ComboFix 12-07-14.01 - GR8 2012-07-15 4:07.1.4 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.5815.4892 [GMT 2:00] Uruchomiony z: F:\ComboFix.exe AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\GR8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk c:\windows\SysWow64\muzapp.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-15 do 2012-07-15 ))))))))))))))))))))))))))))))) . . 2012-07-15 00:57 . 2012-07-15 00:57 -------- d-----w- C:\Intel 2012-07-15 00:37 . 2012-07-15 00:37 -------- d-----w- c:\program files (x86)\1ClickDownload 2012-07-15 00:15 . 2012-07-15 00:15 -------- d-----w- c:\program files\Autodesk 2012-07-15 00:14 . 2012-07-15 00:14 -------- d-----w- c:\program files (x86)\Autodesk 2012-07-14 23:39 . 2012-07-15 00:08 -------- d-----w- c:\program files\CCleaner 2012-07-11 13:43 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 12:09 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 12:09 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 12:09 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-11 12:09 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-11 12:08 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-11 12:08 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 12:08 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-11 12:08 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 12:08 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-11 12:08 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-07-11 12:08 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-07-11 12:08 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-07-11 12:08 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-07-11 12:08 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 12:08 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-08 15:32 . 2012-07-08 15:32 -------- d-----w- c:\users\Gosia\AppData\Roaming\SNS 2012-06-29 15:28 . 2012-06-30 12:14 -------- d-----w- c:\windows\SysWow64\NV 2012-06-29 15:23 . 2012-06-29 15:28 -------- d-----w- c:\programdata\NVIDIA 2012-06-29 15:23 . 2012-06-29 15:23 -------- d-----w- c:\users\UpdatusUser 2012-06-29 15:22 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-06-29 15:22 . 2012-05-15 09:29 858944 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-06-29 15:22 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-06-29 15:22 . 2012-05-15 09:29 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-06-29 15:22 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin 2012-06-29 15:22 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll 2012-06-29 15:22 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-06-29 15:22 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-06-29 15:22 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll 2012-06-29 15:21 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-06-29 15:21 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-06-29 15:21 . 2012-06-29 15:21 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-06-21 10:04 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 10:04 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 10:04 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 10:04 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 10:04 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 10:04 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 10:04 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 10:03 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 10:03 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-31 07:18 . 2012-05-31 07:18 0 ----a-w- c:\windows\SysWow64\sho1EE5.tmp 2012-05-31 04:04 . 2012-07-13 11:44 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42BA4009-C2BE-4B80-8C22-1DA206CBF8DF}\mpengine.dll 2012-05-04 10:52 . 2012-06-14 11:02 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:08 . 2012-06-14 11:02 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08 . 2012-06-14 11:02 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-02 05:32 . 2012-06-14 11:02 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:50 . 2012-06-14 11:02 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:34 . 2012-06-14 11:02 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:34 . 2012-06-14 11:02 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:28 . 2012-06-14 11:02 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:59 . 2012-06-14 11:02 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 05:59 . 2012-06-14 11:02 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:59 . 2012-06-14 11:02 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 04:47 . 2012-06-14 11:02 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:47 . 2012-06-14 11:02 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-24 04:47 . 2012-06-14 11:02 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="e:\programy\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "KiesHelper"="e:\programy\Kies\KiesHelper.exe" [2012-03-31 954256] "KiesPDLR"="e:\programy\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "avgnt"="e:\programy\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "TkBellExe"="e:\programy\Update\realsched.exe" [2011-11-15 296056] "KiesTrayAgent"="e:\programy\Kies\KiesTrayAgent.exe" [2012-03-31 3521424] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-07-15 1431888] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\Razerlow.sys [2005-11-07 21120] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-18 1255736] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-17 254528] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\programy\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2011-04-16 c:\windows\Tasks\Packard Bell Registration - Reminder Recall task.job - c:\program files (x86)\Packard Bell\Registration\GREG.exe [2010-04-28 02:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://startsear.ch/?aff=1 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&ksportuj do programu Microsoft Excel - e:\programy\OFFICE~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\GR8\AppData\Roaming\Mozilla\Firefox\Profiles\l42fkkpq.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/ FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q= . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\07A7D4FBD98D1D111AD7000A9CA05BF0\7D2F387510090000102000060BECB6AB] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="Global_Vba_VbRuntime_f0.1E64E430_36E0_11D2_A794_0060089A724B" "ComponentVersion"="6.0.89.64" "ProductVersion"="18.1.49" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\09A2A988C1F64E64D92A0801F4C78D66\7D2F387510090000102000060BECB6AB] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="RDF_COMP_IDrop.ocx.72F92DA9_2479_4446_A681_DEE4B587" "ComponentVersion"="18.1.49.0" "ProductVersion"="18.1.49" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1178400169C22D11A9790006794C4E25\7D2F387510090000102000060BECB6AB] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="Global_Vba_VBStockProp_f0.7EBEDD3E_AA66_11D2_B980_006097C4DE24" "ComponentVersion"="6.0.81.69" "ProductVersion"="18.1.49" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1B1D70235E082D119BD50006794CED42\7D2F387510090000102000060BECB6AB] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24" "ComponentVersion"="4.71.1460.1" "ProductVersion"="18.1.49" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1F16F47424372D111A99000A9CA05BF0\7D2F387510090000102000060BECB6AB] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24" "ComponentVersion"="2.40.4275.1" "ProductVersion"="18.1.49" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\269AF799760E1D113969000A9CF0729F\7D2F387510090000102000060BECB6AB] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24" "ComponentVersion"="2.40.4275.1" "ProductVersion"="18.1.49" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3178400169C22D11A9790006794C4E25\7D2F387510090000102000060BECB6AB] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24" "ComponentVersion"="5.0.4275.1" "ProductVersion"="18.1.49" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DD89A98EB3202D111B64000CF499B0B2\7D2F387510090000102000060BECB6AB] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="Global_Controls_Comctl32ocx_f0.3207D1B4_80E5_11D2_B95D_006097C4DE24" "ComponentVersion"="6.0.81.5" "ProductVersion"="18.1.49" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\E6B0E3CFB26F1D111B44000CF499B0B2\7D2F387510090000102000060BECB6AB] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="Global_Controls_Comdlg32ocx_f0.576D64B0_7413_11D2_B954_006097C4DE24" "ComponentVersion"="6.0.84.18" "ProductVersion"="18.1.49" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . e:\programy\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Launch Manager\LMworker.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe . ************************************************************************** . Czas ukończenia: 2012-07-15 04:24:49 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-07-15 02:24 . Przed: 4 396 404 736 bajtów wolnych Po: 4 603 084 800 bajtów wolnych . - - End Of File - - F780BF21ADE4B173DB67DE6C55856464