ComboFix 12-07-07.04 - KK 2012-07-08 14:21:41.3.4 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.16311.15008 [GMT 2:00] Uruchomiony z: c:\users\KK\Desktop\ComboFix.exe Użyto następujących komend :: c:\users\KK\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\KK\AppData\Local\Microsoft\Windows\774 c:\users\KK\AppData\Local\Microsoft\Windows\774\7edc96ee c:\users\KK\AppData\Local\Microsoft\Windows\774\SqlServerSpatial.exe c:\users\KK\AppData\Roaming\hellomoto c:\users\KK\AppData\Roaming\hellomoto\BukF.dat c:\users\KK\AppData\Roaming\hellomoto\TujP.dat . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-08 do 2012-07-08 ))))))))))))))))))))))))))))))) . . 2012-07-08 12:27 . 2012-07-08 12:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-07 09:54 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C364AA3-0894-4322-B358-D900D1609818}\mpengine.dll 2012-07-04 11:04 . 2012-07-04 11:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin7.dll 2012-07-04 11:04 . 2012-07-04 11:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin6.dll 2012-07-04 11:04 . 2012-07-04 11:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin5.dll 2012-07-04 11:04 . 2012-07-04 11:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin4.dll 2012-07-04 11:04 . 2012-07-04 11:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin3.dll 2012-07-04 11:04 . 2012-07-04 11:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin2.dll 2012-07-04 11:04 . 2012-07-04 11:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Wtyczki\npqtplugin.dll 2012-07-04 11:04 . 2012-07-04 11:04 -------- d-----w- c:\program files (x86)\QuickTime 2012-07-04 11:04 . 2012-07-04 11:04 -------- d-----w- c:\programdata\Apple Computer 2012-06-26 10:24 . 2012-06-26 10:24 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-26 10:24 . 2012-06-26 10:24 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-25 10:38 . 2012-06-25 11:11 -------- d-----w- c:\program files (x86)\Square Enix 2012-06-23 13:10 . 2012-06-23 13:10 -------- d-----w- c:\program files (x86)\WB Games 2012-06-21 16:04 . 2012-06-21 16:04 -------- d-----w- c:\users\KK\AppData\Local\IsolatedStorage 2012-06-21 16:04 . 2012-06-21 16:04 -------- d-----w- c:\users\KK\AppData\Local\Futuremark_Corporation 2012-06-21 16:00 . 2012-06-21 16:00 -------- d-----w- c:\program files\Futuremark 2012-06-21 14:59 . 2012-06-21 14:59 -------- d-----w- c:\programdata\ATI 2012-06-21 14:59 . 2012-06-21 14:59 -------- d-----w- c:\programdata\AMD 2012-06-21 14:59 . 2012-06-21 14:59 -------- d-----w- c:\program files (x86)\AMD AVT 2012-06-21 14:59 . 2012-06-21 14:59 -------- d-----w- c:\program files (x86)\AMD APP 2012-06-21 13:49 . 2012-06-21 13:49 -------- d-----w- c:\users\KK\AppData\Local\Macromedia 2012-06-21 13:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 13:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 13:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 13:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 13:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 13:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 13:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 13:46 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 13:46 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-20 20:58 . 2012-06-20 20:58 -------- d-----w- c:\programdata\Futuremark 2012-06-20 20:57 . 2012-06-20 20:57 -------- d-----w- c:\program files (x86)\Futuremark 2012-06-20 20:56 . 2012-06-20 20:56 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2012-06-19 20:01 . 2012-06-19 20:01 -------- d-----w- c:\users\KK\AppData\Local\Downloaded Installations 2012-06-19 15:35 . 2012-06-19 15:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2012-06-13 20:42 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-07 10:01 . 2012-04-18 06:45 25640 ----a-w- c:\windows\gdrv.sys 2012-07-07 07:56 . 2010-12-24 03:38 30528 ----a-w- c:\windows\GVTDrv64.sys 2012-06-21 13:43 . 2012-04-02 08:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-21 13:43 . 2011-05-18 07:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-02 04:13 . 2011-08-06 02:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-06-02 04:13 . 2011-04-19 16:28 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-06-02 04:13 . 2011-08-06 02:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-06-02 04:00 . 2011-08-06 02:07 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-04-25 16:47 . 2010-12-24 03:42 25640 ----a-w- c:\windows\etdrv.sys 2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((( SnapShot@2012-07-07_09.03.15 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-01 21:09 . 2012-07-07 09:50 50940 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2012-07-07 09:02 . 2012-07-07 09:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-08 12:28 . 2012-07-08 12:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-08 12:28 . 2012-07-08 12:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-07 09:02 . 2012-07-07 09:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:01 . 2012-07-07 10:01 462448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-07-04 22:21 462448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-01 834544] R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [2009-03-20 357182] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x] R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 164912] R2 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 139704] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-04-07 810120] R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-07 124760] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-01-15 14112] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688] R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-07-18 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-01 79360] R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-07-18 79360] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320] R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-04-25 25640] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-07-07 30528] R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-02 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384] S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-19 12032] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144] S3 SaiH0464;SaiH0464;c:\windows\system32\DRIVERS\SaiH0464.sys [2007-05-01 171144] . . Zawartość folderu 'Zaplanowane zadania' . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535414268-3141348851-3985703665-1001Core.job - c:\users\KK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 16:36] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535414268-3141348851-3985703665-1001UA.job - c:\users\KK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 16:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2840352] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.pl/ mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: gigabyte.com\www TCP: DhcpNameServer = 192.168.1.254 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\KK\AppData\Roaming\Mozilla\Firefox\Profiles\dt55tayz.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/ . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKLM-RunOnce- - (no file) HKLM-Run-SqlServerSpatial - c:\users\KK\AppData\Local\Microsoft\Windows\774\SqlServerSpatial.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-07-08 14:32:19 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-07-08 12:32 ComboFix2.txt 2012-07-07 09:07 . Przed: 127 426 891 776 bajtów wolnych Po: 126 957 641 728 bajtów wolnych . - - End Of File - - 00536A436CAAC5C3AD324619F3AE692E