ComboFix 14-02-14.01 - Administrator 2014-02-16  16:22:00.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1250.48.1045.18.4027.2337 [GMT 1:00]
Uruchomiony z: c:\users\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0415.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
Zainfekowana kopia c:\windows\SysWow64\user32.dll została znaleziona. Problem naprawiono 
Plik odzyskano z - c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll 
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-01-16 do 2014-02-16  )))))))))))))))))))))))))))))))
.
.
2014-02-16 15:27 . 2014-02-16 15:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-02-16 10:40 . 2014-02-16 10:46	--------	d--h--w-	c:\windows\msdownld.tmp
2014-02-16 10:33 . 2014-02-16 10:34	--------	d-----w-	c:\users\Administrator
2014-02-16 09:02 . 2012-01-20 13:14	18816	----a-w-	c:\windows\system32\roboot64.exe
2014-02-14 17:46 . 2013-12-16 00:54	10315576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A71162A7-E873-4B47-BED5-610A7107C466}\mpengine.dll
2014-02-13 16:39 . 2014-02-13 16:39	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2014-02-12 23:26 . 2013-09-25 02:23	1030144	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-02-12 22:50 . 2013-12-06 02:30	2048	----a-w-	c:\windows\system32\msxml3r.dll
2014-02-12 22:50 . 2013-12-06 02:30	1882112	----a-w-	c:\windows\system32\msxml3.dll
2014-02-12 22:50 . 2013-12-06 02:02	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2014-02-12 22:50 . 2013-12-06 02:02	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2014-02-12 22:50 . 2013-12-24 23:09	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2014-02-12 22:50 . 2013-12-24 22:48	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2014-02-12 22:50 . 2013-11-26 08:16	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2014-02-12 22:50 . 2013-11-22 22:48	3928064	----a-w-	c:\windows\system32\d2d1.dll
2014-02-12 21:37 . 2014-02-12 21:37	--------	d-----w-	c:\program files (x86)\HD Tune Pro
2014-02-12 20:26 . 2014-02-12 20:29	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2014-02-12 20:08 . 2002-01-12 15:30	3567	----a-w-	c:\windows\SysWow64\drivers\PortTalk.sys
2014-02-12 19:42 . 2014-02-12 19:42	--------	d-----w-	c:\users\DefaultAppPool
2014-02-12 19:29 . 2014-02-12 19:29	--------	d-----w-	c:\windows\SysWow64\BestPractices
2014-02-12 19:29 . 2014-02-12 19:29	--------	d-----w-	c:\windows\system32\BestPractices
2014-02-12 19:29 . 2014-02-12 19:29	--------	d-----w-	C:\inetpub
2014-02-11 19:50 . 2014-02-11 19:50	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-02-11 19:50 . 2014-02-11 19:50	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-09 10:50 . 2014-02-09 10:50	--------	d-----w-	c:\program files (x86)\Snap-on Business Solutions
2014-02-09 10:49 . 2014-02-09 10:49	--------	d-----w-	c:\windows\Downloaded Installations
2014-02-08 21:09 . 2014-02-15 08:42	--------	d-sh--w-	c:\windows\Installer
2014-02-07 18:23 . 2003-02-21 01:42	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2014-02-03 17:14 . 2014-02-03 17:14	--------	d-----w-	c:\windows\smFile
2014-02-03 17:14 . 2009-10-06 19:07	205440	----a-w-	c:\windows\system32\drivers\SMIksdrv.sys
2014-02-03 17:14 . 2009-09-29 15:09	937984	----a-w-	c:\windows\system32\RemoveSM37X.exe
2014-02-03 17:14 . 2009-09-14 14:08	205312	----a-w-	c:\windows\system32\SM37XCoInst.dll
2014-02-03 17:14 . 2009-08-28 17:08	326656	----a-w-	c:\windows\system32\370prop.ax
2014-02-03 17:14 . 2009-08-28 17:07	274432	----a-w-	c:\windows\SysWow64\370prop.ax
2014-02-03 17:14 . 2008-01-16 17:06	2806784	----a-w-	c:\windows\system32\drivers\SMIexp.sys
2014-02-03 17:14 . 2014-02-12 20:33	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2014-02-03 17:14 . 2014-02-03 17:14	--------	d-----w-	c:\program files (x86)\USB2.0 UVC WebCam
2014-01-30 15:55 . 2012-08-03 07:01	545	----a-w-	c:\windows\UC.PIF
2014-01-30 15:55 . 2012-08-03 07:01	545	----a-w-	c:\windows\RAR.PIF
2014-01-30 15:55 . 2012-08-03 07:01	545	----a-w-	c:\windows\LHA.PIF
2014-01-30 15:55 . 2012-08-03 07:01	545	----a-w-	c:\windows\ARJ.PIF
2014-01-30 14:43 . 2014-01-30 14:43	--------	d-----w-	c:\windows\system32\appmgmt
2014-01-29 19:34 . 2010-11-20 04:03	3584	----a-w-	c:\windows\system32\drivers\en-US\vpchbus.sys.mui
2014-01-28 12:03 . 2014-01-28 12:03	31648	----a-w-	c:\windows\system32\drivers\HWiNFO64A.SYS
2014-01-28 12:02 . 2007-10-12 14:14	5081608	----a-w-	c:\windows\system32\d3dx9_36.dll
2014-01-27 19:53 . 2014-01-27 19:53	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2014-01-26 14:07 . 2014-01-29 04:59	--------	d-----w-	c:\program files\Microsoft Silverlight
2014-01-26 14:07 . 2014-01-29 04:59	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2014-01-25 19:26 . 2014-01-26 13:59	--------	d-----w-	c:\program files (x86)\Microsoft Works
2014-01-25 19:26 . 2014-01-25 19:26	--------	d-----w-	c:\windows\PCHEALTH
2014-01-25 19:24 . 2014-01-25 19:24	--------	d-----w-	c:\program files\Microsoft Office
2014-01-25 19:24 . 2014-01-25 19:24	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2014-01-25 19:23 . 2014-01-27 19:53	--------	d-----w-	c:\programdata\Microsoft Help
2014-01-25 14:46 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2014-01-25 14:46 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2014-01-25 14:31 . 2014-01-25 14:31	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-01-25 13:38 . 2012-08-23 13:24	15360	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2014-01-25 13:38 . 2012-08-23 14:10	19456	----a-w-	c:\windows\system32\drivers\rdpvideominiport.sys
2014-01-25 13:38 . 2012-08-23 14:08	30208	----a-w-	c:\windows\system32\drivers\TsUsbGD.sys
2014-01-25 13:38 . 2012-08-23 14:13	243200	----a-w-	c:\windows\system32\rdpudd.dll
2014-01-25 13:38 . 2012-08-23 11:12	192000	----a-w-	c:\windows\SysWow64\rdpendp_winip.dll
2014-01-25 13:38 . 2012-08-23 10:51	228864	----a-w-	c:\windows\system32\rdpendp_winip.dll
2014-01-25 13:38 . 2012-08-23 09:51	3174912	----a-w-	c:\windows\system32\rdpcorets.dll
2014-01-25 10:41 . 2013-11-23 18:26	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2014-01-25 10:41 . 2013-11-23 17:47	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2014-01-25 10:41 . 2011-02-25 06:19	2871808	----a-w-	c:\windows\explorer.exe
2014-01-25 10:41 . 2011-02-25 05:30	2616320	----a-w-	c:\windows\SysWow64\explorer.exe
2014-01-25 10:13 . 2014-02-11 19:50	--------	d-----w-	c:\programdata\Oracle
2014-01-25 10:11 . 2014-01-25 10:11	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2014-01-25 04:27 . 2014-01-25 04:27	--------	d-----w-	c:\windows\SysWow64\Wat
2014-01-25 04:27 . 2014-01-25 04:27	--------	d-----w-	c:\windows\system32\Wat
2014-01-25 02:43 . 2014-02-16 14:49	--------	d-----w-	c:\windows\Panther
2014-01-25 02:43 . 2014-01-25 02:43	--------	d-----w-	C:\Hotfix
2014-01-25 02:43 . 2014-01-25 02:43	--------	d-----w-	C:\Drivers
2014-01-25 02:43 . 2014-01-24 17:52	--------	d-----w-	c:\windows\system32\OEM
2014-01-25 02:41 . 2014-02-16 15:14	--------	d-----w-	c:\windows\SysWow64\wbem\pl-PL
2014-01-25 02:41 . 2014-01-29 20:12	--------	d-----w-	c:\windows\system32\drivers\pl-PL
2014-01-25 02:41 . 2014-01-25 02:41	--------	d-----w-	c:\windows\SysWow64\pl
2014-01-25 02:41 . 2014-01-25 02:41	--------	d-----w-	c:\windows\SysWow64\drivers\pl-PL
2014-01-25 02:41 . 2014-01-25 02:41	--------	d-----w-	c:\windows\system32\drivers\UMDF\pl-PL
2014-01-25 02:41 . 2014-01-25 02:41	--------	d-----w-	c:\windows\pl-PL
2014-01-25 02:41 . 2014-02-16 15:14	--------	d-----w-	c:\windows\system32\wbem\pl-PL
2014-01-25 02:41 . 2014-01-25 02:41	--------	d-----w-	c:\windows\system32\pl
2014-01-25 02:39 . 2009-07-14 02:48	3584	----a-w-	c:\windows\system32\Spool\prtprocs\x64\pl-PL\LXKPTPRC.DLL.mui
2014-01-24 21:39 . 2013-05-10 04:30	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2014-01-24 21:39 . 2013-05-10 03:48	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-01-24 21:39 . 2013-05-10 05:56	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2014-01-24 21:39 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2014-01-24 21:39 . 2013-05-10 05:56	14631424	----a-w-	c:\windows\system32\wmp.dll
2014-01-24 21:22 . 2014-01-25 19:26	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2014-01-24 21:22 . 2014-01-24 21:22	--------	d-----w-	c:\windows\Migration
2014-01-24 21:12 . 2013-10-14 17:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2014-01-24 19:27 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2014-01-24 19:10 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2014-01-24 19:10 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2014-01-24 19:10 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2014-01-24 19:10 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2014-01-24 19:10 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2014-01-24 19:10 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2014-01-24 19:10 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2014-01-24 18:58 . 2014-02-12 23:32	--------	d-----w-	c:\windows\system32\MRT
2014-01-24 18:56 . 2011-02-18 10:51	31232	----a-w-	c:\windows\system32\prevhost.exe
2014-01-24 18:56 . 2011-02-18 05:39	31232	----a-w-	c:\windows\SysWow64\prevhost.exe
2014-01-24 18:56 . 2011-04-29 03:06	467456	----a-w-	c:\windows\system32\drivers\srv.sys
2014-01-24 18:56 . 2011-04-29 03:05	410112	----a-w-	c:\windows\system32\drivers\srv2.sys
2014-01-24 18:56 . 2011-04-29 03:05	168448	----a-w-	c:\windows\system32\drivers\srvnet.sys
2014-01-24 18:54 . 2012-11-30 05:45	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-01-24 18:53 . 2012-10-09 18:17	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2014-01-24 18:52 . 2013-07-09 05:52	224256	----a-w-	c:\windows\system32\wintrust.dll
2014-01-24 18:51 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2014-01-24 18:50 . 2013-05-27 05:50	1011712	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2014-01-24 18:49 . 2011-05-24 11:42	404480	----a-w-	c:\windows\system32\umpnpmgr.dll
2014-01-24 18:34 . 2014-02-11 19:34	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-24 18:34 . 2014-02-11 19:34	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-24 18:34 . 2014-01-24 18:34	--------	d-----w-	c:\windows\SysWow64\Macromed
2014-01-24 18:34 . 2014-01-24 18:34	--------	d-----w-	c:\windows\system32\Macromed
2014-01-24 18:31 . 2013-08-28 01:12	461312	----a-w-	c:\windows\system32\scavengeui.dll
2014-01-24 18:31 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2014-01-24 18:31 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2014-01-24 18:22 . 2014-01-30 14:35	--------	d-----w-	c:\programdata\NVIDIA
2014-01-24 18:22 . 2014-01-30 14:35	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2014-01-24 18:22 . 2013-10-23 08:20	6669600	----a-w-	c:\windows\system32\nvcpl.dll
2014-01-24 18:22 . 2013-10-23 08:20	3489568	----a-w-	c:\windows\system32\nvsvc64.dll
2014-01-24 18:22 . 2013-10-23 08:20	922912	----a-w-	c:\windows\system32\nvvsvc.exe
2014-01-24 18:22 . 2013-10-23 08:20	63776	----a-w-	c:\windows\system32\nvshext.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 05:13 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:52 . !HASH: COULD NOT OPEN FILE !!!!! . 24128 . . [------] .. c:\windows\system32\drivers\atapi.sys
.
[-] 2009-07-14 01:48 . !HASH: COULD NOT OPEN FILE !!!!! . 50768 . . [------] .. c:\windows\system32\drivers\kbdclass.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-24 3767096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys;c:\windows\SYSNATIVE\Drivers\PortTalk.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SliceDisk5;SliceDisk5;c:\users\Jacek\Desktop\Nowy folder\slicedisk-x64.sys;c:\users\Jacek\Desktop\Nowy folder\slicedisk-x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbsmi;USB2.0 UVC WebCam;c:\windows\system32\DRIVERS\SMIksdrv.sys;c:\windows\SYSNATIVE\DRIVERS\SMIksdrv.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-24 18:07	287280	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 217.113.224.35 217.113.224.135
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kbk88hku.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-Adobe Photoshop 7.0.1 CE - c:\windows\ISUN0415.EXE
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-600216957-4274959985-3227901322-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-600216957-4274959985-3227901322-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-600216957-4274959985-3227901322-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-600216957-4274959985-3227901322-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-600216957-4274959985-3227901322-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-600216957-4274959985-3227901322-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Czas ukończenia: 2014-02-16  16:35:12 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2014-02-16 15:35
.
Przed: 9 159 692 288 bajtów wolnych
Po: 9 527 382 016 bajtów wolnych
.
- - End Of File - - AE4372D8CA92A9F3F466EE69BBE71CFD
A36C5E4F47E84449FF07ED3517B43A31