ComboFix 12-06-16.02 - Gibol 2012-06-18 10:40:39.2.2 - x86 MINIMAL Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.2047.1514 [GMT 2:00] Uruchomiony z: d:\szymon\Muzyka\Reszta\Programy\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . e:\users\Gibol\AppData\Local\Bron.tok-10-1 e:\users\Gibol\AppData\Local\Bron.tok-10-10 e:\users\Gibol\AppData\Local\Bron.tok-10-11 e:\users\Gibol\AppData\Local\Bron.tok-10-12 e:\users\Gibol\AppData\Local\Bron.tok-10-13 e:\users\Gibol\AppData\Local\Bron.tok-10-14 e:\users\Gibol\AppData\Local\Bron.tok-10-15 e:\users\Gibol\AppData\Local\Bron.tok-10-16 e:\users\Gibol\AppData\Local\Bron.tok-10-17 e:\users\Gibol\AppData\Local\Bron.tok-10-18 e:\users\Gibol\AppData\Local\Bron.tok-10-2 e:\users\Gibol\AppData\Local\Bron.tok-10-28 e:\users\Gibol\AppData\Local\Bron.tok-10-29 e:\users\Gibol\AppData\Local\Bron.tok-10-3 e:\users\Gibol\AppData\Local\Bron.tok-10-30 e:\users\Gibol\AppData\Local\Bron.tok-10-31 e:\users\Gibol\AppData\Local\Bron.tok-10-4 e:\users\Gibol\AppData\Local\Bron.tok-10-5 e:\users\Gibol\AppData\Local\Bron.tok-10-6 e:\users\Gibol\AppData\Local\Bron.tok-10-7 e:\users\Gibol\AppData\Local\Bron.tok-10-8 e:\users\Gibol\AppData\Local\Bron.tok-10-9 e:\users\Gibol\AppData\Local\Bron.tok.A10.em.bin e:\users\Gibol\AppData\Local\csrss.exe e:\users\Gibol\AppData\Local\inetinfo.exe e:\users\Gibol\AppData\Local\Kosong.Bron.Tok.txt e:\users\Gibol\AppData\Local\lsass.exe e:\users\Gibol\AppData\Local\services.exe e:\users\Gibol\AppData\Local\smss.exe e:\users\Gibol\AppData\Local\Update.10.Bron.Tok.bin e:\users\Gibol\AppData\Local\winlogon.exe e:\users\Gibol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif e:\users\Gibol\AppData\Roaming\Microsoft\Windows\Templates\WowTumpeh.com . . ((((((((((((((((((((((((( Pliki utworzone od 2012-05-18 do 2012-06-18 ))))))))))))))))))))))))))))))) . . 2012-06-18 08:44 . 2012-06-18 08:44 -------- d-----w- e:\users\Public\AppData\Local\temp 2012-06-18 08:44 . 2012-06-18 08:44 -------- d-----w- e:\users\Gibol\AppData\Local\temp 2012-06-18 08:44 . 2012-06-18 08:44 -------- d-----w- e:\users\Default\AppData\Local\temp 2012-06-13 18:35 . 2012-06-13 18:35 476936 ----a-w- e:\windows\system32\npdeployJava1.dll 2012-06-13 18:35 . 2012-06-13 18:35 -------- d-----w- e:\program files\Java 2012-06-09 07:22 . 2012-06-09 07:22 -------- d-----w- e:\users\Gibol\AppData\Local\Macromedia . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-13 18:35 . 2012-03-11 12:23 472840 ----a-w- e:\windows\system32\deployJava1.dll 2012-06-09 07:20 . 2012-04-14 05:53 426184 ----a-w- e:\windows\system32\FlashPlayerApp.exe 2012-06-09 07:20 . 2012-03-02 15:48 70344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-28 08:56 . 2012-04-28 08:56 388096 ----a-r- e:\users\Gibol\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-04-06 13:14 . 2012-04-03 18:04 138464 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys 2012-04-06 13:13 . 2012-04-03 18:03 111928 ----a-w- e:\windows\system32\PnkBstrB.exe 2012-04-03 18:04 . 2012-04-03 18:04 22328 ----a-w- e:\users\Gibol\AppData\Roaming\PnkBstrK.sys 2012-04-03 18:03 . 2012-04-03 18:03 66872 ----a-w- e:\windows\system32\PnkBstrA.exe 2012-04-03 18:03 . 2012-04-03 18:03 682280 ----a-w- e:\windows\system32\pbsvc.exe 2012-03-21 13:10 . 2012-03-21 11:25 691696 ----a-w- e:\windows\system32\drivers\sptd.sys . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2012-04-19 11:47 499712 ----a-w- e:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2012-04-19 11:47 499712 ----a-w- e:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2012-04-19 11:47 499712 ----a-w- e:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2012-04-19 11:47 499712 ----a-w- e:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ChomikBox"="d:\program files\ChomikBox\chomikbox.exe" [2012-02-22 5951488] "Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="e:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-31 7731744] "SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R3 MozillaMaintenance;Mozilla Maintenance Service;e:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-09 129976] R4 sptd;sptd;e:\windows\System32\Drivers\sptd.sys [2012-03-21 691696] . . . ------- Skan uzupełniający ------- . TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - e:\users\Gibol\AppData\Roaming\Mozilla\Firefox\Profiles\uvt1zt05.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'Explorer.exe'(2876) d:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . e:\windows\system32\PnkBstrA.exe e:\windows\system32\taskhost.exe e:\windows\system32\conhost.exe e:\windows\System32\rundll32.exe e:\program files\Windows Media Player\wmpnetwk.exe e:\windows\system32\DllHost.exe . ************************************************************************** . Czas ukończenia: 2012-06-18 10:46:57 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-06-18 08:46 . Przed: 1 215 918 080 bajtów wolnych Po: 1 234 771 968 bajtów wolnych . - - End Of File - - 2D08A4F963A3607A7B1F83E444483CAC