ComboFix 12-01-23.02 - www 2012-01-25 22:46:10.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.4094.2768 [GMT 1:00] Uruchomiony z: d:\smieci\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((( Pliki utworzone od 2011-12-25 do 2012-01-25 ))))))))))))))))))))))))))))))) . . 2012-01-25 21:50 . 2012-01-25 21:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-01-25 21:50 . 2012-01-25 21:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-24 21:36 . 2012-01-24 21:36 -------- d-----w- c:\users\www\AppData\Roaming\Malwarebytes 2012-01-24 21:36 . 2012-01-24 21:36 -------- d-----w- c:\programdata\Malwarebytes 2012-01-24 21:36 . 2012-01-24 21:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-01-24 21:36 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-24 20:54 . 2012-01-24 20:54 -------- d-----w- c:\users\www\DoctorWeb 2012-01-24 19:32 . 2012-01-24 19:32 -------- d-----w- c:\programdata\McAfee 2012-01-24 19:32 . 2012-01-24 19:32 -------- d-----w- c:\windows\system32\Macromed 2012-01-23 16:54 . 2012-01-23 16:53 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-23 16:53 . 2012-01-23 16:53 -------- d-----w- c:\program files\Java 2012-01-23 16:28 . 2012-01-23 16:28 -------- d-----w- c:\users\www\AppData\Local\ElevatedDiagnostics 2012-01-22 23:03 . 2012-01-22 23:03 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-01-22 23:00 . 2012-01-24 05:45 -------- dc----w- c:\windows\system32\DRVSTORE 2012-01-22 23:00 . 2012-01-22 23:00 -------- d-----w- c:\programdata\Lavasoft 2012-01-22 23:00 . 2012-01-22 23:00 -------- d-----w- c:\program files (x86)\Lavasoft 2012-01-22 22:58 . 2012-01-22 22:58 -------- d-----w- c:\programdata\Webroot 2012-01-22 22:58 . 2012-01-22 22:58 -------- d-----w- c:\users\www\AppData\Local\PackageAware 2012-01-22 13:42 . 2009-03-09 14:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll 2012-01-22 13:42 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll 2012-01-22 12:44 . 2012-01-22 13:38 -------- d-----w- c:\users\TEMP 2012-01-22 12:44 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBE48C41-158D-436E-B94D-5AC223F81917}\mpengine.dll 2012-01-19 21:37 . 2012-01-19 21:37 -------- d-----w- c:\users\www\AppData\Local\Diagnostics 2012-01-19 17:12 . 2012-01-19 21:42 36864 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll 2012-01-19 17:12 . 2012-01-19 21:42 98304 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe 2012-01-19 17:12 . 2012-01-19 21:42 102400 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll 2012-01-19 17:05 . 2009-02-09 01:10 68232 ----a-w- c:\windows\UnDeployV.exe 2012-01-11 16:50 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 16:50 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 16:50 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 16:50 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 16:49 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 16:49 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-11 16:49 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 16:49 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-24 19:32 . 2011-06-07 09:42 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-26 12:13 . 2011-12-26 12:13 11973 ----a-w- c:\windows\SysWow64\drivers\SECDRV.SYS 2011-11-24 04:52 . 2011-12-14 23:06 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 20:19 . 2011-11-21 20:19 53248 ----a-r- c:\users\www\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-11-21 20:19 . 2011-11-21 20:19 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-11-15 13:29 . 2011-06-07 09:52 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-11-05 05:32 . 2011-12-14 23:06 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-05 04:26 . 2011-12-14 23:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [-] 2011-07-06 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2011-07-06 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="c:\program files (x86)\Gadu-Gadu 10\gg.exe" [2011-06-01 13349472] "DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "Adobe Reader Speed Launcher"="d:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-08 136176] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-08 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S3 yukonw7;Sterownik miniportu NDIS6.2 dla kontrolera Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . Zawartość folderu 'Zaplanowane zadania' . 2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-08 08:14] . 2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-08 08:14] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 78.152.23.66 78.152.23.67 FF - ProfilePath - c:\users\www\AppData\Roaming\Mozilla\Firefox\Profiles\h4v20c8o.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/#hl=pl&cp=19&gs_id=3b&xhr=t&q=jak+odinstalowa%C4%87+combofix&pf=p&sclient=psy-ab&source=hp&pbx=1&oq=jak+odinstalowac+co&aq=0&aqi=g2&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=31c490e5637de93d&biw=978&bih=883 . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-NVIDIA StereoUSB Driver - c:\program files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe AddRemove-SuperMemo Basic English - c:\windows\IsUn0415.exe AddRemove-SuperMemo UX - Angielski. No problem!+ 1 - c:\windows\IsUn0415.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-3852882473-2877924485-2440553840-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\d:\Games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats] "qgif4.dll"=multi:"2011-10-10T17:42\00gif\00\00" "qico4.dll"=multi:"2011-10-10T17:42\00ico\00\00" "qjpeg4.dll"=multi:"2011-10-10T17:42\00jpeg\00jpg\00\00" . [HKEY_USERS\S-1-5-21-3852882473-2877924485-2440553840-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\d:\gry\Battlefield.3-RELOADED\cd1]\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats] "qgif4.dll"=multi:"2011-10-10T17:42\00gif\00\00" "qico4.dll"=multi:"2011-10-10T17:42\00ico\00\00" "qjpeg4.dll"=multi:"2011-10-10T17:42\00jpeg\00jpg\00\00" . [HKEY_USERS\S-1-5-21-3852882473-2877924485-2440553840-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\d:\Games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs] "qcncodecs4.dll"=multi:"2011-10-10T17:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00" "qkrcodecs4.dll"=multi:"2011-10-10T17:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00" "qtwcodecs4.dll"=multi:"2011-10-10T17:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00" . [HKEY_USERS\S-1-5-21-3852882473-2877924485-2440553840-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\d:\gry\Battlefield.3-RELOADED\cd1]\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs] "qcncodecs4.dll"=multi:"2011-10-10T17:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00" "qkrcodecs4.dll"=multi:"2011-10-10T17:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00" "qtwcodecs4.dll"=multi:"2011-10-10T17:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00" . [HKEY_USERS\S-1-5-21-3852882473-2877924485-2440553840-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\d:\games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs] "qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T17:42\00\00" "qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" . [HKEY_USERS\S-1-5-21-3852882473-2877924485-2440553840-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\d:\games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats] "Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T17:42\00\00" "msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T17:42\00\00" "qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" . [HKEY_USERS\S-1-5-21-3852882473-2877924485-2440553840-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\d:\gry\Battlefield.3-RELOADED\cd1]\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs] "qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T17:42\00\00" "qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" . [HKEY_USERS\S-1-5-21-3852882473-2877924485-2440553840-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\d:\gry\Battlefield.3-RELOADED\cd1]\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats] "Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T17:42\00\00" "msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T17:42\00\00" "qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" "qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-01-25 22:55:24 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-01-25 21:55 . Przed: 5 078 642 688 bajtów wolnych Po: 5 115 834 368 bajtów wolnych . - - End Of File - - E2879972817EEF0D7F8DB6C26CBAE15B