Skocz do zawartości

kamvit21

Użytkownicy
 Pokaż profil  Zobacz aktywność

  • Postów

    6

  • Dołączył

  • Ostatnia wizyta

  1. kamvit21
    Niestety w żaden sposób nie da się usunąć tych plików :/ Malwarebytes Anti-Malwarenic nie wykrył. Niestety muszę też napisać że po tej infekcji komp. jest jakiś trochę zamulony? Jakim programem najlepiej go skanować żebym miał pewność że wszystko jest ok. Czy powinienem zmienić wszystkie hasła?
  2. kamvit21
    Log z AdwCleaner: http://wklejtekst.pl/3wo Log z OTL: http://wklejtekst.pl/3wq Wiadomość wysłana
  3. kamvit21
    OTL: http://wklejtekst.pl/3wk AdwCleaner: http://wklejtekst.pl/3wl Dodatkowo chciałbym zapytać Panią o pewną rzecz, jednak nie chciałbym tego pisać na publicznym forum. Proszę się nie obawiać, chodzi o pewne zlecenie związane z informatyką. Czy istnieje możliwość przesłania zapytania na jakiś prywatny mail?
  4. kamvit21
    Wiem że wszelkie wyjaśnienia nie mają większego sensu bo ma Pani racje. W dzisiejszych czasach internet jest tak przeładowany informacjami że naprawde przestajemy zwracać uwagę na wszech obecny teks. Choć wiem że w sprawie tak ważnej jak bezpieczeństwo powinienem zwracać uwagę na takie rzeczy Poniżej prawidłowo wykonane logi. Emsisoft: http://wklejtekst.pl/3wh OTL: http://wklejtekst.pl/3wi Dodatkowo logi z Malwarebytes Anti-Malware bo od tego zaczynałem historie z ZeroAccess: http://wklejtekst.pl/3wj Jest tam tego kilka więc zrobiłem jako jeden link.
  5. kamvit21
    A to bardzo przepraszam. To Mój pierwszy kontakt z forum internetowym, jak i "robakami" w komputerze. Mam nadzieje że uda się coś z tego wywnioskować http://wklejtekst.pl/3wd OTL cz1. http://wklejtekst.pl/3we cz.2 http://wklejtekst.pl/3wf FSS: http://wklejtekst.pl/3wg Dodatkowo zrzut z ekranu po naprawie ComboFix. Pojawiły się zaznaczone na czerwono foldery. Nie mam pojęcia co to jest. Wcześniej postępowałem zgodnie z instrukcją obsługi ComboFix i generalnie problem ustał (z przeglądarką) ale w razie czego zainstalowałem Emisisoft Anti-Malware i wykrył 26 plików z trojanami :/ http://www.fotoszok.pl/upload/00407c49.png
  6. kamvit21
    Witam Serdecznie, Mam podobny problem https://www.fixitpc.pl/topic/7359-przekierowanie-na-abnowcom/ w załączniku to co uzyskałem z Combofix: ComboFix 12-02-29.01 - Kamil 2012-02-29 21:57:24.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.2868.965 [GMT 1:00] Uruchomiony z: c:\users\Kamil\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\HTV c:\program files (x86)\HTV\akv.cfg c:\program files (x86)\HTV\HTV.001 c:\program files (x86)\HTV\HTV.002 c:\program files (x86)\HTV\HTV.005 c:\program files (x86)\HTV\HTV.006 c:\program files (x86)\HTV\HTV.009 c:\users\Kamil\AppData\Local\64e22528 c:\users\Kamil\AppData\Local\64e22528\@ c:\users\Kamil\AppData\Local\64e22528\U\80000000.@ c:\users\Kamil\AppData\Local\64e22528\U\800000cb.@ c:\users\Kamil\AppData\Local\64e22528\U\800000cf.@ c:\users\Kamil\AppData\Local\64e22528\X c:\users\Kamil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1F27E079-7DF5-46DD-870C-7C3E5CCE7404}.xps c:\users\Kamil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{271AB22C-3CF8-40A1-9D74-1DAD9225D128}.xps c:\users\Kamil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CBE8310A-EBD6-4D8A-984B-1033AF39B38E}.xps c:\users\Kamil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FA1091DE-BFBA-48C4-9F16-82D867BF9A2F}.xps c:\users\Kamil\AppData\Roaming\inst.exe c:\users\Kamil\AppData\Roaming\vso_ts_preview.xml c:\users\Kamil\Documents\~WRL1025.tmp c:\users\Kamil\Documents\~WRL1723.tmp c:\users\Kamil\Documents\~WRL2602.tmp c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\assembly\tmp\U c:\windows\assembly\tmp\U\00000001.@ c:\windows\assembly\tmp\U\000000c0.@ c:\windows\assembly\tmp\U\000000cb.@ c:\windows\assembly\tmp\U\000000cf.@ c:\windows\assembly\tmp\U\80000000.@ c:\windows\assembly\tmp\U\800000c0.@ c:\windows\assembly\tmp\U\800000cb.@ c:\windows\assembly\tmp\U\800000cf.@ c:\windows\security\Database\tmp.edb c:\windows\system32\consrv.dll c:\windows\system32\dds_log_trash.cmd c:\windows\system32\slimsvc.dll . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_nvedavt . . ((((((((((((((((((((((((( Pliki utworzone od 2012-01-28 do 2012-02-29 ))))))))))))))))))))))))))))))) . . 2012-02-29 21:04 . 2012-02-29 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-29 20:42 . 2011-05-12 13:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys 2012-02-29 19:55 . 2011-05-12 13:03 6144 ------w- c:\windows\system32\23A8.tmp 2012-02-29 19:53 . 2011-05-12 13:03 6144 ------w- c:\windows\system32\66A0.tmp 2012-02-29 19:53 . 2012-02-29 19:53 -------- d-----w- c:\program files (x86)\Sophos 2012-02-29 19:51 . 2012-02-29 19:51 -------- d-----w- c:\users\Kamil\Pavark 2012-02-29 18:40 . 2012-02-29 18:40 -------- d-----w- c:\program files\SkanerOnline 2012-02-29 15:23 . 2012-02-29 15:23 -------- d-----w- c:\users\Kamil\AppData\Roaming\Malwarebytes 2012-02-29 15:22 . 2012-02-29 15:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-29 15:22 . 2012-02-29 15:22 -------- d-----w- c:\programdata\Malwarebytes 2012-02-29 15:22 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-29 15:05 . 2012-02-29 15:05 -------- d-----w- c:\users\Kamil\AppData\Roaming\Tific 2012-02-29 15:05 . 2012-02-29 15:05 -------- d-----w- c:\users\Kamil\AppData\Local\Symantec 2012-02-29 15:00 . 2012-02-29 15:00 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-28 19:04 . 2012-02-28 20:14 -------- d-----w- c:\users\Kamil\AppData\Roaming\vlc 2012-02-28 19:04 . 2012-02-28 19:04 -------- d-----w- c:\program files (x86)\VideoLAN 2012-02-28 14:22 . 2012-02-28 14:22 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-02-27 12:15 . 2012-02-27 12:16 237 ----a-w- C:\user.js 2012-02-27 12:15 . 2012-02-27 12:15 -------- d-----w- c:\users\Kamil\AppData\Local\Babylon 2012-02-27 12:15 . 2012-02-27 12:15 -------- d-----w- c:\users\Kamil\AppData\Roaming\Babylon 2012-02-27 12:15 . 2012-02-27 12:15 -------- d-----w- c:\programdata\Babylon 2012-02-26 17:43 . 2012-02-26 17:43 43520 ----a-w- c:\windows\smode.dll 2012-02-26 17:43 . 2012-02-26 17:43 16896 ----a-w- c:\windows\syschecks.dll 2012-02-25 10:22 . 2012-02-25 10:22 -------- d-----w- c:\program files (x86)\FreeTime 2012-02-25 09:47 . 2012-02-25 09:47 -------- d-----w- c:\program files\WinAVI Video Converter 2012-02-25 09:47 . 2012-02-29 14:22 -------- d-----w- c:\program files (x86)\WinAVI Video Converter 2012-02-20 14:01 . 2012-02-20 14:01 82816 ----a-w- c:\users\Kamil\AppData\Roaming\pcouffin.sys 2012-02-20 11:56 . 2012-02-20 11:56 -------- d-----w- c:\programdata\McAfee 2012-02-19 11:04 . 2011-12-14 07:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-02-19 11:04 . 2011-12-14 02:59 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2012-02-17 15:47 . 2012-02-23 23:34 -------- d-----w- C:\TEMP 2012-02-16 15:47 . 2012-02-16 15:47 -------- d-----w- c:\users\Kamil\Tracing 2012-02-16 14:11 . 2012-02-20 14:04 -------- d-----w- c:\program files (x86)\kED 2012-02-16 13:51 . 2012-02-16 13:52 -------- d-----w- c:\users\Kamil\AppData\Roaming\FreshHTML 2012-02-16 13:12 . 2012-02-16 13:12 -------- d-----w- c:\windows\Sun 2012-02-16 12:26 . 2012-02-16 13:07 -------- d-----w- c:\users\Kamil\AppData\Roaming\Cream Software 2012-02-15 10:04 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-15 10:04 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-15 10:04 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 10:04 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-08 21:19 . 2012-02-08 21:19 -------- d-----w- c:\users\Kamil\AppData\Roaming\OTi 2012-02-08 21:19 . 2012-02-08 21:19 -------- d-----w- C:\USB Notebook Data 2012-02-07 16:30 . 2012-02-25 09:49 -------- d-----w- c:\users\Kamil\AppData\Local\WinAVI 2012-02-07 16:30 . 2012-02-07 16:30 -------- d-----w- c:\users\Kamil\AppData\Roaming\WinAVI 2012-02-07 16:30 . 2012-02-29 14:29 -------- d-----w- c:\program files (x86)\WinAVI 2012-02-07 16:26 . 2007-08-31 17:36 36864 ----a-w- c:\windows\SysWow64\trayicon_handler.ocx 2012-02-07 16:26 . 2003-01-26 12:41 40960 ----a-w- c:\windows\SysWow64\ssubtmr6.dll 2012-02-07 16:22 . 2012-02-20 14:01 -------- d-----w- c:\users\Kamil\AppData\Roaming\Vso 2012-02-05 17:56 . 2012-02-20 13:57 -------- d-----w- c:\program files (x86)\Avi2Dvd 2012-02-05 17:40 . 2012-02-20 14:02 -------- d-----w- c:\users\Kamil\AppData\Roaming\AVI ReComp 2012-02-05 17:39 . 2012-02-20 14:06 -------- d-----w- c:\program files (x86)\Gabest 2012-02-05 17:39 . 2012-02-05 17:39 -------- d-----w- c:\program files (x86)\Xvid 2012-02-05 17:39 . 2012-02-05 17:39 -------- d-----w- c:\program files (x86)\AviSynth 2.5 2012-02-05 17:39 . 2012-02-05 17:40 -------- d-----w- c:\program files (x86)\AVI ReComp 2012-01-31 15:57 . 2012-02-16 14:03 -------- d-----w- c:\windows\system32\drivers\NISx64\1207000.00D . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-20 14:07 . 2011-11-10 12:41 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp 2012-02-20 11:56 . 2011-07-02 11:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-01-15 13:45 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-15 1811296] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "ALLUpdate"="c:\program files (x86)\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-01-15 939872] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 avgfws;Zapora AVG;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-08-19 2399560] R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\23A8.tmp [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-07-23 1151096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110808.030\IDSvia64.sys [2011-08-01 488056] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe [2007-11-08 65536] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-11-23 1620584] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400] S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-15 909152] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe [2007-11-08 1515599] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-17 11613288] "combofix"="c:\combofix\CF8739.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs nvedavt . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll TCP: DhcpNameServer = 194.204.152.34 194.204.159.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll DPF: {4DF118B4-5498-4EEA-9277-9EBC94B38114} - hxxp://www.bryza.pl/kamera/STWWebViewer.cab FF - ProfilePath - c:\users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\o7388kvq.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: general.useragent.extra.brc - FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110004 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 78e146b900000000000090a4de219aa0 FF - user.js: extensions.BabylonToolbar_i.hardId - 78e146b900000000000090a4de219aa0 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15397 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:15 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - USUNIĘTO PUSTE WPISY - - - - . URLSearchHooks-{d43723ae-1ae1-4a25-a6a4-bf0929273cab} - (no file) URLSearchHooks-{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe Wow6432Node-HKCU-Run-Tutor.exe - c:\program files (x86)\ABBYY Lingvo x3\Tutor.exe Wow6432Node-HKLM-Run-HTV Agent - c:\program files (x86)\HTV\HTV.exe SafeBoot-38115078.sys Toolbar-Locked - (no file) WebBrowser-{D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{C52B9816-297D-45DA-A9FF-B674A41694D1} - c:\users\Kamil\AppData\Local\{3001DF01-FFC5-4056-87F2-60F327A38B91}\RaksSQL-Instalator.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\23A8.tmp" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe . ************************************************************************** . Czas ukończenia: 2012-02-29 22:14:44 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-02-29 21:14 . Przed: 8 994 693 120 bajtów wolnych Po: 9 621 561 344 bajtów wolnych . - - End Of File - - 1250BFC55257D5A62B3D8DD1DF7EAD39
×
×
  • Dodaj nową pozycję...