ComboFix 12-06-12.03 - Surax 2012-06-13 9:48.1.2 - x86 NETWORK Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.3070.2081 [GMT 2:00] Uruchomiony z: d:\programy\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Surax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum c:\users\Surax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk c:\users\Surax\Desktop\Live Security Platinum.lnk c:\windows\Installer\{c3550699-e0cd-dbf1-308b-1da3878246ab}\@ c:\windows\Installer\{c3550699-e0cd-dbf1-308b-1da3878246ab}\n c:\windows\Installer\{c3550699-e0cd-dbf1-308b-1da3878246ab}\U\00000001.@ c:\windows\Installer\{c3550699-e0cd-dbf1-308b-1da3878246ab}\U\80000000.@ c:\windows\Installer\{c3550699-e0cd-dbf1-308b-1da3878246ab}\U\800000cb.@ c:\windows\security\Database\tmp.edb . c:\windows\system32\Services.exe . . . jest zainfekowany!! . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_cpudriver -------\Service_cpudriver . . ((((((((((((((((((((((((( Pliki utworzone od 2012-05-13 do 2012-06-13 ))))))))))))))))))))))))))))))) . . 2012-06-13 07:53 . 2012-06-13 07:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-13 07:53 . 2012-06-13 07:53 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2012-06-13 07:53 . 2012-06-13 07:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-13 07:33 . 2012-06-13 07:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{902B1DA4-24BE-431E-AE74-021356F51D07}\offreg.dll 2012-06-13 07:33 . 2012-06-13 07:33 -------- d-----w- c:\program files\Trend Micro 2012-06-12 21:58 . 2012-06-12 21:58 -------- d-----w- C:\_OTL 2012-06-12 19:45 . 2012-06-12 19:45 -------- d-----w- c:\programdata\F4D55F1700018DEF236E449FB4EB238B 2012-06-08 00:25 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{902B1DA4-24BE-431E-AE74-021356F51D07}\mpengine.dll 2012-06-07 18:56 . 2012-06-07 18:56 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-07 18:56 . 2012-06-07 18:56 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-10 17:27 . 2012-02-21 20:32 164880 ---ha-w- c:\users\Surax\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll 2012-05-05 08:29 . 2012-04-20 17:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 08:29 . 2011-10-03 19:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-25 06:54 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-04-24 22:20 . 2012-04-24 22:20 229224 ----a-w- c:\windows\system32\drivers\VMM.sys 2012-03-30 17:36 . 2012-03-30 17:36 2471008 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll 2012-06-07 18:56 . 2012-02-15 18:02 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-07-14 . A302BBFF2A7278C0E239EE5D471D86A9 . 259072 . . [6.1.7600.16385] . . c:\windows\System32\services.exe [7] 2009-07-14 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2011-08-02 2273608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-09 10807912] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2010-01-07 15:07 429392 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2011-06-15 06:19 307200 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-05-04 11:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-10-26 18:48 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-01-30 103992] R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 136176] R2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 cpu;cpu;C:\cpu.sys [x] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-07 113120] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-03 1343400] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27648] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-01-07 19160] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-01 393320] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Zawartość folderu 'Zaplanowane zadania' . 2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 08:29] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 19:51] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 19:51] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 FF - ProfilePath - c:\users\Surax\AppData\Roaming\Mozilla\Firefox\Profiles\jttmmrtx.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.pl . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-CmPCIaudio - CMICNFG3.cpl MSConfigStartUp-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.032" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.abr" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ani" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.apd" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.arw" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bay" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bmp" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bw" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cr2" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.crw" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cs1" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cur" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcr" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcx" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dib" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djv" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djvu" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dng" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.emf" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.eps" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.erf" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fff" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fpx" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.gif" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.hdr" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icl" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icn" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iff" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ilbm" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.int" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.inta" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iw4" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2c" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2k" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jbr" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jfif" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jif" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jp2" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpc" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpe" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpeg" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpg" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpk" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpx" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.kdc" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.lbm" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mef" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mos" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mrw" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nef" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nrw" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.orf" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbm" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbr" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcd" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pct" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcx" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pef" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pgm" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pic" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pict" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pix" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.png" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ppm" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psd" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psp" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspbrush" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspimage" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raf" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ras" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raw" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgb" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgba" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rle" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rsb" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rw2" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rwl" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sgi" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sr2" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.srf" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tga" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.thm" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tif" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tiff" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttc" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttf" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30po" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30pp" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30ppf" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbm" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbmp" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wmf" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xbm" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xif" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xmp" . [HKEY_USERS\S-1-5-21-105349831-2518134846-906004037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'Explorer.exe'(5072) c:\program files\Microsoft Virtual PC\VPCShExH.DLL c:\program files\WinSCP\DragExt.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\xampp\mysql\bin\mysqld.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\RealVNC\VNC4\WinVNC4.exe c:\program files\RealVNC\VNC4\winvnc4.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe c:\windows\system32\taskhost.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Czas ukończenia: 2012-06-13 09:59:36 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-06-13 07:59 . Przed: 6 537 154 560 bajtów wolnych Po: 6 248 562 688 bajtów wolnych . - - End Of File - - 82ABEAF779DD7B4CE818B5B1F315F5D8