ComboFix 11-04-26.01 - Daniel 2011-04-26 22:08:47.2.1 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.2047.1239 [GMT 2:00] Uruchomiony z: c:\users\Daniel\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Rezydentny antywirus jest aktywny . . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Poprzednie uruchomienie ------- . C:\dqbx.pif C:\evkbg.pif C:\ivmjys.pif C:\kuee.exe C:\lwbq.exe C:\mnfn.exe C:\ogbjnn.pif c:\program files (x86)\AutocompletePro\AutocompletePro.dll c:\program files (x86)\AutocompletePro\chrome\autocompleteprochrome.crx c:\program files (x86)\AutocompletePro\FireFoxExtension.exe c:\program files (x86)\AutocompletePro\InstTracker.exe c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf c:\program files (x86)\AutocompletePro\unins000.dat c:\program files (x86)\AutocompletePro\unins000.exe c:\program files (x86)\IObit Toolbar\IE\4.3\ioBIttoolbarie.dll c:\programdata\Amazon.ico c:\programdata\MercadoLivre.ico c:\programdata\page\page.ico c:\programdata\page\page.URL c:\programdata\QuickStores.ico c:\users\matti\Desktop\Flash Menu 1\prev\Desktop_.ini c:\users\matti\Desktop\Flash Menu 1\swf\Desktop_.ini c:\users\matti\Desktop\Flash Menu 1\swf\Flash iPhone\Desktop_.ini c:\users\matti\Desktop\Flash Menu 1\thm\Desktop_.ini c:\users\matti\Desktop\Flash Menu 2\swf\Desktop_.ini c:\users\matti\Desktop\Flash Menu 2\thm\Desktop_.ini c:\windows\system32\ReadMe.txt c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\sysogg.dll c:\windows\SysWow64\wpcap.dll D:\aiqq.exe D:\bmlfkf.exe D:\ctms.exe D:\dixvsv.pif D:\dmkod.pif D:\hhbo.pif D:\lqhr.exe D:\mgon.exe D:\seowc.pif D:\yisunj.pif D:\ywof.pif E:\baqgv.pif E:\dvhx.exe E:\epuny.pif E:\lmtnpt.pif E:\nbnip.pif E:\nejkq.pif E:\tqqnq.pif E:\ywqa.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf . . ((((((((((((((((((((((((( Pliki utworzone od 2011-03-26 do 2011-04-26 ))))))))))))))))))))))))))))))) . . 2011-04-26 20:17 . 2011-04-26 20:17 -------- d-----w- c:\users\matti\AppData\Local\temp 2011-04-26 20:17 . 2011-04-26 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-26 18:44 . 2011-04-26 18:44 103140 --sh--r- C:\cualim.exe 2011-04-26 09:35 . 2011-04-26 09:35 -------- d-----w- c:\users\Daniel\AppData\Local\ESET 2011-04-24 17:37 . 2011-04-24 17:37 -------- d-----w- c:\program files (x86)\Rockstar Games 2011-04-23 11:05 . 2011-04-23 11:05 -------- d-----w- c:\users\Daniel\AppData\Roaming\Your Cottonelle Puppy 2011-04-23 11:05 . 2011-04-23 11:05 -------- d-----w- c:\program files (x86)\Your Cottonelle Puppy 2011-04-23 10:55 . 2011-04-23 10:55 -------- d-----w- c:\users\Daniel\AppData\Roaming\Pirates Of The Caribbean 2011-04-23 10:41 . 2011-04-23 10:43 -------- d-----w- c:\users\Daniel\AppData\Roaming\ChomikBox 2011-04-23 10:36 . 2011-04-25 20:50 -------- d-----w- c:\program files (x86)\ChomikBox 2011-04-21 18:43 . 2011-04-21 18:43 -------- d-----w- c:\users\Daniel\AppData\Roaming\skypePM 2011-04-21 18:36 . 2011-04-21 18:44 -------- d-----w- c:\users\Daniel\AppData\Roaming\Skype 2011-04-20 20:18 . 2011-04-20 20:18 -------- d-----w- c:\users\Daniel\AppData\Roaming\RedDotGames 2011-04-20 20:17 . 2009-03-07 10:48 3690496 ----a-w- c:\windows\SysWow64\tv3d65.dll 2011-04-18 18:17 . 2011-04-18 18:17 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2011-04-15 23:21 . 2011-04-15 23:24 -------- d-----w- c:\users\Daniel\AppData\Roaming\wargaming.net 2011-04-15 21:23 . 2011-04-15 22:01 -------- d-----w- c:\users\Daniel\AppData\Roaming\Tropico 3 2011-04-13 19:25 . 2011-04-13 19:25 -------- d-----w- c:\program files (x86)\GameSpy Arcade 2011-04-12 01:09 . 2011-04-12 01:10 -------- d-----w- c:\users\Daniel\AppData\Local\kaneandlynch 2011-04-11 14:50 . 2011-04-11 14:50 -------- d-----w- c:\users\Daniel\AppData\Local\Redlynx 2011-04-07 16:22 . 2011-04-07 16:22 -------- d-----w- c:\users\Daniel\AppData\Local\Mato_Technologies 2011-04-06 15:33 . 2011-04-06 15:33 -------- d-----w- c:\users\Daniel\AppData\Local\WOP 2011-04-06 15:33 . 2011-04-06 15:33 -------- d-----w- c:\programdata\WOP 2011-04-06 15:21 . 2011-04-06 21:42 -------- d-----w- c:\users\Daniel\AppData\Local\Wings of Prey 2011-04-05 12:31 . 2011-04-05 12:31 -------- d-----w- c:\users\Daniel\AppData\Local\Bridge! 2011-04-05 12:29 . 2011-04-05 12:29 -------- d-----w- c:\program files (x86)\Aerosoft 2011-04-04 23:19 . 2008-09-26 16:03 691712 ----a-w- c:\windows\system32\drivers\mod7700.sys 2011-04-04 23:19 . 2008-09-26 16:02 133632 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2011-04-04 23:19 . 2008-09-26 16:02 115328 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2011-04-04 23:19 . 2008-09-26 16:01 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2011-04-04 23:19 . 2011-04-04 23:20 -------- d-----w- c:\program files (x86)\PLAY ONLINE 2011-04-04 14:55 . 2011-04-04 14:55 -------- d-----w- c:\users\Daniel\AppData\Roaming\InstallShield 2011-04-03 21:47 . 2004-10-22 00:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2011-04-02 21:22 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll 2011-04-02 21:22 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll 2011-04-02 21:22 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll 2011-04-02 21:22 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe 2011-04-02 21:22 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe 2011-04-02 21:22 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll 2011-04-02 21:22 . 2011-04-02 21:22 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll 2011-04-02 21:22 . 2011-04-02 21:22 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll 2011-04-02 14:57 . 2011-04-02 14:57 -------- d-----w- c:\users\Daniel\AppData\Local\GHISLER 2011-04-02 14:41 . 2011-04-02 14:53 -------- d-----w- c:\program files (x86)\FMOD SoundSystem 2011-04-01 22:55 . 2004-10-22 00:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2011-04-01 22:55 . 2004-10-22 00:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2011-04-01 22:55 . 2004-10-22 00:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2011-04-01 22:55 . 2004-10-22 00:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2011-04-01 22:55 . 2011-04-01 22:55 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2011-04-01 22:55 . 2011-04-01 22:55 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2011-04-01 21:24 . 2011-04-01 21:24 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-03-30 17:38 . 2011-03-30 17:38 -------- d-----w- c:\programdata\eSellerate 2011-03-30 17:38 . 2011-03-30 17:38 -------- d-----w- c:\program files (x86)\Common Files\eSellerate 2011-03-30 17:38 . 2011-03-30 17:38 -------- d-----w- c:\program files (x86)\NewBlue 2011-03-30 17:36 . 2011-03-30 17:36 -------- d-----w- c:\program files (x86)\Pixelan 2011-03-30 17:33 . 2004-03-29 14:23 90112 ----a-w- c:\windows\unvise32.exe 2011-03-30 17:33 . 2011-03-30 17:33 -------- d-----w- c:\program files (x86)\Magic Bullet Editors 2.0 Vegas 2011-03-30 17:32 . 2011-03-30 17:32 -------- d-----w- c:\users\Daniel\AppData\Roaming\Publish Providers 2011-03-30 17:32 . 2011-03-30 17:32 -------- d-----w- c:\users\Daniel\AppData\Roaming\Sony 2011-03-30 17:32 . 2011-03-30 17:32 -------- d-----w- c:\users\Daniel\AppData\Local\Sony 2011-03-30 17:29 . 2011-03-30 17:29 -------- d-----w- c:\program files (x86)\Vstplugins 2011-03-30 17:29 . 2011-03-30 17:29 -------- d-----w- c:\programdata\Sony 2011-03-30 13:11 . 2011-03-30 13:12 -------- d-----w- c:\users\matti\AppData\Roaming\uTorrent 2011-03-27 20:43 . 2011-03-27 20:43 -------- d-----w- c:\program files (x86)\Ubisoft . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-12 15:46 . 2010-09-16 19:13 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-04-12 15:46 . 2010-05-03 21:21 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-03-23 19:56 . 2011-03-23 19:56 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2011-03-23 19:56 . 2011-03-23 19:56 151552 ----a-w- c:\windows\KMService.exe 2011-03-23 17:09 . 2011-03-23 17:09 48640 ----a-w- c:\windows\mmfs.dll 2011-03-23 17:09 . 2011-03-23 17:09 249856 ----a-w- c:\windows\lcmmfu.cpl 2011-03-23 17:09 . 2011-03-23 17:09 16384 ----a-w- c:\windows\runservice.exe 2011-03-23 15:32 . 2010-09-21 13:14 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2011-03-23 15:32 . 2010-09-21 13:14 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-03-23 15:32 . 2010-09-21 13:14 122968 ----a-w- c:\windows\system32\OpenAL32.dll 2011-03-23 15:32 . 2010-09-21 13:14 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-03-16 14:04 . 2011-03-16 14:04 103424 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}\python_icon.exe 2011-03-08 17:21 . 2011-03-11 22:02 3986936 ----a-w- c:\windows\SysWow64\GameMon.des 2011-03-06 07:26 . 2011-03-06 07:26 286720 ------w- c:\windows\Setup1.exe 2011-03-06 07:26 . 2011-03-06 07:26 73216 ----a-w- c:\windows\ST6UNST.EXE 2011-03-05 16:12 . 2010-05-03 21:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2011-02-21 23:20 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll 2011-02-21 23:20 . 2009-07-13 23:54 2851328 ----a-w- c:\windows\system32\themeui.dll 2011-02-21 23:20 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll 2010-09-22 19:16 . 2010-09-30 18:41 456664 ----a-w- c:\program files (x86)\Common Files\AutoCompleteInstaller-VD.exe 2010-01-26 09:11 . 2010-12-13 10:24 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-06-10 15:28 1233288 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . R2 CacheBoost Service;CacheBoost Performance Optimizer and Tuner Service;c:\program files (x86)\Systweak\Systweak CacheBoost\cbsrv.exe [2008-03-09 187120] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-03-23 16384] R3 cpu;cpu;C:\cpu.sys [x] R3 DfSdkS;Defragmentation-Service;d:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768] R3 dump_wmimmc;dump_wmimmc;d:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888] R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x] R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-01-28 387072] S2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-05-14 731840] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944] S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x] . . Zawartość folderu 'Zaplanowane zadania' . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = my.daemon-search.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105 Trusted Zone: kuaiche.com\software . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKLM-Run-NPSStartup - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe AddRemove-WavePad - c:\program files (x86)\NCH Swift Sound\WavePad\uninst.exe AddRemove-KITT (Addon Car) - d:\downloads\NoPremium.pl\Pobrane\Championship_2005_port_up_dla_EXSite\Uninstal.exe AddRemove-MP3 Wave Converter_is1 - c:\program files (x86)\MP3 Wave Converter\unins000.exe AddRemove-ShockWave - e:\program files (x86)\EA GAMES\Command & Conquer The First Decade\Uinst_shw.exe AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\users\Daniel\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-2045231502-2767383010-2137597190-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:70,01,06,e6,f8,44,1d,7d,79,94,8d,f9,e5,1b,16,34,8e,c3,8a,ca,95,be,51, 1b,a1,c5,c7,18,e7,52,9f,fa,f9,7d,ef,9e,fb,70,29,2c,52,ed,67,8d,c8,cb,29,29,\ "??"=hex:b5,ad,ca,d8,2d,9d,31,38,8b,4b,0d,36,25,0a,75,56 . [HKEY_USERS\S-1-5-21-2045231502-2767383010-2137597190-1001\Software\SecuROM\License information*] "datasecu"=hex:3f,df,b3,69,8f,1f,6d,ce,7f,ed,72,7c,f9,75,96,70,e9,bd,4f,6f,e9, 74,99,a9,25,cc,c7,6a,53,40,1a,43,19,f8,fc,6e,06,0f,b1,d7,fe,61,dd,12,9b,53,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2011-04-26 22:20:43 ComboFix-quarantined-files.txt 2011-04-26 20:20 . Przed: 3 731 099 648 bajtów wolnych Po: 3 583 463 424 bajtów wolnych . - - End Of File - - FD03F23ADEA8E36B1C4EACCD461918F0