ComboFix 12-03-15.02 - klucz 2012-03-15 13:01:58.5.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.3067.2192 [GMT 1:00] Uruchomiony z: c:\users\klucz\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2012-02-15 do 2012-03-15 ))))))))))))))))))))))))))))))) . . 2012-03-15 12:13 . 2012-03-15 12:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-03-15 12:13 . 2012-03-15 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-15 06:01 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-15 06:01 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 17:47 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 17:47 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 17:47 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 17:47 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 17:47 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 17:47 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 07:55 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 07:55 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 07:55 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 07:55 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 07:55 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 07:55 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-12 14:17 . 2012-03-12 14:17 -------- d-----w- c:\users\klucz\.system32 2012-03-12 14:13 . 2012-03-12 14:20 -------- d-----w- C:\DotAlicious Gaming Client 2012-03-05 21:53 . 2012-03-05 21:55 -------- d-----w- c:\users\klucz\AppData\Roaming\NapiProjekt 2012-03-05 13:16 . 2012-03-15 12:15 -------- d-----w- c:\users\klucz\AppData\Local\temp 2012-03-05 13:16 . 2010-11-20 08:39 74752 ----a-w- c:\windows\system32\drivers\tdx.sys 2012-03-05 11:31 . 2012-03-05 11:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-05 11:31 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-04 12:25 . 2012-03-04 12:25 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-02-28 01:23 . 2012-02-26 23:51 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-02-27 21:33 . 2012-02-27 21:33 -------- d-----w- c:\windows\system32\EventProviders 2012-02-26 23:52 . 2012-02-28 01:57 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-26 23:52 . 2012-02-26 23:51 187904 ----a-w- c:\windows\system32\drivers\netbt.sys 2012-02-26 23:51 . 2012-02-28 00:17 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys 2012-02-26 23:29 . 2012-02-13 19:32 1592832 ----a-w- c:\windows\SetACL.exe 2012-02-25 13:33 . 2012-02-25 13:33 -------- d-----w- c:\program files\AVAST Software 2012-02-20 17:37 . 2012-03-15 11:55 -------- d-----w- c:\programdata\AVAST Software 2012-02-20 17:37 . 2012-02-20 17:37 -------- d-----w- C:\AVAST Software 2012-02-17 20:32 . 2012-02-17 20:32 -------- d-----w- c:\users\klucz\AppData\Roaming\Malwarebytes 2012-02-17 20:32 . 2012-02-17 20:32 -------- d-----w- c:\programdata\Malwarebytes 2012-02-17 14:57 . 2012-02-23 20:53 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-02-17 14:56 . 2012-02-17 20:48 -------- d-----w- c:\users\klucz\AppData\Roaming\xevpinwjidcurtkupvhr2tcxrohmgmio2 2012-02-16 18:53 . 2012-02-17 20:48 -------- d-----w- c:\users\klucz\AppData\Roaming\xspfd3iemzn1dpqklijqjlnz3hqlu3l22 2012-02-16 18:53 . 2012-02-17 20:48 -------- d-----w- c:\users\klucz\AppData\Roaming\xfmf1xbshtlrgnrfdaxxphrupegtiaok2 2012-02-15 11:54 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 11:54 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 11:53 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-26 23:51 . 2011-11-09 14:32 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-02-13 17:34 . 2012-02-13 17:34 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2012-01-29 21:16 . 2012-01-29 21:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-24 10:32 . 2012-01-24 10:32 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DCCDBF5-CB0E-4209-8B4D-2A87166D6054}\offreg.dll 2012-01-06 04:19 . 2012-01-24 10:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DCCDBF5-CB0E-4209-8B4D-2A87166D6054}\mpengine.dll 2011-12-16 15:53 . 2012-01-22 18:23 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512] "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-08-26 4114288] "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^klucz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] path=c:\users\klucz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^klucz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk] path=c:\users\klucz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] 2011-08-16 18:30 1379840 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo SlideNav] 2009-08-19 02:07 839680 ----a-w- c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2010-03-26 09:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnekeyDM] 2009-03-27 13:56 335872 ----a-w- c:\program files\Lenovo\OnekeyDM\OnekeyDM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV] 2011-12-27 20:28 5781368 ----a-w- c:\program files\RayV\RayV\RayV.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC] 2008-11-14 12:35 305064 ----a-r- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2009-07-20 11:21 7625248 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-09-12 10:35 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount] 2011-09-28 02:19 13922104 ----a-w- c:\program files\VoipDiscount.com\VoipDiscount\voipdiscount.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240] R3 GarenaPEngine;GarenaPEngine;c:\users\klucz\AppData\Local\Temp\BMBE71.tmp [x] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x] R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984] R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328] R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x] S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904] S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-19 11776] S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-24 5632] S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-07 273448] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088] S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-08-21 171520] S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . NETSVCS WYMAGA NAPRAWY - pokazano aktualnie istniejące wpisy AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp s116unic adpu160m itmrtsvc array_utility_service4,0,1,3 CAM1210 ialm mhn spcflt wmccdsls dvpapi bdpredir BrScnUsb OneCareMP AsusACPI s716mdfl ctaud2k {eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} XBCD hddsvc PGPsdkDriver tosrfcom bwmservice nod32krn lvupdtio w22n51 NuidFltr irbus IBM_LLC2 A88xTuner nsausvc mqdmbus pml Ndisipo IJPLMSVC se58bus nvstor32 amusbprt kpfwsvc UpdateCenterService L8042mou Uim_IM oracleorahomehttpserver RTL8169 oracleorahometnslistener webupdate CAMCHALA ngserver MREMP50 bhmonitorservice USA49W vet-rec aiclient asusgsb zebrbus sysplant TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS wercplsupport EapHost ProfSvc schedule hkmsvc SessionEnv winmgmt browser Themes BDESVC . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ mStart Page = hxxp://lenovo.live.com/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MI3DFC~1\OFFICE11\EXCEL.EXE/3000 IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.31.1 FF - ProfilePath - c:\users\klucz\AppData\Roaming\Mozilla\Firefox\Profiles\m2jyyirn.default\ FF - prefs.js: browser.search.selectedEngine - Gazeta FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= FF - prefs.js: network.proxy.type - 0 . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine] "ImagePath"="\??\c:\users\klucz\AppData\Local\Temp\BMBE71.tmp" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51, 99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}"=hex:51,66,7a,6c,4c,1d,38,12,9d,5d,81, db,b5,34,8a,01,e3,b9,ce,3b,2d,55,b2,02 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:2d,67,42,13,05,f1,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,52,bc,ae,82,d4,c1,49,98,e1,f0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,52,bc,ae,82,d4,c1,49,98,e1,f0,\ . [HKEY_USERS\S-1-5-21-2150938512-64459396-1551823533-1003\Software\SecuROM\License information*] "datasecu"=hex:81,99,5e,24,95,e0,f3,44,f9,fd,02,7c,23,a0,63,4d,18,be,8d,b9,89, 26,ae,ca,7b,18,3c,39,09,c8,7e,48,fd,34,a5,28,97,09,b1,56,ba,88,a5,61,9c,98,\ "rkeysecu"=hex:f5,f7,fd,78,57,fa,bf,14,15,43,96,b9,ed,af,bd,41 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'Explorer.exe'(372) c:\program files\Lenovo\Bluetooth Software\btncopy.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Lenovo\Bluetooth Software\btwdins.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Czas ukończenia: 2012-03-15 13:21:52 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-03-15 12:21 . Przed: 68 381 794 304 bajtów wolnych Po: 68 167 737 344 bajtów wolnych . - - End Of File - - 3868997A21E550C76B41EE9BBE9650CB