ComboFix 13-06-08.02 - Alek 2013-06-09  19:39:58.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.48.1045.18.3072.1796 [GMT 2:00]
Uruchomiony z: c:\users\Alek\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alek\AppData\Roaming\dist11\btcl.exe
.
---- Poprzednie uruchomienie -------
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Alek\AppData\Local\Temp\13352.tmp
c:\users\Alek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rav_finder.exe
c:\users\Alek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svghost.exe
c:\users\Alek\AppData\Roaming\svhostwin.exe
c:\users\Alek\ia_remove.sh3540.tmp
c:\users\Alek\ia_remove.sh4581.tmp
c:\windows\My.ini
.
-- Poprzednie uruchomienie --
.
c:\windows\SysWow64\Drivers\atapi.sys . . . jest zainfekowany!!
.
--------
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Vcs
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-05-09 do 2013-06-09  )))))))))))))))))))))))))))))))
.
.
2013-06-09 17:47 . 2013-06-09 17:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-09 14:29 . 2013-06-09 14:29	--------	d-----w-	c:\users\Alek\AppData\Roaming\Win32b
2013-06-09 14:19 . 2013-06-09 17:47	--------	d-----w-	c:\users\Alek\AppData\Roaming\dist11
2013-06-09 14:19 . 2013-06-09 14:19	--------	d-----w-	c:\users\Alek\AppData\Roaming\support@mozilla.com
2013-06-09 14:17 . 2013-06-09 14:17	--------	d-----w-	c:\users\Alek\AppData\Roaming\Chrome_manager
2013-06-09 14:17 . 2013-06-09 14:17	--------	d-----w-	c:\users\Alek\AppData\Local\Opera
2013-06-09 14:17 . 2013-06-09 14:17	--------	d-----w-	c:\users\Alek\AppData\Local\OtLand
2013-06-08 16:35 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB1F0C85-77FD-451E-820C-0EE8854FAD9A}\mpengine.dll
2013-06-07 10:31 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-04 19:38 . 2013-06-04 19:38	--------	d-----w-	c:\users\Alek\AppData\Local\Stardock_Corporation
2013-06-04 19:37 . 2013-06-04 19:37	--------	d-----w-	c:\programdata\Stardock
2013-06-04 19:37 . 2013-06-04 19:37	--------	d-----w-	c:\users\Alek\AppData\Roaming\Stardock
2013-06-04 19:37 . 2013-06-04 19:37	--------	d-----w-	c:\program files (x86)\Stardock
2013-06-04 19:28 . 2013-06-04 19:28	--------	d-----w-	c:\program files (x86)\RocketDock
2013-06-04 13:10 . 2013-06-04 13:10	--------	d-----w-	c:\programdata\YTD Video Downloader
2013-06-04 13:10 . 2013-06-04 13:10	--------	d-----w-	c:\program files (x86)\GreenTree Applications
2013-06-01 23:23 . 2013-06-01 23:23	--------	d-----w-	c:\program files\Unlocker
2013-06-01 20:59 . 2013-06-01 20:59	--------	d-----w-	c:\users\Alek\AppData\Local\NVIDIA
2013-06-01 20:51 . 2013-06-01 20:51	--------	d-----w-	c:\users\UpdatusUser
2013-05-30 14:35 . 2013-05-30 14:35	--------	d-----w-	c:\windows\pl
2013-05-30 14:32 . 2013-05-30 14:32	--------	d-----w-	c:\program files\Windows Live
2013-05-30 14:29 . 2010-08-11 05:13	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2013-05-30 14:29 . 2010-08-11 04:35	1164800	----a-w-	c:\windows\SysWow64\UIRibbonRes.dll
2013-05-30 14:29 . 2010-08-11 05:19	3860992	----a-w-	c:\windows\system32\UIRibbon.dll
2013-05-30 14:29 . 2010-08-11 04:44	2983424	----a-w-	c:\windows\SysWow64\UIRibbon.dll
2013-05-30 14:28 . 2013-05-30 14:28	537432	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\f35cbc5c1ce5d4104\DXSETUP.exe
2013-05-30 14:28 . 2013-05-30 14:28	1801048	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\f35cbc5c1ce5d4104\dsetup32.dll
2013-05-30 14:28 . 2013-05-30 14:28	89944	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\f35cbc5c1ce5d4104\DSETUP.dll
2013-05-30 14:28 . 2013-05-30 14:28	525656	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\eefeb96c1ce5d4102\DXSETUP.exe
2013-05-30 14:28 . 2013-05-30 14:28	94040	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\eefeb96c1ce5d4102\DSETUP.dll
2013-05-30 14:28 . 2013-05-30 14:28	1691480	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\eefeb96c1ce5d4102\dsetup32.dll
2013-05-30 14:28 . 2013-05-30 14:28	537432	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ed17f80c1ce5d4101\DXSETUP.exe
2013-05-30 14:28 . 2013-05-30 14:28	89944	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ed17f80c1ce5d4101\DSETUP.dll
2013-05-30 14:28 . 2013-05-30 14:28	1801048	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ed17f80c1ce5d4101\dsetup32.dll
2013-05-25 20:22 . 2013-05-25 20:22	--------	d-----w-	c:\program files (x86)\Drakensang Online
2013-05-24 20:57 . 2013-05-24 20:57	--------	d-----w-	c:\users\Alek\AppData\Roaming\Foxit Scanner Images
2013-05-24 20:07 . 2013-05-24 20:08	--------	d-----w-	c:\users\Alek\AppData\Roaming\Foxit Software
2013-05-24 20:07 . 2013-05-24 20:07	--------	d-----w-	c:\program files (x86)\Foxit Software
2013-05-24 12:36 . 2013-05-24 12:36	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2013-05-23 16:35 . 2013-05-23 16:35	--------	d-sh--w-	c:\programdata\DSS
2013-05-23 16:25 . 2013-05-23 16:25	--------	d-----w-	c:\users\Alek\AppData\Roaming\Lionhead Studios
2013-05-23 14:31 . 2013-05-23 14:31	--------	d-----w-	c:\program files (x86)\SecurityXploded
2013-05-22 12:27 . 2013-05-22 12:26	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33D99C77-EF17-4FA5-91E6-68D4E2E94FEC}\gapaengine.dll
2013-05-20 21:20 . 2013-05-20 21:20	--------	d-----w-	c:\users\Alek\AppData\Roaming\B-RoR
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 18:02 . 2012-09-29 17:37	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 18:02 . 2012-09-29 17:37	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2012-09-29 17:26	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 09:48 . 2012-07-17 12:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-24 11:22 . 2012-10-12 12:04	905296	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-04 12:50 . 2013-02-20 20:02	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-08 14:28	2169856	--sha-w-	c:\windows\System32\hale.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-10-28 . A93D41A4D4B0D91C072D11DD8AF266DE . 389632 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[7] 2009-10-28 . DA3E2A6FA9660CC75B471530CE88453A . 389632 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[7] 2009-07-14 . 132328DF455B0028F13BF0ABEE51A63A . 389120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[-] 2013-01-25 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7600.16385] .. c:\windows\system32\winlogon.exe
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-01-25 . F78E7BD7ADC829D9DD92C558180E09DB . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d46d0a6c-fab1-45a4-997e-030450e41de5}"= "c:\program files (x86)\mySyncCell\prxtbmySy.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d46d0a6c-fab1-45a4-997e-030450e41de5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d46d0a6c-fab1-45a4-997e-030450e41de5}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\mySyncCell\prxtbmySy.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{d46d0a6c-fab1-45a4-997e-030450e41de5}"= "c:\program files (x86)\mySyncCell\prxtbmySy.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d46d0a6c-fab1-45a4-997e-030450e41de5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2011-04-08 2265416]
"spoolsv32b"="c:\windows\system32\javaw.exe" [2012-12-07 174056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
.
c:\users\Alek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files (x86)\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys;c:\windows\SYSNATIVE\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\898A.tmp;c:\windows\SYSNATIVE\898A.tmp [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;d:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-05 22:06	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-29 18:02]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-09 00:51]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-09 00:51]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2762411956-3580101266-2349690831-1001Core.job
- c:\users\Alek\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09 00:51]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2762411956-3580101266-2349690831-1001UA.job
- c:\users\Alek\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09 00:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-05-11 8126464]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"Chew7Hale"="c:\windows\System32\hale.exe" [2012-11-08 2169856]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2013-03-20 3996848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2013-03-20 552112]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Alek\AppData\Roaming\Mozilla\Firefox\Profiles\3z8l0jfp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - ExtSQL: 2013-05-20 22:18; firefox@ghostery.com; c:\users\Alek\AppData\Roaming\Mozilla\Firefox\Profiles\3z8l0jfp.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2013-06-09 16:19; support@mozilla.com; c:\users\Alek\AppData\Roaming\support@mozilla.com
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Wow6432Node-HKCU-Run-btcl - c:\users\Alek\AppData\Roaming\dist11\btcl.exe
ShellIconOverlayIdentifiers-{E68D0A50-3C40-4712-B90D-DCFA93FF2534} - c:\programdata\GG\ggdrive\ggdrive-overlay.dll
ShellIconOverlayIdentifiers-{E68D0A51-3C40-4712-B90D-DCFA93FF2534} - c:\programdata\GG\ggdrive\ggdrive-overlay.dll
ShellIconOverlayIdentifiers-{E68D0A52-3C40-4712-B90D-DCFA93FF2534} - c:\programdata\GG\ggdrive\ggdrive-overlay.dll
ShellIconOverlayIdentifiers-{E68D0A53-3C40-4712-B90D-DCFA93FF2534} - c:\programdata\GG\ggdrive\ggdrive-overlay.dll
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\898A.tmp"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\OpenOffice.org 2.4\program\soffice.exe
c:\program files (x86)\OpenOffice.org 2.4\program\soffice.BIN
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfcmon.exe
c:\program files (x86)\RocketDock\RocketDock.exe
c:\program files (x86)\Skype\Phone\Skype.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\program files (x86)\Java\jre7\bin\javaw.exe
c:\users\Alek\AppData\Local\Temp\FB5E.tmp\crc32.exe
.
**************************************************************************
.
Czas ukończenia: 2013-06-09  19:56:18 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2013-06-09 17:56
.
Przed: 8 747 929 600 bajtów wolnych
Po: 9 015 717 888 bajtów wolnych
.
- - End Of File - - 9AD1A0CD629F20940040887DC8EEC4AA
A36C5E4F47E84449FF07ED3517B43A31