coorhan
Nowy
Liczba postów: 4
|
RE: Problem z artefaktami, wpisującymi się samoistnie literami do tekstu i innymi
LOGI Z COMBOFIX ! ( PONIŻEJ ZNAJDUJĄ SIĘ TEŻ LOGI Z HIJACK THIS )
Kod:
ComboFix 12-12-02.01 - Corr 2012-12-04 0: 21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1033.18.6142.2946 [GMT 1: 00]
Uruchomiony z: c: \users\Corr\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c: \users\Corr\AppData\Roaming\Identities\msess.exe
c: \users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-11-03 do 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 23: 31 . 2012-12-03 23: 31 -------- d-----w- c: \users\Default\AppData\Local\temp
2012-12-03 22: 42 . 2012-12-03 22: 42 76232 ----a-w- c: \programdata\Microsoft\Windows Defender\Definition Updates\{C0BB982D-EF42-4529-A45A-37AFCCF5674A}\offreg.dll
2012-12-03 18: 03 . 2012-12-03 18: 03 -------- d-----w- c: \program files (x86)\Hijack
2012-12-03 17: 39 . 2012-05-29 18: 46 35680 ----a-w- c: \windows\system32\uxtuneup.dll
2012-12-03 17: 39 . 2012-05-29 18: 46 29024 ----a-w- c: \windows\SysWow64\uxtuneup.dll
2012-12-03 17: 36 . 2012-05-29 18: 46 34656 ----a-w- c: \windows\system32\TURegOpt.exe
2012-12-03 17: 35 . 2012-05-29 18: 46 25952 ----a-w- c: \windows\system32\authuitu.dll
2012-12-03 17: 35 . 2012-05-29 18: 46 21344 ----a-w- c: \windows\SysWow64\authuitu.dll
2012-12-03 17: 35 . 2012-12-03 17: 38 -------- d-----w- c: \program files (x86)\TuneUp Utilities 2012
2012-12-03 17: 34 . 2012-12-03 17: 36 -------- d-----w- c: \programdata\TuneUp Software
2012-12-03 17: 34 . 2012-12-03 17: 34 -------- d-sh--w- c: \programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-12-03 16: 33 . 2012-12-03 16: 33 73656 ----a-w- c: \windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-03 16: 33 . 2012-12-03 16: 33 697272 ----a-w- c: \windows\SysWow64\FlashPlayerApp.exe
2012-12-03 16: 33 . 2012-12-03 16: 33 -------- d-----w- c: \windows\SysWow64\Macromed
2012-12-03 16: 33 . 2012-12-03 16: 33 -------- d-----w- c: \windows\system32\Macromed
2012-12-03 16: 03 . 2012-12-03 16: 13 -------- d-----w- c: \program files (x86)\Common Files\Steam
2012-12-03 15: 24 . 2012-12-03 15: 24 -------- d-----w- c: \program files\CCleaner
2012-12-03 15: 11 . 2012-12-03 16: 00 -------- d-----w- c: \programdata\Spybot - Search & Destroy
2012-12-03 15: 11 . 2009-01-25 11: 14 17272 ----a-w- c: \windows\system32\sdnclean64.exe
2012-12-03 15: 11 . 2012-12-03 15: 11 -------- d-----w- c: \program files (x86)\Spybot - Search & Destroy 2
2012-12-03 15: 00 . 2012-10-09 18: 17 226816 ----a-w- c: \windows\system32\dhcpcore6.dll
2012-12-03 15: 00 . 2012-10-09 17: 40 193536 ----a-w- c: \windows\SysWow64\dhcpcore6.dll
2012-12-03 15: 00 . 2012-10-09 18: 17 55296 ----a-w- c: \windows\system32\dhcpcsvc6.dll
2012-12-03 15: 00 . 2012-10-09 17: 40 44032 ----a-w- c: \windows\SysWow64\dhcpcsvc6.dll
2012-12-03 15: 00 . 2012-08-22 18: 12 950128 ----a-w- c: \windows\system32\drivers\ndis.sys
2012-12-03 14: 01 . 2012-12-03 14: 01 -------- d-----w- c: \windows\system32\SPReview
2012-12-03 13: 59 . 2012-12-03 13: 59 -------- d-----w- c: \windows\system32\EventProviders
2012-12-03 13: 33 . 2012-12-03 13: 33 -------- d-----w- c: \program files\ESET
2012-12-02 21: 12 . 2010-11-05 01: 57 48976 ----a-w- c: \windows\system32\netfxperf.dll
2012-12-02 21: 12 . 2010-11-05 01: 57 1942856 ----a-w- c: \windows\system32\dfshim.dll
2012-12-02 21: 12 . 2010-11-05 01: 58 1130824 ----a-w- c: \windows\SysWow64\dfshim.dll
2012-12-02 21: 12 . 2010-11-20 13: 27 12288 ----a-w- c: \windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-12-02 21: 12 . 2010-11-20 13: 27 14967808 ----a-w- c: \program files\DVD Maker\OmdBase.dll
2012-12-02 21: 12 . 2010-11-20 13: 27 3715584 ----a-w- c: \windows\system32\mstscax.dll
2012-12-02 21: 12 . 2010-11-20 13: 26 1838080 ----a-w- c: \windows\system32\d3d10warp.dll
2012-12-02 21: 12 . 2010-11-20 11: 07 59392 ----a-w- c: \windows\system32\drivers\TsUsbFlt.sys
2012-12-02 21: 12 . 2010-11-20 12: 19 3215872 ----a-w- c: \windows\SysWow64\mstscax.dll
2012-12-02 21: 10 . 2010-11-20 13: 34 363392 ----a-w- c: \windows\system32\drivers\volmgrx.sys
2012-12-02 21: 09 . 2010-11-20 12: 21 363008 ----a-w- c: \windows\SysWow64\wbemcomn.dll
2012-12-02 21: 09 . 2010-11-20 12: 21 189952 ----a-w- c: \program files (x86)\Windows Portable Devices\sqmapi.dll
2012-12-02 21: 09 . 2010-11-20 12: 19 606208 ----a-w- c: \windows\SysWow64\wbem\fastprox.dll
2012-12-02 21: 08 . 2010-11-20 13: 27 529408 ----a-w- c: \windows\system32\wbemcomn.dll
2012-12-02 21: 08 . 2010-11-20 13: 27 244736 ----a-w- c: \program files\Windows Portable Devices\sqmapi.dll
2012-12-02 21: 08 . 2010-11-20 13: 27 244736 ----a-w- c: \windows\system32\sqmapi.dll
2012-12-02 13: 58 . 2012-12-02 13: 58 -------- d--h--w- c: \program files (x86)\Common Files\EAInstaller
2012-12-02 13: 58 . 2008-10-15 05: 22 519000 ----a-w- c: \windows\system32\d3dx10_40.dll
2012-12-02 13: 58 . 2008-10-15 05: 22 452440 ----a-w- c: \windows\SysWow64\d3dx10_40.dll
2012-12-02 13: 58 . 2008-10-15 05: 22 2605920 ----a-w- c: \windows\system32\D3DCompiler_40.dll
2012-12-02 13: 58 . 2008-10-15 05: 22 2036576 ----a-w- c: \windows\SysWow64\D3DCompiler_40.dll
2012-12-02 13: 58 . 2008-10-15 05: 22 5631312 ----a-w- c: \windows\system32\D3DX9_40.dll
2012-12-02 13: 58 . 2008-10-15 05: 22 4379984 ----a-w- c: \windows\SysWow64\D3DX9_40.dll
2012-12-02 11: 39 . 2012-12-02 11: 39 -------- d-----w- c: \windows\SysWow64\Wat
2012-12-02 11: 39 . 2012-12-02 11: 39 -------- d-----w- c: \windows\system32\Wat
2012-12-02 02: 39 . 2012-07-26 04: 55 785512 ----a-w- c: \windows\system32\drivers\Wdf01000.sys
2012-12-02 02: 39 . 2012-07-26 04: 55 54376 ----a-w- c: \windows\system32\drivers\WdfLdr.sys
2012-12-02 02: 39 . 2012-07-26 04: 47 2560 ----a-w- c: \windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-02 02: 39 . 2012-07-26 02: 36 9728 ----a-w- c: \windows\system32\Wdfres.dll
2012-12-02 02: 26 . 2010-02-23 08: 16 294912 ----a-w- c: \windows\system32\browserchoice.exe
2012-12-02 01: 23 . 2012-12-02 01: 23 -------- d-----w- c: \program files\MPC-HC
2012-12-02 00: 04 . 2007-03-05 11: 42 15128 ----a-w- c: \windows\SysWow64\x3daudio1_1.dll
2012-12-01 13: 58 . 2011-02-19 12: 04 902656 ----a-w- c: \windows\system32\d2d1.dll
2012-12-01 13: 58 . 2011-02-19 06: 30 739840 ----a-w- c: \windows\SysWow64\d2d1.dll
2012-12-01 13: 58 . 2011-02-19 12: 05 1139200 ----a-w- c: \windows\system32\FntCache.dll
2012-12-01 13: 43 . 2012-12-01 13: 43 -------- d-----w- c: \programdata\ATI
2012-12-01 12: 21 . 2012-09-14 18: 28 2048 ----a-w- c: \windows\SysWow64\tzres.dll
2012-12-01 12: 21 . 2012-09-14 19: 19 2048 ----a-w- c: \windows\system32\tzres.dll
2012-12-01 12: 19 . 2012-12-01 12: 19 -------- d-----w- c: \program files (x86)\Microsoft.NET
2012-12-01 12: 07 . 2012-12-01 12: 07 -------- d-----w- c: \windows\SysWow64\XPSViewer
2012-12-01 12: 07 . 2012-12-01 12: 07 -------- d-----w- c: \windows\SysWow64\drivers\pl-PL
2012-12-01 12: 06 . 2012-12-03 14: 38 -------- d-----w- c: \windows\SysWow64\wbem\pl-PL
2012-12-01 12: 06 . 2012-12-01 12: 06 -------- d-----w- c: \windows\SysWow64\pl
2012-12-01 12: 06 . 2012-12-01 12: 06 -------- d-----w- c: \windows\pl-PL
2012-12-01 12: 06 . 2012-12-03 14: 37 -------- d-----w- c: \windows\system32\drivers\pl-PL
2012-12-01 12: 06 . 2012-12-01 12: 06 -------- d-----w- c: \windows\system32\drivers\UMDF\pl-PL
2012-12-01 12: 05 . 2012-12-03 14: 37 -------- d-----w- c: \windows\system32\wbem\pl-PL
2012-12-01 12: 05 . 2012-12-01 12: 05 -------- d-----w- c: \windows\system32\pl
2012-12-01 12: 04 . 2012-12-01 12: 04 0 ----a-w- c: \windows\ativpsrm.bin
2012-12-01 09: 25 . 2012-12-03 15: 24 -------- d-----w- c: \windows\Panther
2012-12-01 01: 43 . 2012-10-29 20: 04 66395536 ----a-w- c: \windows\system32\MRT.exe
2012-12-01 01: 39 . 2012-07-26 03: 08 229888 ----a-w- c: \windows\system32\WUDFHost.exe
2012-12-01 01: 39 . 2012-07-26 03: 08 84992 ----a-w- c: \windows\system32\WUDFSvc.dll
2012-12-01 01: 39 . 2012-07-26 03: 08 744448 ----a-w- c: \windows\system32\WUDFx.dll
2012-12-01 01: 39 . 2012-07-26 03: 08 45056 ----a-w- c: \windows\system32\WUDFCoinstaller.dll
2012-12-01 01: 39 . 2012-07-26 03: 08 194048 ----a-w- c: \windows\system32\WUDFPlatform.dll
2012-12-01 01: 39 . 2012-07-26 02: 26 87040 ----a-w- c: \windows\system32\drivers\WUDFPf.sys
2012-12-01 01: 39 . 2012-07-26 02: 26 198656 ----a-w- c: \windows\system32\drivers\WUDFRd.sys
2012-12-01 01: 30 . 2012-12-01 12: 04 -------- d-----w- c: \program files (x86)\Fighters
2012-12-01 01: 30 . 2012-12-01 01: 31 -------- d-----w- c: \programdata\Fighters
2012-12-01 01: 25 . 2012-12-01 01: 25 283200 ----a-w- c: \windows\system32\drivers\dtsoftbus01.sys
2012-12-01 01: 24 . 2012-12-01 22: 56 -------- d-----w- c: \programdata\DAEMON Tools Lite
2012-12-01 01: 21 . 2012-03-01 06: 46 23408 ----a-w- c: \windows\system32\drivers\fs_rec.sys
2012-12-01 01: 21 . 2012-03-01 06: 33 81408 ----a-w- c: \windows\system32\imagehlp.dll
2012-12-01 01: 21 . 2012-03-01 06: 28 5120 ----a-w- c: \windows\system32\wmi.dll
2012-12-01 01: 21 . 2012-03-01 05: 33 159232 ----a-w- c: \windows\SysWow64\imagehlp.dll
2012-12-01 01: 21 . 2012-03-01 05: 29 5120 ----a-w- c: \windows\SysWow64\wmi.dll
2012-12-01 01: 17 . 2012-12-01 01: 17 -------- d-----w- c: \programdata\GG
2012-12-01 01: 14 . 2009-07-13 17: 48 3584 ----a-w- c: \windows\system32\Spool\prtprocs\x64\pl-PL\LXKPTPRC.DLL.mui
2012-12-01 01: 13 . 2012-12-01 01: 13 -------- d-----r- c: \program files (x86)\Skype
2012-12-01 01: 13 . 2012-12-01 01: 13 -------- d-----w- c: \program files (x86)\Common Files\Skype
2012-12-01 01: 13 . 2012-12-01 01: 13 -------- d-----w- c: \programdata\Skype
2012-12-01 01: 05 . 2012-01-04 10: 44 509952 ----a-w- c: \windows\system32\ntshrui.dll
2012-12-01 01: 04 . 2012-08-31 18: 19 1659760 ----a-w- c: \windows\system32\drivers\ntfs.sys
2012-12-01 01: 03 . 2012-05-01 05: 40 209920 ----a-w- c: \windows\system32\profsvc.dll
2012-12-01 00: 54 . 2012-05-05 08: 36 503808 ----a-w- c: \windows\system32\srcore.dll
2012-12-01 00: 54 . 2011-12-16 08: 46 634880 ----a-w- c: \windows\system32\msvcrt.dll
2012-12-01 00: 54 . 2011-12-16 07: 52 690688 ----a-w- c: \windows\SysWow64\msvcrt.dll
2012-12-01 00: 54 . 2012-05-05 07: 46 43008 ----a-w- c: \windows\SysWow64\srclient.dll
2012-12-01 00: 54 . 2010-11-20 13: 25 296960 ----a-w- c: \windows\system32\rstrui.exe
2012-12-01 00: 54 . 2011-05-03 05: 29 976896 ----a-w- c: \windows\system32\inetcomm.dll
2012-12-01 00: 54 . 2011-05-03 04: 30 741376 ----a-w- c: \windows\SysWow64\inetcomm.dll
2012-12-01 00: 54 . 2011-02-12 11: 34 267776 ----a-w- c: \windows\system32\FXSCOVER.exe
2012-12-01 00: 54 . 2010-11-20 13: 25 974336 ----a-w- c: \windows\system32\WFS.exe
2012-12-01 00: 54 . 2011-11-17 06: 41 1731920 ----a-w- c: \windows\system32\ntdll.dll
2012-12-01 00: 54 . 2011-11-17 05: 38 1292080 ----a-w- c: \windows\SysWow64\ntdll.dll
2012-12-01 00: 52 . 2012-02-17 06: 38 1031680 ----a-w- c: \windows\system32\rdpcore.dll
2012-12-01 00: 52 . 2012-02-17 05: 34 826880 ----a-w- c: \windows\SysWow64\rdpcore.dll
2012-12-01 00: 52 . 2012-02-17 04: 57 23552 ----a-w- c: \windows\system32\drivers\tdtcp.sys
2012-12-01 00: 50 . 2012-12-01 00: 50 -------- d-----w- c: \program files (x86)\AMD AVT
2012-12-01 00: 50 . 2012-12-01 00: 50 -------- d-----w- c: \program files\AMD
2012-12-01 00: 50 . 2012-12-01 00: 50 -------- d-----w- c: \program files (x86)\AMD
2012-12-01 00: 50 . 2012-12-01 00: 50 -------- d-----w- c: \program files (x86)\AMD APP
2012-12-01 00: 50 . 2012-12-01 00: 50 -------- d-----w- c: \program files\Common Files\ATI Technologies
2012-12-01 00: 50 . 2012-12-01 00: 50 -------- d-----w- c: \program files (x86)\Common Files\ATI Technologies
2012-12-01 00: 49 . 2012-12-01 00: 50 -------- d-----w- c: \programdata\AMD
2012-12-01 00: 48 . 2012-12-01 00: 48 -------- d-----w- c: \program files (x86)\ATI Technologies
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-03 14: 19 . 2009-07-14 02: 36 175616 ----a-w- c: \windows\system32\msclmd.dll
2012-12-03 14: 19 . 2009-07-14 02: 36 152576 ----a-w- c: \windows\SysWow64\msclmd.dll
2012-10-16 08: 38 . 2012-12-01 12: 20 135168 ----a-w- c: \windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08: 38 . 2012-12-01 12: 20 350208 ----a-w- c: \windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07: 39 . 2012-12-01 12: 20 561664 ----a-w- c: \windows\apppatch\AcLayers.dll
2012-09-06 16: 05 . 2012-09-06 16: 05 3953152 ----a-w- c: \windows\system32\SlotMaximizerBe.dll
2012-09-06 16: 05 . 2012-09-06 16: 05 2839552 ----a-w- c: \windows\SysWow64\SlotMaximizerBe.dll
2012-09-06 16: 05 . 2012-09-06 16: 05 198144 ----a-w- c: \windows\system32\SlotMaximizerAg.dll
2012-09-06 16: 05 . 2012-09-06 16: 05 161792 ----a-w- c: \windows\SysWow64\SlotMaximizerAg.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c: \program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"DAEMON Tools Lite"="d: \programy\Daemon Tools\DTLite.exe" [2012-11-06 3673728]
"Integrated Driver"="c: \users\Corr\AppData\Roaming\Fighters\msess.exe" [2012-12-02 5943808]
"Steam"="d: \programy\Steam\steam.exe" [2012-12-03 1354736]
"Spybot-S&D Cleaning"="c: \program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c: \program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-15 642216]
"SDTray"="c: \program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptbehaviorAdmin"= 5 (0x5)
"ConsentPromptbehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c: \windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c: \programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c: \program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c: \windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c: \windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c: \windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c: \windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-01 283200]
S1 eamonm;eamonm;c: \windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c: \windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 AMD External Events Utility;AMD External Events Utility;c: \windows\system32\atiesrxx.exe [2012-11-15 240640]
S2 AMD FUEL Service;AMD FUEL Service;c: \program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-15 361984]
S2 AODDriver4.2;AODDriver4.2;c: \program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 ekrn;ESET Service;c: \program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c: \windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c: \program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c: \program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c: \program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c: \windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 Lycosa;Lycosa Keyboard;c: \windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 RTL8167;Realtek 8167 NT Driver;c: \windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-12-03 c: \windows\Tasks\Adobe Flash Player Updater.job
- c: \windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-03 16: 34]
.
2012-12-03 c: \windows\Tasks\GoogleUpdateTaskMachineCore.job
- c: \program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-01 00: 38]
.
2012-12-03 c: \windows\Tasks\GoogleUpdateTaskMachineUA.job
- c: \program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-01 00: 38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09: 42 2023936 ----a-w- c: \programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09: 42 2023936 ----a-w- c: \programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09: 42 2023936 ----a-w- c: \programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09: 42 2023936 ----a-w- c: \programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c: \program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-12-03 4081008]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Skan uzupełniający -------
.
uLocal Page = c: \windows\system32\blank.htm
mLocal Page = c: \windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 83.238.255.76 213.241.79.37
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2012-12-04 00: 44: 13
ComboFix-quarantined-files.txt 2012-12-03 23: 44
.
Przed: 92 501 463 040 bajtów wolnych
Po: 97 185 689 600 bajtów wolnych
.
- - End Of File - - 585C2D477C4B3E657EB4BA7C07DF248F
LOGI Z HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18: 02: 07, on 2012-12-04
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C: \Program Files (x86)\Skype\Phone\Skype.exe
C: \Users\Corr\AppData\Roaming\Fighters\msess.exe
D: \Programy\Steam\Steam.exe
C: \Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C: \Program Files (x86)\Google\Chrome\Application\chrome.exe
C: \Program Files (x86)\Google\Chrome\Application\chrome.exe
C: \Program Files (x86)\Google\Chrome\Application\chrome.exe
C: \Program Files (x86)\Google\Chrome\Application\chrome.exe
C: \Program Files (x86)\Google\Chrome\Application\chrome.exe
C: \Program Files (x86)\Google\Chrome\Application\chrome.exe
C: \Users\Corr\AppData\Local\GG\Application\gghub.exe
C: \Users\Corr\AppData\Local\GG\Application\ggapp.exe
C: \Users\Corr\AppData\Local\GG\Application\ggdrive\ggdrive.exe
C: \Program Files (x86)\Google\Chrome\Application\chrome.exe
C: \Program Files (x86)\Google\Chrome\Application\chrome.exe
C: \Program Files (x86)\Google\Chrome\Application\chrome.exe
C: \Users\Corr\AppData\Local\Temp\mzzpmiuc\checker.exe
C: \Program Files (x86)\Google\Chrome\Application\chrome.exe
C: \Program Files (x86)\Hijack\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http: //go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http: //go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http: //go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http: //go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C: \Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C: \Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C: \Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C: \Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [StartCCC] "C: \Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SDTray] "C: \Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Skype] "C: \Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D: \Programy\Daemon Tools\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Integrated Driver] C: \Users\Corr\AppData\Roaming\Fighters\msess.exe
O4 - HKCU\..\Run: [Steam] "D: \Programy\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C: \Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C: \Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Sidebar] C: \Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C: \Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C: \Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C: \Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C: \Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C: \PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C: \Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C: \Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C: \Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C: \Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C: \Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C: \Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C: \Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C: \Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C: \Windows\system32\fxssvc.exe (file missing)
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C: \Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C: \Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C: \Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C: \Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C: \Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C: \Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C: \Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C: \Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C: \Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C: \Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C: \Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C: \Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C: \Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C: \Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C: \Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C: \Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C: \Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C: \Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C: \Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C: \Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C: \Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C: \Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C: \Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C: \Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C: \Program Files (x86)\Windows Media Player\wmpnetwk.exe
--
End of file - 9032 bytes
(06.12.2012 00:16)peciaq napisał(a): Chyba lepiej infekcje wykluczyć na początku, żeby w miarę pracy i szukania przyczyny nie siała dalszego spustoszenia, nie uważasz?
Ręcznie zablokowałem w nodzie msess.exe i problem znikł. Jak myślicie co to jest ?
(Ten post był ostatnio modyfikowany: 12.12.2012 18:32 przez coorhan.)
12.12.2012 18:31
|
Post: #6
