ComboFix 12-12-19.02 - Wiktor 2012-12-19  20:27:18.12.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3958.2488 [GMT 1:00]
Uruchomiony z: c:\users\Wiktor\Desktop\ComboFix.exe
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-11-19 do 2012-12-19  )))))))))))))))))))))))))))))))
.
.
2012-12-19 19:36 . 2012-12-19 19:36	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-12-19 19:36 . 2012-12-19 19:36	--------	d-----w-	c:\users\Gość\AppData\Local\temp
2012-12-19 19:36 . 2012-12-19 19:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-19 17:59 . 2012-12-19 18:18	17920	----a-w-	c:\windows\SysWow64\rpcnetp.dll
2012-12-19 17:58 . 2012-12-19 18:17	17920	----a-w-	c:\windows\system32\rpcnetp.exe
2012-12-19 16:59 . 2012-12-19 18:17	17920	----a-w-	c:\windows\SysWow64\rpcnetp.exe
2012-12-12 11:15 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-10 06:59 . 2012-12-10 06:59	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2012-12-09 21:00 . 2012-12-09 21:00	--------	d-----w-	c:\users\Default\AppData\Roaming\TuneUp Software
2012-12-01 18:45 . 2012-12-01 18:45	--------	d-----w-	c:\users\Gość\AppData\Roaming\AVG
2012-11-29 16:19 . 2012-11-29 16:19	--------	d-----w-	c:\users\Wiktor\AppData\Roaming\AVG
2012-11-29 16:19 . 2012-11-29 16:20	--------	d-----w-	c:\programdata\AVG
2012-11-29 16:19 . 2012-11-29 16:19	--------	d-sh--w-	c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-29 16:05 . 2012-12-19 17:57	--------	d-----w-	c:\programdata\MFAData
2012-11-29 16:05 . 2012-11-29 16:05	--------	d--h--w-	c:\programdata\Common Files
2012-11-29 16:05 . 2012-11-29 16:05	--------	d-----w-	c:\users\Wiktor\AppData\Local\MFAData
2012-11-28 15:12 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBA4001E-02D8-49B6-9EA7-E4D699E8C6E1}\mpengine.dll
2012-11-28 11:03 . 2012-11-28 11:03	--------	d-----w-	c:\users\Gość\Total_Commander_PP2
2012-11-25 19:52 . 2012-11-25 19:52	--------	d-----w-	c:\programdata\Electronic Arts
2012-11-24 20:24 . 2012-11-24 20:24	--------	d-----w-	c:\program files\USB Monitor Pro
2012-11-24 20:24 . 2012-11-24 20:24	--------	d-----w-	c:\program files (x86)\Common Files\FabulaTech
2012-11-22 16:37 . 2012-11-22 16:37	--------	d-----w-	c:\users\Wiktor\AppData\Roaming\VideoConverterPackages
2012-11-22 16:37 . 2012-11-22 16:38	--------	d-----w-	c:\program files (x86)\VideoConverter
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-19 10:25 . 2012-02-16 23:36	22368	----a-w-	c:\windows\system32\drivers\AFD.SYS
2012-12-19 10:25 . 2009-07-14 00:10	22368	----a-w-	c:\windows\system32\drivers\WS2IFSL.SYS
2012-12-13 09:03 . 2011-06-07 08:38	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-12 12:41 . 2012-06-09 16:13	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 12:41 . 2011-05-22 08:59	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-11-28 15:12	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 15:12	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 15:12	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-12 16:05 . 2012-10-12 16:05	73728	----a-r-	c:\users\Wiktor\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-10-12 16:05 . 2012-10-12 16:05	73728	----a-r-	c:\users\Wiktor\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-10-12 16:05 . 2012-10-12 16:05	53248	----a-r-	c:\users\Wiktor\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2012-10-12 16:05 . 2012-10-12 16:05	49152	----a-r-	c:\users\Wiktor\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-10-12 16:05 . 2012-10-12 16:05	49152	----a-r-	c:\users\Wiktor\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-10-09 18:17 . 2012-11-14 08:34	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 08:34	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 08:34	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 08:34	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 11:15	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 08:34	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 08:34	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 08:34	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 08:34	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 08:34	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 08:34	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 08:34	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 08:34	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 08:34	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 08:34	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 08:34	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 14:35 . 2012-10-16 15:01	4608	----a-w-	c:\windows\system32\drivers\vncmirror.sys
2012-10-02 14:35 . 2012-10-16 15:01	26112	----a-w-	c:\windows\system32\vncmirror.dll
2012-09-25 22:47 . 2012-11-14 08:33	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 08:33	95744	----a-w-	c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe" [2009-08-12 6203296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Wiktor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"=c:\program files (x86)\common files\java\java update\jusched.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ftusbmon;USB Monitor Pro service;c:\program files\USB Monitor Pro\ftusbmon.exe [2012-02-22 773120]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]
R3 RDMPLocalService;RDM+ Local Service;c:\program files (x86)\RDM+\rdmpserv.exe [2009-12-25 801280]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VERYSPLIT;VerySoft WebCamSplitter, WDM Streaming Driver;c:\windows\system32\DRIVERS\verysplit_x64.sys [2010-02-16 67968]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-08 1255736]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-09 503352]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2009-05-29 36432]
S3 ftusbmonflt;FabulaTech USB Monitor Pro service;c:\windows\system32\drivers\ftusbmon.sys [2012-02-22 49376]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 12:41]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-08 21:19]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-08 21:19]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246005965-2297949450-4126875699-1001Core.job
- c:\users\Wiktor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-21 21:19]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246005965-2297949450-4126875699-1001UA.job
- c:\users\Wiktor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-21 21:19]
.
2012-12-18 c:\windows\Tasks\Norton Security Scan for Wiktor.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-16 08:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 15:58	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 15:58	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 15:58	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 15:58	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-10-15 1050000]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = 
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\wnmcyfn2.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110824&tt=201112_1849_4712_4&babsrc=HP_ss&mntrId=424e57e9000000000000701a04df90e3
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110824&tt=201112_1849_4712_4&babsrc=KW_ss&mntrId=424e57e9000000000000701a04df90e3&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
Toolbar-10 - (no file)
AddRemove-Windows XP Video Screensaver Powertoy_is1 - c:\windows\system32\unins000.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-246005965-2297949450-4126875699-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:27,40,62,81,ce,37,51,49,c4,8e,7b,94,a7,e8,91,05,38,8f,93,92,75,3e,16,
   64,d6,23,8c,5c,47,71,df,82,b0,34,c1,bb,ad,bf,15,00,0b,b6,82,2d,28,60,db,68,\
"??"=hex:fa,8f,e0,ed,36,c0,e2,6c,6a,4d,01,02,13,51,39,c8
.
[HKEY_USERS\S-1-5-21-246005965-2297949450-4126875699-1001\Software\SecuROM\License information*]
"datasecu"=hex:27,d8,f1,b3,e6,e5,8f,3a,50,b4,82,bb,7f,8a,24,df,16,86,c0,e5,48,
   e3,1a,40,c1,c2,a7,8d,cf,16,c1,4e,f1,ae,7b,e9,8f,bb,1c,3e,da,81,f0,ba,08,cf,\
"rkeysecu"=hex:b2,be,5d,28,ff,42,d7,ee,53,98,1e,7f,b2,85,75,60
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2012-12-19  20:37:59
ComboFix-quarantined-files.txt  2012-12-19 19:37
ComboFix2.txt  2012-12-19 19:24
ComboFix3.txt  2012-11-28 23:23
ComboFix4.txt  2012-04-13 18:03
ComboFix5.txt  2012-12-19 19:26
.
Przed: 50 726 330 368 bajtów wolnych
Po: 50 655 199 232 bajtów wolnych
.
- - End Of File - - 969EE749154B82710581F4DEDAA12639