ComboFix 14-02-05.02 - win7 2014-02-06 20:22:15.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.4051.2140 [GMT 1:00] Uruchomiony z: c:\users\win7\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\$recycle.bin\S-1-5-18\$6b8af9a004dc9884c04bf33746f7f9e9\@ c:\$recycle.bin\S-1-5-18\$6b8af9a004dc9884c04bf33746f7f9e9\n c:\program files (x86)\SaveSenseLive c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdate.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_am.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ar.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_bg.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_bn.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ca.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_cs.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_da.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_de.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_el.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_en-GB.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_en.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_es-419.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_es.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_et.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_fa.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_fi.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_fil.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_fr.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_gu.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_hi.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_hr.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_hu.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_id.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_is.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_it.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_iw.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ja.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_kn.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ko.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_lt.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_lv.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ml.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_mr.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ms.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_nl.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_no.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_pl.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-BR.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-PT.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ro.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ru.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sk.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sl.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sr.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sv.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sw.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ta.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_te.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_th.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_tr.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_uk.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ur.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_vi.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-CN.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-TW.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\psmachine.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\psuser.dll c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHelper.msi c:\program files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe c:\program files (x86)\SaveSenseLive\Update\SaveSenseLive.exe c:\programdata\kuvobdovimmu.exe c:\programdata\luggovozygji.exe c:\programdata\qymxizikiqop.exe c:\programdata\rundykanadha.exe c:\programdata\SaveSenseLive c:\programdata\SaveSenseLive\Update\Log\SaveSenseLive.log c:\programdata\siznucymzabk.exe c:\users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense c:\users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense Help.url c:\users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense.url c:\users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk c:\users\win7\AppData\Roaming\SaveSense c:\users\win7\AppData\Roaming\SaveSense\UpdateProc\config.dat c:\users\win7\AppData\Roaming\SaveSense\UpdateProc\TTL.DAT c:\users\win7\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe c:\users\win7\kuvobdovimmu.exe c:\users\win7\luggovozygji.exe c:\users\win7\qymxizikiqop.exe c:\users\win7\rundykanadha.exe c:\users\win7\siznucymzabk.exe c:\users\win7\subybwobakgo.exe c:\users\win7\widfafocsynw.exe c:\users\win7\zunirogyzfyp.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\SysWow64\dfrg\task_registrar.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_savesenselive -------\Service_syshost32 -------\Service_Windows Internet Name Service -------\Service_savesenselivem -------\Service_savesenselivem . . ((((((((((((((((((((((((( Pliki utworzone od 2014-01-06 do 2014-02-06 ))))))))))))))))))))))))))))))) . . 2014-02-06 19:40 . 2014-02-06 19:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-02-06 19:40 . 2014-02-06 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-02-06 19:08 . 2014-02-06 19:08 421704 ----a-w- c:\windows\system32\drivers\tteiapif.sys 2014-02-06 18:41 . 2014-02-06 18:41 421704 ----a-w- c:\windows\system32\drivers\hrgccsil.sys 2014-02-06 18:15 . 2014-02-06 18:15 -------- d-----w- c:\users\win7\AppData\Local\SaveSense 2014-02-06 18:08 . 2014-02-06 18:08 421704 ----a-w- c:\windows\system32\drivers\iuzzblbf.sys 2014-02-06 18:06 . 2014-02-06 18:06 421704 ----a-w- c:\windows\system32\drivers\jfmspnpr.sys 2014-02-06 17:36 . 2014-02-06 17:36 -------- d-----w- c:\users\win7\AppData\Roaming\AVAST Software 2014-02-06 17:33 . 2014-02-06 17:33 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys 2014-02-06 17:33 . 2014-02-06 17:33 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-02-06 17:33 . 2014-02-06 17:33 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-02-06 17:33 . 2014-02-06 17:33 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-02-06 17:33 . 2014-02-06 17:33 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-02-06 17:33 . 2014-02-06 17:33 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-02-06 17:33 . 2014-02-06 17:33 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-02-06 17:33 . 2014-02-06 17:33 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-02-06 17:33 . 2014-02-06 17:33 334136 ----a-w- c:\windows\system32\aswBoot.exe 2014-02-06 17:33 . 2014-02-06 17:33 43152 ----a-w- c:\windows\avastSS.scr 2014-02-06 17:16 . 2014-02-06 17:16 -------- d-----w- c:\program files\AVAST Software 2014-02-06 17:15 . 2014-02-06 17:15 -------- d-----w- c:\programdata\AVAST Software 2014-02-04 20:58 . 2013-02-16 00:34 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2014-02-04 20:58 . 2013-02-16 00:34 19352 ----a-w- c:\program files (x86)\Mozilla Firefox\xpcom.dll 2014-02-04 20:58 . 2013-02-16 00:34 155544 ----a-w- c:\program files (x86)\Mozilla Firefox\ssl3.dll 2014-02-04 20:58 . 2013-02-16 00:34 92056 ----a-w- c:\program files (x86)\Mozilla Firefox\smime3.dll 2014-02-04 20:58 . 2013-02-16 00:34 21400 ----a-w- c:\program files (x86)\Mozilla Firefox\plds4.dll 2014-02-04 20:58 . 2013-02-16 00:34 21912 ----a-w- c:\program files (x86)\Mozilla Firefox\plc4.dll 2014-02-04 20:58 . 2013-02-16 00:34 104344 ----a-w- c:\program files (x86)\Mozilla Firefox\nssutil3.dll 2014-02-04 20:58 . 2013-02-16 00:34 172440 ----a-w- c:\program files (x86)\Mozilla Firefox\nspr4.dll 2014-02-04 20:58 . 2013-02-16 00:34 812440 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll 2014-02-04 20:58 . 2013-02-16 00:33 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll 2014-02-03 22:08 . 2014-02-03 22:08 -------- d-----w- c:\users\win7\AppData\Local\AAA_Internet_Publishing,_ 2014-02-03 22:08 . 2014-02-03 22:08 -------- d-----w- c:\program files (x86)\WTFast 2014-02-03 22:08 . 2013-02-01 05:39 72296 ----a-w- c:\windows\SysWow64\WTFastDrv.dll 2014-02-03 22:08 . 2013-02-01 05:39 11264 ----a-w- c:\windows\SysWow64\SPORDER.DLL 2014-02-03 22:08 . 2013-02-01 05:39 79464 ----a-w- c:\windows\system32\WTFastDrv.dll 2014-02-03 21:29 . 2014-02-03 21:30 -------- d-----w- c:\program files (x86)\Przyspiesz 2014-02-02 11:17 . 2014-02-02 11:17 -------- d-----w- c:\programdata\Oracle 2014-02-02 11:17 . 2014-02-02 11:17 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-02-02 11:17 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-01-23 17:39 . 2014-01-23 17:39 -------- d-----w- c:\program files (x86)\RegClean Pro 2014-01-20 20:36 . 2014-01-21 13:49 -------- d-----w- c:\users\win7\AppData\Local\Ubisoft 2014-01-20 20:35 . 2014-01-30 22:33 -------- d-sh--w- c:\users\win7\wc 2014-01-20 20:35 . 2014-01-20 20:35 -------- d-sh--w- c:\users\win7\AppData\Roaming\wyUpdate AU 2014-01-20 20:35 . 2014-01-20 20:35 -------- d-----w- c:\users\win7\AppData\Roaming\Ubisoft 2014-01-13 15:20 . 2014-01-13 15:20 -------- d-----w- c:\program files (x86)\MKJogo 2014-01-08 14:14 . 2014-01-08 14:14 -------- d-----w- c:\windows\SysWow64\log 2014-01-08 14:14 . 2014-01-08 14:14 -------- d-----w- c:\programdata\WPM . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [-] 2012-10-04 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll . [-] 2012-10-04 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}] 2012-10-17 15:56 264160 ----a-w- c:\program files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}] 2012-11-13 07:23 263136 ----a-w- c:\program files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{71e129ff-6c2a-4984-818c-7e2c998b8d99}] 2014-01-07 13:06 99336 ----a-w- c:\users\win7\AppData\Local\SaveSense\SaveSenseIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2014-01-08 16:15 3349528 ----a-w- c:\program files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] 2013-01-23 12:24 247704 ----a-w- c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2013-04-25 15:36 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fe063412-bea4-4d76-8ed3-183be6220d17}] 2013-08-21 17:36 100336 ----a-w- c:\program files (x86)\BonanzaDeals\BonanzaDealsIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll" [2014-01-08 3349528] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776] "{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"= "c:\program files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll" [2012-10-17 338400] "{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}"= "c:\program files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll" [2012-11-13 337376] "{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{9e131a93-eed7-4beb-b015-a0adb30b5646}] [HKEY_CLASSES_ROOT\claro.clarodskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\claro.clarodskBnd] . [HKEY_CLASSES_ROOT\clsid\{ca9b9c89-4662-4adc-9c23-a452becd5d19}] [HKEY_CLASSES_ROOT\mixidj.mixidjdskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\mixidj.mixidjdskBnd] . [HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}] [HKEY_CLASSES_ROOT\delta.deltadskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\delta.deltadskBnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] "Akamai NetSession Interface"="c:\users\win7\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472] "Regedit32"="c:\windows\system32\regedit.exe" [2009-07-14 398336] "Gadu-Gadu 10"="c:\program files (x86)\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048] "Softonic for Windows"="c:\users\win7\AppData\Local\Softonic\Softonic.exe" [2014-01-17 4140016] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-01-29 3598680] "MKLOL"="c:\program files (x86)\MKJogo\MKLOL\MK.exe" [2014-01-14 846536] "WTFast Tray"="c:\program files (x86)\WTFast\WTFast.exe" [2013-12-17 2949080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-05-25 37888] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2014-02-03 2552856] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-25 1648264] "Regedit32"="c:\windows\system32\regedit.exe" [2009-07-14 398336] "widfafocsynw"="c:\programdata\widfafocsynw.exe" [2013-09-20 47616] "zunirogyzfyp"="c:\programdata\zunirogyzfyp.exe" [2013-09-23 47104] "mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2013-11-01 746176] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-06 3767096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe" [2013-06-11 814472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~3\BitGuard\271832~1.68\{C16C1~1\BitGuard.dll "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes] "62.75.206.182,255.255.255.255,192.168.1.102,1"="" . R0 aswRvrt;avast! Revert; [x] R0 aswVmm;avast! VM Monitor; [x] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] R2 bonanzadealslive;UsA‚uga BonanzaDealsLive (bonanzadealslive);c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe;c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R3 bonanzadealslivem;UsA‚uga BonanzaDealsLive (bonanzadealslivem);c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe;c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x] S2 BitGuard;BitGuard;c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe;c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 Update BatBrowse;Update BatBrowse;c:\program files (x86)\BatBrowse\updateBatBrowse.exe;c:\program files (x86)\BatBrowse\updateBatBrowse.exe [x] S2 Util BatBrowse;Util BatBrowse;c:\program files (x86)\BatBrowse\bin\utilBatBrowse.exe;c:\program files (x86)\BatBrowse\bin\utilBatBrowse.exe [x] S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x] S2 Wpm;Wpm Service;c:\programdata\WPM\wprotectmanager.exe;c:\programdata\WPM\wprotectmanager.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *Deregistered* - a7ae46e920f1da1 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-02-04 20:33 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2014-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 13:05] . 2014-02-06 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job - c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-01 11:58] . 2014-02-06 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job - c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-01 11:58] . 2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17 18:21] . 2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17 18:21] . 2014-02-06 c:\windows\Tasks\RegClean Pro_DEFAULT.job - c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-23 11:01] . 2014-02-05 c:\windows\Tasks\RegClean Pro_UPDATES.job - c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-23 11:01] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-02-06 17:33 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes] "62.75.206.182,255.255.255.255,192.168.1.102,1"="" . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.qone8.com/?type=hp&ts=1383242864&from=cor&uid=ST500DM002-1BD142_Z2AYQQQAXXXXZ2AYQQQA mDefault_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1383242864&from=cor&uid=ST500DM002-1BD142_Z2AYQQQAXXXXZ2AYQQQA mStart Page = hxxp://start.qone8.com/?type=hp&ts=1383242864&from=cor&uid=ST500DM002-1BD142_Z2AYQQQAXXXXZ2AYQQQA mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: %SystemRoot%\system32\WTFastDrv.dll Trusted Zone: aeriagames.com TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll FF - ProfilePath - c:\users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\j62p4v99.default\ FF - prefs.js: browser.search.selectedEngine - FF - ExtSQL: 2014-02-06 18:33; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2014-02-06 19:15; {2d7886a0-85bb-4bf2-b684-ba92b4b21d23}; c:\users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\j62p4v99.default\extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23} FF - user.js: extensions.mixidj.tlbrSrchUrl - FF - user.js: extensions.mixidj.id - c268b1fa0000000000003085a98d4ff2 FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916} FF - user.js: extensions.mixidj.instlDay - 15773 FF - user.js: extensions.mixidj.vrsn - 1.8.4.1 FF - user.js: extensions.mixidj.vrsni - 1.8.4.1 FF - user.js: extensions.mixidj_i.vrsnTs - 1.8.4.114:15 FF - user.js: extensions.mixidj.prtnrId - mixidj FF - user.js: extensions.mixidj.prdct - mixidj FF - user.js: extensions.mixidj.aflt - babsst FF - user.js: extensions.mixidj_i.smplGrp - none FF - user.js: extensions.mixidj.tlbrId - mdelta FF - user.js: extensions.mixidj.instlRef - sst FF - user.js: extensions.mixidj.dfltLng - en FF - user.js: extensions.mixidj_i.excTlbr - false FF - user.js: extensions.mixidj.excTlbr - false FF - user.js: extensions.mixidj.admin - false FF - user.js: extensions.mixidj.autoRvrt - false FF - user.js: extensions.mixidj.rvrt - false FF - user.js: extensions.mixidj_i.newTab - false FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - c268b1fa0000000000003085a98d4ff2 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15793 FF - user.js: extensions.delta.vrsn - 1.8.10.0 FF - user.js: extensions.delta.vrsni - 1.8.10.0 FF - user.js: extensions.delta.vrsnTs - 1.8.10.022:46 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false FF - user.js: extensions.irspeeddial.aflt - fxtb103 FF - user.js: extensions.irspeeddial.instlRef - FF - user.js: extensions.irspeeddial.cr - 82983291 FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutAtDzzyD0Azyzz0DyE0F0FtB0BtC0F0AtN0D0Tzu0CyCyBtCtN1L2XzutBtFtBtFyBtFtCtBtDtCtN1L1Czu1G2Z1S . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKCU-Run-subybwobakgo - c:\users\win7\subybwobakgo.exe Wow6432Node-HKCU-Run-luggovozygji - c:\users\win7\luggovozygji.exe Wow6432Node-HKCU-Run-qymxizikiqop - c:\users\win7\qymxizikiqop.exe Wow6432Node-HKCU-Run-widfafocsynw - c:\users\win7\widfafocsynw.exe Wow6432Node-HKCU-Run-zunirogyzfyp - c:\users\win7\zunirogyzfyp.exe Wow6432Node-HKCU-Run-siznucymzabk - c:\users\win7\siznucymzabk.exe Wow6432Node-HKCU-Run-rundykanadha - c:\users\win7\rundykanadha.exe Wow6432Node-HKCU-Run-kuvobdovimmu - c:\users\win7\kuvobdovimmu.exe Wow6432Node-HKLM-Run- - (no file) Wow6432Node-HKLM-Run-luggovozygji - c:\programdata\luggovozygji.exe Wow6432Node-HKLM-Run-qymxizikiqop - c:\programdata\qymxizikiqop.exe Wow6432Node-HKLM-Run-siznucymzabk - c:\programdata\siznucymzabk.exe Wow6432Node-HKLM-Run-rundykanadha - c:\programdata\rundykanadha.exe Wow6432Node-HKLM-Run-kuvobdovimmu - c:\programdata\kuvobdovimmu.exe c:\users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TorpedoCopy.lnk - c:\users\win7\AppData\Local\Torpedo\Torpedo.exe /systemstartup AddRemove-PC Performer_is1 - c:\program files (x86)\PC Performer\unins000.exe AddRemove-SaveSense - c:\users\win7\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\a7ae46e920f1da1] "ImagePath"="\SystemRoot\System32\Drivers\a7ae46e920f1da1.sys" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,7e,88,64,cc,2c,a9,4e,ad,96,d0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,7e,88,64,cc,2c,a9,4e,ad,96,d0,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe c:\windows\SysWOW64\schtasks.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\program files (x86)\Google\Chrome\Application\chrome.exe c:\program files (x86)\Google\Chrome\Application\chrome.exe c:\program files (x86)\Google\Chrome\Application\chrome.exe c:\program files (x86)\Google\Chrome\Application\chrome.exe c:\program files (x86)\Mobogenie\mgusb.exe . ************************************************************************** . Czas ukończenia: 2014-02-06 21:05:17 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2014-02-06 20:05 . Przed: 144 345 210 880 bajtów wolnych Po: 146 315 444 224 bajtów wolnych . - - End Of File - - 97C5F19C90CACC0D0B5FF92420DD448E A36C5E4F47E84449FF07ED3517B43A31