ComboFix 12-10-18.03 - SYLWIA 2012-10-18 21:28:05.1.4 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.3055.1962 [GMT 2:00] Uruchomiony z: c:\users\SYLWIA\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPlyIE.dll c:\program files\DealPly\DealPlyTune.dll c:\program files\DealPly\DealPlyUpdate.exe c:\program files\DealPly\DealPlyUpdate.log c:\program files\DealPly\DealPlyUpdateRun.exe c:\program files\DealPly\icon.ico c:\program files\DealPly\sqlite3.dll c:\program files\DealPly\uninst.exe c:\program files\facemoods.com c:\program files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.crx c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.png c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\ncncf.dat c:\program files\RelevantKnowledge\rlls.dll c:\program files\RelevantKnowledge\rlls64.dll c:\program files\RelevantKnowledge\rloci.bin c:\program files\RelevantKnowledge\rlservice.exe c:\program files\RelevantKnowledge\rlvknlg.exe c:\program files\RelevantKnowledge\rlvknlg64.exe c:\programdata\dapeton.pad c:\programdata\lsass.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk C:\Thumbs.db c:\users\SYLWIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_nvsvc -------\Service_RelevantKnowledge . . ((((((((((((((((((((((((( Pliki utworzone od 2012-09-18 do 2012-10-18 ))))))))))))))))))))))))))))))) . . 2012-10-18 19:33 . 2012-10-18 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-18 13:10 . 2012-10-18 13:10 -------- d-----w- c:\program files\ESET 2012-10-17 22:09 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6E434F3-0377-4D5F-BE9F-27DEA48057C9}\mpengine.dll 2012-10-10 10:55 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-10 10:55 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 10:55 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-10 10:55 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-07 02:42 . 2012-10-07 02:42 -------- d-----w- c:\program files\Xhamster 2012-10-05 22:45 . 2012-10-05 22:45 -------- d-----w- c:\program files\aTube catcher 2012-09-26 07:20 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-10 06:40 . 2012-04-15 13:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-10 06:40 . 2012-04-15 13:47 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 15:04 . 2012-09-17 11:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2012-10-08 15:04 . 2012-09-02 14:09 686416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-09-20 07:22 . 2012-09-02 14:10 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2012-09-17 11:37 . 2012-09-17 11:37 686416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-08-22 17:16 . 2012-09-12 20:18 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 17:16 . 2012-09-12 20:18 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16 . 2012-09-12 20:18 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16 . 2012-09-12 20:18 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-02 16:57 . 2012-09-12 20:18 490496 ----a-w- c:\windows\system32\d3d10level9.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2012-04-24 12:24 1310000 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-04-24 1310000] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-15 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904] "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-11-19 1690680] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "nwiz"="nwiz.exe" [2009-12-03 1657448] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 13830760] "IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-18 495708] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\BROWSE~1\23787~1.43\{16CDF~1\browsemngr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 PLAY ONLINE. RunOuc;PLAY ONLINE. OUC;c:\program files\PLAY ONLINE\UpdateDog\ouc.exe [x] R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x] R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x] R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe [x] S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x] S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x] S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x] S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x] S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 NETw5s32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 06:40] . 2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-15 14:00] . 2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-15 14:00] . 2012-10-14 c:\windows\Tasks\HPCeeScheduleForSYLWIA.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://home.sweetim.com/?st=17&barid={8811FAF1-26E9-48C7-8AE4-5EFAA1CD4641} mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=pbr&from=pbr&uid=132693_17827840_43705343_3219913727_A4C6EE1C&ts=1347837433 IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: Interfaces\{4D901080-25B7-475F-9FC3-8804291E76A5}: NameServer = 89.108.195.21 89.108.202.21 TCP: Interfaces\{BA50FECC-ED88-4171-8C8B-71EC8C0318BD}: NameServer = 89.108.195.20 89.108.202.20 TCP: Interfaces\{E16FF909-5D64-4549-9017-CFD25354EEBC}: NameServer = 89.108.195.21 89.108.202.21 . - - - - USUNIĘTO PUSTE WPISY - - - - . URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\uTorrentControl2\prxtbuTor.dll HKLM-Run-BEWINTERNET-PLSessionManager - c:\program files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe HKLM-Run-BEWINTERNET-PL-IEWSessionManager - c:\program files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe AddRemove-DealPly - c:\program files\DealPly\uninst.exe AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe AddRemove-LSI Soft Modem - c:\windows\agrsmdel AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'lsass.exe'(628) c:\windows\system32\DPFPApi.DLL . - - - - - - - > 'Explorer.exe'(3180) c:\windows\System32\nview.dll c:\windows\system32\NVWRSPL.DLL c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll c:\windows\system32\nvapi.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe c:\windows\system32\taskhost.exe c:\program files\LSI SoftModem\agrsmsvc.exe c:\windows\system32\schtasks.exe c:\windows\system32\conhost.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\programdata\DatacardService\DCSHelper.exe c:\program files\PLAY ONLINE\PLAY ONLINE.exe c:\programdata\PLAY ONLINE\OnlineUpdate\ouc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\WUDFHost.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conhost.exe c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe c:\windows\System32\rundll32.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Czas ukończenia: 2012-10-18 21:38:17 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-10-18 19:38 . Przed: 233 371 090 944 bajtów wolnych Po: 233 658 011 648 bajtów wolnych . - - End Of File - - 4A53BAFD0AE83D18881C2AFDDAD54191