ADVERTISEMENT

combofix.txt

Logi systemowe - komputer wolny, przeglądarka przekierowuje na inne strony

Witam proszę o sprawdzenie logów komputer muli i przeglądarka przekierowuje na dziwne strony. pozdrawiam i z góry dziękuje


Download file - link to post

ComboFix 13-09-26.03 - BART 2013-09-27 11:10:20.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.4063.2381 [GMT 2:00]
Uruchomiony z: c:\users\BART\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\fakturka
c:\fakturka\Faktura
c:\fakturka\faktura.frf
c:\fakturka\faktura_euro.frf
c:\fakturka\fakturanetto.frf
c:\fakturka\Fakturka.exe
c:\fakturka\Fakturka.ini
c:\fakturka\KONTRAH.CDX
c:\fakturka\KONTRAH.DBF
c:\fakturka\koperta_c5.frf
c:\fakturka\nota.frf
c:\fakturka\Pliki.dbf
c:\fakturka\pokwitowanie_wplaty.frf
c:\fakturka\POZYCJEFAK.DBF
c:\fakturka\PROFORMA NETTO.frf
c:\fakturka\rachunek.frf
c:\fakturka\REJESTR.CDX
c:\fakturka\REJESTR.DBF
c:\fakturka\SDE50.DLL
c:\fakturka\SDECDX50.dll
c:\fakturka\TOWARY.CDX
c:\fakturka\TOWARY.DBF
c:\fakturka\unins000.dat
c:\fakturka\unins000.exe
c:\fakturka\wplata.frf
c:\fakturka\wydruki.txt
c:\fakturka\Wydruki\_ostatni.frp
c:\fakturka\Wydruki\15.08.2013_W£ODEK_Faktura_0001_08.frp
c:\fakturka\Wydruki\26.08.2013__Faktura_.frp
c:\fakturka\Wydruki\26.08.2013__netto _.frp
c:\fakturka\Wydruki\26.08.2013__RACHUNEK_.frp
c:\fakturka\Wydruki\26.08.2013_TOMTEX_netto _0001_08.frp
c:\fakturka\Wydruki\27.08.2013__netto _.frp
c:\fakturka\Wydruki\27.08.2013_TOMTEX_netto _0001_08.frp
c:\fakturka\Wydruki\28.08.2013_TOMTEX_netto _0001_08.frp
c:\fakturka\Wydruki\29.05.2013__Faktura_0001_05.frp
c:\fakturka\WYDRUKIARCH.DBF
c:\programdata\Microsoft\Windows\Start Menu\Programs\Fakturka
c:\programdata\Microsoft\Windows\Start Menu\Programs\Fakturka\Deinstalacja programu Fakturka.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Fakturka\Fakturka.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Fakturka\Strona WWW programu Fakturka.url
c:\users\BART\AppData\Roaming\wlaninsty.dll
c:\users\BART\Desktop\Setup.exe
.
.
((((((((((((((((((((((((( Pliki utworzone od 2013-08-27 do 2013-09-27 )))))))))))))))))))))))))))))))
.
.
2013-09-27 09:27 . 2013-09-27 09:27 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91ABC92F-DFFF-4300-B705-6A40C0AC1E6D}\offreg.dll
2013-09-27 09:24 . 2013-09-27 09:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-27 08:33 . 2013-09-27 08:33 -------- d-----w- C:\TDSSKiller_Quarantine
2013-09-26 11:41 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91ABC92F-DFFF-4300-B705-6A40C0AC1E6D}\mpengine.dll
2013-09-25 11:20 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-06 19:20 . 2013-09-06 19:19 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3080A890-260C-4BF7-AFAC-4F3048EEC9CC}\gapaengine.dll
2013-09-05 20:44 . 2013-09-05 20:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-09-05 20:44 . 2013-09-05 20:44 686416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-08-28 12:12 . 2013-08-28 12:12 -------- d-----w- c:\users\BART\AppData\Roaming\Template
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-27 09:27 . 2013-08-26 22:25 78848 ----a-w- c:\windows\KMSEmulator.exe
2013-09-23 10:21 . 2013-03-11 21:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-23 10:21 . 2013-03-11 21:43 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-28 14:59 . 2013-03-17 11:51 58584 ----a-w- c:\windows\help\OEM\Scripts\PWAlertEnable.exe
2013-08-26 22:26 . 2013-08-26 22:26 647168 ----a-w- c:\windows\AutoKMS.exe
2013-08-22 20:53 . 2013-03-21 05:05 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-24 12:42 . 2013-03-17 11:51 76600 ----a-w- c:\windows\help\OEM\Scripts\HPSAPopupMessaging.dll
2013-07-21 14:01 . 2013-07-21 14:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-21 14:01 . 2013-03-20 10:58 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-21 14:01 . 2013-03-20 10:58 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" HP Deskjet 3070 B611 series (NET) " = " c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe " [2011-06-08 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
" StartCCC " = " c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe " [2009-07-02 98304]
" HPCam_Menu " = " c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe " [2009-02-25 218408]
" UpdatePRCShortCut " = " c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe " [2009-05-19 222504]
" HP Software Update " = " c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe " [2008-12-08 54576]
" WirelessAssistant " = " c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe " [2009-07-23 498744]
" SunJavaUpdateSched " = " c:\program files (x86)\Common Files\Java\Java Update\jusched.exe " [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
" ConsentPromptBehaviorAdmin " = 5 (0x5)
" ConsentPromptBehaviorUser " = 3 (0x3)
" EnableUIADesktopToggle " = 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
" WallpaperStyle " = 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= " Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= " Driver "
.
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Us³uga Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe;c:\windows\SYSNATIVE\vfsFPService.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Inne Us³ugi/Sterowniki w Pamiêci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
ZawartoϾ folderu 'Zaplanowane zadania'
.
2013-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-11 10:21]
.
2013-09-27 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2013-08-26 22:26]
.
2013-09-27 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2013-08-26 22:26]
.
2013-09-27 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-09-27 c:\windows\Tasks\HPCeeScheduleForBART.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-17 12:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@= " {E68D0A50-3C40-4712-B90D-DCFA93FF2534} "
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@= " {E68D0A51-3C40-4712-B90D-DCFA93FF2534} "
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@= " {E68D0A52-3C40-4712-B90D-DCFA93FF2534} "
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@= " {E68D0A53-3C40-4712-B90D-DCFA93FF2534} "
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" SmartMenu " = " c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe " [2009-07-21 610872]
" SunJavaUpdateSched " = " c:\program files\Java\jre6\bin\jusched.exe " [2009-09-17 171520]
" SysTrayApp " = " c:\program files\IDT\WDM\sttray64.exe " [2010-03-23 487424]
" MSC " = " c:\program files\Microsoft Security Client\msseces.exe " [2013-01-27 1281512]
.
------- Skan uzupe³niaj¹cy -------
.
uStart Page = hxxp://www.google.pl/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E & ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E & xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se & nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Wyœlij obraz do urz¹dzenia & Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyœlij stronê do urz¹dzenia & Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {76B8A0E5-2705-46E2-8793-7BF7B2E3BDA2} - hxxps://epuap.gov.pl/epuap-styles/others/signing_plugin_25/EpuapSign.cab
FF - ProfilePath - c:\users\BART\AppData\Roaming\Mozilla\Firefox\Profiles\lx1qxyqr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - ExtSQL: !HIDDEN! 2013-03-11 21:13; otis@digitalpersona.com; c:\program files (x86)\DigitalPersona\Bin\FirefoxExt
.
- - - - USUNIÊTO PUSTE WPISY - - - -
.
Wow6432Node-HKCU-Run-cfhupddm - c:\users\BART\AppData\Roaming\wlaninsty.dll
Wow6432Node-HKLM-Run- & lt; NO NAME & gt; - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{9E51B7A1-8CFA-43EF-88EC-87FF97A13F64}_is1 - c:\fakturka\unins000.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= " FlashBroker "
" LocalizedString " = " @c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
" Enabled " =dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= " c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= " {FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= " IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= " {00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= " {FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
" Version " = " 1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= " FlashBroker "
" LocalizedString " = " @c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
" Enabled " =dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= " c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= " {FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= " Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= " c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx "
" ThreadingModel " = " Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= " 0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= " ShockwaveFlash.ShockwaveFlash.11 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= " c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= " {D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= " 1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= " ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= " Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= " c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx "
" ThreadingModel " = " Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= " FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= " c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= " {D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= " 1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= " FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= " IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= " {00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= " {FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
" Version " = " 1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
" Solution " = " {15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
" Key " = " ActionsPane3 "
" Location " = " c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozosta³e uruchomione procesy ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Czas ukoñczenia: 2013-09-27 11:39:20 - komputer zosta³ uruchomiony ponownie
ComboFix-quarantined-files.txt 2013-09-27 09:39
.
Przed: 199 968 636 928 bajtów wolnych
Po: 199 267 246 080 bajtów wolnych
.
- - End Of File - - EC36783726D385175690CB5076DA5C3D
332A95B9414C508D3B6AB9845564D701