . 2011-08-30 16:56 -------- d-----w- c:\users\Damian\AppData\Local\PC 2011-08-30 16:39 . 2011-08-30 16:39 -------- d-----w- c:\users\Damian\AppData\Roaming\InstallShield 2011-08-26 14:52 . 2011-08-26 14:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-08-26 14:50 . 2011-08-26 14:50 -------- d-----w- c:\windows\system32\appmgmt 2011-08-25 16:41 . 2011-08-25 17:04 -------- d-----w- c:\users\Damian\AppData\Local\WMTools Downloaded Files . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-08 21:02 . 2011-08-08 21:02 739 ----a-w- c:\windows\SysWow64\sdbackup.reg 2011-07-03 14:22 . 2011-05-04 13:46 319488 ----a-w- c:\windows\HideWin.exe 2011-07-03 09:27 . 2011-06-20 17:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-06-21 08:40 . 2011-06-21 08:41 71208 ----a-w- c:\windows\system32\PhysXLoader.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files (x86)\Softonic-Polska\tbSoft.dll" [2010-11-13 3913000] . [HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-11-13 19:58 3913000 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] 2010-11-13 19:58 3913000 ----a-w- c:\program files (x86)\Softonic-Polska\tbSoft.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files (x86)\Softonic-Polska\tbSoft.dll" [2010-11-13 3913000] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000] . [HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HW_OPENEYE_OUC_blueconnect"="c:\program files (x86)\blueconnect\UpdateDog\ouc.exe" [2009-06-23 110592] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-05-13 26192168] "ALLUpdate"="c:\program files (x86)\ALLPlayer\ALLUpdate.exe" [2011-02-07 1362944] "Nowe Gadu-Gadu"="c:\program files (x86)\Nowe Gadu-Gadu\gg.exe" [2009-10-28 11539048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DataCardMonitor"="c:\program files (x86)\blueconnect\DataCardMonitor.exe" [2011-05-04 253952] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-05-06 532320] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R3 DAUpdaterSvc;Dragon Age: Początek - Aktualizator zawartości;d:\gry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x] S1 aswSP;avast! Self Protection; [x] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-05-06 393112] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2009-03-10 604704] "combofix"="c:\combofix\CF12143.3XE" [2009-07-14 344576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: Interfaces\{8b653cf8-97ef-4a27-897b-ebd9c6b4a52f}: NameServer = 213.158.199.1 213.158.199.5 FF - ProfilePath - c:\users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0bwzt7e9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.google.pl FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=867034&p= . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKCU-Run-Gadu-Gadu - c:\program files (x86)\Gadu-Gadu\gg.exe Wow6432Node-HKCU-Run-RGSC - d:\gry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe WebBrowser-{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Gadu-Gadu - c:\program files (x86)\Gadu-Gadu\Setup.exe AddRemove-Spolszczenie Sid Meier's Pirates by Termez & AliG - d:\gry\Sid Meier s Pirates!\Uninstal.exe AddRemove-Two Worlds II - d:\gry\Reality Pump\Two Worlds II\Uninstall.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\SOUNDMAN.EXE c:\users\Damian\AppData\Roaming\blueconnect\ouc.exe c:\program files (x86)\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Czas ukończenia: 2011-09-08 01:41:26 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-09-07 23:41 . Przed: 3 288 109 056 bajtów wolnych Po: 3 414 261 760 bajtów wolnych . - - End Of File - - 637621D1B220834B8AF7079F6839684F