ComboFix 12-03-06.01 - Kowal 2012-03-06 21:54:54.19.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3575.2661 [GMT 1:00] Uruchomiony z: c:\users\Kowal\Desktop\ComboFix.exe Użyto następujących komend :: c:\users\Kowal\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . FILE :: "c:\windows\System32\mscoree.dll" . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Pliki utworzone od 2012-02-06 do 2012-03-06 ))))))))))))))))))))))))))))))) . . 2012-03-06 18:51 . 2012-03-06 18:51 -------- d-----w- C:\_OTL 2012-03-06 14:54 . 2012-03-06 14:54 -------- d-----w- c:\program files\NVIDIA Corporation 2012-02-25 13:01 . 2012-02-23 16:10 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-02-06 21:29 . 2012-02-06 21:29 -------- d-sh--w- c:\windows\ftpcache . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-06 20:05 . 2011-04-26 10:26 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys 2012-03-06 20:05 . 2011-06-26 16:25 17488 ----a-w- c:\windows\gdrv.sys 2012-03-06 19:32 . 2011-05-22 17:15 139176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-03-06 19:32 . 2011-05-22 17:21 282864 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-03-06 19:32 . 2011-05-22 17:14 282864 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-03-06 19:32 . 2011-05-22 17:14 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-02-23 16:23 . 2011-12-24 21:21 41184 ----a-w- c:\windows\avastSS.scr 2012-02-23 16:23 . 2011-12-24 21:21 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-02-23 16:12 . 2011-12-24 21:21 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-02-23 16:12 . 2011-12-24 21:21 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-02-23 16:10 . 2011-12-24 21:21 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-02-23 16:10 . 2011-12-24 21:21 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-02-23 16:10 . 2011-12-24 21:21 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-02-21 14:57 . 2011-05-22 17:14 76888 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-02-16 13:15 . 2011-05-22 17:15 138056 ----a-w- c:\users\Kowal\AppData\Roaming\PnkBstrK.sys 2012-02-04 12:33 . 2012-02-04 12:33 442 ----a-w- c:\windows\system32\drivers\etc\hosts.ics.vir 2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2012-02-24 17:35 . 2011-05-19 13:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2011-02-20 370688] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-04 10021480] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-24 1750528] "EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480] . c:\users\Kowal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Rizone Memory Booster.lnk - c:\users\Kowal\Documents\MemBoost\MemBoost.exe [2011-4-28 577287] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-7-12 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R0 GVTDrv;GVTDrv; [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-09 136176] R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-10-23 17488] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-09 136176] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 163328] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-23 57688] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-06 9067008] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 264192] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-29 218688] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-01-26 32256] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-01-26 52224] . . Zawartość folderu 'Zaplanowane zadania' . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-09 20:44] . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-09 20:44] . . ------- Skan uzupełniający ------- . TCP: Interfaces\{937b8805-11a0-4dfc-8ef2-314c86692259}: NameServer = 62.233.233.233 87.204.204.204 FF - ProfilePath - c:\users\Kowal\AppData\Roaming\Mozilla\Firefox\Profiles\23zvl0js.Domyślny użytkownik\ . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3334711080-925264348-2331789564-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:eb,04,3d,6a,7e,8a,06,b1,80,23,da,6d,81,cd,39,d8,c0,7e,bc,e5,d2,08,6c, 1b,45,c3,1b,89,6f,b8,d7,ee,c1,6d,84,7c,77,1a,79,97,9f,5e,66,94,a3,d1,83,a0,\ "??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18 . [HKEY_USERS\S-1-5-21-3334711080-925264348-2331789564-1000\Software\SecuROM\License information*] "datasecu"=hex:4e,ab,b9,37,9f,a9,9f,7d,92,48,ad,01,87,6f,96,de,47,32,97,b9,ec, de,ce,45,7a,30,f4,ce,7b,52,a0,a6,bc,62,cd,c2,96,8f,4a,12,59,29,77,de,30,4d,\ "rkeysecu"=hex:9d,b2,f7,4a,dd,a9,2a,af,fa,b9,09,24,a4,dc,78,8d . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-03-06 22:00:41 ComboFix-quarantined-files.txt 2012-03-06 21:00 ComboFix2.txt 2012-03-06 17:04 . Przed: 168 435 654 656 bajtów wolnych Po: 168 382 001 152 bajtów wolnych . - - End Of File - - 3A3F491208C8D6D2BCFD489304CE8323