ComboFix 12-07-07.04 - mb 2012-07-07 17:33:32.1.2 - x64 NETWORK Microsoft® Windows Vista™ Business 6.0.6002.2.1250.48.1045.18.4094.3364 [GMT 2:00] Uruchomiony z: c:\users\mb\Downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Mozilla Firefox\components\AskHPRFF.js c:\windows\IsUn0415.exe c:\windows\My.ini c:\windows\N0073199A-Mortal Kombat 4-Setup.exe c:\windows\SysWow64\protect.dll c:\windows\SysWow64\ReadMe.txt . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-07 do 2012-07-07 ))))))))))))))))))))))))))))))) . . 2012-07-07 15:40 . 2012-07-07 15:40 -------- d-----w- c:\users\pb\AppData\Local\temp 2012-07-07 15:40 . 2012-07-07 15:40 -------- d-----w- c:\users\Gość\AppData\Local\temp 2012-07-07 15:40 . 2012-07-07 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-07 15:11 . 2012-07-07 15:11 -------- d-----w- c:\users\mb\AppData\Roaming\hellomoto 2012-07-06 09:48 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{516F57E7-8118-45AE-97FB-7E4BD598C6F8}\mpengine.dll 2012-06-30 22:11 . 2012-06-30 22:11 -------- d-----w- c:\program files (x86)\AMD APP 2012-06-21 06:24 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 06:24 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 06:24 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 06:24 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 06:24 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 06:24 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 06:24 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 06:24 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 06:24 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-14 16:51 . 1999-12-17 07:13 86016 ----a-w- c:\windows\unvise32.exe 2012-06-13 11:33 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 11:33 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 11:32 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 11:32 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 11:32 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 11:32 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-13 11:32 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-13 11:32 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-08 16:53 . 2012-06-08 16:53 -------- d-----w- c:\users\pb\AppData\Roaming\ATI 2012-06-08 16:53 . 2012-06-08 16:53 -------- d-----w- c:\users\pb\AppData\Local\ATI . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-03 11:29 . 2009-06-24 10:36 233960 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-07-03 11:29 . 2009-02-09 19:18 233960 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-07-02 13:51 . 2009-02-09 19:18 202448 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-06-02 22:19 . 2012-06-21 06:24 35864 ----a-w- c:\windows\SysWow64\wups.dll 2012-06-02 22:19 . 2012-06-21 06:24 577048 ----a-w- c:\windows\SysWow64\wuapi.dll 2012-06-02 22:12 . 2012-06-21 06:24 88576 ----a-w- c:\windows\SysWow64\wudriver.dll 2012-06-02 13:19 . 2012-06-21 06:24 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll 2012-06-02 13:12 . 2012-06-21 06:24 33792 ----a-w- c:\windows\SysWow64\wuapp.exe . . . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube to iPod Converter - c:\users\mb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm Trusted Zone: chomikuj.pl TCP: DhcpNameServer = 62.179.1.62 62.179.1.63 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\mb\AppData\Roaming\Mozilla\Firefox\Profiles\lc4llx3d.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1 - e:\age of empire 2\unins000.exe AddRemove-Call of Duty - c:\progra~2\CALLOF~1\Uninstall\Unwise.exe AddRemove-Carmageddon II Carpocalypse Now - d:\carmageddon ii carpocalypse now\Uninst.isu AddRemove-Dev-C++ - c:\dev-cpp\uninstall.exe AddRemove-DVDVideoSoftTB Toolbar - c:\progra~2\DVDVID~1\UNWISE.EXE AddRemove-Fraps - e:\diablo ii\Fraps\uninstall.exe AddRemove-Gadu-Gadu - c:\program files (x86)\Gadu-Gadu\Setup.exe AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\12.0.742.122\Installer\setup.exe AddRemove-Knights and Merchants TPR - e:\kmtpr~1\UNWISE.EXE AddRemove-ModernRcon v0.8 - d:\call of duty 4 - modern warfar\ModernRcon\Uninstal.exe AddRemove-Mortal Kombat 4 - c:\windows\N0073199A-Mortal Kombat 4-Setup.exe AddRemove-nbi-nb-base-7.0.0.0.0 - c:\program files (x86)\NetBeans 7.0\uninstall.exe AddRemove-Need for Speed 4 - c:\program files (x86)\Need for Speed 4\Uninst.isu AddRemove-PlugY, The Survival Kit - d:\diablo ii\Mod PlugY\PlugY Uninstaller.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-Server CFG Creator 1.0 - d:\nowy folder\Creator\UnInstall_29615.exe AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE AddRemove-WinAVR - e:\do zachowania\sz\Studia\V semestr\Technika Mikroprocesorowa\WinAVR\WinAVR-20100110-uninstall.exe AddRemove-Worms Armageddon Demo - e:\team17\Worms Armageddon Demo\Uninst.isu AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\xampp2\xampp\FileZillaFTP\FileZilla server.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\vVX3000.exe c:\program files (x86)\DAEMON Tools Lite\DTLite.exe c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe c:\program files (x86)\Common Files\Java\Java Update\jusched.exe c:\windows\SysWOW64\netsh.exe c:\windows\SysWOW64\netsh.exe . ************************************************************************** . Czas ukończenia: 2012-07-07 17:51:20 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-07-07 15:51 . Przed: 2 939 072 512 bajtów wolnych Po: 7 062 233 088 bajtów wolnych . - - End Of File - - 41CEDBCEEF51DC7A10D6710D3BEBCFDD