ComboFix 12-07-25.04 - dyrian 2012-07-24 21:58:22.3.4 - x64 NETWORK Microsoft Windows 7 Enterprise 6.1.7601.1.1250.48.1033.18.4095.3358 [GMT 2:00] Uruchomiony z: c:\users\dyrian\Desktop\ComboFix.exe AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: Zapora osobista *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-24 do 2012-07-24 ))))))))))))))))))))))))))))))) . . 2012-07-24 20:01 . 2012-07-24 20:03 -------- d-----w- c:\users\dyrian\AppData\Local\temp 2012-07-24 20:01 . 2012-07-24 20:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-24 20:01 . 2012-07-24 20:01 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2012-07-24 20:01 . 2012-07-24 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-24 17:05 . 2012-07-24 17:05 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-24 17:05 . 2012-07-24 17:05 -------- d-----w- c:\program files (x86)\Oracle 2012-07-24 17:04 . 2012-07-05 20:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-24 15:06 . 2012-07-24 15:06 -------- dc----w- C:\_OTL 2012-07-24 13:19 . 2012-07-24 13:19 -------- d-----w- c:\users\dyrian\AppData\Local\MetaGeek,_LLC 2012-07-24 07:16 . 2012-07-24 08:13 -------- d-----w- c:\users\dyrian\AppData\Roaming\Audacity 2012-07-24 07:16 . 2012-07-24 07:16 -------- d-----w- c:\program files (x86)\Audacity 2012-07-24 06:49 . 2012-07-24 06:49 -------- d-----w- c:\program files (x86)\MSECache 2012-07-23 14:49 . 2012-07-24 06:07 -------- d-----w- c:\users\dyrian\AppData\Roaming\OpenOffice.org2 2012-07-23 14:48 . 2012-07-23 14:48 -------- d-----w- c:\program files (x86)\OpenOffice.org 2.4 2012-07-23 14:35 . 2012-07-23 14:35 -------- d-----w- c:\users\dyrian\AppData\Local\Andrew_Lunn 2012-07-21 17:19 . 2012-07-21 17:27 -------- d-----w- c:\users\dyrian\AppData\Roaming\Notepad++ 2012-07-21 17:19 . 2012-07-21 17:19 -------- d-----w- c:\program files (x86)\Notepad++ 2012-07-20 18:24 . 2012-07-20 18:24 1219413 ----a-w- c:\windows\SysWow64\lnsecsl.exe 2012-07-20 14:59 . 2012-07-20 16:51 -------- d-----w- c:\programdata\eMule 2012-07-18 16:20 . 2012-07-18 16:20 -------- d-----w- c:\program files (x86)\AviSynth 2.5 2012-07-18 15:00 . 2012-07-17 21:16 266720 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2012-07-18 15:00 . 2012-07-17 21:15 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-07-17 10:56 . 2012-03-13 17:05 3316736 ----a-w- c:\windows\system32\BootMan.exe 2012-07-17 10:56 . 2011-07-29 11:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll 2012-07-17 10:56 . 2011-07-29 11:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll 2012-07-17 10:56 . 2012-03-13 17:18 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe 2012-07-17 10:56 . 2011-07-29 11:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys 2012-07-17 10:56 . 2011-07-29 11:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe 2012-07-17 10:56 . 2011-07-29 11:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys 2012-07-17 10:56 . 2011-07-29 11:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys 2012-07-17 10:56 . 2011-07-29 11:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys 2012-07-17 10:56 . 2011-07-29 11:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe 2012-07-17 10:56 . 2012-07-17 10:56 -------- d-----w- c:\program files (x86)\EASEUS 2012-07-16 21:25 . 2012-07-16 21:25 -------- d-----w- c:\users\dyrian\AppData\Local\ezvid,_inc 2012-07-16 21:21 . 2012-07-24 16:59 -------- d-----w- c:\program files (x86)\ezvid 2012-07-16 15:35 . 2012-07-16 15:35 -------- d-----w- c:\program files (x86)\MagicISO 2012-07-13 15:03 . 2012-07-13 15:03 -------- d-----w- c:\program files (x86)\Native Instruments 2012-07-13 15:03 . 2006-05-11 10:30 61440 ----a-w- c:\windows\SysWow64\NI_DFD_1_4.dll 2012-07-13 15:03 . 2006-05-11 10:30 393216 ----a-w- c:\windows\SysWow64\NI_IRC_1_0_3.dll 2012-07-12 13:59 . 2012-07-12 13:59 -------- d-----w- c:\program files (x86)\East West 2012-07-11 13:54 . 2012-07-11 13:54 -------- dc-h--w- c:\programdata\{F531707E-A555-4890-97A1-9A651D437F0F} 2012-07-09 20:56 . 2012-07-09 20:56 -------- dc-h--w- c:\programdata\{78F6A1FC-ADDE-4028-A231-7B924CE455BD} 2012-07-09 20:54 . 2012-07-09 20:54 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14} 2012-07-09 13:11 . 2012-07-09 13:11 -------- d-----w- c:\program files (x86)\Glorylogic 2012-07-07 23:42 . 2012-07-07 23:42 -------- d-----w- c:\program files\Microsoft Games 2012-07-07 18:12 . 2012-07-22 13:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-07 18:12 . 2012-07-22 13:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-07 17:54 . 2012-07-07 17:54 -------- d-----w- c:\users\dyrian\AppData\Roaming\Maxthon3 2012-07-07 15:17 . 2012-07-07 15:17 -------- d-----w- c:\users\dyrian\AppData\Roaming\hellomoto 2012-07-05 13:43 . 2012-07-05 13:56 -------- d-----w- c:\programdata\Soulseek 2012-07-01 18:55 . 2012-07-01 18:55 -------- d-----w- c:\programdata\Audio Damage 2012-07-01 16:44 . 2012-07-11 13:53 -------- d-----w- c:\program files\Vstplugins 2012-06-30 16:05 . 2012-06-30 16:05 -------- d-----w- c:\users\dyrian\AppData\Roaming\Tordex 2012-06-30 14:16 . 2012-06-30 14:16 -------- d-----w- c:\program files (x86)\ASIO4ALL v2 2012-06-30 14:16 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm 2012-06-26 16:39 . 2012-06-26 16:39 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-06-26 16:39 . 2012-06-27 11:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-05 20:06 . 2012-02-22 19:41 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-03 11:46 . 2012-04-04 11:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-26 16:39 . 2012-06-22 15:23 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-06-22 16:10 . 2012-06-22 16:10 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-06-21 08:37 . 2012-06-21 08:37 3166792 ------w- c:\windows\SysWow64\pbsvc.exe 2012-05-29 18:46 . 2012-06-10 09:31 34656 ----a-w- c:\windows\system32\TURegOpt.exe 2012-05-29 18:46 . 2012-06-16 18:28 29024 ----a-w- c:\windows\SysWow64\uxtuneup.dll 2012-05-29 18:46 . 2012-06-16 18:28 35680 ----a-w- c:\windows\system32\uxtuneup.dll 2012-05-29 18:46 . 2012-06-10 09:31 25952 ----a-w- c:\windows\system32\authuitu.dll 2012-05-29 18:46 . 2012-06-10 09:31 21344 ----a-w- c:\windows\SysWow64\authuitu.dll 2012-05-19 17:41 . 2010-11-21 03:24 2755072 ----a-w- c:\windows\SysWow64\themeui.dll 2012-05-19 17:41 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll 2012-05-19 17:41 . 2012-05-19 17:41 50536 ----a-w- c:\windows\UTP.exe 2012-05-17 22:50 . 2012-05-17 22:50 71680 ----a-w- c:\windows\system32\frapsv64.dll 2012-05-17 22:50 . 2012-05-17 22:50 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll 2012-05-15 10:48 . 2012-06-18 08:51 8139072 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:48 . 2012-06-18 08:51 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-05-15 10:48 . 2012-06-18 08:51 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-05-15 10:48 . 2012-06-18 08:51 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:48 . 2012-06-18 08:51 2681664 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:48 . 2012-06-18 08:51 25743168 ----a-w- c:\windows\system32\nvoglv64.dll 2012-05-15 10:48 . 2012-06-18 08:51 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-05-15 10:48 . 2012-06-18 08:51 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-05-15 10:48 . 2012-06-18 08:51 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-05-15 10:48 . 2012-06-18 08:51 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-05-15 10:48 . 2012-06-18 08:51 1738048 ----a-w- c:\windows\system32\nvdispco64.dll 2012-05-15 10:48 . 2012-06-18 08:51 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-05-15 10:48 . 2012-06-18 08:51 1468224 ----a-w- c:\windows\system32\nvgenco64.dll 2012-05-15 10:48 . 2012-06-18 08:51 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-05-15 10:48 . 2012-06-18 08:51 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-05-15 10:48 . 2012-06-18 08:51 2741568 ----a-w- c:\windows\system32\nvapi64.dll 2012-05-15 10:48 . 2012-06-18 08:51 25248064 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:48 . 2012-06-18 08:51 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-05-15 10:48 . 2012-06-18 08:51 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-05-15 10:48 . 2012-03-08 23:24 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:48 . 2012-03-08 23:24 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-05-15 09:29 . 2012-06-18 08:52 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:29 . 2012-06-18 08:52 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:29 . 2012-06-18 08:52 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-15 09:29 . 2012-06-18 08:52 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:29 . 2012-06-18 08:52 3149632 ----a-w- c:\windows\system32\nvsvc64.dll 2012-05-15 09:28 . 2012-06-18 08:52 6151488 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-05-07 16:58 . 2012-02-25 21:10 414632 ------w- c:\windows\difxapi.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-11-21 . 20ECA0A85932BAB0B2DDE1F0159B8BAD . 2389504 . . [6.1.7600.16385] .. c:\windows\explorer.exe [-] 2010-11-21 . 8E310CCF7785C6AC232C6347DBBED752 . 2389504 . . [6.1.7600.16385] .. c:\windows\W7SOC\explorer.exe [7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe . ((((((((((((((((((((((((((((( SnapShot@2012-07-24_19.39.43 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 05:10 . 2012-07-24 15:25 55622 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-24 19:40 55622 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-02-01 08:12 . 2012-07-24 19:40 11922 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3957744283-915633698-4103600253-1000_UserData.bin - 2012-07-24 19:38 . 2012-07-24 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-24 20:02 . 2012-07-24 20:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-24 20:02 . 2012-07-24 20:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-24 19:38 . 2012-07-24 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-07-24 15:28 724816 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-24 19:55 724816 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-24 19:55 146414 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-07-24 15:28 146414 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-07-24 19:37 576312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-24 19:48 576312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-14 399224] "speedfan"="c:\program files (x86)\SpeedFan\speedfan.exe" [2011-11-03 4657048] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "Droplr"="c:\program files\Droplr\Droplr.exe" [2012-06-07 399872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 0 (0x0) "NoFileAssociate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin "SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "HDAudDeck"=c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r "AMD AVT"=Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files (x86)\AMD AVT\bin\kdbsync.exe" aml . R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-12 21096] R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 250056] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe [2009-08-24 544768] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 DualCoreCenter;DualCoreCenter;c:\program files (x86)\MSI\GreenPowerCenterII\NTGLM7X64.sys [2010-02-08 44344] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-03-12 13352] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x] R3 GPU-Z;GPU-Z;c:\users\dyrian\AppData\Local\Temp\GPU-Z.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 114144] R3 PCAlertDriver;PCAlertDriver;c:\program files (x86)\MSI\PC Alert 4\NTGLM7X64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 RushTopDevice_J;RushTopDevice_J;c:\program files (x86)\MSI\GreenPowerCenterII\RushJ64.sys [2009-03-05 33080] R3 RushTopDevice2;RushTopDevice2;c:\program files (x86)\MSI\GreenPowerCenterII\RushTop64.sys [2008-12-18 75576] R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 127600] R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 19568] R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 161904] R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 141424] R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 34416] R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 137328] R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 158320] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944] S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [2011-03-08 12824] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072] S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-09-07 27760] S2 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [2012-04-23 884608] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-09-07 2173552] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Zawartość folderu 'Zaplanowane zadania' . 2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 13:49] . 2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3957744283-915633698-4103600253-1000Core.job - c:\users\dyrian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 10:57] . 2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3957744283-915633698-4103600253-1000UA.job - c:\users\dyrian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 10:57] . 2012-07-20 c:\windows\Tasks\One-Click Optimizer.job - c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2012-05-02 13:46] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152] "Ashampoo WinOptimizer Live-Tuner"="c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTuner.exe" [2012-04-23 2883456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?affID=112250&tt=220512_53ctrl&babsrc=HP_ss&mntrId=eebfacb80000000000008c89a533985a mStart Page = about:blank TCP: Interfaces\{B91F927E-1BF8-40EA-AFF6-F384C09CCA0A}: NameServer = 192.168.1.1 FF - ProfilePath - c:\users\dyrian\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpudqs.default\ FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - USUNIĘTO PUSTE WPISY - - - - . ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) HKLM-Run-combofix - c:\combofix\CF28541.3XE AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Czas ukończenia: 2012-07-24 22:06:18 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-07-24 20:06 ComboFix2.txt 2012-07-24 19:48 . Przed: 33 352 146 944 bytes free Po: 33 399 357 440 bytes free . - - End Of File - - 749D4994F898C1FA1A81108C1C5F9381