ComboFix 12-07-27.03 - Foka 2012-07-28 14:52:09.1.4 - x86 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3566.2609 [GMT 2:00] Uruchomiony z: H:\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . [i] ADS - windows: deleted 24 bytes in 1 streams. [/i] . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\6C82D0E90008636195B9A905F875F020 c:\programdata\6C82D0E90008636195B9A905F875F020\6C82D0E90008636195B9A905F875F020 c:\programdata\6C82D0E90008636195B9A905F875F020\6C82D0E90008636195B9A905F875F020.exe c:\programdata\6C82D0E90008636195B9A905F875F020\6C82D0E90008636195B9A905F875F020.ico c:\programdata\FullRemove.exe c:\users\Foka\AppData\Local\Microsoft\Windows\2616\WPDShextAutoplay.exe c:\users\Foka\AppData\Roaming\.# c:\users\Foka\AppData\Roaming\chrtmp c:\users\Foka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum c:\users\Foka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk c:\users\Foka\Desktop\Live Security Platinum.lnk c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\muzapp.exe c:\windows\system32\tmp2515.tmp c:\windows\system32\tmp2516.tmp c:\windows\system32\tmpA804.tmp c:\windows\system32\tmpA805.tmp c:\windows\system32\tmpC3B7.tmp c:\windows\system32\tmpC3B8.tmp . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-28 do 2012-07-28 ))))))))))))))))))))))))))))))) . . 2012-07-28 12:58 . 2012-07-28 12:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-28 12:41 . 2012-07-28 12:41 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-07-28 12:29 . 2012-07-28 12:30 -------- d-----w- c:\program files\HitmanPro 2012-07-28 12:29 . 2012-07-28 12:41 -------- d-----w- c:\programdata\HitmanPro 2012-07-28 09:43 . 2012-07-28 09:43 -------- d-----w- c:\users\Foka\AppData\Roaming\hellomoto 2012-07-18 11:57 . 2012-07-27 14:16 -------- d-----w- c:\users\Foka\AppData\Roaming\Skype 2012-07-18 11:57 . 2012-07-18 11:57 -------- d-----w- c:\program files\Common Files\Skype 2012-07-18 11:57 . 2012-07-18 11:57 -------- d-----r- c:\program files\Skype 2012-07-18 11:57 . 2012-07-18 11:57 -------- d-----w- c:\programdata\Skype 2012-07-02 14:49 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A5B8F2D-BF3E-4DB7-BFF4-6024550A6389}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-18 07:18 . 2012-03-31 07:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-18 07:18 . 2011-05-15 08:01 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 22:19 . 2012-06-22 16:37 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 16:37 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 16:37 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 16:37 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-22 16:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-22 16:37 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-22 16:37 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-22 16:37 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-22 16:37 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-29 07:38 . 2011-06-07 09:13 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-05-17 22:45 . 2012-06-23 07:47 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35 . 2012-06-23 07:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35 . 2012-06-23 07:47 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29 . 2012-06-23 07:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24 . 2012-06-23 07:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-15 01:05 . 2012-06-23 07:45 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-05-04 09:59 . 2012-06-23 07:45 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-05-01 04:44 . 2012-06-23 07:45 164352 ----a-w- c:\windows\system32\profsvc.dll 2011-11-24 21:28 . 2011-08-30 15:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-14 8120864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472] "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216] "APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "ROUTE66Sync"="d:\program files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe" [2010-12-17 168448] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "iPlusManager"="d:\program files\iPlus\iPlusChecker.exe" [2010-11-25 468288] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-27 284696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x] R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [x] R3 cpuvis;cpuvis;c:\program files\My applications\cpuvis.sys [x] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x] R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x] R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x] R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [x] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x] S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [x] S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [x] S2 S3DSvc32;S3D Service (Win32);c:\program files\iZ3D Driver\Win32\S3DCService.exe [x] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - FSUSBEXDISK *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 21:25] . 2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 21:25] . 2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3916604919-2912353607-3506189148-1000Core.job - c:\users\Foka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 11:17] . 2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3916604919-2912353607-3506189148-1000UA.job - c:\users\Foka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 11:17] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.babylon.com/?affID=112560&tt=100512_3_&babsrc=HP_ss&mntrId=8e74404d000000000000b24ce55b856d IE: Download with GetRight Pro - d:\program files\GetRight\GRdownload.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Open with GetRight Pro Browser - d:\program files\GetRight\GRbrowse.htm IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{354A491A-D4F6-4CA3-96D1-A862B306C77A}: NameServer = 212.2.96.54 212.2.96.52 FF - ProfilePath - c:\users\Foka\AppData\Roaming\Mozilla\Firefox\Profiles\vk6ezd5x.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://google.pl FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112560&tt=100512_3_ FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 8e74404d000000000000b24ce55b856d FF - user.js: extensions.BabylonToolbar_i.hardId - 8e74404d000000000000b24ce55b856d FF - user.js: extensions.BabylonToolbar_i.instlDay - 15479 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:04 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ------- Skojarzenia plików ------- . JSEFile=NOTEPAD.EXE %1 . - - - - USUNIĘTO PUSTE WPISY - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) Toolbar-Locked - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) HKCU-Run-AdobeBridge - (no file) HKCU-Run-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe HKCU-Run-WPDShextAutoplay - c:\users\Foka\AppData\Local\Microsoft\Windows\2616\WPDShextAutoplay.exe HKLM-Run-NPSStartup - (no file) AddRemove-01_Simmental - d:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - d:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - d:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - d:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - d:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - d:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - d:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - d:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-12_Symbian_USB_Download_Driver - d:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe AddRemove-15_Symbian_Samsung_PC_DLC_Driver - d:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - d:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - d:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - d:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - d:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - d:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-3916604919-2912353607-3506189148-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:a4,52,28,37,19,ac,04,bf,f2,d5,6e,6b,08,5f,6e,fe,14,92,0d,64,a1,4c,8d, c4,6a,75,10,36,5f,7d,4c,e4,b5,f3,a5,74,72,35,99,c2,9c,0e,c1,18,fc,8f,a8,5a,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 . [HKEY_USERS\S-1-5-21-3916604919-2912353607-3506189148-1000\Software\SecuROM\License information*] "datasecu"=hex:79,f2,38,a2,14,57,6c,f4,7c,7a,dc,fa,0d,2b,31,57,d5,0b,e4,e3,0c, d1,36,49,af,09,32,5e,ab,cc,24,25,2e,94,d9,56,6f,d3,ca,7b,83,87,5d,4c,d4,19,\ "rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'Explorer.exe'(5404) c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\taskhost.exe c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe c:\windows\system32\conhost.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\NVIDIA Corporation\Display\nvtray.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\windows\system32\WUDFHost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\windows\system32\sppsvc.exe . ************************************************************************** . Czas ukończenia: 2012-07-28 15:06:07 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-07-28 13:06 . Przed: 12 885 241 856 bajtów wolnych Po: 13 101 326 336 bajtów wolnych . - - End Of File - - 2FE79F43A146814B94CD0C95B109C8E7