ComboFix 10-10-05.01 - Szef 2010-10-06 10:45:06.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1516 [GMT 2:00] Uruchomiony z: c:\documents and settings\Szef\Pulpit\ComboFix.exe Użyto następujących komend :: G:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AutoRun.inf c:\windows\system32\winlogon.bak . ((((((((((((((((((((((((( Pliki utworzone od 2010-09-06 do 2010-10-06 ))))))))))))))))))))))))))))))) . 2010-10-05 19:49 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-10-05 19:49 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-10-05 19:49 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-10-05 19:49 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-10-05 19:49 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-10-05 19:49 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-10-05 19:49 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-10-05 19:48 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr 2010-10-05 19:48 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-10-05 19:48 . 2010-10-05 19:48 -------- d-----w- c:\program files\Alwil Software 2010-10-05 19:48 . 2010-10-05 19:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software 2010-10-05 17:55 . 2001-10-26 15:29 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll 2010-10-05 17:54 . 2004-08-04 12:00 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll 2010-10-05 17:53 . 2001-10-26 15:29 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll 2010-10-05 17:51 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2010-10-05 17:50 . 2004-08-04 12:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll 2010-10-05 17:43 . 2004-08-03 22:44 153088 ----a-w- c:\windows\system32\irftp.exe 2010-10-05 17:43 . 2004-08-03 22:44 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-10-05 17:43 . 2004-08-03 22:44 27648 ----a-w- c:\windows\system32\irmon.dll 2010-10-05 17:32 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2010-10-05 17:32 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2010-10-05 17:32 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2010-10-05 17:32 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll 2010-10-05 14:37 . 2010-10-05 14:37 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Toshiba 2010-10-05 14:37 . 2010-10-05 14:37 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Thunderbird 2010-10-05 14:37 . 2010-10-05 14:37 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\ATI 2010-10-05 14:37 . 2010-10-05 14:37 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\ApplicationHistory 2010-10-05 14:37 . 2010-10-05 14:37 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\ATI 2010-10-05 14:37 . 2010-10-05 14:37 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-10-05 14:29 . 2010-10-05 14:29 -------- d-----w- C:\VritualRoot 2010-10-05 13:31 . 2010-10-05 13:45 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Thunderbird 2010-10-05 13:30 . 2010-10-05 13:30 138 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2010-10-05 13:30 . 2010-10-05 13:30 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Adobe 2010-10-05 13:30 . 2010-10-05 13:30 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Intel 2010-10-05 13:03 . 2010-10-05 13:03 -------- d-----w- c:\windows\system32\wbem\Repository 2010-10-05 11:48 . 2010-09-29 08:03 285480 ----a-w- c:\windows\system32\guard32.dll 2010-09-30 11:30 . 2010-09-30 11:30 -------- d-----w- c:\documents and settings\Szef\Dane aplikacji\JoJoThumb 2010-09-30 11:30 . 2010-09-30 11:30 -------- d-----w- c:\program files\JoJoThumb 2010-09-30 08:42 . 2010-09-30 08:42 -------- d-----w- c:\documents and settings\Szef\Dane aplikacji\com.adobe.bridge.PublishPanel 2010-09-29 08:03 . 2010-09-29 08:03 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-09-29 08:03 . 2010-09-29 08:03 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-09-29 08:03 . 2010-09-29 08:03 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-09-22 19:30 . 2010-09-22 19:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\FLEXnet 2010-09-22 19:13 . 2010-09-22 19:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-09-17 07:57 . 2010-09-17 07:57 -------- d-----w- c:\documents and settings\Szef\Ustawienia lokalne\Dane aplikacji\PCHealth 2010-09-15 13:46 . 2010-09-15 13:46 -------- d-----w- c:\documents and settings\Szef\Ustawienia lokalne\Dane aplikacji\Macromedia 2010-09-15 13:33 . 2010-09-15 13:33 45056 ----a-r- c:\documents and settings\Szef\Dane aplikacji\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe 2010-09-15 13:33 . 2010-09-21 12:14 -------- d-----w- c:\program files\Macromedia 2010-09-15 13:33 . 2010-09-21 09:55 -------- d-----w- c:\program files\Common Files\Macromedia 2010-09-15 13:32 . 2010-09-21 09:53 -------- d-----w- c:\windows\Downloaded Installations 2010-09-15 13:15 . 2010-09-15 13:15 -------- d-----w- c:\documents and settings\Szef\Dane aplikacji\SWiSH Max3 2010-09-15 13:10 . 2010-09-15 13:10 -------- d-----w- c:\program files\LameACM 2010-09-15 13:10 . 2010-09-15 13:10 -------- d-----w- c:\program files\Common Files\SWiSHzone.com 2010-09-15 13:10 . 2010-09-15 13:11 -------- d-----w- c:\program files\SWiSH Max3 2010-09-06 18:22 . 2007-10-23 07:27 110592 ----a-w- c:\documents and settings\Szef\Dane aplikacji\U3\temp\cleanup.exe 2010-09-06 18:21 . 2008-05-02 08:41 3493888 ---ha-w- c:\documents and settings\Szef\Dane aplikacji\U3\temp\Launchpad Removal.exe 2010-09-06 18:21 . 2010-09-06 18:23 -------- d-----w- c:\documents and settings\Szef\Dane aplikacji\U3 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-06 08:42 . 2010-07-06 12:52 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-10-06 08:25 . 2010-07-13 14:00 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-10-05 19:01 . 2004-08-04 12:00 94298 ----a-w- c:\windows\system32\perfc015.dat 2010-10-05 19:01 . 2004-08-04 12:00 517954 ----a-w- c:\windows\system32\perfh015.dat 2010-10-05 18:26 . 2010-07-31 10:35 -------- d-----w- c:\program files\Artisteer 2 2010-10-05 18:07 . 2010-07-06 09:24 387000 ----a-w- c:\documents and settings\Szef\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-10-05 17:48 . 2010-07-06 08:26 23640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-10-05 14:28 . 2010-07-06 12:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\COMODO 2010-10-05 08:53 . 2010-08-27 12:45 -------- d-----w- c:\documents and settings\Szef\Dane aplikacji\FileZilla 2010-10-01 11:04 . 2010-07-06 12:06 -------- d-----w- c:\documents and settings\Szef\Dane aplikacji\Publish Providers 2010-09-30 10:33 . 2010-07-06 13:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-30 10:32 . 2010-07-10 18:00 3899096 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2010-09-30 08:10 . 2010-07-09 07:22 3140 --sha-w- c:\documents and settings\All Users\Dane aplikacji\Protexis\KGyGaAvL.sys 2010-09-29 08:03 . 2010-06-01 17:00 91560 ----a-w- c:\windows\system32\drivers\inspect.sys 2010-09-24 07:33 . 2010-07-08 23:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2010-09-22 19:28 . 2010-07-08 18:30 -------- d-----w- c:\program files\Common Files\Adobe 2010-09-18 15:08 . 2010-07-06 09:45 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-09-02 07:29 . 2010-09-01 21:34 -------- d-----w- c:\documents and settings\Szef\Dane aplikacji\Apple Computer 2010-09-01 21:34 . 2010-09-01 21:33 -------- d-----w- c:\program files\QuickTime 2010-09-01 21:33 . 2010-09-01 21:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer 2010-09-01 21:32 . 2010-09-01 21:32 -------- d-----w- c:\program files\Common Files\Apple 2010-09-01 21:32 . 2010-09-01 21:32 -------- d-----w- c:\program files\Apple Software Update 2010-09-01 21:32 . 2010-09-01 21:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple 2010-09-01 21:27 . 2010-09-01 21:26 -------- d-----w- c:\documents and settings\Szef\Dane aplikacji\Media Player Classic 2010-08-27 12:45 . 2010-08-27 12:45 -------- d-----w- c:\program files\FileZilla FTP Client 2010-08-16 09:11 . 2010-08-16 09:11 503808 ----a-w- c:\documents and settings\Szef\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-160a74df-n\msvcp71.dll 2010-08-16 09:11 . 2010-08-16 09:11 499712 ----a-w- c:\documents and settings\Szef\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-160a74df-n\jmc.dll 2010-08-16 09:11 . 2010-08-16 09:11 348160 ----a-w- c:\documents and settings\Szef\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-160a74df-n\msvcr71.dll 2010-08-16 09:11 . 2010-08-16 09:11 61440 ----a-w- c:\documents and settings\Szef\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3992fa8a-n\decora-sse.dll 2010-08-16 09:11 . 2010-08-16 09:11 12800 ----a-w- c:\documents and settings\Szef\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3992fa8a-n\decora-d3d.dll 2010-07-23 15:27 . 2010-07-23 15:27 5632 --sha-w- c:\program files\Thumbs.db 2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-07-20 12:09 . 2010-07-20 12:09 114149208 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Corel\Downloads\540215253_610005\1270498514694\CDGSX5SP1.exe 2010-07-19 23:42 . 2010-07-19 23:42 10134 ----a-r- c:\documents and settings\Szef\Dane aplikacji\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe 2010-07-19 08:53 . 2010-07-19 08:45 697328 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-07-17 12:16 . 2010-07-17 12:12 124653 ----a-w- c:\windows\hpoins15.dat 2010-07-17 03:00 . 2010-07-06 17:43 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-09 07:15 . 2010-07-09 07:15 348256 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll 2010-07-09 07:14 . 2010-07-09 07:14 348256 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll 2010-07-09 07:13 . 2010-07-09 07:13 416 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2010-07-08 22:30 . 2010-07-08 22:30 4286 ----a-r- c:\documents and settings\Szef\Dane aplikacji\Microsoft\Installer\{271A659B-A7D3-405E-AE31-3086133BE0B7}\ARPPRODUCTICON.exe 2010-07-08 18:39 . 2010-07-08 18:39 38784 ----a-w- c:\documents and settings\Default User\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-07-08 18:22 . 2010-07-08 18:22 15616 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-07-08 14:46 . 2010-07-12 10:35 187790 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1045.dat 2010-07-08 14:45 . 2010-07-06 08:28 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Szef\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2010-07-06 136176] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2010-03-23 1432064] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-07-21 12477024] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592] "CIR"="c:\windows\system32\drivers\CIR.exe" [2006-03-08 36864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 569413] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2009-12-19 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2009-12-14 515560] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-01-08 392424] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "RTHDCPL"="RTHDCPL.EXE" [2006-02-10 15969280] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi3"=xgusb.cpl [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Adobe\\Adobe Flash Builder 4\\FlashBuilder.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-08-05 34144] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-12-19 28800] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-05 165584] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-09-29 15592] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-09-29 239240] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-09-29 25240] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-05 17744] R2 MTC0301_CIR;CIR Device;c:\windows\system32\drivers\CIR.sys [2010-07-06 13941] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-07-19 697328] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-15 515560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . Zawartość folderu 'Zaplanowane zadania' 2010-09-23 c:\windows\Tasks\AdobeAAMUpdater-1.0-GRILL-Szef.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-19 01:44] 2010-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-861567501-839522115-1003Core.job - c:\documents and settings\Szef\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-07-06 09:35] 2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-861567501-839522115-1003UA.job - c:\documents and settings\Szef\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-07-06 09:35] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(788) c:\windows\system32\guard32.dll . Czas ukończenia: 2010-10-06 10:52:04 ComboFix-quarantined-files.txt 2010-10-06 08:52 Przed: 6 276 476 928 bajtów wolnych Po: 6 346 162 176 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 6CFF692850A9CC453BA48FE45217C56F