ComboFix 12-01-21.02 - Dawid Szewczyk 2012-01-22   9:16.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3884.1813 [GMT 1:00]
Uruchomiony z: c:\users\Dawid Szewczyk\Downloads\ComboFix.exe
AV: Computer Security *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Computer Security *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Computer Security *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\faCEmoodstlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\programdata\FullRemove.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\IsUn0415.exe
c:\windows\system32\consrv.dll
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-12-22 do 2012-01-22  )))))))))))))))))))))))))))))))
.
.
2012-01-22 08:56 . 2012-01-22 08:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-22 08:05 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B465EFE8-33A8-45CC-ADDC-160FE3752A13}\mpengine.dll
2012-01-11 19:32 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 19:32 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 19:32 . 2011-10-26 04:32	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 19:32 . 2011-10-26 05:25	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 19:11 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 19:11 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 19:11 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 19:11 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-09 20:35 . 2012-01-09 20:35	--------	d-----w-	c:\users\Dawid Szewczyk\AppData\Roaming\Malwarebytes
2012-01-09 20:35 . 2012-01-09 20:35	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-09 20:35 . 2012-01-10 06:00	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-09 19:52 . 2012-01-10 06:00	--------	d-----w-	c:\program files\trend micro
2012-01-09 19:52 . 2012-01-09 19:53	--------	d-----w-	C:\rsit
2012-01-06 20:22 . 2012-01-06 20:22	--------	d-----w-	c:\users\Dawid Szewczyk\AppData\Roaming\LibreOffice
2012-01-06 20:17 . 2012-01-06 20:19	--------	d-----w-	c:\program files (x86)\LibreOffice 3.4
2012-01-06 18:43 . 2012-01-06 18:43	42672	----a-w-	c:\windows\SysWow64\drivers\fsbts.sys
2012-01-06 18:38 . 2011-12-12 07:58	58560	----a-w-	c:\windows\system32\drivers\fsccsys.sys
2012-01-06 18:37 . 2011-10-04 16:00	46792	----a-w-	c:\windows\system32\drivers\fses.sys
2012-01-06 18:37 . 2011-10-04 16:00	96008	----a-w-	c:\windows\system32\drivers\fsdfw.sys
2012-01-06 18:30 . 2012-01-06 18:30	--------	d-----w-	c:\programdata\fssg
2012-01-06 18:29 . 2012-01-06 18:29	--------	d-----w-	c:\program files (x86)\F-Secure
2012-01-06 18:24 . 2012-01-06 18:24	--------	d-----w-	c:\windows\system32\Macromed
2012-01-05 19:08 . 2012-01-05 19:08	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-01-05 19:06 . 2012-01-05 19:06	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-01-05 19:02 . 2012-01-06 18:38	--------	d-----w-	c:\programdata\F-Secure
2012-01-04 18:55 . 2012-01-04 18:55	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-04 18:55 . 2012-01-04 18:55	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-04 18:55 . 2012-01-04 18:55	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-04 18:55 . 2012-01-04 18:55	43992	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 20:10 . 2011-08-02 19:17	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-13 19:30	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2011-07-25 19:22	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-11-05 05:41 . 2011-12-13 19:32	1188864	----a-w-	c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-13 19:30	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-13 19:32	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-13 19:30	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-13 19:32	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-13 19:32	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-13 19:32	43520	----a-w-	c:\windows\system32\csrsrv.dll
2009-04-08 17:31 . 2009-04-08 17:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45	155648	----a-w-	c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BatteryCare"="c:\program files (x86)\BatteryCare\BatteryCare.exe" [2011-12-08 704512]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AQQ"="c:\progra~2\WapSter\WAPSTE~1\AQQ.exe" [2011-12-22 10234880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-08-28 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"F-Secure Hoster"="c:\program files (x86)\F-Secure\fshoster32.exe" [2011-10-04 156328]
"F-Secure Manager"="c:\program files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2011-10-04 311976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-7-10 113664]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-8-28 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-28 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAPower"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys [2008-07-26 14544]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2012-01-06 62120]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2011-10-04 15016]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\F-Secure\fshoster32.exe [2011-10-04 156328]
S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [2011-10-05 61112]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-07-12 1616488]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2012-01-06 198808]
S3 fsccsys1325875136;F-Secure Content Control Driver;c:\windows\System32\drivers\fsccsys.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 06:57]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 06:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"combofix"="c:\combofix\CF15651.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
sandradatasrv
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://startsear.ch/?aff=1&cf=893fe8e6-e6de-11e0-8275-20cf30460ada
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://startsear.ch/?aff=1&cf=893fe8e6-e6de-11e0-8275-20cf30460ada
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8F7985EE-6697-4248-B0CE-5427C54BD5D5}: NameServer = 89.108.195.20 217.17.34.10
TCP: Interfaces\{941ACC9A-15E1-4F4C-AEFB-C85E7F9BC2BA}: NameServer = 89.108.195.20 217.17.34.10
FF - ProfilePath - c:\users\Dawid Szewczyk\AppData\Roaming\Mozilla\Firefox\Profiles\fbp5cp4b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://szewczyk.me
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0415.EXE
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fshoster]
"ImagePath"="\"c:\program files (x86)\F-Secure\fshoster32.exe\" -hosterid:0"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\F-Secure\My Services Agent\Protected]
@Denied: ) (Everyone)
"AgentIdentifier"="a205fd08-d966-4dd3-8091-574ea741102c"
"AuthorizationCode"="SbuKdLMJzbRdmPCfNWP2oHWIklSsvw2iCEbTrfWdBhhTyjSCnalPFA"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Czas ukończenia: 2012-01-22  10:07:17 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-01-22 09:07
.
Przed: 28 296 880 128 bajtów wolnych
Po: 28 709 339 136 bajtów wolnych
.
- - End Of File - - 54FF8CC7260A8AA0BAC5B5997FAD53C6