ComboFix 11-09-28.01 - bartuœ 2011-09-28 19:16:58.3.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.4092.3077 [GMT 2:00] Uruchomiony z: c:\users\bartuœ\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usuniêto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\facemoods.com c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\faCEmoodstlbr.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe c:\windows\pl c:\windows\pl\WLXPGSS.SCR.mui c:\windows\system32\no c:\windows\system32\no\DPCrProv.dll.mui c:\windows\system32\no\DPSDApi.dll.mui c:\windows\system32\SV c:\windows\system32\SV\DPCrProv.dll.mui c:\windows\system32\SV\DPSDApi.dll.mui c:\windows\SysWow64\no c:\windows\SysWow64\no\DPCrProv.dll.mui c:\windows\SysWow64\no\DPSDApi.dll.mui c:\windows\SysWow64\SV c:\windows\SysWow64\SV\DPCrProv.dll.mui c:\windows\SysWow64\SV\DPSDApi.dll.mui c:\windows\XSxS . . ((((((((((((((((((((((((( Pliki utworzone od 2011-08-28 do 2011-09-28 ))))))))))))))))))))))))))))))) . . 2011-09-28 17:27 . 2011-09-28 17:27 -------- d-----w- c:\users\bartuœ\AppData\Local\{8F5466B2-CC96-429E-8437-C72F9B6E2A57} 2011-09-28 17:27 . 2011-09-28 17:27 -------- d-----w- c:\users\bartuœ\AppData\Local\{023C31E6-0D88-487B-B13F-BF317FD0F41F} 2011-09-28 17:24 . 2011-09-28 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-28 16:27 . 2011-09-28 16:27 -------- d-----w- c:\users\bartuœ\AppData\Local\{A1BA9E84-629D-4C1A-9EBA-5DEEA4FDB89F} 2011-09-28 16:26 . 2011-09-28 16:27 -------- d-----w- c:\users\bartuœ\AppData\Local\{91B60597-5567-4C4E-AB4F-B93C6FF5878D} 2011-09-28 16:23 . 2011-09-28 16:23 -------- d-----w- c:\users\bartuœ\AppData\Local\{A1AB2BF3-9CD3-4C59-AAA4-666DA083BFCA} 2011-09-28 16:23 . 2011-09-28 16:23 -------- d-----w- c:\users\bartuœ\AppData\Local\{6278DFF2-D449-408B-AF4E-0A3131FCF1E7} 2011-09-28 15:38 . 2011-09-28 15:38 12393 ----a-w- c:\users\bartuœ\AppData\Local\Bron.tok.A12.em.bin 2011-09-28 14:17 . 2011-09-28 14:17 -------- d-----w- c:\users\bartuœ\AppData\Local\{524EBE49-D07B-4EBC-857B-E3E13CBD3372} 2011-09-28 14:16 . 2011-09-28 14:17 -------- d-----w- c:\users\bartuœ\AppData\Local\{BF22BD8D-403D-4525-866F-CF00D6795F74} 2011-09-28 05:37 . 2011-09-28 05:37 -------- d-----w- c:\users\bartuœ\AppData\Local\{E5BCE6A7-F5A3-4CDC-8564-287FB7CE5FD2} 2011-09-28 05:37 . 2011-09-28 05:37 -------- d-----w- c:\users\bartuœ\AppData\Local\{EB02359F-9093-415A-AE99-E83B0897F1E1} 2011-09-27 22:59 . 2011-09-27 22:59 -------- d-----w- c:\users\bartuœ\AppData\Local\{597608F4-9584-44EF-A892-514EA76C7810} 2011-09-27 22:58 . 2011-09-27 22:59 -------- d-----w- c:\users\bartuœ\AppData\Local\{C9D76D1B-EC88-4595-92F9-BD61E2B13EFD} 2011-09-27 12:20 . 2011-09-27 12:20 -------- d-----w- c:\users\bartuœ\AppData\Local\{5F757675-E3F2-4AAC-A322-B02F58E0B09F} 2011-09-27 12:19 . 2011-09-27 12:19 -------- d-----w- c:\users\bartuœ\AppData\Local\{03E16504-F3C1-4354-A40E-84A7B99E9FDE} 2011-09-27 08:18 . 2011-09-27 08:18 -------- d-----w- c:\users\bartuœ\AppData\Local\{5D980A9E-097A-48A3-A632-B338F9ED9775} 2011-09-27 08:17 . 2011-09-27 08:18 -------- d-----w- c:\users\bartuœ\AppData\Local\{06510946-4D84-45AD-A5B7-686CC80695F3} 2011-09-26 19:36 . 2011-09-26 19:36 -------- d-----w- c:\users\bartuœ\AppData\Local\{24D375AE-034E-4DF8-A78E-062D40C580E4} 2011-09-26 19:35 . 2011-09-26 19:35 -------- d-----w- c:\users\bartuœ\AppData\Local\{3A8D5F76-19A7-4C4B-B48A-1358F686E6C0} 2011-09-26 11:56 . 2011-09-26 11:56 -------- d-----w- c:\users\bartuœ\AppData\Local\{2CC9F8AF-109F-408A-948A-A2CABBA16E4E} 2011-09-26 11:56 . 2011-09-26 11:56 -------- d-----w- c:\users\bartuœ\AppData\Local\{BF786F10-CF97-4844-B0CB-2C430311A536} 2011-09-26 07:31 . 2011-09-26 07:31 -------- d-----w- c:\users\bartuœ\AppData\Local\{64BBC8A1-1B32-49E4-B734-ECFF5CABDEDF} 2011-09-26 07:31 . 2011-09-26 07:31 -------- d-----w- c:\users\bartuœ\AppData\Local\{1CC40D88-2AA8-42EE-B6B8-464F2882447C} 2011-09-25 21:55 . 2011-09-25 21:55 -------- d-----w- c:\users\bartuœ\AppData\Local\{465B02F0-FD3A-410C-8643-1706390A5F3A} 2011-09-25 21:55 . 2011-09-25 21:55 -------- d-----w- c:\users\bartuœ\AppData\Local\{41B293BC-9DDE-43D9-B106-7A2AC2C1E612} 2011-09-25 16:31 . 2011-09-25 16:31 -------- d-----w- c:\users\bartuœ\AppData\Local\{4B538BCD-B5FA-4C20-A844-43A9E4B9C44C} 2011-09-25 16:31 . 2011-09-25 16:31 -------- d-----w- c:\users\bartuœ\AppData\Local\{C2BBA8A9-339A-4217-9B75-8AB4EEDCC28B} 2011-09-25 13:11 . 2011-09-25 13:11 -------- d-----w- c:\users\bartuœ\AppData\Local\{5FB1719A-8C37-49E0-9D2E-31C658CA338C} 2011-09-25 13:11 . 2011-09-25 13:11 -------- d-----w- c:\users\bartuœ\AppData\Local\{7503AFC7-5F8B-4768-A6F1-923B7F4EE6E2} 2011-09-25 12:45 . 2011-09-25 12:45 -------- d-----w- c:\users\bartuœ\AppData\Local\{549F9655-11DF-45EF-8E96-EC204F838785} 2011-09-25 12:44 . 2011-09-25 12:45 -------- d-----w- c:\users\bartuœ\AppData\Local\{FA4EF53A-3FB6-4E8B-B282-DE4CC9E5E441} 2011-09-25 07:32 . 2011-09-25 07:33 -------- d-----w- c:\users\bartuœ\AppData\Local\{EDEE4C0A-87C0-4218-B0FE-DF218690D51E} 2011-09-25 07:32 . 2011-09-25 07:32 -------- d-----w- c:\users\bartuœ\AppData\Local\{D1D04241-A1BA-4EB9-9EF5-6B0CBF9F8A7D} 2011-09-24 18:39 . 2011-09-24 18:39 -------- d-----w- c:\users\bartuœ\AppData\Local\{6AC950E8-23C1-4181-A3DB-D41F27645138} 2011-09-24 18:39 . 2011-09-24 18:39 -------- d-----w- c:\users\bartuœ\AppData\Local\{1433716A-3660-402A-A973-46B1FCD22F78} 2011-09-24 17:14 . 2011-09-24 17:15 -------- d-----w- c:\users\bartuœ\AppData\Local\{2CF146D1-6736-48BD-860A-575D7B6C86F3} 2011-09-24 17:14 . 2011-09-24 17:14 -------- d-----w- c:\users\bartuœ\AppData\Local\{FB3ED92F-5605-4101-8D64-685587D66620} 2011-09-24 09:25 . 2011-09-24 09:25 -------- d-----w- c:\users\bartuœ\AppData\Local\{8E7E4FCA-52B9-4980-8CA7-65B8685CAD85} 2011-09-24 09:25 . 2011-09-24 09:25 -------- d-----w- c:\users\bartuœ\AppData\Local\{6496437E-4DA2-4931-A79A-7AC13D6DE2D1} 2011-09-23 13:49 . 2011-09-23 13:50 -------- d-----w- c:\users\bartuœ\AppData\Local\{5DB8C195-2D25-4665-9BD2-E12EF8EA5D7A} 2011-09-23 13:49 . 2011-09-23 13:49 -------- d-----w- c:\users\bartuœ\AppData\Local\{65FBE946-C022-47CB-A64B-2F10B7374EF1} 2011-09-23 06:17 . 2011-09-23 06:17 -------- d-----w- c:\users\bartuœ\AppData\Local\{A2564BEC-6242-4890-A27F-75709ECCB442} 2011-09-23 06:16 . 2011-09-23 06:16 -------- d-----w- c:\users\bartuœ\AppData\Local\{01462DD5-7D8B-43C1-A405-B1595DFC7E20} 2011-09-22 13:03 . 2011-09-22 13:03 -------- d-----w- c:\users\bartuœ\AppData\Local\{BBD7F854-E3E8-495A-A7F8-32749295AA22} 2011-09-22 13:03 . 2011-09-22 13:03 -------- d-----w- c:\users\bartuœ\AppData\Local\{92F88567-8776-456E-822C-768C348B9686} 2011-09-22 05:09 . 2011-09-22 05:09 -------- d-----w- c:\users\bartuœ\AppData\Local\{11A2F366-32B6-4522-B8BE-E8E2C8DC2DE9} 2011-09-22 05:08 . 2011-09-22 05:08 -------- d-----w- c:\users\bartuœ\AppData\Local\{DD5BBDB2-31DE-4AA5-80EE-955C49EA6A61} 2011-09-21 13:33 . 2011-09-21 13:33 -------- d-----w- c:\users\bartuœ\AppData\Local\{40C08825-6BC1-4524-B108-99C895957A3C} 2011-09-21 13:33 . 2011-09-21 13:33 -------- d-----w- c:\users\bartuœ\AppData\Local\{96067C8A-8D39-4CAB-A636-56224B21A600} 2011-09-21 06:14 . 2011-09-21 06:14 -------- d-----w- c:\users\bartuœ\AppData\Local\{C77E8FB0-9779-432F-BC2E-D7B697BF014B} 2011-09-21 06:13 . 2011-09-21 06:14 -------- d-----w- c:\users\bartuœ\AppData\Local\{02C56932-7B53-41E9-BABC-75227D30A150} 2011-09-20 20:03 . 2011-09-20 20:03 -------- d-----w- c:\users\bartuœ\AppData\Local\{2C62E4C5-F6F6-4801-8CA4-695A4ECEBA3C} 2011-09-20 20:02 . 2011-09-20 20:03 -------- d-----w- c:\users\bartuœ\AppData\Local\{1D2E82F3-FA2B-4D9A-8F1F-CF44C00AD64E} 2011-09-20 13:54 . 2011-09-20 13:54 -------- d-----w- c:\users\bartuœ\AppData\Local\{D8A79353-14B4-4B74-8603-9783F7FDC9BA} 2011-09-20 13:53 . 2011-09-20 13:54 -------- d-----w- c:\users\bartuœ\AppData\Local\{441A15ED-CF69-440D-8CA8-197DC8DC61D9} 2011-09-20 05:02 . 2011-09-20 05:02 -------- d-----w- c:\users\bartuœ\AppData\Local\{182E1E89-DDCB-4FA7-B8A2-A01C8530A49A} 2011-09-20 05:02 . 2011-09-20 05:02 -------- d-----w- c:\users\bartuœ\AppData\Local\{D0924E43-4187-43E9-A509-240504E73EC4} 2011-09-19 13:28 . 2011-09-19 13:28 -------- d-----w- c:\users\bartuœ\AppData\Local\{771B6A9A-F7CA-4765-98D6-E6C8F1C1A600} 2011-09-19 13:27 . 2011-09-19 13:28 -------- d-----w- c:\users\bartuœ\AppData\Local\{BBCD514E-21BD-4A48-B613-2DE805EC975B} 2011-09-17 11:45 . 2011-09-17 11:45 -------- d-----w- c:\users\bartuœ\AppData\Local\{B38F05CF-264B-45DF-B159-2CC98A9BC601} 2011-09-17 11:45 . 2011-09-17 11:45 -------- d-----w- c:\users\bartuœ\AppData\Local\{ECB7463E-526F-4BA4-B8C4-AC9558663EBA} 2011-09-17 10:20 . 2011-09-17 10:20 -------- d-----w- c:\users\bartuœ\AppData\Local\{28C3022D-4620-4405-8B55-B31A3B903D2C} 2011-09-17 10:20 . 2011-09-17 10:20 -------- d-----w- c:\users\bartuœ\AppData\Local\{64E0FC8A-4751-4B4F-9239-CEF423004BD1} 2011-09-17 09:40 . 2011-09-17 09:40 -------- d-----w- c:\users\bartuœ\AppData\Local\{6E64ADD9-7552-4A27-99E1-13197C13E705} 2011-09-17 09:39 . 2011-09-17 09:40 -------- d-----w- c:\users\bartuœ\AppData\Local\{4076CBC6-3F2B-4C9A-8EFC-61C64FB524BB} 2011-09-16 05:16 . 2011-09-16 05:16 -------- d-----w- c:\users\bartuœ\AppData\Local\{C83A25B1-22CD-4AB2-A68E-1732CDB189EC} 2011-09-16 05:16 . 2011-09-16 05:16 -------- d-----w- c:\users\bartuœ\AppData\Local\{F0A711EA-0AC3-4915-B9B5-8FF7083DC667} 2011-09-15 15:48 . 2011-09-15 15:48 -------- d-----w- c:\users\bartuœ\AppData\Local\{F306503F-00D8-4109-B63A-2E1CDB9EAA5D} 2011-09-15 13:03 . 2011-09-15 13:03 -------- d-----w- c:\users\bartuœ\AppData\Local\{759C92D8-792A-4F77-AE74-77A15073C54D} 2011-09-15 13:03 . 2011-09-15 13:03 -------- d-----w- c:\users\bartuœ\AppData\Local\{21E92BF4-180D-493D-8D89-9F8FC748A07D} 2011-09-15 05:22 . 2011-09-15 05:22 -------- d-----w- c:\users\bartuœ\AppData\Local\{E607FBFE-38B1-4815-B368-176478D86E64} 2011-09-15 05:22 . 2011-09-15 05:22 -------- d-----w- c:\users\bartuœ\AppData\Local\{17967005-3894-45DE-AE20-D0D85DB4629C} 2011-09-14 17:57 . 2011-09-14 17:57 -------- d-----w- c:\users\bartuœ\AppData\Local\{38946CCA-C190-4C0D-9C35-200FBF3355AB} 2011-09-14 17:57 . 2011-09-14 17:57 -------- d-----w- c:\users\bartuœ\AppData\Local\{03BF5DBA-2E06-4334-B7D7-10100F4CFE4D} 2011-09-14 17:05 . 2011-09-14 17:06 -------- d-----w- c:\users\bartuœ\AppData\Local\{49B8E28D-638C-45F4-B6E4-836F92825575} 2011-09-14 17:05 . 2011-09-14 17:05 -------- d-----w- c:\users\bartuœ\AppData\Local\{AAAB3555-B0A9-48A4-ABDD-5951185FFDB0} 2011-09-14 14:20 . 2011-09-14 14:20 -------- d-----w- c:\users\bartuœ\AppData\Local\{18997782-3E23-4F64-8F3C-316BA62BD30F} 2011-09-14 14:20 . 2011-09-14 14:20 -------- d-----w- c:\users\bartuœ\AppData\Local\{AB945AE6-ACD0-444B-B1DE-69299FC8D893} 2011-09-14 05:47 . 2011-09-14 05:47 -------- d-----w- c:\users\bartuœ\AppData\Local\{EB169531-6F4D-4CBF-B7D5-6638EA3D37DF} 2011-09-14 05:46 . 2011-09-14 05:46 -------- d-----w- c:\users\bartuœ\AppData\Local\{9CD1FD1A-4AB5-4AC7-B311-529FB7D34B87} 2011-09-13 12:20 . 2011-09-13 12:20 -------- d-----w- c:\users\bartuœ\AppData\Local\{480F4AF3-2010-4C02-9B61-B3779C06DE00} 2011-09-13 12:19 . 2011-09-13 12:20 -------- d-----w- c:\users\bartuœ\AppData\Local\{338C356C-E440-482B-98C6-86AA8BAD46D5} 2011-09-13 06:21 . 2011-09-13 06:21 -------- d-----w- c:\users\bartuœ\AppData\Local\{0602DF8A-D16D-46B7-8D7E-9BDCC41ED314} 2011-09-13 06:21 . 2011-09-13 06:21 -------- d-----w- c:\users\bartuœ\AppData\Local\{49D1F6DD-2653-44DE-AAD4-0A90E34EADA8} 2011-09-12 16:18 . 2011-09-12 16:19 -------- d-----w- c:\users\bartuœ\AppData\Local\{D0B66C51-1D56-409F-8FE6-196AC3FAAFAF} 2011-09-12 16:18 . 2011-09-12 16:18 -------- d-----w- c:\users\bartuœ\AppData\Local\{1C22F634-F067-49DA-930E-C811FD0CCB3E} 2011-09-12 14:57 . 2011-09-12 14:57 -------- d-----w- c:\users\bartuœ\AppData\Local\{5F2A177A-5402-4023-9381-3CE456E6FBBB} 2011-09-12 14:57 . 2011-09-12 14:57 -------- d-----w- c:\users\bartuœ\AppData\Local\{DE329F40-E480-44E3-8881-315D2E96AAC7} 2011-09-12 12:57 . 2011-09-12 12:57 -------- d-----w- c:\users\bartuœ\AppData\Local\{A3E5615A-D0AD-4B08-AD13-DEE70A9B07B9} 2011-09-12 12:56 . 2011-09-12 12:57 -------- d-----w- c:\users\bartuœ\AppData\Local\{D6D43868-2E6D-4A56-BA8F-C59D30BEA005} 2011-09-12 07:28 . 2011-09-12 07:28 -------- d-----w- c:\users\bartuœ\AppData\Local\{F89AF6D2-2540-48CD-AF46-548CEBC0ECF1} 2011-09-12 07:27 . 2011-09-12 07:28 -------- d-----w- c:\users\bartuœ\AppData\Local\{386DCA31-3BAD-487F-9E6A-82505D71AF8F} 2011-09-11 22:36 . 2011-09-11 22:36 -------- d-----w- c:\users\bartuœ\AppData\Local\{C9B2ECB0-6480-4E6B-8B98-1CFAFE90BEDD} 2011-09-11 22:36 . 2011-09-11 22:36 -------- d-----w- c:\users\bartuœ\AppData\Local\{EF4C017E-5A84-40B6-B51A-5F18DDDEED0A} 2011-09-11 17:12 . 2011-09-11 17:12 -------- d-----w- c:\users\bartuœ\AppData\Local\{64749C8E-1BD3-484D-853D-DE904B642701} 2011-09-11 17:12 . 2011-09-11 17:12 -------- d-----w- c:\users\bartuœ\AppData\Local\{B7883DB6-EB66-4FB8-9EF8-408CD66A52F7} 2011-09-11 15:42 . 2011-09-11 15:42 -------- d-----w- c:\users\bartuœ\AppData\Local\{D685DD8A-E25A-4D51-9771-1BAC6884FC11} 2011-09-11 15:41 . 2011-09-11 15:42 -------- d-----w- c:\users\bartuœ\AppData\Local\{0BFAA509-24EF-410B-A399-98367F3868A1} 2011-09-11 13:54 . 2011-09-11 13:54 -------- d-----w- c:\users\bartuœ\AppData\Local\{3C4F353D-8B04-4F2B-8D03-0E2DB4CAD883} 2011-09-11 13:54 . 2011-09-11 13:54 -------- d-----w- c:\users\bartuœ\AppData\Local\{13E68EF2-E522-4F72-AAE8-D396406CBEEF} 2011-09-11 09:15 . 2011-09-11 09:15 -------- d-----w- c:\users\bartuœ\AppData\Local\{899A35D0-7A13-408B-A491-3B2419943146} 2011-09-11 09:15 . 2011-09-11 09:15 -------- d-----w- c:\users\bartuœ\AppData\Local\{3E755BD1-270B-4E1D-B431-5FA9EA6B2D9A} 2011-09-10 16:56 . 2011-09-10 16:56 -------- d-----w- c:\users\bartuœ\AppData\Local\{34FA39D2-2467-4234-834A-46571F755A17} 2011-09-10 16:55 . 2011-09-10 16:55 -------- d-----w- c:\users\bartuœ\AppData\Local\{25739F32-168C-4947-8E69-ED70324A70F1} 2011-09-10 13:08 . 2011-09-10 13:08 -------- d-----w- c:\users\bartuœ\AppData\Local\{33BB8AEB-D101-4404-88DF-D971F96B6445} 2011-09-10 13:08 . 2011-09-10 13:08 -------- d-----w- c:\users\bartuœ\AppData\Local\{05770403-4074-463D-B49D-7E794A0BF731} 2011-09-10 08:55 . 2011-09-10 08:55 -------- d-----w- c:\users\bartuœ\AppData\Local\{9A24A706-2F3C-4EEE-B46C-8D477D8A5E3F} 2011-09-10 08:54 . 2011-09-10 08:55 -------- d-----w- c:\users\bartuœ\AppData\Local\{5538D154-AE5E-473D-9CA9-6108F3D067D5} 2011-09-09 14:44 . 2011-09-09 14:44 -------- d-----w- c:\users\bartuœ\AppData\Local\{BD234300-8A99-4719-9ACA-B73727C420A3} 2011-09-09 14:43 . 2011-09-09 14:44 -------- d-----w- c:\users\bartuœ\AppData\Local\{9B7F5453-0454-4E1B-8971-594B8D44F3EB} 2011-09-08 20:20 . 2011-09-08 20:20 -------- d-----w- c:\users\bartuœ\AppData\Local\{C47821FF-A537-4985-8B08-99D919303136} 2011-09-08 20:20 . 2011-09-08 20:20 -------- d-----w- c:\users\bartuœ\AppData\Local\{794588EE-0DA4-43EB-AA08-1610B662DDCD} 2011-09-08 12:27 . 2011-09-08 12:27 -------- d-----w- c:\users\bartuœ\AppData\Local\{8B55292C-2A98-435E-8423-220C454F85E1} 2011-09-08 12:27 . 2011-09-08 12:27 -------- d-----w- c:\users\bartuœ\AppData\Local\{962F7B87-EC4D-4EE0-8A14-F3CE110D5722} 2011-09-08 06:42 . 2011-09-08 06:42 -------- d-----w- c:\users\bartuœ\AppData\Local\{287AFA8F-D83F-49D3-92C5-CD946A58B9E6} 2011-09-08 06:42 . 2011-09-08 06:42 -------- d-----w- c:\users\bartuœ\AppData\Local\{B3F417CF-A259-47CF-85A0-EC0CDA4F731C} 2011-09-07 13:39 . 2011-09-07 13:39 -------- d-----w- c:\users\bartuœ\AppData\Local\{7FECD15B-5FB6-4903-94DA-08746BFB42D3} 2011-09-07 13:39 . 2011-09-07 13:39 -------- d-----w- c:\users\bartuœ\AppData\Local\{B5A7258D-3AD4-4955-954D-E9825C397076} 2011-09-07 05:46 . 2011-09-07 05:46 -------- d-----w- c:\users\bartuœ\AppData\Local\{A6BFD850-8A33-4097-B3F4-42958CF5EF44} 2011-09-07 05:46 . 2011-09-07 05:46 -------- d-----w- c:\users\bartuœ\AppData\Local\{A52DC20F-FEA5-4222-A087-89A4A1AE8BA6} 2011-09-06 19:48 . 2011-09-06 19:48 -------- d-----w- c:\users\bartuœ\AppData\Local\{85D92D3F-4C99-45D1-B1A1-527241EB7AE8} 2011-09-06 19:48 . 2011-09-06 19:48 -------- d-----w- c:\users\bartuœ\AppData\Local\{7CCBC55F-3FD2-4C31-B4C7-9FFA93BAF09F} 2011-09-06 12:24 . 2011-09-06 12:24 -------- d-----w- c:\users\bartuœ\AppData\Local\{194C6947-C9CF-4002-839E-6AB8670790DF} 2011-09-06 12:23 . 2011-09-06 12:24 -------- d-----w- c:\users\bartuœ\AppData\Local\{E0F21A7C-1511-4686-8399-D23B6D74681D} . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-28 17:29 . 2011-09-28 17:29 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{917AA6BA-A5C6-4AC0-B469-D2828CEF9BDC}\offreg.dll 2011-09-28 15:38 . 2011-09-28 15:38 12393 ----a-w- c:\users\bartuœ\AppData\Local\Bron.tok.A12.em.bin 2011-09-28 15:38 . 2011-09-28 15:38 12393 ----a-w- c:\users\bartuœ\AppData\Local\Bron.tok.A12.em.bin 2011-09-13 00:26 . 2011-09-27 08:27 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{917AA6BA-A5C6-4AC0-B469-D2828CEF9BDC}\mpengine.dll 2011-07-22 05:35 . 2011-08-10 10:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 04:56 . 2011-08-10 10:24 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-16 09:17 . 2011-07-16 09:17 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-16 05:26 . 2011-08-10 10:25 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-16 05:26 . 2011-08-10 10:25 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-16 05:26 . 2011-08-10 10:25 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-16 05:26 . 2011-08-10 10:25 214528 ----a-w- c:\windows\system32\winsrv.dll 2011-07-16 05:24 . 2011-08-10 10:25 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-16 05:21 . 2011-08-10 10:25 422400 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 05:17 . 2011-08-10 10:25 338432 ----a-w- c:\windows\system32\conhost.exe 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 05:04 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 04:36 . 2011-08-10 10:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-16 04:32 . 2011-08-10 10:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-16 04:31 . 2011-08-10 10:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-16 04:30 . 2011-08-10 10:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-16 04:30 . 2011-08-10 10:25 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll 2011-07-16 04:19 . 2011-08-10 10:25 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 04:19 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2011-07-16 02:26 . 2011-08-10 10:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-16 02:26 . 2011-08-10 10:25 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-16 02:21 . 2011-08-10 10:25 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 10:25 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 10:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 10:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 05:14 . 2011-08-24 21:02 2048 ----a-w- c:\windows\system32\tzres.dll 2011-07-09 04:30 . 2011-08-24 21:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-07-09 02:44 . 2011-08-10 10:26 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-24 395640] "Gadu-Gadu 10"="c:\program files (x86)\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "IPLA!"="c:\program files (x86)\ipla\ipla.exe" [2011-07-27 19781576] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304] "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-07-17 842816] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] . c:\users\bartu˜\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Empty.pif [2009-1-19 42687] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [x] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x] R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 WatAdminSvc;Us³uga Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 archlp;archlp;SysWOW64\drivers\archlp.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400] S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Zawartoœæ folderu 'Zaplanowane zadania' . 2011-09-28 c:\windows\Tasks\HPCeeScheduleForbartuœ.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 171520] "combofix"="c:\combofix\CF31389.3XE" [2009-07-14 344576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Skan uzupe³niaj¹cy ------- . uStart Page = hxxp://start.facemoods.com/?a=ddrnw uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.bing.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Wyœlij obraz do urz¹dzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyœlij stronê do urz¹dzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - USUNIÊTO PUSTE WPISY - - - - . Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozosta³e uruchomione procesy ------------------------ . c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe . ************************************************************************** . Czas ukoñczenia: 2011-09-28 19:34:21 - komputer zosta³ uruchomiony ponownie ComboFix-quarantined-files.txt 2011-09-28 17:34 . Przed: 30 041 366 528 bajtów wolnych Po: 29 555 781 632 bajtów wolnych . - - End Of File - - BD2EFA25A3FB283EBCC105343961F0A1