Problem z wirusem sality

[MrEnergy]

Witam . Dziś gdy włączyłem komputer od razu wyskoczyła informacja o złapaniu wirusa "Win32/Sality.NBA" O to logi z ComboFix'a:

Kod: Zaznacz wszystko

ComboFix 11-08-18.03 - Mateusz 2011-08-19  19:33:19.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.48.1045.18.4095.2420 [GMT 2:00]
Uruchomiony z: c:\users\Mateusz\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
* Rezydentny antywirus jest aktywny
.
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mateusz\AppData\Roaming\EurekaLog
c:\users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
c:\users\Mateusz\Documents\MOO38D2.tmp
c:\users\Mateusz\m2.exe
c:\windows\IsUn0415.exe
c:\windows\My.ini
c:\windows\ST6UNST.000
c:\windows\SysWow64\CoreAAC-uninstall.exe
c:\windows\SysWow64\ie5unit.exe
c:\windows\SysWow64\portmap.exe
c:\windows\w5win.ini
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-07-19 do 2011-08-19  )))))))))))))))))))))))))))))))
.
.
2011-08-19 17:39 . 2011-08-19 17:39   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-08-16 12:49 . 2011-08-16 12:49   --------   d-----w-   c:\program files (x86)\IncrediMail_MediaBar_4
2011-08-16 12:49 . 2011-08-16 12:49   --------   d-----w-   c:\users\Mateusz\AppData\Local\IM
2011-08-16 12:49 . 2011-08-16 12:49   --------   d-----w-   c:\programdata\IM
2011-08-16 12:49 . 2011-08-16 12:49   --------   d-----w-   c:\programdata\IncrediMail
2011-08-16 09:01 . 2011-08-16 09:01   2870272   ----a-w-   c:\windows\explorer1.exe
2011-08-16 08:58 . 2007-07-29 13:53   117248   ----a-w-   c:\windows\SysWow64\RestoratorContextMenu.dll
2011-08-16 08:58 . 2011-08-16 08:58   --------   d-----w-   c:\program files (x86)\Restorator 2007
2011-08-16 08:32 . 2009-07-14 01:41   332288   ----a-w-   c:\windows\system32\uxtheme.dll.backup
2011-08-16 08:32 . 2009-07-14 01:41   2851328   ----a-w-   c:\windows\system32\themeui.dll.backup
2011-08-16 08:32 . 2009-07-14 01:41   44544   ----a-w-   c:\windows\system32\themeservice.dll.backup
2011-08-12 14:05 . 2011-08-12 14:05   --------   d-----w-   c:\program files (x86)\LogMeIn Hamachi
2011-08-12 14:03 . 2011-08-12 14:03   --------   d-----w-   c:\windows\SysWow64\RTCOM
2011-08-12 14:03 . 2011-08-12 14:03   --------   d-----w-   c:\program files\Realtek
2011-08-07 15:53 . 2011-08-16 12:35   --------   d-----w-   c:\users\Mateusz\AppData\Roaming\TS3Client
2011-08-07 15:52 . 2011-08-15 20:11   --------   d-----w-   c:\program files (x86)\TeamSpeak 3 Client
2011-08-07 15:52 . 2011-08-07 15:52   --------   d-----w-   c:\users\Mateusz\AppData\Local\Conduit
2011-08-07 15:52 . 2011-08-07 15:52   --------   d-----w-   c:\program files (x86)\Softonic-Polska_
2011-08-05 09:10 . 2011-08-19 16:27   --------   d-----w-   c:\users\Mateusz\VirtualBox VMs
2011-08-05 09:09 . 2011-08-19 16:30   --------   d-----w-   c:\users\Mateusz\.VirtualBox
2011-08-05 09:08 . 2011-07-19 11:08   223536   ----a-w-   c:\windows\system32\drivers\VBoxDrv.sys
2011-08-05 09:08 . 2011-07-19 11:08   131376   ----a-w-   c:\windows\system32\drivers\VBoxUSBMon.sys
2011-08-05 09:08 . 2011-08-05 09:08   --------   d-----w-   c:\program files\Oracle
2011-08-05 09:05 . 2011-08-05 09:08   --------   dc----w-   c:\windows\system32\DRVSTORE
2011-08-03 20:39 . 2011-08-03 20:39   --------   d-----w-   c:\users\Mateusz\Source
2011-07-25 18:58 . 2011-07-25 18:58   --------   d-----w-   c:\program files (x86)\WinAVI MP4 Converter
2011-07-25 05:12 . 2011-07-25 07:11   --------   d-----w-   c:\program files (x86)\Hide My IP 2009
2011-07-24 20:50 . 2011-07-24 20:50   --------   d-----w-   c:\users\Mateusz\AppData\Roaming\WinAVI
2011-07-24 20:50 . 2011-07-24 20:50   --------   d-----w-   c:\users\Mateusz\AppData\Local\WinAVI
2011-07-24 20:50 . 2011-07-25 18:57   --------   d-----w-   c:\program files (x86)\WinAVI
2011-07-24 20:19 . 2011-07-24 20:19   --------   d-----w-   c:\program files (x86)\Xvid
2011-07-24 20:19 . 2009-06-07 14:25   77824   ----a-w-   c:\windows\SysWow64\xvid.ax
2011-07-24 20:19 . 2009-06-07 14:24   180224   ----a-w-   c:\windows\SysWow64\xvidvfw.dll
2011-07-24 20:19 . 2009-06-07 14:16   819200   ----a-w-   c:\windows\SysWow64\xvidcore.dll
2011-07-24 20:18 . 2011-07-24 20:18   --------   d-----w-   c:\program files (x86)\Haali
2011-07-24 20:18 . 2011-08-19 17:22   --------   d-----w-   c:\program files (x86)\AC3Filter
2011-07-24 20:18 . 2009-08-11 19:22   580096   ----a-w-   c:\windows\system32\ac3filter64.acm
2011-07-24 20:18 . 2009-08-11 19:18   497664   ----a-w-   c:\windows\SysWow64\ac3filter.acm
2011-07-24 20:18 . 2011-07-24 20:18   --------   d-----w-   c:\program files (x86)\AviSynth 2.5
2011-07-24 20:17 . 2011-07-27 13:42   --------   d-----w-   c:\program files (x86)\Avi2Dvd
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-19 16:37 . 2010-01-23 20:24   164880   ---ha-w-   c:\users\Mateusz\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-08-16 08:32 . 2009-07-13 23:55   332288   ----a-w-   c:\windows\system32\uxtheme.dll
2011-08-16 08:32 . 2009-07-13 23:54   2851328   ----a-w-   c:\windows\system32\themeui.dll
2011-08-16 08:32 . 2009-07-13 23:54   44544   ----a-w-   c:\windows\system32\themeservice.dll
2011-07-20 10:33 . 2010-08-30 13:43   5052280   ----a-w-   c:\windows\SysWow64\SpoonUninstall.exe
2011-07-19 11:08 . 2011-07-19 11:08   165680   ----a-w-   c:\windows\system32\drivers\VBoxNetFlt.sys
2011-07-19 11:08 . 2011-07-19 11:08   146736   ----a-w-   c:\windows\system32\drivers\VBoxNetAdp.sys
2011-07-19 11:08 . 2011-07-19 11:08   320816   ----a-w-   c:\windows\system32\VBoxNetFltNobj.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{8f3c1d75-d467-43c2-9a36-655366b76f5f}"= "c:\program files (x86)\Softonic-Polska_\prxtbSoft.dll" [2011-03-28 176936]
"{90eee664-34b1-422a-a782-779af65cdf6d}"= "c:\program files (x86)\IncrediMail_MediaBar_4\tbIncr.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{8f3c1d75-d467-43c2-9a36-655366b76f5f}]
.
[HKEY_CLASSES_ROOT\clsid\{90eee664-34b1-422a-a782-779af65cdf6d}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51   3911776   ----a-w-   c:\program files (x86)\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 11:51   3911776   ----a-w-   c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8f3c1d75-d467-43c2-9a36-655366b76f5f}]
2011-03-28 16:22   176936   ----a-w-   c:\program files (x86)\Softonic-Polska_\prxtbSoft.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90eee664-34b1-422a-a782-779af65cdf6d}]
2010-11-29 13:26   3908192   ----a-w-   c:\program files (x86)\IncrediMail_MediaBar_4\tbIncr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin0.dll" [2010-12-09 3911776]
"{8f3c1d75-d467-43c2-9a36-655366b76f5f}"= "c:\program files (x86)\Softonic-Polska_\prxtbSoft.dll" [2011-03-28 176936]
"{90eee664-34b1-422a-a782-779af65cdf6d}"= "c:\program files (x86)\IncrediMail_MediaBar_4\tbIncr.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{8f3c1d75-d467-43c2-9a36-655366b76f5f}]
.
[HKEY_CLASSES_ROOT\clsid\{90eee664-34b1-422a-a782-779af65cdf6d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-25 39408]
"RGSC"="e:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
"AQQ"="c:\progra~2\WapSter\WAPSTE~1\AQQ.exe" [2011-06-14 9030656]
"Mega Manager"="c:\program files (x86)\Megaupload\Mega Manager\MegaManager.exe" [2010-11-03 2113024]
"LG LinkAir"="c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe" [2010-06-16 2373992]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 152576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
.
c:\users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WinMySQLadmin.lnk - e:\xampp\mysql\bin\winmysqladmin.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 103424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-25 135664]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 dump_wmimmc;dump_wmimmc;d:\cabal\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-25 135664]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S3 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP 2009\HideMyIpSrv.exe [2009-11-28 2396464]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 X6va005;X6va005;c:\users\Mateusz\AppData\Local\Temp\0056FD2.tmp [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-25 07:50]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-25 07:50]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3178621927-3445890128-2453181297-1000Core.job
- c:\users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-24 18:12]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3178621927-3445890128-2453181297-1000UA.job
- c:\users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-24 18:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2716216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredimail.com/mb59?u=92259868348063443
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Funkcja Google Sidewiki - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
IE: Ściągnij przy poomocy FlashGet3 - c:\users\Mateusz\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: Ściągnij wszystko przy pomocy FlashGet3 - c:\users\Mateusz\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: ????3?? - c:\users\Mateusz\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\Mateusz\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
LSP: c:\windows\system32\HMIPCore.dll
FF - ProfilePath - c:\users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\3eupsf1i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2878731&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-Polanie II - d:\polanie ii\UNWISE.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Tiberia Client - d:\tiberia client\Uninstal.exe
AddRemove-CS1.6 Realistic Mod - c:\users\Mateusz\Desktop\cs16_realism_mod\Uninstal.exe
AddRemove-NCsoft-Aion - c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Mateusz\AppData\Local\Temp\0056FD2.tmp"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2011-08-19  19:41:30
ComboFix-quarantined-files.txt  2011-08-19 17:41
.
Przed: 7 568 191 488 bajtów wolnych
Po: 13 114 179 584 bajtów wolnych
.
- - End Of File - - 20FDD1B84B844E27A9F3053B0296C17E


Teraz pytanie, co mogę z tym zrobić, format ? . Pozdrawiam Mateusz.

[kominekl]

Lecz -> http://forum.instalki.pl/viewtopic.php?p=111372#p111372.

[MrEnergy]

Wielkie dzięki za pomoc. Pozdrawiam Energy.

[kominekl]

Nie ma za co jeszcze. Nie zapomnij żeby po leczeniu podać logi z OTL.