Windows 7 Forum: konfiguracja, optymalizacja, porady, gadżety •
Rozwiązany Złośliwy Wirus który sam się odnawia - Wersja do druku

+- Windows 7 Forum: konfiguracja, optymalizacja, porady, gadżety • (https://windows7forum.pl)
+-- Dział: Pomoc i wsparcie, Windows 7 (/pomoc-i-wsparcie-windows-7-26-f)
+--- Dział: Bezpieczeństwo Windows 7 (/bezpieczenstwo-windows-7-15-f)
+--- Wątek: Rozwiązany Złośliwy Wirus który sam się odnawia (/zlosliwy-wirus-ktory-sam-sie-odnawia-35428-t)

Złośliwy Wirus który sam się odnawia - Jovi2013 - 20.08.2013 21:07

Witam.
Dziś pobierałem program..niestety nie działał więc chciałem go usunąć.Jak się później okazało nie mogłem go usunąć gdyż był to wirus który samoistnie się odnawiał.Tak po prostu. usuwasz a on sam się pojawia. Wie ktoś jak to naprawić

RE: Złośliwy Wirus który sam się odnawia - LadyInBlue - 20.08.2013 21:29

Weź przeskanuj komputer programem Malwarebytes Anti-Malware i daj tutaj log.

RE: Złośliwy Wirus który sam się odnawia - Jovi2013 - 20.08.2013 21:41

Hmmm..dziwne właśnie przeskanowałem Combofixem restartnołem komputer i normalnie usunełem...

jeżeli chcecie log z combofixa to prosze:

Kod:
=======================================================================================ComboFix 13-08-19.02 - Jakub 2013-08-20  22: 27: 36.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.6143.4120 [GMT 2: 00]
Uruchomiony z:  c: \users\Jakub\Downloads\ComboFix.exe
FW:  AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP:  Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c: \programdata\Amazon.ico
c: \programdata\bcadceaafcdc.cfg
c: \programdata\MAygniPic
c: \programdata\MAygniPic\51dacbc1751d1.tlb
c: \programdata\MAygniPic\data\MAygniPic.dat
c: \programdata\MAygniPic\settings.ini
c: \programdata\MAygniPic\uninstall.exe
c: \programdata\MercadoLivre.ico
c: \programdata\Microsoft\Windows\Start Menu\Programs\MAygniPic
c: \programdata\Microsoft\Windows\Start Menu\Programs\MAygniPic\MAygniPic.lnk
c: \programdata\Microsoft\Windows\Start Menu\Programs\MAygniPic\Uninstall.lnk
c: \programdata\QuickStores.ico
c: \users\Jakub\AppData\Local\lollipop
c: \users\Jakub\AppData\Roaming\PnkBstrB.exe
c: \windows\PFRO.log
c: \windows\SysWow64\frapsvid.dll
c: \windows\SysWow64\Packet.dll
c: \windows\SysWow64\pthreadVC.dll
c: \windows\SysWow64\themeui.dll.tmp
c: \windows\SysWow64\uxtheme.dll.tmp
c: \windows\SysWow64\wpcap.dll
.
-- Poprzednie uruchomienie --
.
Zainfekowana kopia c: \windows\SysWow64\user32.dll została znaleziona. Problem naprawiono
Plik odzyskano z - c: \windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
--------
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_WsysSvc
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-07-20 do 2013-08-20  )))))))))))))))))))))))))))))))
.
.
2013-08-20 20: 33 . 2013-08-20 20: 35    --------    d-----w-    c: \users\UpdatusUser\AppData\Local\temp
2013-08-20 20: 33 . 2013-08-20 20: 33    --------    d-----w-    c: \users\Default\AppData\Local\temp
2013-08-20 20: 18 . 2013-08-20 20: 18    388096    ----a-r-    c: \users\Jakub\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-20 20: 18 . 2013-08-20 20: 18    --------    d-----w-    c: \program files (x86)\Trend Micro
2013-08-20 20: 03 . 2013-07-15 01: 34    9460976    ----a-w-    c: \programdata\Microsoft\Windows Defender\Definition Updates\{FE22F2E3-A3EF-40F5-A6CB-D89025311099}\mpengine.dll
2013-08-20 19: 33 . 2013-08-18 09: 53    --------    d-----w-    c: \users\Jakub\AppData\Roaming\Adobe64x
2013-08-20 16: 20 . 2013-08-20 18: 30    3307520    ------r-    c: \users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\riaiccape.exe
2013-08-20 00: 24 . 2013-08-20 00: 24    --------    d-----w-    C: \CodeOpen
2013-08-20 00: 00 . 2013-08-20 00: 01    --------    d-----w-    c: \program files\Recuva
2013-08-19 10: 19 . 2013-08-19 10: 19    --------    d-----w-    c: \users\Default\AppData\Roaming\TuneUp Software
2013-08-18 15: 16 . 2013-08-18 15: 16    --------    d-----w-    c: \users\Jakub\AppData\Local\FOMM
2013-08-18 15: 16 . 2013-08-18 15: 16    --------    d-----w-    c: \program files (x86)\GeMM
2013-08-15 01: 55 . 2013-08-15 01: 55    --------    d-----w-    c: \users\Jakub\AppData\Local\Black_Tree_Gaming
2013-08-15 01: 55 . 2013-08-15 01: 55    --------    d-----w-    c: \program files\Nexus Mod Manager
2013-08-14 15: 24 . 2013-08-14 15: 24    --------    d-----w-    c: \users\Jakub\AppData\Local\FalloutNV
2013-08-13 23: 50 . 2013-08-13 23: 50    --------    d-----w-    c: \users\Jakub\AppData\Roaming\Unity
2013-08-13 23: 48 . 2013-08-13 23: 48    48648    ----a-w-    c: \programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-08-13 23: 48 . 2013-08-13 23: 48    686416    ----a-w-    c: \programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-08-13 22: 37 . 2013-08-13 22: 37    --------    d-----w-    c: \users\Jakub\AppData\Local\Unity
2013-08-13 09: 37 . 2013-08-13 09: 37    --------    d-----w-    c: \users\Jakub\AppData\Local\Two Worlds II
2013-08-12 21: 19 . 2013-08-12 21: 19    --------    d-----w-    c: \users\Jakub\AppData\Local\Skyrim
2013-08-12 19: 37 . 2013-08-12 19: 40    --------    d-----w-    c: \program files (x86)\ZAR
2013-08-06 16: 35 . 2013-08-06 16: 35    --------    d-----w-    c: \program files (x86)\ESET
2013-08-06 16: 05 . 2013-08-06 16: 05    --------    d-----w-    c: \programdata\GG
2013-08-06 14: 22 . 2013-08-06 14: 22    --------    d-----w-    c: \users\Jakub\Nowy folder
2013-07-24 09: 29 . 2013-07-24 09: 29    --------    d-----w-    c: \users\Jakub\AppData\Roaming\Opera Software
2013-07-24 09: 29 . 2013-07-24 09: 29    --------    d-----w-    c: \users\Jakub\AppData\Local\Opera Software
2013-07-24 09: 29 . 2013-07-24 09: 29    --------    d-----w-    c: \program files (x86)\Opera
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-18 16: 06 . 2013-07-18 14: 15    298584    ----a-w-    c: \windows\SysWow64\PnkBstrB.xtr
2013-07-18 16: 06 . 2013-07-17 23: 05    298584    ----a-w-    c: \windows\SysWow64\PnkBstrB.exe
2013-07-18 14: 37 . 2013-07-17 23: 05    298584    ----a-w-    c: \windows\SysWow64\PnkBstrB.ex0
2013-07-18 11: 32 . 2013-07-04 09: 11    71048    ----a-w-    c: \windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-18 11: 32 . 2013-07-04 09: 11    692104    ----a-w-    c: \windows\SysWow64\FlashPlayerApp.exe
2013-07-17 23: 05 . 2013-07-17 23: 05    76888    ----a-w-    c: \windows\SysWow64\PnkBstrA.exe
2013-07-11 18: 44 . 2013-07-11 18: 44    378944    ----a-w-    c: \windows\system32\drivers\aswSP.sys
2013-07-11 18: 44 . 2013-07-11 18: 44    1030952    ----a-w-    c: \windows\system32\drivers\aswSnx.sys
2013-07-11 18: 44 . 2013-07-11 18: 44    189936    ----a-w-    c: \windows\system32\drivers\aswVmm.sys
2013-07-09 14: 51 . 2013-07-09 14: 52    789416    ----a-w-    c: \windows\SysWow64\deployJava1.dll
2013-07-09 14: 51 . 2013-07-09 14: 51    867240    ----a-w-    c: \windows\SysWow64\npDeployJava1.dll
2013-07-09 14: 51 . 2013-07-09 14: 51    96168    ----a-w-    c: \windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-04 10: 34 . 2013-07-04 10: 35    118104    ----a-w-    c: \windows\dxsdkuninst.exe
2013-07-04 10: 34 . 2013-07-04 10: 34    283064    ----a-w-    c: \windows\system32\drivers\dtsoftbus01.sys
2013-07-04 09: 47 . 2010-11-21 03: 23    2851840    ----a-w-    c: \windows\system32\themeui.dll
2013-07-04 09: 47 . 2009-07-13 23: 55    332288    ----a-w-    c: \windows\system32\uxtheme.dll
2013-07-04 09: 47 . 2009-07-13 23: 54    44544    ----a-w-    c: \windows\system32\themeservice.dll
2013-07-04 09: 25 . 2013-07-04 09: 25    419840    ----a-w-    c: \windows\system32\wrap_oal.dll
2013-07-04 09: 25 . 2013-07-04 09: 25    413696    ----a-w-    c: \windows\SysWow64\wrap_oal.dll
2013-07-04 09: 25 . 2013-07-04 09: 25    111616    ----a-w-    c: \windows\system32\OpenAL32.dll
2013-07-04 09: 25 . 2013-07-04 09: 25    102400    ----a-w-    c: \windows\SysWow64\OpenAL32.dll
2013-07-04 09: 24 . 2011-03-10 13: 44    2725376    ----a-w-    c: \windows\system32\drivers\cmudaxp.sys
2013-07-04 09: 24 . 2007-04-19 13: 12    32768    ----a-w-    c: \windows\system32\cmudaxp.dll
2013-07-04 09: 24 . 2004-04-14 09: 28    315392    ----a-w-    c: \windows\SysWow64\CmiFltr.dll
2013-07-04 09: 24 . 2004-04-14 09: 28    315392    ----a-w-    c: \windows\system\CmiFltr.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    122880    ----a-w-    c: \windows\system32\Cm_Oal.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    122880    ------w-    c: \windows\SysWow64\Cm_Oal.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    8769536    ------w-    c: \windows\SysWow64\CmiCnfgp.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    389120    ----a-w-    c: \windows\system32\CmiCnfgp.cpl
2013-07-04 09: 24 . 2013-07-04 09: 25    282112    ----a-w-    c: \windows\system\HsMgr64.exe
2013-07-04 09: 24 . 2013-07-04 09: 25    217088    ------w-    c: \windows\SysWow64\HsSrv2.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    217088    ------w-    c: \windows\SysWow64\HsSrv.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    200704    ----a-w-    c: \windows\SysWow64\HsMgr.exe
2013-07-04 09: 24 . 2013-07-04 09: 25    200704    ------w-    c: \windows\SysWow64\Cmpaoxy.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    143360    ------w-    c: \windows\SysWow64\VmixP8.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    121856    ------w-    c: \windows\system\HsSrv642.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    121856    ------w-    c: \windows\system\HsSrv64.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    465408    ----a-w-    c: \windows\system32\cmasiopx.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    303104    ------w-    c: \windows\SysWow64\cmasiop.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    359424    ----a-w-    c: \windows\system32\CmiInstallResAll64.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    524768    ----a-w-    c: \windows\difxapi.dll
2013-07-04 09: 24 . 2013-07-04 09: 25    805376    ----a-w-    c: \windows\system32\Cmeauoxy.exe
2013-06-21 12: 06 . 2013-07-04 09: 16    61216    ----a-w-    c: \windows\system32\OpenCL.dll
2013-06-21 12: 06 . 2013-07-04 09: 16    53024    ----a-w-    c: \windows\SysWow64\OpenCL.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    925648    ----a-w-    c: \windows\SysWow64\nvumdshim.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    9239344    ----a-w-    c: \windows\system32\nvcuda.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    7687592    ----a-w-    c: \windows\SysWow64\nvcuda.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    7641832    ----a-w-    c: \windows\system32\nvopencl.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    6324360    ----a-w-    c: \windows\SysWow64\nvopencl.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    572704    ----a-w-    c: \windows\system32\NvFBC64.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    570656    ----a-w-    c: \windows\system32\NvIFR64.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    467232    ----a-w-    c: \windows\SysWow64\NvIFR.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    465184    ----a-w-    c: \windows\SysWow64\NvFBC.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    2953504    ----a-w-    c: \windows\system32\nvcuvid.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    27781920    ----a-w-    c: \windows\system32\nvoglv64.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    2777888    ----a-w-    c: \windows\SysWow64\nvcuvid.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    266448    ----a-w-    c: \windows\system32\nvinitx.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    2363680    ----a-w-    c: \windows\system32\nvcuvenc.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    218592    ----a-w-    c: \windows\system32\nvoglshim64.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    214448    ----a-w-    c: \windows\SysWow64\nvinit.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    21102368    ----a-w-    c: \windows\SysWow64\nvoglv32.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    2002720    ----a-w-    c: \windows\SysWow64\nvcuvenc.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    1832224    ----a-w-    c: \windows\system32\nvdispco6432049.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    181488    ----a-w-    c: \windows\SysWow64\nvoglshim32.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    17560352    ----a-w-    c: \windows\SysWow64\nvcompiler.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    15920536    ----a-w-    c: \windows\system32\nvwgf2umx.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    15144928    ----a-w-    c: \windows\system32\nvd3dumx.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    1511712    ----a-w-    c: \windows\system32\nvdispgenco6432049.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    13411896    ----a-w-    c: \windows\SysWow64\nvwgf2um.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    12427240    ----a-w-    c: \windows\SysWow64\nvd3dum.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    11235104    ----a-w-    c: \windows\system32\drivers\nvlddmkm.sys
2013-06-21 12: 06 . 2013-07-04 09: 09    1059560    ----a-w-    c: \windows\system32\nvumdshimx.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    2936208    ----a-w-    c: \windows\system32\nvapi64.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    2597856    ----a-w-    c: \windows\SysWow64\nvapi.dll
2013-06-21 12: 06 . 2013-07-04 09: 09    25256224    ----a-w-    c: \windows\system32\nvcompiler.dll
2013-06-21 10: 23 . 2013-07-04 09: 17    6496544    ----a-w-    c: \windows\system32\nvcpl.dll
2013-06-21 10: 23 . 2013-07-04 09: 17    3514656    ----a-w-    c: \windows\system32\nvsvc64.dll
2013-06-21 10: 23 . 2013-07-04 09: 17    884512    ----a-w-    c: \windows\system32\nvvsvc.exe
2013-06-21 10: 23 . 2013-07-04 09: 17    63776    ----a-w-    c: \windows\system32\nvshext.dll
2013-06-21 10: 23 . 2013-07-04 09: 17    237856    ----a-w-    c: \windows\system32\nvmctray.dll
2013-06-21 03: 16 . 2013-06-21 03: 16    566048    ----a-w-    c: \windows\SysWow64\nvStreaming.exe
2013-06-20 04: 17 . 2013-07-04 09: 17    3253909    ----a-w-    c: \windows\system32\nvcoproc.bin
2013-06-08 12: 11 . 2013-06-08 12: 11    39896    ----a-w-    c: \windows\SysWow64\DiscHandler.exe
2013-06-08 11: 57 . 2013-06-08 11: 57    4012544    ----a-w-    c: \windows\system32\ffmpeg.dll
2013-06-08 11: 57 . 2013-06-08 11: 57    474624    ----a-w-    c: \windows\system32\ff_kernelDeint.dll
2013-06-08 11: 56 . 2013-06-08 11: 56    127488    ----a-w-    c: \windows\system32\ff_vfw.dll
2013-06-08 11: 56 . 2013-06-08 11: 56    4372992    ----a-w-    c: \windows\system32\ffdshow.ax
2013-06-08 11: 56 . 2013-06-08 11: 56    156672    ----a-w-    c: \windows\system32\ff_libmad.dll
2013-06-08 11: 56 . 2013-06-08 11: 56    631296    ----a-w-    c: \windows\system32\TomsMoComp_ff.dll
2013-06-08 11: 55 . 2013-06-08 11: 55    114688    ----a-w-    c: \windows\system32\ff_wmv9.dll
2013-06-08 11: 55 . 2013-06-08 11: 55    1532928    ----a-w-    c: \windows\system32\ff_samplerate.dll
2013-06-08 11: 55 . 2013-06-08 11: 55    116224    ----a-w-    c: \windows\system32\ff_liba52.dll
2013-06-08 11: 55 . 2013-06-08 11: 55    222720    ----a-w-    c: \windows\system32\ff_libdts.dll
2013-06-08 11: 55 . 2013-06-08 11: 55    183296    ----a-w-    c: \windows\system32\ff_unrar.dll
2013-06-08 11: 55 . 2013-06-08 11: 55    190464    ----a-w-    c: \windows\system32\libmpeg2_ff.dll
2013-06-08 11: 54 . 2013-06-08 11: 54    3915776    ----a-w-    c: \windows\SysWow64\ffmpeg.dll
2013-06-08 11: 53 . 2013-06-08 11: 53    112640    ----a-w-    c: \windows\SysWow64\ff_vfw.dll
2013-06-08 11: 53 . 2013-06-08 11: 53    3501568    ----a-w-    c: \windows\SysWow64\ffdshow.ax
2013-06-08 11: 52 . 2013-06-08 11: 52    271360    ----a-w-    c: \windows\SysWow64\TomsMoComp_ff.dll
2013-06-08 11: 52 . 2013-06-08 11: 52    157184    ----a-w-    c: \windows\SysWow64\ff_unrar.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}]
2013-03-25 15: 14    251288    ----a-w-    c: \program files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bcadceaafcdc"="ŕáw" [X]
"xwidget"="c: \program files (x86)\XWidget\xwidget.exe" [2013-06-09 1811968]
"DAEMON Tools Lite"="c: \program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"RocketDock"="c: \program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ChomikBox"="d: \chomik\chomikbox.exe" [2012-11-15 5979648]
"Steam"="d: \programy\steam\Steam.exe" [2013-07-26 1807272]
"Sidebar"="c: \program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c: \program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c: \program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c: \program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c: \users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
riaiccape.exe [2013-8-20 3307520]
.
c: \programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c: \windows\SysWOW64\C2MP\UpdateChecker.exe [2013-6-8 48200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c: \windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c: \windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c: \windows\system32\Drivers\ssadadb.sys;c: \windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c: \windows\system32\DRIVERS\MijXfilt.sys;c: \windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c: \windows\system32\DRIVERS\ssadbus.sys;c: \windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c: \windows\system32\DRIVERS\ssadmdfl.sys;c: \windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c: \windows\system32\DRIVERS\ssadmdm.sys;c: \windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c: \windows\system32\DRIVERS\ssadserd.sys;c: \windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c: \windows\system32\drivers\tsusbflt.sys;c: \windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c: \windows\system32\drivers\TsUsbGD.sys;c: \windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 X6va011;X6va011;c: \windows\SysWOW64\Drivers\X6va011;c: \windows\SysWOW64\Drivers\X6va011 [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c: \windows\system32\DRIVERS\dtsoftbus01.sys;c: \windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c: \windows\system32\drivers\aswMonFlt.sys;c: \windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c: \program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c: \program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c: \windows\system32\drivers\cmudaxp.sys;c: \windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c: \windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-06 12: 05    1173456    ----a-w-    c: \program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-08-20 c: \windows\Tasks\Adobe Flash Player Updater.job
- c: \windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-04 11: 32]
.
2013-08-20 c: \windows\Tasks\GoogleUpdateTaskMachineCore.job
- c: \program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 18: 44]
.
2013-08-20 c: \windows\Tasks\GoogleUpdateTaskMachineUA.job
- c: \program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 18: 44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c: \program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"Cmaudio8788"="c: \windows\Syswow64\cmicnfgp.dll" [2013-07-04 8769536]
"Cmaudio8788GX"="c: \windows\syswow64\HsMgr.exe" [2013-07-04 200704]
"Cmaudio8788GX64"="c: \windows\system\HsMgr64.exe" [2013-07-04 282112]
"AdobeAAMUpdater-1.0"="c: \program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-13 472984]
.
------- Skan uzupełniający -------
.
uLocal Page = c: \windows\system32\blank.htm
uStart Page = hxxp: //searchou.com/?id=12f2dd5f000000000000001e8c6e510f
mDefault_Page_URL = hxxp: //en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHDT725032VLA380_VFJ201R2FXZ2WXFXZ2WXX&ts=1372932043
mStart Page = hxxp: //en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHDT725032VLA380_VFJ201R2FXZ2WXFXZ2WXX&ts=1372932043
mLocal Page = c: \windows\SysWOW64\blank.htm
TCP:  DhcpNameServer = 192.168.19.1
FF - ProfilePath - c: \users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\ies1h1b9.default\
FF - prefs.js:  browser.search.defaulturl -
FF - prefs.js:  browser.search.selectedEngine - Search The Web (privitize)
FF - prefs.js:  browser.startup.homepage - about: home
FF - prefs.js:  keyword.URL - hxxp: //searchou.com/?q={searchTerms}&id=12f2dd5f000000000000001e8c6e510f
FF - ExtSQL:  2013-07-04 17: 30; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; c: \users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\ies1h1b9.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF - ExtSQL:  2013-07-04 23: 25; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c: \users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\ies1h1b9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL:  2013-07-07 16: 25; ffxtlbr@privitize.com; c: \users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\ies1h1b9.default\extensions\ffxtlbr@privitize.​com
FF - ExtSQL:  2013-07-08 16: 25; iuaoioee@iuyaeeoi.com; c: \users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\ies1h1b9.default\extensions\iuaoioee@iuyaeeoi.​com
FF - ExtSQL:  2013-07-11 19: 22; IplextoALL@ALLPlayer.org; c: \users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\ies1h1b9.default\extensions\IplextoALL@ALLPlay​er.org.xpi
FF - user.js:  extensions.privitize.hpOld0 -
FF - user.js:  extensions.privitize.tlbrSrchUrl - hxxp: //searchou.com/?id=12f2dd5f000000000000001e8c6e510f&q=
FF - user.js:  extensions.privitize.id - 12f2dd5f000000000000001e8c6e510f
FF - user.js:  extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
FF - user.js:  extensions.privitize.instlDay - 15893
FF - user.js:  extensions.privitize.vrsn - 1.8.16.22
FF - user.js:  extensions.privitize.vrsni - 1.8.16.22
FF - user.js:  extensions.privitize.vrsnTs - 1.8.16.2216: 24
FF - user.js:  extensions.privitize.prtnrId - privitize
FF - user.js:  extensions.privitize.prdct - privitize
FF - user.js:  extensions.privitize.aflt - orgnl
FF - user.js:  extensions.privitize.smplGrp - none
FF - user.js:  extensions.privitize.tlbrId - base
FF - user.js:  extensions.privitize.instlRef -
FF - user.js:  extensions.privitize.dfltLng -
FF - user.js:  extensions.privitize.excTlbr - true
FF - user.js:  extensions.privitize.ffxUnstlRst - false
FF - user.js:  extensions.privitize.admin - false
FF - user.js:  extensions.privitize.autoRvrt - false
FF - user.js:  extensions.privitize.rvrt - false
FF - user.js:  extensions.privitize.hmpg - true
FF - user.js:  extensions.privitize.hmpgUrl - hxxp: //searchou.com/?id=12f2dd5f000000000000001e8c6e510f
FF - user.js:  extensions.privitize.dfltSrch - true
FF - user.js:  extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js:  extensions.privitize.kw_url - hxxp: //searchou.com/?q={searchTerms}&id=12f2dd5f000000000000001e8c6e510f
FF - user.js:  extensions.privitize.dnsErr - true
FF - user.js:  extensions.privitize.newTab - true
FF - user.js:  extensions.privitize.newTabUrl - hxxp: //searchou.com/?id=12f2dd5f000000000000001e8c6e510f
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Wow6432Node-HKCU-Run-EADM - d: \programy\orygin\Origin\Origin.exe
Wow6432Node-HKCU-Run-ALLUpdate - c: \program files (x86)\ALLPlayer\ALLUpdate.exe
Wow6432Node-HKCU-Run-svHost - c: \users\Jakub\AppData\Roaming\svHost.exe
Wow6432Node-HKLM-Run-avast - d: \programy\avast\avastUI.exe
c: \programdata\Microsoft\Windows\Start Menu\Programs\Startup\Aura.lnk - c: \windows\8 Skin Pack\Aura\Aura.exe
c: \programdata\Microsoft\Windows\Start Menu\Programs\Startup\Newgen.lnk - c: \windows\8 Skin Pack\Newgen\Newgen.exe
c: \programdata\Microsoft\Windows\Start Menu\Programs\Startup\TaskbarUserTile.lnk - c: \windows\8 Skin Pack\TaskbarUserTile\UserTile.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Borderlands 2_is1 - d: \gry\bordelands 2\Borderlands 2\unins000.exe
AddRemove-Origin - d: \programy\orygin\Origin\OriginUninstall.exe
AddRemove-Two Worlds II - d: \gry\Two Worlds II\Uninstall.exe
AddRemove-WsysControl - c: \programdata\eSafe\eGdpSvc.exe
AddRemove-{EB03EF39-C655-D560-FA95-79182B837D64} - c: \programdata\MAygniPic\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\?\c: \windows\SysWOW64\Drivers\X6va011"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied:  (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c: \\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword: 00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c: \\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied:  (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied:  (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c: \\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword: 00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c: \\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied:  (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c: \\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c: \\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied:  (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c: \\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c: \\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied:  (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied:  (A) (Users)
@Denied:  (A) (Everyone)
@Allowed:  (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword: 00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied:  (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c: \program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c: \program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c: \windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Czas ukończenia:  2013-08-20  22: 39: 06 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2013-08-20 20: 39
.
Przed:  9 934 315 520 bajtów wolnych
Po:  12 420 227 072 bajtów wolnych
.
- - End Of File - - 9E6938A2858F9F2481EC5AA025A6CCC1
A36C5E4F47E84449FF07ED3517B43A31
wiem,że to pewnie nie zgodne z regulaminem ale ktoś dał by mi nazwe jakiegoś dobrego antywirusa i firewalla

RE: Złośliwy Wirus który sam się odnawia - Jovi2013 - 31.03.2014 22:28

temat do zamknięcia