ComboFix 13-05-10.01 - Katarzyna 2013-05-10 12:07:57.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.4078.2124 [GMT 2:00] Uruchomiony z: c:\silk\programy\ComboFix.exe AV: ArcaVir *Enabled/Updated* {632ED295-5EE3-505D-F3D3-32EAED41EB7A} SP: ArcaVir *Enabled/Updated* {D84F3371-78D9-5FD3-C963-099896C6A1C7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\BeRowsuE2saaVee c:\programdata\BeRowsuE2saaVee\5179a2b8db444.dll c:\programdata\BeRowsuE2saaVee\5179a2b8db444.tlb c:\programdata\BeRowsuE2saaVee\data\BeRowsuE2saaVee.dat c:\programdata\BeRowsuE2saaVee\settings.ini c:\programdata\BeRowsuE2saaVee\uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\BeRowsuE2saaVee c:\programdata\Microsoft\Windows\Start Menu\Programs\BeRowsuE2saaVee\BeRowsuE2saaVee.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\BeRowsuE2saaVee\Uninstall.lnk . . ((((((((((((((((((((((((( Pliki utworzone od 2013-04-10 do 2013-05-10 ))))))))))))))))))))))))))))))) . . 2013-05-10 10:15 . 2013-05-10 10:15 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-05-10 10:15 . 2013-05-10 10:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-09 14:01 . 2013-05-09 14:01 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{178511F9-198C-45FD-B5E1-8A849A9A08E6}\offreg.dll 2013-05-07 12:31 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{178511F9-198C-45FD-B5E1-8A849A9A08E6}\mpengine.dll 2013-05-01 20:42 . 2013-05-01 20:42 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-05-01 09:34 . 2013-05-01 09:34 -------- d-----w- c:\users\Katarzyna\AppData\Local\PunkBuster 2013-05-01 09:33 . 2013-05-01 09:33 282512 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-05-01 09:33 . 2013-05-01 09:33 282512 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-05-01 09:33 . 2013-05-01 09:33 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2013-04-30 22:39 . 2013-04-30 22:39 -------- d-----w- C:\Ubisoft 2013-04-30 22:37 . 2013-04-30 22:37 -------- d-----w- c:\users\Katarzyna\AppData\Local\Apps 2013-04-30 22:37 . 2013-05-01 09:33 -------- d-----w- c:\users\Katarzyna\AppData\Local\Deployment 2013-04-30 19:08 . 2013-04-30 20:38 -------- d-----w- c:\users\Katarzyna\AppData\Local\Ubisoft 2013-04-30 19:08 . 2013-05-01 09:49 -------- d-sh--w- c:\users\Katarzyna\wc 2013-04-30 19:07 . 2013-04-30 19:07 -------- d-sh--w- c:\users\Katarzyna\AppData\Roaming\wyUpdate AU 2013-04-30 19:07 . 2013-04-30 19:07 -------- d-----w- c:\users\Katarzyna\AppData\Roaming\Ubisoft 2013-04-25 21:05 . 2013-04-25 21:05 -------- d-----w- c:\programdata\SoftSafe 2013-04-25 21:01 . 2013-04-25 21:01 -------- d-----w- c:\program files (x86)\WebSearch 2013-04-25 21:01 . 2013-04-26 12:24 -------- d-----w- c:\users\Katarzyna\AppData\Roaming\Systweak 2013-04-25 21:01 . 2013-01-01 16:32 20488 ----a-w- c:\windows\system32\roboot64.exe 2013-04-25 21:01 . 2013-04-25 21:01 -------- d-----w- c:\program files (x86)\BrowseToSave 2013-04-25 21:00 . 2013-04-25 21:06 -------- d-----w- c:\programdata\InstallMate 2013-04-24 12:51 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-13 21:08 . 2013-04-13 21:10 -------- d-----w- c:\programdata\ArcaBit 2013-04-13 21:08 . 2013-04-13 21:08 -------- d-----w- c:\program files\ArcaBit 2013-04-13 21:05 . 2013-04-13 21:06 -------- d-----w- c:\programdata\Package Cache 2013-04-13 21:03 . 2013-04-13 21:03 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-04-13 20:55 . 2013-04-13 20:55 -------- d-----w- c:\program files (x86)\AVG Secure Search 2013-04-12 17:09 . 2013-04-12 17:19 -------- d-----w- c:\users\Katarzyna\AppData\Roaming\mIRC 2013-04-12 17:09 . 2013-04-12 17:09 -------- d-----w- c:\program files (x86)\mIRC 2013-04-10 12:35 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 20:55 . 2013-03-07 13:19 40736 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-04-12 04:49 . 2013-04-07 06:38 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-03-17 18:44 . 2013-03-17 18:44 1102 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg 2013-03-13 19:24 . 2013-03-01 15:23 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 19:24 . 2013-03-01 15:23 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-28 16:01 . 2013-02-28 16:01 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS 2013-02-12 05:45 . 2013-03-13 13:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 13:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 13:55 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 13:55 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 13:55 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 13:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-17 15:27 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2013-04-13 20:55 1966768 ----a-w- c:\program files (x86)\AVG Secure Search\15.1.0.2\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}] 2012-03-15 13:57 242384 ----a-w- c:\program files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll" [2012-03-15 250576] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.1.0.2\AVG Secure Search_toolbar.dll" [2013-04-13 1966768] . [HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}] [HKEY_CLASSES_ROOT\Softonic.dskBnd.1] [HKEY_CLASSES_ROOT\Softonic.dskBnd] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-06-10 79664] "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-10 1636776] "ESL Wire"="c:\program files\EslWire\wire.exe" [2013-02-26 3939840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160] "HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-04-13 1223344] . c:\users\Katarzyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Rejestracja FIFA 09.lnk - c:\program files (x86)\EA Sports\FIFA 09\Support\EAregister.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" . R2 AVBackup;ArcaBit Backup Service;c:\program files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe [2012-11-30 257872] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R3 AMOptimalDiskService;appsmaker OptimalDisk Service;c:\program files (x86)\Common Files\OptimalSuite Common\AMDSrv.exe [2010-12-17 5216624] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-04-29 36000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2011-04-29 51872] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-04-29 259232] R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-04-29 109216] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-04-29 166048] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-04-29 59040] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-04-29 283296] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-04-29 288416] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088] R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-10-14 20480] R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824] R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232] R3 SpeedBoosterSvc;appsmaker SpeedBooster 2.0 Service;c:\program files (x86)\Common Files\OptimalSuite Common\BoostService.exe [2010-12-17 2318192] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-26 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [2013-02-28 95392] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-04-13 40736] S2 ABConfSV;ArcaBit Config Service;c:\program files\ArcaBit\Common\ArcaConfSV.exe [2012-01-09 204880] S2 ABMainSV;ArcaBit Main Service;c:\program files\ArcaBit\ArcaVir\ArcaMainSV.exe [2013-03-27 232064] S2 ArcaRemoteService;ArcaBit Control;c:\program files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe [2013-04-22 979720] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-29 91296] S2 AVTasks2;ArcaBit Tasks Service;c:\program files\ArcaBit\Common\ArcaTasksService.exe [2012-09-06 199280] S2 AVUpdate;ArcaBit Update Service;c:\program files\ArcaBit\ArcaUpdate\update.exe [2013-03-21 208648] S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-12-17 160784] S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe [2012-12-17 678416] S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-11-22 127800] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-29 2361344] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472] S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-08-23 2148216] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160] S2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [2013-04-13 1008816] S3 ABFLT;ArcaBit File Monitor Driver;c:\program files\ArcaBit\ArcaVir\ABFLT.sys [2013-03-27 85232] S3 ABWFP;ArcaBit WFP Driver;c:\program files\ArcaBit\ArcaVir\ABWFP.sys [2011-11-15 40016] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-04-29 29344] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-29 335464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-29 425064] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784] . . Zawartość folderu 'Zaplanowane zadania' . 2013-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 19:24] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-29 790688] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-29 657568] "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU] "AvMenu"="c:\program files\ArcaBit\ArcaVir\AVMenu.exe" [2013-05-06 645896] "ArcaClean"="c:\program files\ArcaBit\ArcaVir\ArcaClean.exe" [2013-04-22 59656] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://websearch.youwillfind.info/?pid=658&r=2013/04/25&hid=2011115425&lg=EN&cc=PL mStart Page = hxxp://websearch.youwillfind.info/?pid=658&r=2013/04/25&hid=2011115425&lg=EN&cc=PL mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll . - - - - USUNIĘTO PUSTE WPISY - - - - . BHO-{D633E242-4019-35CE-5AFE-4DCE444CAC1F} - c:\programdata\BeRowsuE2saaVee\5179a2b8db444.dll Wow6432Node-HKLM-Run- - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\BeRowsuE2saaVee\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1651602876-1413148883-3757397975-1000\Software\SecuROM\License information*] "datasecu"=hex:f4,0b,71,a9,b0,cf,17,80,62,8d,00,a9,40,89,cf,31,65,c4,33,49,9d, c2,05,59,9d,79,c5,0b,6e,c1,8e,ba,96,c2,e8,44,33,53,7b,40,08,14,ce,dc,37,ce,\ "rkeysecu"=hex:c5,39,85,db,9a,ce,cc,33,4e,b8,36,bc,99,64,ca,77 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2013-05-10 12:18:17 ComboFix-quarantined-files.txt 2013-05-10 10:18 ComboFix2.txt 2013-03-02 23:19 ComboFix3.txt 2013-03-01 11:50 . Przed: 212 079 489 024 bajtów wolnych Po: 213 254 311 936 bajtów wolnych . - - End Of File - - F44DF04A2B0665C6FE977B59F107E0A1