ComboFix 13-05-22.01 - Samsung 2013-05-22 19:16:41.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3893.2297 [GMT 2:00] Uruchomiony z: F:\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Rezydentny antywirus jest aktywny . . . ((((((((((((((((((((((((( Pliki utworzone od 2013-04-22 do 2013-05-22 ))))))))))))))))))))))))))))))) . . 2013-05-22 17:22 . 2013-05-22 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-22 17:12 . 2013-05-22 17:12 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{639AA74E-2C2D-436B-9D35-0CDDE81A4313}\offreg.dll 2013-05-22 13:04 . 2013-05-22 13:53 -------- dc----w- c:\windows\system32\DRVSTORE 2013-05-22 13:03 . 2013-05-22 13:53 -------- d-----w- c:\program files (x86)\Diskeeper Setup Files 2013-05-21 17:58 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{639AA74E-2C2D-436B-9D35-0CDDE81A4313}\mpengine.dll 2013-05-19 19:44 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-05-19 19:44 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-19 19:44 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-05-14 17:34 . 2013-05-14 17:34 -------- d-----w- c:\program files\Elantech 2013-05-14 14:04 . 2010-08-12 19:24 249736 ----a-w- c:\windows\ETDUninst.dll 2013-05-14 13:36 . 2013-05-14 13:45 -------- d-----w- c:\program files (x86)\Niezbednik rowerzysty 2013-05-14 13:36 . 2013-05-14 13:36 -------- d-----w- c:\users\Samsung\AppData\Roaming\YDP 2013-05-11 06:06 . 2013-05-11 06:06 -------- d-----w- c:\programdata\Ask 2013-05-11 06:06 . 2013-05-11 06:06 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-05-11 06:04 . 2013-05-11 06:04 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-05-11 06:04 . 2013-05-11 06:04 -------- d-----w- c:\program files (x86)\Java 2013-04-24 13:21 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 19:14 . 2012-10-16 17:21 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 19:14 . 2011-11-30 21:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-14 05:16 . 2010-06-24 02:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-11 06:04 . 2013-02-15 13:46 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-05-11 06:04 . 2013-02-15 13:46 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-19 18:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-19 18:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-19 18:50 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-19 18:50 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-19 18:50 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-19 18:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-04 12:50 . 2012-11-26 10:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-19 06:04 . 2013-04-11 17:49 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-11 17:48 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-11 17:48 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-11 17:48 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-11 17:48 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-11 17:48 112640 ----a-w- c:\windows\system32\smss.exe 2013-03-14 12:12 . 2013-03-14 12:12 47016 ----a-w- c:\windows\system32\AcSignIcon.dll 2013-03-14 12:12 . 2013-03-14 12:12 435624 ----a-w- c:\windows\system32\AcSignOpt.exe 2013-03-14 12:12 . 2013-03-14 12:12 35240 ----a-w- c:\windows\system32\AcSignExt.dll 2013-03-14 12:11 . 2013-03-14 12:11 140488 ----a-w- c:\windows\SysWow64\comdlg32.ocx 2013-03-14 12:11 . 2013-03-14 12:11 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx 2013-03-14 12:10 . 2013-03-14 12:10 2312616 ----a-w- c:\windows\system32\plotman.cpl 2013-03-14 12:10 . 2013-03-14 12:10 16808 ----a-w- c:\windows\system32\AcSignExtRes.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Anti-AD Guard 2.1"="c:\program files (x86)\Anti-AD Guard 2.1 Pro\adguard.exe" [2013-02-04 1325056] "Akamai NetSession Interface"="c:\users\Samsung\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R2 supt4pc_pl_1;supt4pc_pl_1;c:\users\Samsung\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe [2012-11-05 3055976] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-06 289704] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-04 1255736] R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-09-21 348712] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 31088] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-04-25 258896] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 289280] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - PXRORFOC *Deregistered* - pxrorfoc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Zawartość folderu 'Zaplanowane zadania' . 2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 19:14] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 415256] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yhs.delta-search.com/?affID=119370&tl=gcn33200&tt=210213_yh&babsrc=HP_ss&mntrId=6297e528000000000000e0ca94433764 mStart Page = hxxp://samsung.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} - hxxp://www.wrotamalopolski.pl/cms/Wrota2/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab FF - ProfilePath - c:\users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\skmev2br.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.yhs.delta-search.com/?affID=119370&tl=gcn33200&tt=210213_yh&babsrc=HP_ss&mntrId=6297e528000000000000e0ca94433764 FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 6297e528000000000000e0ca94433764 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15761 FF - user.js: extensions.delta.vrsn - 1.8.10.0 FF - user.js: extensions.delta.vrsni - 1.8.10.0 FF - user.js: extensions.delta.vrsnTs - 1.8.10.021:36 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-3320401313-292135679-1673298299-1000\Software\Microsoft\Internet Explorer\Approved Extensions] @DACL=(02 0000) "{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,07,02, 85,e0,b9,84,07,af,1f,e1,ed,b1,41,11,5b "{000F18F2-09EB-4A59-82B2-5AE4184C39C3}"=hex:51,66,7a,6c,4c,1d,3b,1b,e2,05,1e, 1b,dc,5e,36,06,9d,b8,1b,a4,1a,06,7e,de "{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,26,3c, 56,89,3e,15,0b,8f,ff,bc,9b,07,7f,3e,68 "{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,85,99, 83,1a,13,b2,05,86,dd,9d,c6,69,a2,3a,a1 "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,ca,fd, 35,73,0f,f6,06,ab,bc,55,2b,fa,48,26,26 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2013-05-22 19:26:14 ComboFix-quarantined-files.txt 2013-05-22 17:26 . Przed: 66 519 879 680 bajtów wolnych Po: 66 452 914 176 bajtów wolnych . - - End Of File - - BCC720701D43B495A11C23261B7EB0B0