ComboFix 14-03-10.01 - User 2014-03-11 17:55:11.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3063.1006 [GMT 1:00] Uruchomiony z: c:\users\User\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\DefaultTab c:\program files\DefaultTab\DefaultTab.crx c:\program files\DefaultTab\DefaultTabSearch.exe c:\program files\DefaultTab\uid c:\program files\DefaultTab\uninstaller.exe c:\programdata\82F85AA404.sys c:\programdata\BrowserDefender c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl c:\users\User\541c36c6102dd71e83f8c068a73ef30a_original.jpg c:\users\User\649b9acac8a3b49e07b3befd94d3c826.jpg c:\users\User\AppData\Roaming\360SE c:\users\User\AppData\Roaming\360SE\360se.ini c:\users\User\AppData\Roaming\360SE\360seie6.ini c:\users\User\AppData\Roaming\360SE\apps\1000\1000.png c:\users\User\AppData\Roaming\360SE\apps\1000\app.ico c:\users\User\AppData\Roaming\360SE\apps\1000\app24.ico c:\users\User\AppData\Roaming\360SE\apps\100000747\100000747.png c:\users\User\AppData\Roaming\360SE\apps\100000747\config.ini c:\users\User\AppData\Roaming\360SE\apps\100000747\logo.ico c:\users\User\AppData\Roaming\360SE\apps\100000747\logo.png c:\users\User\AppData\Roaming\360SE\apps\1018\1018.png c:\users\User\AppData\Roaming\360SE\apps\1018\app.ico c:\users\User\AppData\Roaming\360SE\apps\1018\app.ini c:\users\User\AppData\Roaming\360SE\apps\1018\app24.ico c:\users\User\AppData\Roaming\360SE\apps\1018\BankHelper.exe c:\users\User\AppData\Roaming\360SE\apps\1018\banklist.dll c:\users\User\AppData\Roaming\360SE\apps\1018\BankMode.dll c:\users\User\AppData\Roaming\360SE\apps\1018\tip.png c:\users\User\AppData\Roaming\360SE\apps\102028944\102028944.png c:\users\User\AppData\Roaming\360SE\apps\102028944\config.ini c:\users\User\AppData\Roaming\360SE\apps\102028944\logo.ico c:\users\User\AppData\Roaming\360SE\apps\102028944\logo.png c:\users\User\AppData\Roaming\360SE\apps\102043400\102043400.png c:\users\User\AppData\Roaming\360SE\apps\102043400\config.ini c:\users\User\AppData\Roaming\360SE\apps\102043400\logo.ico c:\users\User\AppData\Roaming\360SE\apps\102043400\logo.png c:\users\User\AppData\Roaming\360SE\apps\2000\2000.png c:\users\User\AppData\Roaming\360SE\apps\2000\app.ico c:\users\User\AppData\Roaming\360SE\apps\2000\app.ini c:\users\User\AppData\Roaming\360SE\apps\2000\app24.ico c:\users\User\AppData\Roaming\360SE\apps\2001\2001.png c:\users\User\AppData\Roaming\360SE\apps\2001\app.ico c:\users\User\AppData\Roaming\360SE\apps\2001\app.ini c:\users\User\AppData\Roaming\360SE\apps\2001\app24.ico c:\users\User\AppData\Roaming\360SE\apps\2011\2011.png c:\users\User\AppData\Roaming\360SE\apps\2011\app.ico c:\users\User\AppData\Roaming\360SE\apps\2011\app.ini c:\users\User\AppData\Roaming\360SE\apps\2011\app24.ico c:\users\User\AppData\Roaming\360SE\apps\2022\2022.png c:\users\User\AppData\Roaming\360SE\apps\2022\app.ico c:\users\User\AppData\Roaming\360SE\apps\2022\app.ini c:\users\User\AppData\Roaming\360SE\apps\2022\app24.ico c:\users\User\AppData\Roaming\360SE\apps\2091\2091.png c:\users\User\AppData\Roaming\360SE\apps\2091\app.ico c:\users\User\AppData\Roaming\360SE\apps\2091\app.ini c:\users\User\AppData\Roaming\360SE\apps\2091\app24.ico c:\users\User\AppData\Roaming\360SE\apps\appsi.dll c:\users\User\AppData\Roaming\360SE\apps\Appslocal.ini c:\users\User\AppData\Roaming\360SE\apps\AppsLocal.ver c:\users\User\AppData\Roaming\360SE\apps\AppsServer.ver c:\users\User\AppData\Roaming\360SE\apps\AppStat.ini c:\users\User\AppData\Roaming\360SE\apps\baoku\app.ico c:\users\User\AppData\Roaming\360SE\apps\baoku\app.ini c:\users\User\AppData\Roaming\360SE\apps\baoku\app24.ico c:\users\User\AppData\Roaming\360SE\apps\baoku\baoku.png c:\users\User\AppData\Roaming\360SE\apps\config.ini c:\users\User\AppData\Roaming\360SE\apps\default.ini c:\users\User\AppData\Roaming\360SE\apps\download_temp\lvu56A5.tmp c:\users\User\AppData\Roaming\360SE\apps\download_temp\lvu971A.tmp c:\users\User\AppData\Roaming\360SE\apps\ExtFeedWeibo\app.ico c:\users\User\AppData\Roaming\360SE\apps\ExtFeedWeibo\app.ini c:\users\User\AppData\Roaming\360SE\apps\ExtFeedWeibo\app24.ico c:\users\User\AppData\Roaming\360SE\apps\ExtFeedWeibo\ExtFeedWeibo.dll c:\users\User\AppData\Roaming\360SE\apps\ExtFeedWeibo\ExtFeedWeibo.png c:\users\User\AppData\Roaming\360SE\apps\ExtFeedWeibo\sidelogo.png c:\users\User\AppData\Roaming\360SE\apps\ExtShare\app.ico c:\users\User\AppData\Roaming\360SE\apps\ExtShare\app24.ico c:\users\User\AppData\Roaming\360SE\apps\ExtShare\ExtShare.png c:\users\User\AppData\Roaming\360SE\apps\ExtTuan\app.ico c:\users\User\AppData\Roaming\360SE\apps\ExtTuan\app24.ico c:\users\User\AppData\Roaming\360SE\apps\ExtTuan\ExtTuan.png c:\users\User\AppData\Roaming\360SE\apps\ExtWebmail\app.ico c:\users\User\AppData\Roaming\360SE\apps\ExtWebmail\app24.ico c:\users\User\AppData\Roaming\360SE\apps\ExtWebmail\ExtWebMail.png c:\users\User\AppData\Roaming\360SE\apps\ExtYouxi\app.ico c:\users\User\AppData\Roaming\360SE\apps\ExtYouxi\app.ini c:\users\User\AppData\Roaming\360SE\apps\ExtYouxi\app24.ico c:\users\User\AppData\Roaming\360SE\apps\ExtYouxi\ExtYouxi.dll c:\users\User\AppData\Roaming\360SE\apps\ExtYouxi\ExtYouxi.png c:\users\User\AppData\Roaming\360SE\apps\ExtYouxi\GameCenter.dll c:\users\User\AppData\Roaming\360SE\apps\ExtYouxi\sqlite3.dll c:\users\User\AppData\Roaming\360SE\apps\maidongxi\app.ico c:\users\User\AppData\Roaming\360SE\apps\maidongxi\app.ini c:\users\User\AppData\Roaming\360SE\apps\maidongxi\app24.ico c:\users\User\AppData\Roaming\360SE\apps\maidongxi\maidongxi.png c:\users\User\AppData\Roaming\360SE\apps\NotifyDown.dll c:\users\User\AppData\Roaming\360SE\apps\root.ver c:\users\User\AppData\Roaming\360SE\apps\SEWebAppPlat.exe c:\users\User\AppData\Roaming\360SE\apps\shipin\app.ico c:\users\User\AppData\Roaming\360SE\apps\shipin\app.ini c:\users\User\AppData\Roaming\360SE\apps\shipin\app24.ico c:\users\User\AppData\Roaming\360SE\apps\shipin\shipin.png c:\users\User\AppData\Roaming\360SE\apps\SnapPlugin\app.ico c:\users\User\AppData\Roaming\360SE\apps\SnapPlugin\app24.ico c:\users\User\AppData\Roaming\360SE\apps\SnapPlugin\SnapPlugin.png c:\users\User\AppData\Roaming\360SE\apps\TranslatorPlugin\app.ico c:\users\User\AppData\Roaming\360SE\apps\TranslatorPlugin\app24.ico c:\users\User\AppData\Roaming\360SE\apps\TranslatorPlugin\TranslatorPlugin.png c:\users\User\AppData\Roaming\360SE\apps\wanyouxi\app.ico c:\users\User\AppData\Roaming\360SE\apps\wanyouxi\app.ini c:\users\User\AppData\Roaming\360SE\apps\wanyouxi\app24.ico c:\users\User\AppData\Roaming\360SE\apps\wanyouxi\wanyouxi.png c:\users\User\AppData\Roaming\360SE\apps\xiaoshuo\app.ico c:\users\User\AppData\Roaming\360SE\apps\xiaoshuo\app.ini c:\users\User\AppData\Roaming\360SE\apps\xiaoshuo\app24.ico c:\users\User\AppData\Roaming\360SE\apps\xiaoshuo\xiaoshuo.png c:\users\User\AppData\Roaming\360SE\apps\xinwen\app.ico c:\users\User\AppData\Roaming\360SE\apps\xinwen\app.ini c:\users\User\AppData\Roaming\360SE\apps\xinwen\app24.ico c:\users\User\AppData\Roaming\360SE\apps\xinwen\xinwen.png c:\users\User\AppData\Roaming\360SE\apps\yinyue\app.ico c:\users\User\AppData\Roaming\360SE\apps\yinyue\app.ini c:\users\User\AppData\Roaming\360SE\apps\yinyue\app24.ico c:\users\User\AppData\Roaming\360SE\apps\yinyue\yinyue.png c:\users\User\AppData\Roaming\360SE\apps\Youxi\app.ico c:\users\User\AppData\Roaming\360SE\apps\Youxi\app24.ico c:\users\User\AppData\Roaming\360SE\apps\Youxi\Youxi.png c:\users\User\AppData\Roaming\360SE\data\360sefav.db c:\users\User\AppData\Roaming\360SE\data\Adfilter.dat c:\users\User\AppData\Roaming\360SE\data\adfilter.ini c:\users\User\AppData\Roaming\360SE\data\DeleteCookieFlag.txt c:\users\User\AppData\Roaming\360SE\data\FaceIcon_Bits.dat c:\users\User\AppData\Roaming\360SE\data\FavouriteBar_Bits.dat c:\users\User\AppData\Roaming\360SE\data\gameurls.dat c:\users\User\AppData\Roaming\360SE\data\guardconfig.ini c:\users\User\AppData\Roaming\360SE\data\history.dat c:\users\User\AppData\Roaming\360SE\data\ico\6f83c9cd9c7e1ffee373d209b9643812.svp c:\users\User\AppData\Roaming\360SE\data\ico\avc.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\cn.bing.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\cz.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\ddt.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\dgcs.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\dh.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\farm.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\hao.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\hero.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\mcsd.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\me.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\plsm.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\poker.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\se.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\search8.taobao.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.baidu.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.bing.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.google.com.hk.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.qihoo.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.renren.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.sogou.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.youdao.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\wxfy.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\yahoo.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\zqjl.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\IEXCompat.dat c:\users\User\AppData\Roaming\360SE\data\newskin.dat c:\users\User\AppData\Roaming\360SE\data\preset.dat c:\users\User\AppData\Roaming\360SE\data\seupdr.dat c:\users\User\AppData\Roaming\360SE\data\SkinMisc\ICON_FAVADD.ico c:\users\User\AppData\Roaming\360SE\data\SkinMisc\ICON_FAVSIDEBAR.ico c:\users\User\AppData\Roaming\360SE\data\SkinMisc\ICON_FAVURL.ico c:\users\User\AppData\Roaming\360SE\data\SkinMisc\ICON_SEARCH.ico c:\users\User\AppData\Roaming\360SE\data\SkinMisc\IE6Default_preview.png c:\users\User\AppData\Roaming\360SE\data\SkinUpdate\Preview0.png c:\users\User\AppData\Roaming\360SE\data\SkinUpdate\Preview1.png c:\users\User\AppData\Roaming\360SE\data\SkinUpdate\preview2.png c:\users\User\AppData\Roaming\360SE\data\SkinUpdate\preview3.png c:\users\User\AppData\Roaming\360SE\data\SkinUpdate\Preview4.png c:\users\User\AppData\Roaming\360SE\data\SkinUpdate\update.ini c:\users\User\AppData\Roaming\360SE\data\snapcache\snap.ini c:\users\User\AppData\Roaming\360SE\data\switch.ini c:\users\User\AppData\Roaming\360SE\data\urls.dat c:\users\User\AppData\Roaming\360SE\data\URLTitle.ini c:\users\User\AppData\Roaming\360SE\data\user.dat c:\users\User\AppData\Roaming\360SE\extensions\ExtBank\bank3.dll c:\users\User\AppData\Roaming\360SE\extensions\ExtBank\bankbox.ini c:\users\User\AppData\Roaming\360SE\extensions\ExtBank\bankbox_up.ini c:\users\User\AppData\Roaming\360SE\extensions\ExtBank\banklist.dll c:\users\User\AppData\Roaming\360SE\extensions\ExtBank\ExtBank.ini c:\users\User\AppData\Roaming\360SE\extensions\ExtBank\icon\tip.png c:\users\User\AppData\Roaming\360SE\extensions\ExtBank\stat.ini c:\users\User\AppData\Roaming\360SE\extensions\ExtBank\stat_bankbox.ini c:\users\User\AppData\Roaming\360SE\extensions\ExtDoctor\ExtDoctor.ini c:\users\User\AppData\Roaming\360SE\extensions\ExtDownload\livep.dat c:\users\User\AppData\Roaming\360SE\extensions\ExtYouxi\app_stat.ini c:\users\User\AppData\Roaming\360SE\extensions\ExtYouxi\ExtYouxi.ini c:\users\User\AppData\Roaming\360SE\extensions\ExtYouxi\GameCenter.ini c:\users\User\AppData\Roaming\360SE\extensions\ExtYouxi\GameCenter\360WebGames.xml c:\users\User\AppData\Roaming\360SE\extensions\ExtYouxi\promlib.dll c:\users\User\AppData\Roaming\360SE\extensions\ExtYouxi\server\360pyx.db c:\users\User\AppData\Roaming\360SE\extensions\ExtYouxi\server\ExtYouxi_url.xml c:\users\User\AppData\Roaming\360SE\extensions\ExtYouxi\server\game_recomm.html c:\users\User\AppData\Roaming\360SE\extensions\ExtYouxi\ver.ini c:\users\User\AppData\Roaming\360SE\extensions\Favorites\Favorites.ini c:\users\User\AppData\Roaming\360SE\extensions\Favorites\Favorites2.ini c:\users\User\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2012_09_27.log c:\users\User\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2012_09_28.log c:\users\User\AppData\Roaming\360SE\extensions\Favorites\Quick.ini c:\users\User\AppData\Roaming\360SE\extensions\Favorites\titleopt.dll c:\users\User\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000018 c:\users\User\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000021 c:\users\User\AppData\Roaming\360SE\extensions\LoginEnrol\pushinfo.xml c:\users\User\AppData\Roaming\360SE\extensions\LoginEnrol\pushupdate.ini c:\users\User\AppData\Roaming\360SE\extensions\LoginEnrol\Quick.ini c:\users\User\AppData\Roaming\360SE\extensions\SafeCentral\esimple.ini c:\users\User\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.ini c:\users\User\AppData\Roaming\360SE\extensions\SafeCentral\SafeProtect.dat c:\users\User\AppData\Roaming\360SE\extensions\SafeCentral\urllib.dat c:\users\User\AppData\Roaming\360SE\extensions\SafeCentral\urllibauth.dat c:\users\User\AppData\Roaming\360SE\extensions\SafeCentral\urllibw.dat c:\users\User\AppData\Roaming\360SE\login.ini c:\users\User\AppData\Roaming\360SE\seup.ini c:\users\User\AppData\Roaming\360SE\stat.ini c:\users\User\AppData\Roaming\360SE\WebCache\hao.360.cn.new c:\users\User\AppData\Roaming\baidu\hao123 c:\users\User\AppData\Roaming\baidu\hao123\hao123.1.0.0.1097.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTab c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\addon.ico c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\blocklist.json c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\DT.ico c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\update.exe c:\users\User\AppData\Roaming\Evaer c:\users\User\AppData\Roaming\Evaer\record.xml c:\users\User\AppData\Roaming\GoogleUpdate.exe c:\users\User\AppData\Roaming\iFree c:\users\User\AppData\Roaming\iFree\record.xml c:\users\User\AppData\Roaming\svchost c:\users\User\AppData\Roaming\svchost\logg.dat c:\users\User\dd21f1df98bd66ec82be2d0073458293.jpg D:\install.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_DefaultTabUpdate -------\Service_DefaultTabUpdate . . ((((((((((((((((((((((((( Pliki utworzone od 2014-02-11 do 2014-03-11 ))))))))))))))))))))))))))))))) . . 2014-03-11 13:08 . 2014-03-11 13:09 272496 ----a-w- c:\program files\Mozilla Firefox\updated\browser\components\browsercomps.dll 2014-03-11 10:26 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A83AF762-0136-4446-85BF-47062EC7F4E8}\mpengine.dll 2014-02-25 23:19 . 2014-02-25 23:19 -------- d-----w- c:\windows\Migration 2014-02-20 17:26 . 2014-02-20 17:26 -------- d-----w- c:\program files\Common Files\Corel 2014-02-20 17:25 . 2014-02-20 17:25 -------- d-----w- c:\program files\Common Files\Protexis 2014-02-13 23:37 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-20 22:41 . 2012-07-12 12:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-20 22:41 . 2012-07-12 12:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-02-05 16:03 . 2013-08-12 11:46 324096 ----a-w- c:\windows\system32\drivers\sptd.sys 2014-01-01 15:27 . 2014-01-01 15:27 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2013-12-18 05:13 . 2012-04-06 09:43 231584 ------w- c:\windows\system32\MpSigStub.exe 2011-09-16 13:12 . 2012-04-22 10:35 3623592 ----a-w- c:\program files\Common Files\ApnToolbarInstaller.exe 2011-09-16 13:12 . 2012-04-22 10:35 143240 ----a-w- c:\program files\Common Files\ApnStub.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ChomikBox"="c:\program files\ChomikBox\chomikbox.exe" [2012-11-15 5979648] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "adiras"="c:\windows\adiras.exe" [2007-02-13 194128] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-28 74752] "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-09-09 296096] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "SAFE12 HotKeys"="d:\sejf\zainstalowane\SteganosHotKeyService.exe" [2012-03-19 84480] "SAFE12 File Redirection Starter"="d:\sejf\zainstalowane\fredirstarter.exe" [2012-03-19 17408] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-06 1343400] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984] S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\Sleen17.sys [2011-09-12 13:28 94560] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-07 96896] S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704] S2 Update BrowseSmart;Update BrowseSmart;c:\program files\BrowseSmart\updateBrowseSmart.exe [2014-03-07 112416] S2 Util BrowseSmart;Util BrowseSmart;c:\program files\BrowseSmart\bin\utilBrowseSmart.exe [2014-03-11 112416] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896] S3 netw5v32;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 32-bitowej;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-03-04 11:34 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2014-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 22:41] . 2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-28 11:55] . 2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-28 11:55] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.hao123.com/?tn=82013038_111_hao_pg IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ry8ranj2.default\ FF - user.js: extensions.mixidj.tlbrSrchUrl - FF - user.js: extensions.mixidj.id - 9400bdd0000000000000001a6bb7936d FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916} FF - user.js: extensions.mixidj.instlDay - 15947 FF - user.js: extensions.mixidj.vrsn - 1.8.18.8 FF - user.js: extensions.mixidj.vrsni - 1.8.18.8 FF - user.js: extensions.mixidj.vrsnTs - 1.8.18.815:20 FF - user.js: extensions.mixidj.prtnrId - mixidj FF - user.js: extensions.mixidj.prdct - mixidj FF - user.js: extensions.mixidj.aflt - babsst FF - user.js: extensions.mixidj.smplGrp - none FF - user.js: extensions.mixidj.tlbrId - baseyh FF - user.js: extensions.mixidj.instlRef - sst FF - user.js: extensions.mixidj.dfltLng - en FF - user.js: extensions.mixidj.excTlbr - false FF - user.js: extensions.mixidj.ffxUnstlRst - false FF - user.js: extensions.mixidj.admin - false FF - user.js: extensions.mixidj.autoRvrt - false FF - user.js: extensions.mixidj.rvrt - false FF - user.js: extensions.mixidj.newTab - false FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 9400bdd0000000000000001a6bb7936d FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15947 FF - user.js: extensions.delta.vrsn - 1.8.24.6 FF - user.js: extensions.delta.vrsni - 1.8.24.6 FF - user.js: extensions.delta.vrsnTs - 1.8.24.623:09 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=119828&tsp=4990 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . . ------- Skojarzenia plików ------- . .txt= . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-AdobeBridge - (no file) HKLM-Run-VDownloader - c:\program files\VDownloader\VDownloader.exe HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe HKLM-Run-CorelDRAW Graphics Suite 11b - c:\program files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe HKLM-Run-YouCam Service - c:\program files\CyberLink\YouCam\YouCamService.exe HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe AddRemove-DefaultTab - c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe AddRemove-DefaultTab Chrome - c:\program files\DefaultTab\uninstaller.exe AddRemove-PaintToolSAI - c:\users\User\Desktop\PaintToolSAI\uninst.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.032" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ABR\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.abr" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ANI\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.ani" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.apd" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.bay" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.bw" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.cs1" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.dcx" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.dib" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.djv" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DJVU\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.djvu" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariDownload" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EPS\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.eps" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.erf" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.fff" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.fpx" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.hdr" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICL\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.icl" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.icn" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.iff" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.ilbm" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.int" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.inta" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.iw4" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.jbr" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.jfif" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.jif" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.jpk" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.jpx" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.lbm" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.mef" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.mos" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.pbm" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.pbr" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.pcd" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.pct" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.pic" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.pict" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.pix" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.psp" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.pspbrush" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.pspimage" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.rgb" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.rgba" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.rle" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.rsb" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.rwl" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariExtension" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.sgi" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.srw" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.thm" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.ttc" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.ttf" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.v14o" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.v14p" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.v14pf" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.wbmp" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XBM\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.xbm" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (S-1-5-21-1894515312-3285578680-510463183-1000) @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (S-1-5-21-1894515312-3285578680-510463183-1000) @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.xif" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice] @Denied: (2) (S-1-5-21-1894515312-3285578680-510463183-1000) @Denied: (2) (LocalSystem) "Progid"="xmlfile" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.xmp" . [HKEY_USERS\S-1-5-21-1894515312-3285578680-510463183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XPM\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\taskhost.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\conhost.exe c:\windows\system32\igfxsrvc.exe c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Microsoft Office\Office12\ONENOTEM.EXE c:\windows\system32\sppsvc.exe . ************************************************************************** . Czas ukończenia: 2014-03-11 18:15:23 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2014-03-11 17:15 . Przed: 4 357 042 176 bajtów wolnych Po: 4 733 353 984 bajtów wolnych . - - End Of File - - 3123952D9E07F9CE955C11403EC8A270 A36C5E4F47E84449FF07ED3517B43A31