ComboFix 12-09-09.02 - Kuba 2012-09-09 15:35:05.3.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4058.2662 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: Zapora osobista *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Rezydentny antywirus jest aktywny . . . ((((((((((((((((((((((((( Pliki utworzone od 2012-08-09 do 2012-09-09 ))))))))))))))))))))))))))))))) . . 2012-09-09 13:37 . 2012-09-09 13:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-09 11:31 . 2012-09-09 11:34 -------- d-----w- c:\users\Kuba\AppData\Local\Fallout3 2012-09-06 15:25 . 2012-09-06 15:25 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-09-02 10:49 . 2012-09-03 10:31 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-09-02 10:49 . 2012-09-02 20:19 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-09-02 10:49 . 2012-09-03 10:31 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-09-02 10:49 . 2012-09-02 11:59 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-09-02 10:49 . 2012-09-02 10:49 -------- d-----w- c:\users\Kuba\AppData\Local\PunkBuster 2012-08-29 19:38 . 2012-09-08 10:02 -------- d-----w- c:\users\Kuba\AppData\Local\The Witcher 2012-08-28 09:11 . 2012-08-28 09:14 -------- d-----w- c:\users\Kuba\AppData\Local\Darksiders2 2012-08-26 13:02 . 2012-08-26 13:14 -------- d-----w- c:\users\Kuba\AppData\Local\Ubisoft Game Launcher 2012-08-26 12:41 . 2012-08-26 12:41 -------- d--h--w- c:\users\Kuba\InstallAnywhere . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-10 07:31 . 2012-08-10 07:31 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2012-07-28 07:09 . 2012-07-13 18:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-28 07:09 . 2012-07-13 18:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-21 11:37 . 2012-07-21 11:37 560184 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-07-20 08:15 . 2012-07-20 08:15 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2012-07-20 08:15 . 2012-07-20 08:15 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys 2012-07-17 15:51 . 2012-07-17 15:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-07-13 19:59 . 2012-07-13 19:59 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-13 19:59 . 2012-07-13 19:59 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-03 16:21 . 2012-07-13 19:44 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-03 11:46 . 2012-07-21 07:54 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 01:19 . 2012-07-14 09:15 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-18 01:12 . 2012-07-13 18:40 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A8EA6C9-2D90-4709-A907-F4F3329C0A09}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-17 283200] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 203264] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992] S2 ekrn;ESET Service;d:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144] S2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [2012-07-13 160944] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 7883264] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 285696] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288] "egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\0r5w4qnl.default\ FF - prefs.js: browser.startup.homepage - onet.pl . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-2638258710-4284363275-3437524035-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:11,64,0e,93,62,a2,69,21,2c,3d,09,ce,bf,56,9c,4b,7f,9a,4d,5c,08,03,ab, 05,fb,50,68,79,66,92,4c,e3,8e,03,83,f2,83,e7,81,dc,2e,c7,49,dc,f1,84,5a,71,\ "??"=hex:f4,a3,d4,f3,31,93,4e,ec,53,45,2b,b3,22,b1,9a,8f . [HKEY_USERS\S-1-5-21-2638258710-4284363275-3437524035-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:41,04,08,75,73,78,77,2f,15,a9,2f,88,10,ba,82,25,15,4b,aa,0a,f1, 7f,fb,84,e9,e5,a9,f5,5e,1a,37,f8,50,fe,0f,28,ad,b8,80,5a,59,52,86,18,a4,79,\ "rkeysecu"=hex:d7,80,56,13,0c,c3,27,0f,0d,1e,3c,a3,1a,e3,69,e5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\DAODx.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Czas ukończenia: 2012-09-09 15:40:36 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-09-09 13:40 ComboFix2.txt 2012-09-09 11:56 . Przed: 12 039 946 240 bajtów wolnych Po: 12 264 501 248 bajtów wolnych . - - End Of File - - 76F484DDAE060056FCE597B8EB862969