ComboFix 11-10-17.02 - biszkopt 2011-10-17 21:39:08.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3956.2269 [GMT 2:00] Uruchomiony z: c:\users\biszkopt\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} FW: Zapora osobista *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE} SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\biszkopt\AppData\Roaming\Mikrotik c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\advtool.crc c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\advtool.dll c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\dhcp.crc c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\dhcp.dll c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\hotspot.crc c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\hotspot.dll c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\mpls.crc c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\mpls.dll c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\ppp.crc c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\ppp.dll c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\roteros.crc c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\roteros.dll c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\roting4.crc c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\roting4.dll c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\secure.crc c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\secure.dll c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\system.crc c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\system.dll c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\wlan4.crc c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\wlan4.dll c:\users\biszkopt\AppData\Roaming\Mikrotik\Winbox\winbox.cfg c:\windows\assembly\tmp\U c:\windows\assembly\tmp\U\000000c0.@ c:\windows\assembly\tmp\U\000000cb.@ c:\windows\assembly\tmp\U\000000cf.@ c:\windows\assembly\tmp\U\80000000.@ c:\windows\assembly\tmp\U\800000c0.@ c:\windows\assembly\tmp\U\800000cb.@ c:\windows\assembly\tmp\U\800000cf.@ c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\consrv.dll c:\windows\System64 c:\windows\SysWow64\skinboxer43.dll f:\moje dokumenty\!!samochod po zmianach dystansutest.rar . . ((((((((((((((((((((((((( Pliki utworzone od 2011-09-17 do 2011-10-17 ))))))))))))))))))))))))))))))) . . 2011-10-17 17:14 . 2011-10-17 17:14 -------- d-----w- c:\program files (x86)\Windows Sidebar 2011-10-17 17:14 . 2011-05-20 13:34 34624 ----a-w- c:\windows\system32\TURegOpt.exe 2011-10-17 17:14 . 2011-05-20 13:28 25920 ----a-w- c:\windows\system32\authuitu.dll 2011-10-17 17:14 . 2011-05-20 13:28 21312 ----a-w- c:\windows\SysWow64\authuitu.dll 2011-10-17 17:14 . 2011-05-20 13:28 36160 ----a-w- c:\windows\system32\uxtuneup.dll 2011-10-17 17:14 . 2011-05-20 13:28 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll 2011-10-17 17:14 . 2011-10-17 17:14 -------- d-----w- c:\users\biszkopt\AppData\Roaming\TuneUp Software 2011-10-17 17:14 . 2011-10-17 17:14 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011 2011-10-17 17:13 . 2011-10-17 17:14 -------- d-----w- c:\programdata\TuneUp Software 2011-10-17 17:13 . 2011-10-17 17:13 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} 2011-09-30 12:46 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2525174-9E22-480D-96C3-FB36F393E2A8}\mpengine.dll 2011-09-25 09:57 . 2011-09-25 09:58 -------- d-----w- c:\program files (x86)\Grupa IMAGE . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-17 10:14 . 2011-06-13 15:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-31 15:00 . 2010-05-31 08:33 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-22 05:42 . 2011-08-10 05:29 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 05:36 . 2011-08-10 05:29 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 05:32 . 2011-08-10 05:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 02:54 . 2011-08-10 05:29 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-07-22 02:48 . 2011-08-10 05:29 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-07-22 02:44 . 2011-08-10 05:29 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . c:\users\biszkopt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PingGraph.exe — skrót.lnk - c:\program files (x86)\PingGraph\PingGraph.exe [2011-9-2 151040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [x] R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] R4 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2011-05-22 28032] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-04-07 810120] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSIDB9A.tmp [2010-08-25 189696] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-05-20 2026304] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-04-26 11856] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' . 2011-10-17 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2011-07-23 06:26] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2839840] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "combofix"="c:\combofix\CF13205.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5740&r=27360510h216l04c8z175t65i1d149 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksport do programu Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.4.1 213.241.79.37 TCP: Interfaces\{079E895E-A34A-44CA-AB30-B5385D4D0B79}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\biszkopt\AppData\Roaming\Mozilla\Firefox\Profiles\224ihyao.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) SafeBoot-21154528.sys SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPDFReadSpool] "ImagePath"="c:\windows\Installer\MSIDB9A.tmp" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.032" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.arw" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bay" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bw" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cr2" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.crw" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cs1" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcr" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcx" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djv" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djvu" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dng" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.eps" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.erf" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fff" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fpx" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.hdr" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icn" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.iff" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ilbm" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.int" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.inta" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.iw4" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2c" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2k" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jif" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jp2" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpc" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpk" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpx" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.lbm" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mef" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mos" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mrw" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.nef" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.orf" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pbm" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcd" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pct" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcx" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pef" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pgm" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pic" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pict" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pix" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ppm" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.psd" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.psp" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pspimage" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.raf" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ras" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.raw" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rgb" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rgba" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rsb" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sgi" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sr2" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.srf" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tga" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.thm" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tif" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tiff" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30po" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30pp" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30ppf" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbm" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbmp" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xbm" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xif" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xmp" . [HKEY_USERS\S-1-5-21-2481976726-2230703887-1066373140-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xpm" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\totalcmd\TOTALCMD.EXE . ************************************************************************** . Czas ukończenia: 2011-10-17 21:49:33 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-10-17 19:49 . Przed: 27 060 604 928 bajtów wolnych Po: 26 801 684 480 bajtów wolnych . - - End Of File - - 7BFBFA6DC027CF359C29FF3829718DE9