ComboFix 12-08-25.04 - user 2012-08-26  23:07:11.1.2 - x64 NETWORK
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.48.1045.18.4094.3432 [GMT 2:00]
Uruchomiony z: c:\users\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Funmoods\funmoods\1.5.11.16\bh\fuNMoods.dll
c:\users\Public\sdelevURL.tmp
c:\users\user\AppData\Local\Microsoft\Windows\2575\sqlncli.exe
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\content\uninsthk.js
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4c2nsc85.default\extensions\ffxtlbr@funmoods.com\install.rdf
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-07-26 do 2012-08-26  )))))))))))))))))))))))))))))))
.
.
2012-08-26 20:25 . 2012-08-26 20:25	--------	d-----w-	c:\users\user\AppData\Roaming\hellomoto
2012-08-15 07:20 . 2012-07-04 22:04	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-08-15 07:20 . 2012-07-04 22:01	58880	----a-w-	c:\windows\system32\browcli.dll
2012-08-15 07:20 . 2012-07-04 22:01	136704	----a-w-	c:\windows\system32\browser.dll
2012-08-15 07:20 . 2012-07-04 21:23	41472	----a-w-	c:\windows\SysWow64\browcli.dll
2012-08-15 07:20 . 2012-07-18 17:31	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 07:20 . 2012-05-14 05:20	956416	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-06-09 05:30 . 2012-07-16 20:01	14165504	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 18:59 . 2012-06-06 18:59	1070152	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 05:50 . 2012-07-16 20:02	2003968	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-16 20:02	1880064	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-16 20:02	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-16 20:02	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-25 17:05	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 17:06	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-25 17:06	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 17:06	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 17:05	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-25 17:06	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-25 17:05	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-25 17:05	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-25 17:05	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 05:38 . 2012-07-16 20:01	95088	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-16 20:01	152432	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-16 20:01	459216	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-16 20:01	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-16 20:01	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-16 20:01	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-16 20:01	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-16 20:01	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-16 20:01	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2011-09-28 1937736]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-16 19:54	2074208	----a-w-	c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-16 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"="c:\program files (x86)\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840]
"IPLA!"="c:\program files (x86)\ipla\ipla.exe" [2012-01-31 19856840]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-05-31 148888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-16 1107552]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-24 928096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-05 1255736]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-01 834544]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-04 377936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-11-25 814344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-16 935008]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;Sterownik miniportu NDIS6.2 dla kontrolera Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 09:32]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 09:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00e71626-0bef-11dc-8314-0864264c9a64}]
2012-03-21 00:24	130048	----a-w-	c:\users\user\AppData\Roaming\DownloaderGold\ieplug.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = pl.v9.com/ins/ins_1330351366_625903
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.238.112.12 80.238.112.13
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\MF.exe
Wow6432Node-HKCU-Run-sqlncli - c:\users\user\AppData\Local\Microsoft\Windows\2575\sqlncli.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
   36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
   9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b9,e1,
   ef,a6,de,34,09,fa,9d,f8,59,8a,63,c9,f6
"{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"=hex:51,66,7a,6c,4c,1d,38,12,82,71,d1,
   a0,ac,a3,a0,0f,d9,e4,d6,18,c2,ac,da,e7
"{00E71626-0BEF-11DC-8314-0800200C9A66}"=hex:51,66,7a,6c,4c,1d,38,12,48,15,f4,
   04,dd,45,b2,54,fc,02,4b,40,25,52,de,72
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}"=hex:51,66,7a,6c,4c,1d,38,12,82,eb,dd,
   21,02,19,d2,04,f4,4e,61,9d,cd,f5,c8,34
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
   2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}"=hex:51,66,7a,6c,4c,1d,38,12,c4,b3,f8,
   71,26,0c,da,09,ef,fa,a0,a0,7b,93,40,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}"=hex:51,66,7a,6c,4c,1d,38,12,9d,5d,81,
   db,b5,34,8a,01,e3,b9,ce,3b,2d,55,b2,02
"{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}"=hex:51,66,7a,6c,4c,1d,38,12,6c,7c,df,
   f1,7c,21,0c,01,ca,a7,7a,0a,52,a3,7a,19
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
   f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
   93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:bd,e0,f5,48,57,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
.
**************************************************************************
.
Czas ukończenia: 2012-08-26  23:20:35 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-08-26 21:20
.
Przed: 41 834 409 984 bajtów wolnych
Po: 42 581 696 512 bajtów wolnych
.
- - End Of File - - 454DA4AA5E2699C076B067C964A01364