ComboFix 12-11-02.02 - andrzej 2012-11-02  13:29:52.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.4058.2824 [GMT 1:00]
Uruchomiony z: E:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee  Anti-Virus i Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: McAfee  Anti-Virus i Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\0tbpw.pad
c:\programdata\lsass.exe
c:\users\andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-10-02 do 2012-11-02  )))))))))))))))))))))))))))))))
.
.
2012-11-02 12:43 . 2012-11-02 12:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-02 12:39 . 2012-11-02 12:39	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E937863E-9994-4B4C-A829-D30873685335}\offreg.dll
2012-11-02 08:14 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E937863E-9994-4B4C-A829-D30873685335}\mpengine.dll
2012-10-30 18:23 . 2012-10-30 18:23	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-10-29 19:40 . 2012-10-29 19:40	--------	d-----w-	c:\users\andrzej\AppData\Roaming\ArcSoft
2012-10-26 21:42 . 2012-10-15 05:51	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2012-10-26 21:42 . 2012-10-15 05:51	261600	----a-w-	c:\program files (x86)\Mozilla Firefox\updated\components\browsercomps.dll
2012-10-26 21:42 . 2012-10-15 05:51	18912	----a-w-	c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2012-10-16 11:04 . 2012-10-16 11:04	--------	d-----w-	c:\users\andrzej\AppData\Roaming\Malwarebytes
2012-10-16 11:04 . 2012-10-16 11:04	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-16 11:04 . 2012-10-16 11:04	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-16 11:04 . 2012-09-07 15:04	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-16 08:10 . 2012-08-21 09:13	359464	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-16 08:10 . 2012-08-21 09:13	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-16 08:10 . 2012-08-21 09:13	969200	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-16 08:10 . 2012-08-21 09:13	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-16 08:10 . 2012-08-21 09:13	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-10-16 08:10 . 2012-08-21 09:13	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-16 08:10 . 2012-08-21 09:12	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-16 08:10 . 2012-08-21 09:12	41224	----a-w-	c:\windows\avastSS.scr
2012-10-16 08:10 . 2012-08-21 09:12	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-10-16 08:09 . 2012-10-16 08:09	--------	d-----w-	c:\programdata\AVAST Software
2012-10-16 08:09 . 2012-10-16 08:09	--------	d-----w-	c:\program files\AVAST Software
2012-10-15 05:51 . 2012-10-27 16:13	96224	----a-w-	c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-15 05:51 . 2012-10-27 16:13	157272	----a-w-	c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-10 16:41 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 16:41 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 16:41 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 16:41 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 16:41 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 16:41 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-10 16:40 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-10-10 16:40 . 2012-08-30 18:03	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-10 16:40 . 2012-08-30 17:12	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 16:40 . 2012-08-30 17:12	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 16:38 . 2012-08-20 15:33	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 16:38 . 2012-08-20 15:33	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 16:38 . 2012-08-20 15:33	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 16:38 . 2012-08-20 15:33	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 16:38 . 2012-08-20 17:32	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 16:38 . 2012-08-20 18:38	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 16:38 . 2012-08-20 17:32	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 16:38 . 2012-08-20 18:38	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 16:38 . 2012-08-20 15:38	2048	----a-w-	c:\windows\SysWow64\user.exe
2012-10-10 16:38 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 16:38 . 2012-08-24 16:57	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-10 16:37 . 2012-09-14 19:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 16:37 . 2012-09-14 18:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-10 16:37 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-10 16:37 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 09:02 . 2012-07-09 10:52	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 09:02 . 2012-01-01 04:58	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 16:39 . 2011-11-02 15:26	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-08-24 18:05 . 2012-09-21 19:46	1188864	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-21 19:46	1494528	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-21 19:46	134144	----a-w-	c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-21 19:46	9056256	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 18:03 . 2012-09-21 19:46	97792	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 18:03 . 2012-09-21 19:46	735744	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 18:03 . 2012-09-21 19:46	64512	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 18:02 . 2012-09-21 19:46	247808	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 18:02 . 2012-09-21 19:46	12295680	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 18:02 . 2012-09-21 19:46	2453504	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 16:57 . 2012-09-21 19:46	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 15:59 . 2012-09-21 19:45	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 15:20 . 2012-09-21 19:45	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 17:45	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 16:39	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-06 18:45 . 2012-08-06 18:45	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-08-06 18:45 . 2012-08-06 18:45	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33	1519304	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-10-19 17884848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 65264]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 100912]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-02 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-05-21 98208]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 284648]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 75808]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 481768]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 09:02]
.
2012-10-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-16 09:12]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 17:53]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 17:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-15 10918504]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredimail.com/mb68?u=92823305849903485
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\bd6edryb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.pl
FF - ExtSQL: 2012-10-16 10:10; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2012-11-02  13:46:02
ComboFix-quarantined-files.txt  2012-11-02 12:46
.
Przed: 376 272 388 096 bajtów wolnych
Po: 377 015 943 168 bajtów wolnych
.
- - End Of File - - 28C9CDD5B522210D995FA68DC48E8785