ComboFix 11-12-04.01 - Zaj 2011-12-04 9:21.3.4 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1033.18.4076.3173 [GMT 1:00] Uruchomiony z: O:\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\ST6UNST.000 . . ((((((((((((((((((((((((( Pliki utworzone od 2011-11-04 do 2011-12-04 ))))))))))))))))))))))))))))))) . . 2011-12-04 08:25 . 2011-12-04 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-04 08:19 . 2011-12-04 08:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A8FDB30-8BEE-4ACF-B665-3B826C3EA8BF}\offreg.dll 2011-12-04 06:40 . 2011-12-04 06:40 -------- d-----w- c:\windows\SysWow64\xlive 2011-12-04 01:20 . 2011-12-04 01:20 58584 ----a-w- c:\windows\system32\drivers\PktIcpt.sys 2011-12-04 01:19 . 2011-12-04 01:19 46296 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-12-04 01:19 . 2011-12-04 01:19 102616 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-12-04 01:19 . 2011-12-04 01:19 63704 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys 2011-12-04 01:19 . 2011-12-04 01:29 -------- d-----w- c:\programdata\G DATA 2011-12-04 01:19 . 2011-12-04 01:29 -------- d-----w- c:\program files (x86)\Common Files\G Data 2011-12-04 01:19 . 2011-12-04 01:19 -------- d-----w- c:\program files (x86)\G Data 2011-12-04 00:31 . 2011-12-04 00:32 -------- d-----w- c:\program files (x86)\Ad-Remover 2011-12-04 00:20 . 2011-12-04 00:20 6375 ----a-w- C:\fix.reg 2011-12-03 23:07 . 2011-11-21 04:42 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-12-03 21:22 . 2011-12-03 21:22 -------- d-----w- c:\programdata\Comodo 2011-12-03 20:28 . 2011-12-03 20:31 -------- d-----w- c:\users\Zaj\AppData\Roaming\GetRightToGo 2011-12-03 20:20 . 2011-12-03 20:20 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-12-03 20:18 . 2011-12-03 23:11 -------- dc----w- c:\windows\system32\DRVSTORE 2011-12-03 20:18 . 2011-12-03 23:11 -------- d-----w- c:\programdata\Lavasoft 2011-12-03 20:18 . 2011-12-03 20:18 -------- d-----w- c:\program files (x86)\Lavasoft 2011-12-03 19:38 . 2011-12-03 21:22 -------- d-----w- c:\programdata\CPA_VA 2011-12-03 19:19 . 2011-12-03 19:19 -------- d-----w- C:\$UPGRADE.~OS 2011-12-03 19:18 . 2011-12-03 19:18 -------- d-----w- C:\$WINDOWS.~BT 2011-12-03 19:13 . 2011-12-03 19:13 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2011-12-03 19:13 . 2011-12-03 19:35 -------- d-----w- c:\programdata\Comodo Downloader 2011-12-03 18:56 . 2011-12-03 20:34 -------- d-----w- c:\programdata\PC Tools 2011-12-03 18:32 . 2011-12-03 18:32 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-12-03 18:32 . 2011-12-03 18:32 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-12-03 18:31 . 2011-12-03 18:31 -------- d-----w- c:\programdata\Hitman Pro 2011-12-03 18:26 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-03 17:59 . 2011-12-03 17:59 -------- d-----w- c:\windows\system32\wbem\Logs 2011-12-03 17:50 . 2011-12-03 17:50 -------- d-----w- c:\program files (x86)\ParetoLogic 2011-12-03 17:50 . 2011-12-03 17:50 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic 2011-12-03 17:40 . 2011-12-03 17:40 -------- d-----w- c:\users\Zaj\AppData\Roaming\ParetoLogic 2011-12-03 17:40 . 2011-12-03 17:40 -------- d-----w- c:\users\Zaj\AppData\Roaming\DriverCure 2011-12-03 17:40 . 2011-12-03 17:50 -------- d-----w- c:\programdata\ParetoLogic 2011-12-03 17:19 . 2011-12-03 18:00 -------- d-----w- c:\windows\system32\MpEngineStore 2011-12-03 16:57 . 2011-12-03 16:57 -------- d-----w- c:\users\Zaj\AppData\Roaming\Malwarebytes 2011-12-03 16:57 . 2011-12-03 16:57 -------- d-----w- c:\programdata\Malwarebytes 2011-12-03 16:57 . 2011-12-03 18:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-03 06:29 . 2011-12-03 06:29 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2011-12-02 23:11 . 2011-12-04 03:15 -------- d-----w- c:\windows\system32\oodag 2011-12-02 23:09 . 2011-12-02 23:09 -------- d-----w- c:\users\Zaj\AppData\Local\O&O 2011-12-02 23:09 . 2011-12-02 23:09 -------- d-----w- c:\program files\OO Software 2011-12-02 23:09 . 2011-12-04 01:18 -------- d-----w- c:\users\Zaj\AppData\Local\Downloaded Installations 2011-12-02 23:00 . 2011-12-03 16:55 -------- d-----w- c:\users\Zaj\AppData\Roaming\QuickScan 2011-12-01 19:29 . 2011-12-04 03:17 -------- d-----w- C:\pirates 2011-11-27 10:35 . 2011-11-27 10:35 -------- d-----w- c:\users\Zaj\AppData\Local\multiupload 2011-11-27 10:35 . 2011-12-04 03:17 -------- d-----w- c:\program files (x86)\Multiupload Batch Uploader 2011-11-26 05:15 . 2011-11-26 05:15 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2011-11-26 05:13 . 2011-11-26 05:13 -------- d-sh--w- c:\windows\system32\%APPDATA% 2011-11-26 05:08 . 2011-12-03 20:45 -------- d-sh--w- c:\users\Zaj\AppData\Local\862d9737 2011-11-23 19:27 . 2011-12-03 18:27 -------- d-----w- c:\program files (x86)\vShare.tv plugin 2011-11-19 02:55 . 2011-11-19 02:55 -------- d-----w- c:\program files (x86)\AutoKeyboard90 2011-11-12 06:32 . 2011-11-12 06:32 -------- d-----w- c:\windows\system32\Macromed 2011-11-11 01:01 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A8FDB30-8BEE-4ACF-B665-3B826C3EA8BF}\mpengine.dll 2011-11-11 01:01 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-11 01:01 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-11 01:01 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-11 01:01 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-11 01:01 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-11-11 01:01 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll 2011-11-10 23:41 . 2011-11-10 23:41 -------- d-----w- c:\users\Zaj\AppData\Local\Skyrim 2011-11-10 23:36 . 2011-11-10 23:36 -------- d--h--w- c:\program files (x86)\Zero G Registry 2011-11-10 23:36 . 2011-11-10 23:36 -------- d--h--w- c:\users\Zaj\InstallAnywhere 2011-11-06 11:06 . 2011-11-06 11:06 -------- d-----w- c:\users\Zaj\AppData\Roaming\The Creative Assembly 2011-11-04 23:23 . 2011-06-26 00:56 33888 ----a-w- c:\windows\system32\drivers\appliand.sys 2011-11-04 23:15 . 2011-11-04 23:15 -------- d-----w- c:\program files (x86)\Applian Technologies 2011-11-04 23:15 . 2011-11-04 23:21 -------- d-----w- c:\users\Zaj\AppData\Roaming\Replay Media Catcher 4 2011-11-04 23:15 . 2011-11-04 23:15 -------- d-----w- c:\programdata\Applian . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-04 07:13 . 2011-03-17 22:40 73216 ----a-w- c:\windows\ST6UNST.EXE 2011-12-04 07:13 . 2011-03-17 22:40 249856 ------w- c:\windows\Setup1.exe 2011-11-26 05:15 . 2011-05-20 05:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-01 03:25 . 2011-10-22 23:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-10-01 02:42 . 2011-10-22 23:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll 2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll 2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll 2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll 2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll 2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll 2011-09-12 18:10 . 2011-09-12 18:10 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2011-09-08 18:27 . 2011-10-22 20:47 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-09-08 17:59 . 2011-10-22 20:47 24229376 ----a-w- c:\windows\system32\atio6axx.dll 2011-09-08 17:39 . 2011-10-22 20:47 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll 2011-09-08 17:34 . 2011-10-22 20:47 151552 ----a-w- c:\windows\system32\atiapfxx.exe 2011-09-08 17:34 . 2011-10-22 20:47 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll 2011-09-08 17:32 . 2011-10-22 20:47 862720 ----a-w- c:\windows\system32\aticfx64.dll 2011-09-08 17:30 . 2011-10-22 20:47 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-09-08 17:30 . 2011-10-22 20:47 486912 ----a-w- c:\windows\system32\atieclxx.exe 2011-09-08 17:29 . 2011-10-22 20:47 204288 ----a-w- c:\windows\system32\atiesrxx.exe 2011-09-08 17:28 . 2011-10-22 20:47 120320 ----a-w- c:\windows\system32\atitmm64.dll 2011-09-08 17:28 . 2011-10-22 20:47 423424 ----a-w- c:\windows\system32\atipdl64.dll 2011-09-08 17:28 . 2011-10-22 20:47 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll 2011-09-08 17:28 . 2011-10-22 20:47 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll 2011-09-08 17:28 . 2011-10-22 20:47 21504 ----a-w- c:\windows\system32\atimuixx.dll 2011-09-08 17:28 . 2011-10-22 20:47 59392 ----a-w- c:\windows\system32\atiedu64.dll 2011-09-08 17:28 . 2011-10-22 20:47 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2011-09-08 17:24 . 2011-10-22 20:47 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll 2011-09-08 17:18 . 2011-10-22 20:47 1113088 ----a-w- c:\windows\system32\atiumd6v.dll 2011-09-08 17:18 . 2011-10-22 20:47 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2011-09-08 17:18 . 2011-10-22 20:47 3888640 ----a-w- c:\windows\system32\atiumd6a.dll 2011-09-08 17:16 . 2011-10-22 20:47 4944896 ----a-w- c:\windows\system32\atidxx64.dll 2011-09-08 17:09 . 2011-10-22 20:47 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2011-09-08 17:09 . 2011-10-22 20:47 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2011-09-08 17:09 . 2011-10-22 20:47 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2011-09-08 17:09 . 2011-10-22 20:47 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2011-09-08 17:09 . 2011-10-22 20:47 8723456 ----a-w- c:\windows\system32\aticaldd64.dll 2011-09-08 17:08 . 2011-10-22 20:47 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll 2011-09-08 17:05 . 2011-10-22 20:47 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll 2011-09-08 17:05 . 2011-10-22 20:47 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll 2011-09-08 17:00 . 2011-10-22 20:47 5428736 ----a-w- c:\windows\system32\atiumd64.dll 2011-09-08 16:59 . 2011-10-22 20:47 58880 ----a-w- c:\windows\system32\coinst.dll 2011-09-08 16:53 . 2011-10-22 20:47 381952 ----a-w- c:\windows\system32\atiadlxx.dll 2011-09-08 16:53 . 2011-10-22 20:47 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2011-09-08 16:52 . 2011-10-22 20:47 15360 ----a-w- c:\windows\system32\atig6pxx.dll 2011-09-08 16:52 . 2011-10-22 20:47 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2011-09-08 16:52 . 2011-10-22 20:47 13312 ----a-w- c:\windows\system32\atiglpxx.dll 2011-09-08 16:52 . 2011-10-22 20:47 39936 ----a-w- c:\windows\system32\atig6txx.dll 2011-09-08 16:52 . 2011-10-22 20:47 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll 2011-09-08 16:52 . 2011-10-22 20:47 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-09-08 16:52 . 2011-10-22 20:47 40960 ----a-w- c:\windows\system32\atiuxp64.dll 2011-09-08 16:51 . 2011-10-22 20:47 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2011-09-08 16:51 . 2011-10-22 20:47 38912 ----a-w- c:\windows\system32\atiu9p64.dll 2011-09-08 16:51 . 2011-10-22 20:47 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2011-09-08 16:51 . 2011-10-22 20:47 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-09-08 16:51 . 2011-10-22 20:47 54784 ----a-w- c:\windows\system32\atimpc64.dll 2011-09-08 16:51 . 2011-10-22 20:47 54784 ----a-w- c:\windows\system32\amdpcom64.dll 2011-09-08 16:50 . 2011-10-22 20:47 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll 2011-09-08 16:50 . 2011-10-22 20:47 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyœlne, prawidłowe wpisy nie sš pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 136176] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 136176] R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub; [x] S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x] S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [x] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] . . Zawartoœć folderu 'Zaplanowane zadania' . 2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 14:26] . 2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 14:26] . 2011-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1240944274-2991984103-2798602988-1000Core.job - c:\users\Zaj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-19 19:45] . 2011-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1240944274-2991984103-2798602988-1000UA.job - c:\users\Zaj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-19 19:45] . 2011-12-03 c:\windows\Tasks\ParetoLogic Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . ------- Skan uzupełniajšcy ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ask.com?o=101702&l=dis mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 IE: Download with GetRight Pro - c:\program files (x86)\GetRight\GRdownload.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Open with GetRight Pro Browser - c:\program files (x86)\GetRight\GRbrowse.htm TCP: DhcpNameServer = 212.76.34.50 212.76.34.49 TCP: Interfaces\{5BB08C1A-7CB1-4E60-9FE2-00307211DBCB}: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - c:\users\Zaj\AppData\Roaming\Mozilla\Firefox\Profiles\1uo4ff0u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://babelfish.iamwired.net/search.php?src=tops&q= FF - prefs.js: browser.startup.homepage - hxxp://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official FF - prefs.js: network.proxy.ftp - 89.174.20.43 FF - prefs.js: network.proxy.ftp_port - 80 FF - prefs.js: network.proxy.gopher - 75.101.224.92 FF - prefs.js: network.proxy.gopher_port - 3128 FF - prefs.js: network.proxy.http - 89.174.20.43 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.socks - 89.174.20.43 FF - prefs.js: network.proxy.socks_port - 80 FF - prefs.js: network.proxy.ssl - 89.174.20.43 FF - prefs.js: network.proxy.ssl_port - 80 FF - prefs.js: network.proxy.type - 0 . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-Excel 2007 - praktyczny kurs obs3ugi (poziom zaawansowany) - c:\windows\IsUn0415.exe AddRemove-{ACC75323-DB4A-4F7F-9AF3-1D1DEFF2D1B5} - z:\heroes of might and magic v - dzikie hordy\unins000.exe AddRemove-!śO1´¸40KLo?Ç1EO1E?!ˇÍeOuÓ2AI°a_is1 - z:\game\warhammer 40 . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ô&4gF*file:///O:/webcam/Copy%20%2818%29%20of%20showgal-php.flv] @Class="Shell" @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ô&4gF*file:///O:/webcam/Copy%20%2818%29%20of%20showgal-php.flv\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. ŒŒ>] @Class="Shell" @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. ŒŒ>\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*HÁa] @Class="Shell" @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*HÁa\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ô&4gF*file:///O:/webcam/Copy%20%2818%29%20of%20showgal-php.flv] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,72,61,70,69,64,73,68,61,72,65,5c,73,74,61,6e,74,6f,6e,5c,62, 2d,77,6f,72,6b,73,68,6f,70,31,2e,77,6d,76,00,63,00,31,00,32,00,38,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*p4] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,72,61,70,69,64,73,68,61,72,65,5c,49,43,44,2d,31,30,39,5c,5b, 49,43,44,2d,31,30,39,5d,20,ef,bc,b7,e9,a1,94,e9,a8,8e,ef,bc,a7,ef,bc,a1,ef,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*Ł7 l] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,72,61,70,69,64,73,68,61,72,65,5c,73,74,61,6e,74,6f,6e,5c,70, 6f,70,5f,68,5f,68,65,61,72,74,2e,77,6d,76,00,63,00,31,00,32,00,38,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*BCů/] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,67,69,6e,67,65,72,5f,6d,61,72,74,69,6e,73,5f,73,61,76,61,67, 65,5f,73,63,69,73,73,6f,72,73,2e,77,6d,76,00,63,00,31,00,32,00,38,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*hHv ] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,72,61,70,69,64,73,68,61,72,65,5c,73,74,61,6e,74,6f,6e,5c,6c, 61,7a,69,2d,61,6d,73,68,65,61,2e,61,76,69,00,63,00,31,00,32,00,38,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*íPt] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,72,61,70,69,64,73,68,61,72,65,5c,73,74,61,6e,74,6f,6e,5c,41, 6c,65,65,73,68,61,5f,30,30,31,2e,77,6d,76,00,63,00,31,00,32,00,38,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ňdB"] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,72,61,70,69,64,73,68,61,72,65,5c,73,74,61,6e,74,6f,6e,5c,4a, 58,44,33,32,5c,4a,58,44,33,32,2e,61,76,69,00,63,00,31,00,32,00,38,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*>f ] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,77,65,62,63,61,6d,5c,31,31,54,61,6d,70,61,4d,6f,6e,69,71,75, 65,4a,6f,6e,65,73,2d,66,6c,76,2e,66,6c,76,00,63,00,31,00,32,00,38,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ě{Ü}] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,70,72,65,5f,47,4b,6f,76,61,63,6b,5f,53,65,6e,73,75,61,6c,54, 65,61,73,65,30,32,48,44,2e,6d,6f,76,00,72,00,2e,00,ec,7b,dc,7d,00,00,a6,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\. ŒŒ>] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,62,72,61,6e,64,69,6d,61,65,5f,61,6b,65,72,73,5f,77,65,69,67, 68,74,6c,69,66,74,69,6e,67,31,2e,77,6d,76,00,63,00,31,00,32,00,38,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ΠK1] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,72,61,70,69,64,73,68,61,72,65,5c,73,74,61,6e,74,6f,6e,5c,76, 69,64,65,6f,5f,31,30,32,34,34,2e,66,6c,76,00,63,00,31,00,32,00,38,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.* ŽŻN] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,70,72,65,5f,4c,43,61,70,70,65,6c,6c,65,5f,4d,6f,6c,74,65,6e, 4d,75,73,63,6c,65,30,31,48,44,2e,6d,6f,76,00,63,00,31,00,32,00,38,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*˝˜U] @Allowed: (Read) (RestrictedCode) "0"=hex:46,3a,5c,50,6f,72,6e,5c,41,6c,65,78,69,73,20,41,6d,6f,72,65,2d,45,78, 6f,74,69,63,61,20,53,6f,74,6f,2e,61,76,69,00,63,00,31,00,32,00,38,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-1240944274-2991984103-2798602988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*HÁa] @Allowed: (Read) (RestrictedCode) "0"=hex:4f,3a,5c,72,61,70,69,64,73,68,61,72,65,5c,73,74,61,6e,74,6f,6e,5c,64, 66,31,31,31,36,31,31,30,30,31,2e,77,6d,76,00,63,00,31,00,32,00,38,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2011-12-04 09:26:49 ComboFix-quarantined-files.txt 2011-12-04 08:26 . Przed: 12 063 600 640 bajtów wolnych Po: 11 966 181 376 bajtów wolnych . - - End Of File - - E55587570DE14D333179A61A825D0F87