ComboFix 12-02-24.02 - Pawel 2012-02-28 2:19.1.2 - x64 NETWORK Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.48.1045.18.3070.2354 [GMT 1:00] Uruchomiony z: c:\users\Pawel\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\program files (x86)\Common Files\ASPG_icon.ico c:\program files (x86)\pdfforge Toolbar\SearchSettings.dll c:\programdata\isonls.exe c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll c:\programdata\Roaming c:\users\Pawel\AppData\Local\Del264.exe c:\users\Pawel\AppData\Local\f2cc77f3 c:\users\Pawel\AppData\Local\f2cc77f3\@ c:\users\Pawel\AppData\Local\f2cc77f3\U\80000000.@ c:\users\Pawel\AppData\Local\f2cc77f3\U\800000cb.@ c:\users\Pawel\AppData\Local\f2cc77f3\U\800000cf.@ c:\users\Pawel\AppData\Local\f2cc77f3\X c:\users\Pawel\AppData\Local\setup.exe c:\users\Pawel\AppData\Roaming\iSecurity.exe c:\users\Pawel\AppData\Roaming\mapmap.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\assembly\tmp\U c:\windows\assembly\tmp\U\00000001.@ c:\windows\assembly\tmp\U\000000c0.@ c:\windows\assembly\tmp\U\000000cb.@ c:\windows\assembly\tmp\U\000000cf.@ c:\windows\assembly\tmp\U\80000000.@ c:\windows\assembly\tmp\U\800000c0.@ c:\windows\assembly\tmp\U\800000cb.@ c:\windows\assembly\tmp\U\800000cf.@ c:\windows\DPINST.LOG c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\security\Database\tmp.edb c:\windows\system32\dds_log_trash.cmd c:\windows\system32\DellAMBrokerService.dll c:\windows\SysWow64\AutoRun.inf . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_syshost32 -------\Service_PBADRV . . ((((((((((((((((((((((((( Pliki utworzone od 2012-01-28 do 2012-02-28 ))))))))))))))))))))))))))))))) . . 2012-02-28 01:38 . 2012-02-28 01:38 -------- d-----w- c:\users\TEST\AppData\Local\temp 2012-02-28 01:38 . 2012-02-28 01:38 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2012-02-28 01:38 . 2012-02-28 01:38 -------- d-----w- c:\users\TEMP.Pawel-Laptop\AppData\Local\temp 2012-02-28 01:38 . 2012-02-28 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-26 21:32 . 2012-02-28 01:06 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-26 21:11 . 2012-02-26 21:11 45056 ----a-w- c:\windows\SysWow64\mhrij.scr 2012-02-26 21:11 . 2012-02-26 21:11 45056 ----a-w- c:\windows\SysWow64\mhrij.exe 2012-02-26 20:37 . 2012-02-22 15:55 2062896 ----a-w- C:\tdsskiller.exe 2012-02-26 16:53 . 2012-02-26 16:53 -------- d-----w- c:\users\Pawel\AppData\Roaming\Malwarebytes 2012-02-26 16:53 . 2012-02-26 16:53 -------- d-----w- c:\programdata\Malwarebytes 2012-02-26 11:32 . 2012-02-26 20:27 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer 2012-02-25 14:02 . 2012-02-25 14:02 -------- d-----w- c:\program files\iPod 2012-02-25 14:02 . 2012-02-25 14:03 -------- d-----w- c:\program files\iTunes 2012-02-25 13:24 . 2012-02-25 13:24 -------- d-----w- c:\windows\system32\Macromed 2012-02-17 09:01 . 2012-02-17 09:01 -------- d-----w- c:\users\Pawel\AppData\Roaming\mojosoft 2012-02-17 09:01 . 2012-02-17 09:01 -------- d-----w- c:\program files (x86)\mojosoft 2012-02-07 13:03 . 2012-02-07 13:03 -------- d-----w- c:\program files (x86)\STPViewer 2012-01-31 19:05 . 2012-01-31 19:05 -------- d-----w- c:\users\Pawel\AppData\Roaming\Navi 2012-01-31 19:05 . 2012-01-31 19:05 -------- d-----w- c:\program files\NaviWeather . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-28 01:39 . 2009-03-12 14:51 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-02-25 13:24 . 2011-05-23 05:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-08 07:13 . 2012-02-24 06:39 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DE01573-D233-4C0B-A086-9498ECA1C684}\mpengine.dll 2012-01-29 04:10 . 2009-10-02 20:17 279656 ------w- c:\windows\system32\MpSigStub.exe 2008-07-01 18:28 . 2008-07-01 18:28 61440 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-01 16:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1555968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "PPMemCheck"="c:\progra~2\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480] "PestPatrol Control Center"="c:\progra~2\PESTPA~1\PPControl.exe" [2004-11-15 98304] "CookiePatrol"="c:\progra~2\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ALPRO Sync.lnk - c:\alpro\AlproSync.exe [2011-7-19 2428928] PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-8-11 172544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Zawartość folderu 'Zaplanowane zadania' . 2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-07 15:11] . 2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-07 15:11] . 2012-02-28 c:\windows\Tasks\User_Feed_Synchronization-{ED4041AE-0D6B-4689-B6A1-0F526AE20579}.job - c:\windows\system32\msfeedssync.exe [2009-08-31 07:33] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-01 15:52 159744 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1_64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-18 7037984] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-18 1833504] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 15863328] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 82464] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1538344] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . NETSVCS WYMAGA NAPRAWY - pokazano aktualnie istniejące wpisy AeLookupSvc wercplsupport Themes CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv WIBUKEY Usb20Scan ghoststartservice AEADIFilters vxsvc symantecantibotshim zendcoreapache se58unic cpqfws2e klblmain Sk99202k As6frin k750mdm cpqrcmc U2SP hidbatt a8djavs s616obex ScFBPNT2 mstdfrgs lxdj_device pdlnepkt EAWDMFD uclauncherservice lxcgcustomerconnect sbcssvc wltwo51b bridgemp diskeeper IJPLMSVC dmload pivot MA_CMIDI vpn5000service dot4 ahcix86s Invoker el90xbc SaiClass yats32 SQTECH905C iAimFP6 LVPrcMon ownershipprotocol SE27obex netsvc websensedcagent tosrfhid nwlnkipx w29n51 cobbmservice fix pdlndint sigfilt ovt519 iolodmv Machnm32 SE2Dmdm veteboot rt2500usb se44obex ISAMSvc epsonstatusagent2 ser2plms procexp100 webrootadminconsole cpucoolserver ndasbus EQDRV5 oracle_load_balancer_60_client-forms6ip14 ssdiagn datasvr aec EntDrv51 ulcdrhlp ialm freebsd lcs oracleorahome92pagingserver se45mdm rtl8029 P17xfi PhilCam8116_XP F700ius SPLITCAM btwmodem com0com lyncusbserv oracle_load_balancer_60_server-forms6ip9 PBADRV Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS hkmsvc EapHost schedule winmgmt SessionEnv browser ProfSvc AppMgmt . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://startsear.ch/?aff=1 mLocal Page = %SystemRoot%\system32\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with Download Manager - c:\program files (x86)\Storage Server\Storage Server\DM\GetUrl.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm Trusted Zone: verisign.com\securitycenter TCP: DhcpNameServer = 172.31.0.1 TCP: Interfaces\{5E97097B-5E2C-45F1-96F6-70A31C2964E1}: NameServer = 192.168.1.80 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\9jdwq5ei.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627 FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKCU-Run-Internet Security - c:\programdata\isecurity.exe Wow6432Node-HKCU-Run-mapmap - c:\users\Pawel\AppData\Roaming\mapmap.exe Wow6432Node-HKCU-Run-isonls - c:\programdata\isonls.exe Wow6432Node-HKLM-Run-mapmap - c:\users\Pawel\AppData\Roaming\mapmap.exe Wow6432Node-HKLM-Run-isonls - c:\programdata\isonls.exe SafeBoot-29268911.sys SafeBoot-54301194.sys SafeBoot-96320038.sys AddRemove-Altium Designer Release 10 {5A304CE6-9699-4BE7-BE6C-F06FB99426F5} - c:\program files (x86)\Altium\AD 10\System\Installation\uninstall.bat AddRemove-SkanerOnline - c:\windows\system32\SkanerOnlineUninstall.exe AddRemove-VaDia Manager 1.06 - c:\program files (x86)\BioControl\VaDia\Uninstal.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DSFKSVCS\MofImagePath] . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql] "ImagePath"="c:\usr/MYSQL/bin/mysqld.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files (x86)\ASUS\AI TouchMedia\PlayMovie\000.fcl" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-2837773442-1628460784-2167171901-1000\Software\Microsoft\Windows Mobile Disc\U*r*z*d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:00000020 . [HKEY_USERS\S-1-5-21-2837773442-1628460784-2167171901-1000\Software\Microsoft\Windows Mobile Disc\U*r*z*d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000003 "State"=dword:00000003 . [HKEY_USERS\S-1-5-21-2837773442-1628460784-2167171901-1000\Software\Microsoft\Windows Mobile Disc\U*r*z*d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000002 "State"=dword:00000003 . [HKEY_USERS\S-1-5-21-2837773442-1628460784-2167171901-1000\Software\Microsoft\Windows Mobile Disc\U*r*z*d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\bgsvcgen.exe c:\progra~2\GFI\GFIBAC~1\GFIHInst.exe c:\progra~2\GFI\GFIBAC~1\GFIHSC~1.EXE c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files\ASUS\Net4Switch\Net4Switch.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe c:\windows\SysWOW64\IoctlSvc.exe c:\program files (x86)\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files (x86)\Viewpoint\Common\ViewpointService.exe c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe c:\program files (x86)\PestPatrol\PPMemCheck.exe c:\program files (x86)\PestPatrol\PPControl.exe c:\program files (x86)\PestPatrol\CookiePatrol.exe . ************************************************************************** . Czas ukończenia: 2012-02-28 02:50:59 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-02-28 01:50 . Przed: 40 898 097 152 bajtów wolnych Po: 40 447 979 520 bajtów wolnych . - - End Of File - - C7C12C2BA8CAF64508A2801F053128B6