ComboFix 14-03-19.01 - dut 2014-03-19 9:59.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.3583.2388 [GMT 1:00] Uruchomiony z: c:\users\dut\Downloads\Programs\ComboFix.exe AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: Zapora osobista ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania * Rezydentny antywirus jest aktywny . . . ((((((((((((((((((((((((( Pliki utworzone od 2014-02-19 do 2014-03-19 ))))))))))))))))))))))))))))))) . . 2014-03-19 09:09 . 2014-03-19 09:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-15 12:08 . 2014-03-15 12:08 -------- d-----w- c:\users\dut\AppData\Roaming\ttales 2014-03-15 12:08 . 2014-03-15 12:08 -------- d-----w- c:\programdata\Steam 2014-03-15 11:53 . 2014-03-18 07:27 -------- d-----w- c:\program files (x86)\The LEGO Movie - Videogame 2014-03-06 14:58 . 2014-03-06 14:58 -------- d-----w- c:\users\dut\AppData\Roaming\pl.juka.Juka 2014-02-28 19:03 . 2014-02-28 19:03 -------- d-----w- c:\users\dut\AppData\Roaming\e-Deklaracje 2014-02-28 19:03 . 2014-03-18 07:27 -------- d-----w- c:\program files (x86)\e-Deklaracje 2014-02-28 19:03 . 2014-02-28 19:03 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2014-02-28 16:25 . 2014-02-28 16:25 -------- d-----w- c:\users\dut\AppData\Local\SKIDROW 2014-02-28 16:14 . 2014-03-18 07:27 -------- d-----w- c:\program files (x86)\Kunos Simulazioni 2014-02-24 11:01 . 2014-02-24 11:01 717080 ----a-w- c:\windows\unins000.exe 2014-02-22 16:44 . 2014-03-18 07:22 -------- d-----w- c:\users\dut\AppData\Roaming\Patcher 2014-02-22 09:55 . 2014-03-18 07:22 -------- d-----w- c:\windows\WindowsMobile . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-19 08:57 . 2014-03-19 08:57 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E39FEBCE-E8D4-43F6-ABCD-DF8FC38DDC9E}\offreg.dll 2014-01-16 08:59 . 2013-10-07 08:26 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-01-06 15:20 . 2013-10-13 15:44 86054176 ----a-w- c:\windows\system32\MRT.exe 2013-12-19 20:33 . 2014-01-31 11:18 9657464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-12-19 20:33 . 2014-01-31 11:18 30372640 ----a-w- c:\windows\system32\nvoglv64.dll 2013-12-19 20:33 . 2014-01-31 11:18 22960416 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-12-19 20:33 . 2014-01-31 11:18 15877216 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-12-19 20:33 . 2014-01-31 11:18 12645664 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-12-19 20:33 . 2014-01-31 11:18 11554264 ----a-w- c:\windows\system32\nvopencl.dll 2013-12-19 20:33 . 2014-01-31 11:18 9700224 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-12-19 20:33 . 2014-01-31 11:18 882464 ----a-w- c:\windows\system32\NvIFR64.dll 2013-12-19 20:33 . 2014-01-31 11:18 879392 ----a-w- c:\windows\system32\NvFBC64.dll 2013-12-19 20:33 . 2014-01-31 11:18 852768 ----a-w- c:\windows\SysWow64\NvIFR.dll 2013-12-19 20:33 . 2014-01-31 11:18 847648 ----a-w- c:\windows\SysWow64\NvFBC.dll 2013-12-19 20:33 . 2014-01-31 11:18 3132704 ----a-w- c:\windows\system32\nvcuvid.dll 2013-12-19 20:33 . 2014-01-31 11:18 3125024 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-12-19 20:33 . 2014-01-31 11:18 2947872 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-12-19 20:33 . 2014-01-31 11:18 2747680 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-12-19 20:33 . 2014-01-31 11:18 25257248 ----a-w- c:\windows\system32\nvcompiler.dll 2013-12-19 20:33 . 2014-01-31 11:18 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll 2013-12-19 20:33 . 2014-01-31 11:18 18222008 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-12-19 20:33 . 2014-01-31 11:18 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-12-19 20:33 . 2014-01-31 11:18 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll 2013-12-19 20:33 . 2014-01-31 11:18 11605752 ----a-w- c:\windows\system32\nvcuda.dll 2013-12-19 20:33 . 2013-10-22 12:34 2698272 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-12-19 20:33 . 2013-10-14 12:38 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-12-19 20:33 . 2013-10-14 12:38 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-12-19 20:33 . 2013-09-17 20:22 15230352 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-12-19 20:33 . 2013-09-17 20:22 3071656 ----a-w- c:\windows\system32\nvapi64.dll 2013-12-19 20:33 . 2009-07-13 21:59 18310112 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-12-19 18:53 . 2013-10-14 12:38 6671648 ----a-w- c:\windows\system32\nvcpl.dll 2013-12-19 18:53 . 2013-10-14 12:38 3490080 ----a-w- c:\windows\system32\nvsvc64.dll 2013-12-19 18:53 . 2013-10-14 12:38 922912 ----a-w- c:\windows\system32\nvvsvc.exe 2013-12-19 18:53 . 2013-10-14 12:38 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-12-19 18:53 . 2013-10-14 12:38 386336 ----a-w- c:\windows\system32\nvmctray.dll 2013-12-19 18:53 . 2013-10-14 12:38 2559776 ----a-w- c:\windows\system32\nvsvcr.dll 2013-12-19 11:20 . 2013-12-19 11:20 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-09-13 04:05 1724616 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-09-13 04:05 1724616 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-09-13 04:05 1724616 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-12-21 3478392] . c:\users\dut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ bvmqbib.lnk - c:\windows\System32\rundll32.exe c:\progra~3\bibqmvb.cpp,XXS1 [2009-7-14 45568] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-09-13 04:02 2328264 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-09-13 04:02 2328264 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-09-13 04:02 2328264 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 6325936] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.pl/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = IE: Ściągaj z Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm IE: Ściągnij przez IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: Ściągnij wideo FLV przez IDM z 10 ostatnio żądanych - c:\program files (x86)\Internet Download Manager\IEGetVL2.htm IE: Ściągnij wszystkie linki przez IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm TCP: DhcpNameServer = 192.168.1.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKLM-Run- - (no file) Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe Toolbar-Locked - (no file) AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-3676928154-2596279499-3104149140-1000_Classes\Wow6432Node\CLSID\{3b66f92d-c657-487d-a664-acd535e9c458}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000001c "Therad"=dword:00000004 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-3676928154-2596279499-3104149140-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):85,4a,f3,aa,ca,4f,e3,93,60,5c,d0,8a,96,9b,c6,a0,22,94,e2,bc,3c, 15,0d,dc,96,09,98,77,07,b0,89,b2,d7,ee,9a,21,e3,45,f2,7b,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-3676928154-2596279499-3104149140-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):e2,35,35,9e,5b,bc,0f,d0,18,f1,3e,cf,62,83,81,b8,7b,fe,b6,1a,00, f7,54,10,57,e6,fd,34,7d,8f,59,3d,7a,f6,39,26,53,81,ff,49,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-3676928154-2596279499-3104149140-1000_Classes\Wow6432Node\CLSID\{aae17117-db29-4cc5-9501-fa2b89f4ac42}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000134 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,ed,46,f5,43,91,3a,8b,82,1e,72,0f,ca,13,b8,4c,e4,b9,bc,00,13,bc,85,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2014-03-19 10:13:33 ComboFix-quarantined-files.txt 2014-03-19 09:13 . Przed: 333 996 036 096 bajtów wolnych Po: 340 895 092 736 bajtów wolnych . - - End Of File - - 752CE081E31B12F9CB349E073500ECE0 A36C5E4F47E84449FF07ED3517B43A31