ComboFix 10-09-14.01 - abc 2010-09-14 21:26:32.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.3069.2233 [GMT 2:00] Uruchomiony z: c:\users\abc\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Internet Explorer\Plugins\npqtplugin2.dll c:\program files\Internet Explorer\Plugins\npqtplugin3.dll c:\program files\Internet Explorer\Plugins\npqtplugin4.dll c:\program files\Internet Explorer\Plugins\npqtplugin5.dll c:\program files\Internet Explorer\Plugins\npqtplugin6.dll c:\program files\Internet Explorer\Plugins\npqtplugin7.dll c:\program files\Mozilla Firefox\Plugins\npqtplugin2.dll c:\program files\Mozilla Firefox\Plugins\npqtplugin3.dll c:\program files\Mozilla Firefox\Plugins\npqtplugin4.dll c:\program files\Mozilla Firefox\Plugins\npqtplugin5.dll c:\program files\Mozilla Firefox\Plugins\npqtplugin6.dll c:\program files\Mozilla Firefox\Plugins\npqtplugin7.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_usnjsvc ((((((((((((((((((((((((( Pliki utworzone od 2010-08-14 do 2010-09-14 ))))))))))))))))))))))))))))))) . 2010-09-14 19:35 . 2010-09-14 19:38 -------- d-----w- c:\users\abc\AppData\Local\temp 2010-09-14 19:35 . 2010-09-14 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-01 17:56 . 2010-09-01 17:56 -------- d-sh--w- c:\programdata\SecuROM 2010-09-01 17:55 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2010-09-01 17:26 . 2010-09-01 17:47 -------- d-----w- c:\users\abc\AppData\Local\Rockstar Games 2010-09-01 17:25 . 2010-09-01 17:25 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-09-01 16:03 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2010-09-01 16:03 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2010-09-01 16:03 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2010-09-01 16:03 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2010-08-25 13:30 . 2010-08-25 13:30 -------- d-----w- c:\users\abc\AppData\Local\GS-LW-Temp 2010-08-25 09:49 . 2010-08-26 16:58 -------- d-----w- c:\users\abc\AppData\Local\Graphisoft 2010-08-25 09:49 . 2010-08-26 16:58 -------- d-----w- c:\users\abc\Graphisoft 2010-08-25 09:49 . 2010-08-26 16:58 -------- d-----w- c:\users\abc\AppData\Roaming\Graphisoft 2010-08-24 18:09 . 2008-06-27 10:00 516096 ----a-w- c:\windows\system32\WibuXpm4J32.dll 2010-08-24 18:09 . 2008-06-27 10:00 479232 ----a-w- c:\windows\system32\wibuKJni.dll 2010-08-24 18:09 . 2008-06-27 10:00 348160 ----a-w- c:\windows\system32\WkExt32.dll 2010-08-24 18:09 . 2008-06-27 10:00 57552 ----a-w- c:\windows\system32\WkDos.exe 2010-08-24 18:08 . 2008-06-27 10:00 16384 ----a-w- c:\windows\system32\drivers\Wibukey2.sys 2010-08-24 18:07 . 2008-06-27 10:00 72704 ----a-w- c:\windows\system32\drivers\WibuKey.sys 2010-08-24 18:07 . 2008-06-27 10:00 159744 ----a-w- c:\windows\system32\WkWin32.dll 2010-08-24 18:07 . 2010-08-24 18:07 -------- d-----w- c:\program files\WIBUKEY 2010-08-24 18:07 . 2010-08-24 18:07 -------- d-----w- c:\program files\WIBU-SYSTEMS 2010-08-24 18:06 . 2010-08-24 18:07 -------- d-----w- c:\program files\QuickTime 2010-08-24 18:06 . 2010-08-24 18:06 -------- d-----w- c:\programdata\Apple Computer 2010-08-24 18:05 . 2010-08-24 18:05 -------- d-----w- c:\users\abc\AppData\Local\Apple 2010-08-24 18:05 . 2010-08-24 18:05 -------- d-----w- c:\program files\Apple Software Update 2010-08-24 18:05 . 2010-08-24 18:05 -------- d-----w- c:\programdata\Apple 2010-08-24 18:02 . 2010-08-24 18:02 -------- d-----w- c:\program files\Graphisoft 2010-08-24 16:47 . 2010-08-24 16:58 -------- d-----w- c:\program files\PRO100 Demo 2010-08-22 04:13 . 2010-08-22 04:13 -------- d--h--r- c:\users\abc\AppData\Roaming\SecuROM 2010-08-22 03:57 . 2008-05-30 12:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll 2010-08-22 03:57 . 2008-05-30 12:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll 2010-08-22 03:57 . 2008-05-30 12:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll 2010-08-22 03:57 . 2008-05-30 12:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll 2010-08-22 03:57 . 2008-05-30 12:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll 2010-08-22 03:57 . 2008-05-30 12:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll 2010-08-22 03:57 . 2008-05-30 12:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll 2010-08-22 03:57 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll 2010-08-22 03:57 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll 2010-08-22 03:57 . 2008-03-05 14:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll 2010-08-22 03:55 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll 2010-08-22 03:55 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll 2010-08-22 03:55 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll 2010-08-22 03:55 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2010-08-22 03:55 . 2010-08-22 03:55 -------- d-----w- c:\windows\system32\xlive 2010-08-22 03:55 . 2010-09-01 17:56 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-14 19:36 . 2010-02-15 07:23 12 ----a-w- c:\windows\bthservsdp.dat 2010-09-14 19:29 . 2008-06-09 10:15 662056 ----a-w- c:\windows\system32\perfh015.dat 2010-09-14 19:29 . 2008-06-09 10:15 126908 ----a-w- c:\windows\system32\perfc015.dat 2010-09-13 21:02 . 2010-03-14 22:26 -------- d-----w- c:\users\abc\AppData\Roaming\foobar2000 2010-09-12 11:20 . 2010-05-18 18:53 -------- d-----w- c:\program files\Garena 2010-09-08 12:38 . 2010-03-26 07:25 680 ----a-w- c:\users\abc\AppData\Local\d3d9caps.dat 2010-09-06 21:32 . 2010-03-26 18:52 -------- d-----w- c:\program files\Gothic III 2010-09-06 09:42 . 2008-06-09 01:57 -------- d-----w- c:\program files\Common Files\Java 2010-09-06 09:41 . 2008-06-09 01:57 -------- d-----w- c:\program files\Java 2010-09-05 11:32 . 2010-02-18 07:46 454 ----a-w- c:\users\abc\AppData\Roaming\wklnhst.dat 2010-09-01 16:38 . 2008-06-09 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-19 16:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-15 10:19 . 2010-05-18 10:50 -------- d-----w- c:\users\abc\AppData\Roaming\uTorrent 2010-07-30 14:41 . 2010-03-17 21:30 -------- d-----w- c:\users\abc\AppData\Roaming\Skype 2010-07-30 14:25 . 2010-03-17 21:34 -------- d-----w- c:\users\abc\AppData\Roaming\skypePM 2010-07-28 19:43 . 2010-07-28 19:43 -------- d-----w- c:\users\abc\AppData\Roaming\FastStone 2010-07-28 19:38 . 2010-07-28 19:38 -------- d-----w- c:\program files\ivo 2010-07-20 18:24 . 2010-03-14 22:14 -------- d-----w- c:\users\abc\AppData\Roaming\BESTplayer 2010-07-17 17:48 . 2010-07-17 17:44 -------- d-----w- c:\users\abc\AppData\Roaming\Mount&Blade Warband 2010-07-17 03:00 . 2010-05-25 16:39 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-03 23:19 . 2010-02-15 08:56 133992 ----a-w- c:\users\abc\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-28 16:17 . 2010-08-19 16:14 833024 ----a-w- c:\windows\system32\wininet.dll 2010-06-28 16:13 . 2010-08-19 16:14 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-06-24 14:27 . 2010-06-24 14:27 2944904 ----a-w- c:\users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\re86uvme.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe 2010-06-21 13:18 . 2010-08-19 16:14 2036736 ----a-w- c:\windows\system32\win32k.sys 2010-06-18 16:43 . 2010-08-19 16:14 36352 ----a-w- c:\windows\system32\rtutils.dll 2010-06-18 14:43 . 2010-08-19 16:14 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-18 14:43 . 2010-08-19 16:14 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-02-15 14:34 . 2010-02-15 14:34 22 --sha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1033512] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-16 442433] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592] Network Server.lnk - c:\program files\WIBUKEY\Server\WkSvMgr.exe [2010-8-24 3768320] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2008-01-21 11:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R3 GarenaPEngine;GarenaPEngine;c:\users\abc\AppData\Local\Temp\PDLEA7F.tmp [x] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-15 721904] S0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-01-07 15416] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-02-12 73728] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-05-13 322608] S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328] S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296] S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' 2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{056CF896-8E32-4126-9997-C727F52DAB8F}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb IE: &Wyszukiwarka na pasku narzędzi AOL - c:\programdata\AOL\ieToolbar\resources\pl-PL\local\search.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\re86uvme.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_US&apn_uid=16A7EFA7-1239-4AAE-ADB4-0EEA4EDCFA66&apn_ptnrs=PV&apn_sauid=4F6F3FD9-AF15-44B7-B22A-9D4117D6F6BC&apn_dtid=&q= FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . ------- Skojarzenia plików ------- . .scr=AutoCADScriptFile . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe ************************************************************************** skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\users\abc\AppData\Local\Temp\PDLEA7F.tmp" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-3652058411-2304492424-1393086861-1000\Software\SecuROM\License information*] "datasecu"=hex:fa,ac,e3,04,60,6b,c5,ad,ca,1d,99,43,5a,fe,ad,ef,24,13,14,c2,e8, d7,40,96,31,04,fd,b5,20,80,88,a3,17,17,15,be,88,b9,a5,7f,f7,4a,a2,61,8c,a8,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(636) c:\windows\system32\DPPWDFLT.dll - - - - - - - > 'Explorer.exe'(2144) c:\windows\system32\btmmhook.dll c:\windows\system32\btncopy.dll c:\program files\DigitalPersona\Bin\DpoFeedb.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\WLANExt.exe c:\program files\DigitalPersona\Bin\DpHostW.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Hotspot Shield\bin\openvpnas.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conime.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Czas ukończenia: 2010-09-14 21:45:00 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-09-14 19:44 Przed: 37 171 994 624 bajtów wolnych Po: 36 917 964 800 bajtów wolnych - - End Of File - - BB133481FAFFD0BCE8743256D5DCE6D9