ComboFix 13-10-03.03 - Administrator 2013-10-03  20:20:34.2.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3325.2840 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Moje dokumenty\ComboFix.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-09-03 do 2013-10-03  )))))))))))))))))))))))))))))))
.
.
2013-10-03 18:12 . 2013-10-03 18:12	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-03 16:34 . 2013-10-03 16:34	--------	d-----w-	c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2013-10-03 16:33 . 2013-10-03 16:33	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2013-10-03 16:29 . 2013-10-03 16:51	235368	----a-w-	c:\windows\system32\nvdrsdb0.bin
2013-10-03 16:29 . 2013-10-03 16:51	235368	----a-w-	c:\windows\system32\nvdrsdb1.bin
2013-10-03 16:29 . 2013-10-03 16:51	1	----a-w-	c:\windows\system32\nvdrssel.bin
2013-10-03 16:23 . 2010-08-16 08:10	9892160	-c--a-w-	c:\windows\system32\dllcache\nv4_mini.sys
2013-10-03 16:23 . 2010-08-16 08:10	9892160	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2013-10-03 16:18 . 2007-03-16 08:11	12256	----a-w-	c:\windows\system32\drivers\TBPanel.sys
2013-10-03 16:18 . 2013-10-03 16:18	--------	d-----w-	c:\program files\Vtune
2013-10-03 15:46 . 2013-10-03 15:46	54016	----a-w-	c:\windows\system32\drivers\dtkuu.sys
2013-10-03 10:52 . 2013-10-03 10:52	--------	d-----w-	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\OCCT_-_Ocbase_-_Adrien_Me
2013-10-03 10:37 . 2013-10-03 10:39	--------	d-----w-	c:\program files\OCCTPT
2013-10-03 10:14 . 2013-10-03 10:14	--------	d-----w-	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\AVG SafeGuard toolbar
2013-10-03 10:13 . 2013-10-03 10:13	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\AVG SafeGuard toolbar
2013-10-03 10:13 . 2013-10-03 10:12	37664	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2013-10-03 10:13 . 2013-10-03 10:14	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AVG SafeGuard toolbar
2013-10-03 10:13 . 2013-10-03 10:13	--------	d-----w-	c:\program files\Common Files\AVG Secure Search
2013-10-03 10:13 . 2013-10-03 10:13	--------	d-----w-	c:\program files\AVG SafeGuard toolbar
2013-10-03 10:12 . 2013-10-03 10:12	--------	d-----w-	c:\documents and settings\All Users\AVG SafeGuard toolbar
2013-10-03 10:12 . 2013-10-03 10:12	--------	d-----w-	c:\program files\eSupport.com
2013-10-03 10:09 . 2013-10-03 10:09	22560	----a-w-	c:\windows\system32\drivers\HWiNFO32.SYS
2013-10-03 10:09 . 2013-10-03 10:09	--------	d-----w-	c:\program files\searchgol
2013-10-03 10:09 . 2013-10-03 10:09	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\searchgol
2013-10-03 10:09 . 2013-10-03 10:09	--------	d-----w-	c:\program files\HWiNFO32
2013-10-02 12:35 . 2013-10-02 12:35	--------	d-----w-	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\eSupport.com
2013-10-02 09:58 . 2013-10-02 09:58	--------	d-----w-	c:\program files\AGEIA Technologies
2013-10-02 09:25 . 2013-10-02 09:25	--------	d-----w-	c:\program files\Microsoft.NET
2013-10-02 09:20 . 2013-09-12 08:42	893728	----a-w-	c:\windows\system32\nvdispgenco3232723.dll
2013-10-02 09:20 . 2013-09-12 08:42	1049376	----a-w-	c:\windows\system32\nvdispco3232723.dll
2013-10-01 19:42 . 2009-06-18 11:55	18816	------w-	c:\windows\system32\SAVRKBootTasks.sys
2013-09-30 12:37 . 2013-09-30 12:37	--------	d-----w-	c:\windows\system32\wbem\Repository
2013-09-16 10:09 . 2013-10-02 12:44	--------	d-----w-	c:\program files\CCleaner
2013-09-13 20:18 . 2013-09-21 08:18	3723656	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-21 08:18 . 2012-04-18 07:14	692616	-c--a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-09-21 08:18 . 2012-01-18 17:30	71048	-c--a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-12 08:42 . 2012-10-21 17:25	6324224	----a-w-	c:\windows\system32\nvopencl.dll
2013-08-07 03:56 . 2013-08-07 03:56	144896	----a-w-	c:\windows\system32\javacpl.cpl
2013-08-07 03:56 . 2013-08-07 03:56	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-08-07 03:56 . 2012-10-04 17:53	867240	-c--a-w-	c:\windows\system32\npDeployJava1.dll
2013-08-07 03:56 . 2011-05-03 20:19	789416	-c--a-w-	c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-09-15 . 4D8C31F6C691261058E45E532A518138 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-10-03 10:12	3055280	----a-w-	c:\program files\AVG SafeGuard toolbar\15.3.0.10\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\15.3.0.10\AVG SafeGuard toolbar_toolbar.dll" [2013-10-03 3055280]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	1232896	----a-w-	c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-09-15 3077528]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-07-30 2158592]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-07-30 2158592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-10-03 2236080]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-31 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-31 13925480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13	64592	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"nvUpdatusService"=2 (0x2)
"NVSvc"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zdeczony\\condition zero\\hl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"e:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"e:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"e:\\Program Files\\FIFA 12\\Game\\fifa.exe"=
"c:\\Program Files\\Valve\\Steam\\steam.exe"=
"e:\\Program Files\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zdeczony\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56301:TCP"= 56301:TCP:Pando Media Booster
"56301:UDP"= 56301:UDP:Pando Media Booster
"2099:TCP"= 2099:TCP:lol
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-22 13560]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-10-03 37664]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2013-10-03 22560]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2013-10-01 18816]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-03-11 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-22 418376]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-10-03 1598128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-10 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-03 40776]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-03-05 30392]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-10 701512]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-03-05 1691480]
S3 AODDriver;AODDriver;\??\c:\program files\GIGABYTE\ET6\i386\AODDriver.sys --> c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [?]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2012-11-19 17488]
S3 LPWZSB;LPWZSB;c:\docume~1\ADMINI~1\USTAWI~1\Temp\LPWZSB.exe --> c:\docume~1\ADMINI~1\USTAWI~1\Temp\LPWZSB.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8.tmp --> c:\windows\system32\8.tmp [?]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2011-03-10 402432]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 08:18]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\iqn89iyu.default-1375956878125\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={0EC25A7C-BBF0-44EC-A419-5D6F1DC78E23}&mid=bab171240f5b47d0b8aabdb90f5c860c-7d34f2a418d6ed04ab8858197bfdaadf405ae3a4&lang=en&ds=es011&pr=sa&d=2013-10-03 12:13&v=15.3.0.10&pid=safeguard&sg=&sap=hp
FF - prefs.js: keyword.URL - 
FF - prefs.js: browser.startup.homepage - 
FF - prefs.js: browser.startup.homepage - hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=D8FD6CF049B86FFF&affID=125032&tsp=5024
FF - ExtSQL: 2013-09-16 12:08; ffxtlbr@delta.com; c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\iqn89iyu.default-1375956878125\extensions\ffxtlbr@delta.com
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - d8fdb3c90000000000006cf049b86fff
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15964
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.612:08
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=5007
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.searchgol.tlbrSrchUrl - 
FF - user.js: extensions.searchgol.id - d8fdb3c90000000000006cf049b86fff
FF - user.js: extensions.searchgol.appId - {4277F7CF-0000-46CF-BA49-D624465C4BAB}
FF - user.js: extensions.searchgol.instlDay - 15981
FF - user.js: extensions.searchgol.vrsn - 1.8.16.19
FF - user.js: extensions.searchgol.vrsni - 1.8.16.19
FF - user.js: extensions.searchgol.vrsnTs - 1.8.16.1912:09
FF - user.js: extensions.searchgol.prtnrId - searchgol
FF - user.js: extensions.searchgol.prdct - searchgol
FF - user.js: extensions.searchgol.aflt - babsst
FF - user.js: extensions.searchgol.smplGrp - none
FF - user.js: extensions.searchgol.tlbrId - base
FF - user.js: extensions.searchgol.instlRef - sst
FF - user.js: extensions.searchgol.dfltLng - en
FF - user.js: extensions.searchgol.excTlbr - false
FF - user.js: extensions.searchgol.ffxUnstlRst - false
FF - user.js: extensions.searchgol.admin - false
FF - user.js: extensions.searchgol.autoRvrt - false
FF - user.js: extensions.searchgol.rvrt - false
FF - user.js: extensions.searchgol.newTab - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-03 20:30
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  Pztitx = c:\documents and settings\Administrator\Dane aplikacji\Pztitx.exe 
.
skanowanie ukrytych plików ...  
.
.
c:\documents and settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\Background
c:\documents and settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\Background\META-INF
c:\documents and settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\Background\META-INF\signatures.xml 14874 bytes
c:\documents and settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\Background\mimetype 41 bytes
c:\documents and settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\Background\updateAttempted 0 bytes
c:\documents and settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\Background\updater 18066392 bytes executable
c:\documents and settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\lastUpdateCheck 35 bytes
c:\documents and settings\Administrator\Dane aplikacji\Pztitx.exe 233472 bytes executable
.
skanowanie pomyślnie ukończone
ukryte pliki: 8
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pztitx"="c:\\Documents and Settings\\Administrator\\Dane aplikacji\\Pztitx.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8.tmp"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1292428093-1801674531-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,13,7e,
   2d,b4,d9,5c,0a,a4,d9,3a,9e,90,89,d7,9f
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,24,3e,
   53,8f,3a,1c,0d,8d,fe,a2,87,07,7f,3e,6d
.
[HKEY_USERS\S-1-5-21-117609710-1292428093-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Czas ukończenia: 2013-10-03  20:33:43
ComboFix-quarantined-files.txt  2013-10-03 18:33
ComboFix2.txt  2013-10-02 08:34
.
Przed: 50 940 973 056 bajtów wolnych
Po: 51 032 215 552 bajtów wolnych
.
- - End Of File - - 76430A27D42D17CFA98C77E769A97692
32052574BF9F325AE309ABC7BFD04460