ComboFix 13-01-08.01 - Karol 2013-01-08  16:47:53.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1045.18.3959.2783 [GMT 1:00]
Uruchomiony z: c:\users\Karol\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\I Want This
c:\program files (x86)\I Want This\I Want This.dll
c:\program files (x86)\I Want This\I Want This.exe
c:\program files (x86)\I Want This\I Want This.ico
c:\program files (x86)\I Want This\I Want This.ini
c:\program files (x86)\I Want This\I Want ThisGui.exe
c:\program files (x86)\I Want This\I Want ThisInstaller.log
c:\program files (x86)\I Want This\Uninstall.exe
c:\programdata\1352568812.bdinstall.bin
c:\programdata\1355767931.bdinstall.bin
c:\programdata\1355768187.bdinstall.bin
c:\programdata\1355768439.bdinstall.bin
c:\programdata\1357659731.bdinstall.bin
c:\programdata\Bc
c:\programdata\Bc\0
c:\users\Karol\AppData\Local\I Want This
c:\users\Karol\AppData\Local\I Want This\Chrome\I Want This.crx
c:\users\Karol\AppData\Local\Setup.exe
c:\windows\IsUn0415.exe
c:\windows\iun6002.exe
c:\windows\PFRO.log
c:\windows\SysWow64\tmpE332.tmp
c:\windows\SysWow64\tmpE353.tmp
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-12-08 do 2013-01-08  )))))))))))))))))))))))))))))))
.
.
2013-01-08 15:57 . 2013-01-08 15:57	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-01-08 15:57 . 2013-01-08 15:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-08 15:54 . 2013-01-08 15:54	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA33CE01-A281-4BC8-B8AF-F0B522C218A0}\offreg.dll
2012-12-22 16:19 . 2012-12-22 16:19	--------	d-----w-	c:\program files\Logitech
2012-12-22 16:17 . 2004-04-23 13:23	2506752	----a-w-	c:\windows\SysWow64\LWCtPl.dll
2012-12-22 16:17 . 2002-12-05 13:10	155648	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-12-22 16:17 . 2002-12-02 14:22	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-12-22 16:17 . 2002-12-02 12:33	57344	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-12-22 16:17 . 2002-12-02 12:33	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-12-22 16:17 . 2003-02-27 15:12	696320	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-12-22 16:17 . 2012-12-22 16:17	163972	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-12-22 16:17 . 2012-12-22 16:17	282756	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-12-22 11:12 . 2012-12-22 11:12	--------	d-----w-	c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-12-21 11:40 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 11:40 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 11:40 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 11:40 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-12 08:30 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 08:30 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-11 19:19 . 2012-12-11 19:19	--------	d-----w-	c:\program files (x86)\AP Tuner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 16:09 . 2012-06-29 17:01	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 16:09 . 2011-06-14 13:32	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 11:58 . 2011-04-27 19:50	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-17 12:35 . 2012-11-17 12:35	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-17 12:35 . 2012-11-17 12:35	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-17 12:35 . 2012-11-17 12:35	289768	----a-w-	c:\windows\system32\javaws.exe
2012-11-17 12:35 . 2012-11-17 12:35	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-17 12:35 . 2012-11-17 12:35	189416	----a-w-	c:\windows\system32\javaw.exe
2012-11-17 12:35 . 2012-11-17 12:35	188904	----a-w-	c:\windows\system32\java.exe
2012-10-16 08:38 . 2012-11-28 16:16	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 16:16	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 16:16	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-12 07:19 . 2012-11-09 12:06	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA33CE01-A281-4BC8-B8AF-F0B522C218A0}\mpengine.dll
2012-10-10 20:23 . 2012-10-10 20:23	247144	----a-w-	c:\windows\system32\nvinitx.dll
2012-10-10 20:23 . 2012-10-10 20:23	1867112	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23	18252136	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23	1482600	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23	6127464	----a-w-	c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23	2574696	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23	25256296	----a-w-	c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23	831848	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2012-10-10 20:23 . 2012-10-10 20:23	202600	----a-w-	c:\windows\SysWow64\nvinit.dll
2012-10-10 20:23 . 2012-10-10 20:23	7414632	----a-w-	c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23	2731880	----a-w-	c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-10-10 20:23	973672	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-10-10 20:23 . 2012-10-10 20:23	14922600	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23	9146728	----a-w-	c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	7697768	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	2218344	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23	12501352	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22	2428776	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22	26331496	----a-w-	c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2011-12-30 21:12	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-10-10 20:22	15309160	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22	2747240	----a-w-	c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22	19906920	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22	13443944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22	17559912	----a-w-	c:\windows\SysWow64\nvcompiler.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 14:03	1310040	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-08-10 22:54	194928	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OscarEditor"="c:\program files (x86)\OSCAR Editor X7\OscarEditor.exe" [2010-07-22 2636800]
"Facebook Update"="c:\users\Karol\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Disk Monitor"="c:\program files (x86)\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe" [2003-11-24 439808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NSU_agent"="c:\program files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rejestracja FIFA 11.lnk - d:\gry\fifa 11\Support\EAregister.exe [2010-9-23 4407808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 otshot;otshot;c:\program files\otshot\ZalmanUpdateService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dump_wmimmc;dump_wmimmc;d:\gry\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 usbcamcl;Driver for video Device;c:\windows\system32\DRIVERS\usbcamcl.sys [2010-03-05 54216]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-29 503352]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 16:09]
.
2013-01-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2641087059-2978147333-2407544840-1000Core.job
- c:\users\Karol\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-01 16:20]
.
2013-01-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2641087059-2978147333-2407544840-1000UA.job
- c:\users\Karol\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-01 16:20]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 07:53]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 07:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.sweetim.com/?st=6&barid={D84236BD-BA23-11E1-8674-20CF30F07F0D}
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 192.168.1.20
FF - ProfilePath - c:\users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\zrsk0sp4.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={D84236BD-BA23-11E1-8674-20CF30F07F0D}&src=2&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-19 16:08; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\zrsk0sp4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtD0FtDyB0FtD0DyB0F0F0CtN0D0Tzu0CtBtAzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1737531233
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtD0FtDyB0FtD0DyB0F0F0CtN0D0Tzu0CtBtAzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1737531233
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtD0FtDyB0FtD0DyB0F0F0CtN0D0Tzu0CtBtAzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1737531233&q=
FF - user.js: extensions.funmoods.id - 20CF30F07F0D7FFC
FF - user.js: extensions.funmoods.instlDay - 15578
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2213:18:4
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extentions.y2layers.installId - e137ac47-8cc6-4842-b792-0aa20e12e3fa
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{11111111-1111-1111-1111-110011221158} - c:\program files (x86)\I Want This\I Want This.dll
BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - (no file)
Toolbar-{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
AddRemove-Generic USB Card Reader Driver - c:\windows\iun6002.exe
AddRemove-v2.2 - c:\windows\iun6002.exe
AddRemove-Gimnazjum klasa 3 - Puls życia - c:\windows\IsUn0415.exe
AddRemove-Gimnazjum klasa 3 - Śladami przeszłości - c:\windows\IsUn0415.exe
AddRemove-I Want This - c:\program files (x86)\I Want This\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2641087059-2978147333-2407544840-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:fd,c3,f1,bb,bc,c7,64,e7,57,87,24,8c,63,de,28,1e,75,a2,93,2a,b3,44,b1,
   ee,79,49,cd,16,a7,9b,ed,7a,38,be,9a,a7,d7,62,92,88,64,38,f3,8d,3b,62,22,3a,\
"??"=hex:ab,81,4c,f6,0a,0c,f7,4d,39,1e,25,df,76,ce,1b,26
.
[HKEY_USERS\S-1-5-21-2641087059-2978147333-2407544840-1000\Software\SecuROM\License information*]
"datasecu"=hex:75,47,41,70,31,f9,41,f4,02,f0,75,e0,bc,98,da,82,63,81,5e,c4,d0,
   fa,0a,1d,a0,02,10,b9,43,08,48,cc,a6,ee,0e,a5,4b,33,f8,0c,61,d0,02,c5,94,1f,\
"rkeysecu"=hex:d7,84,1a,b1,51,f1,83,ab,09,19,5a,76,f7,a5,f7,1d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2013-01-08  17:10:34
ComboFix-quarantined-files.txt  2013-01-08 16:10
.
Przed: 398 680 186 880 bajtów wolnych
Po: 398 532 980 736 bajtów wolnych
.
- - End Of File - - 54E8AC762679FC871C00BECACD3FF8D7