Hmmm..dziwne właśnie przeskanowałem Combofixem restartnołem komputer i normalnie usunełem...
jeżeli chcecie log z combofixa to prosze:
Kod:
=======================================================================================ComboFix 13-08-19.02 - Jakub 2013-08-20 22: 27: 36.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.6143.4120 [GMT 2: 00]
Uruchomiony z: c: \users\Jakub\Downloads\ComboFix.exe
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c: \programdata\Amazon.ico
c: \programdata\bcadceaafcdc.cfg
c: \programdata\MAygniPic
c: \programdata\MAygniPic\51dacbc1751d1.tlb
c: \programdata\MAygniPic\data\MAygniPic.dat
c: \programdata\MAygniPic\settings.ini
c: \programdata\MAygniPic\uninstall.exe
c: \programdata\MercadoLivre.ico
c: \programdata\Microsoft\Windows\Start Menu\Programs\MAygniPic
c: \programdata\Microsoft\Windows\Start Menu\Programs\MAygniPic\MAygniPic.lnk
c: \programdata\Microsoft\Windows\Start Menu\Programs\MAygniPic\Uninstall.lnk
c: \programdata\QuickStores.ico
c: \users\Jakub\AppData\Local\lollipop
c: \users\Jakub\AppData\Roaming\PnkBstrB.exe
c: \windows\PFRO.log
c: \windows\SysWow64\frapsvid.dll
c: \windows\SysWow64\Packet.dll
c: \windows\SysWow64\pthreadVC.dll
c: \windows\SysWow64\themeui.dll.tmp
c: \windows\SysWow64\uxtheme.dll.tmp
c: \windows\SysWow64\wpcap.dll
.
-- Poprzednie uruchomienie --
.
Zainfekowana kopia c: \windows\SysWow64\user32.dll została znaleziona. Problem naprawiono
Plik odzyskano z - c: \windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
--------
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_WsysSvc
.
.
((((((((((((((((((((((((( Pliki utworzone od 2013-07-20 do 2013-08-20 )))))))))))))))))))))))))))))))
.
.
2013-08-20 20: 33 . 2013-08-20 20: 35 -------- d-----w- c: \users\UpdatusUser\AppData\Local\temp
2013-08-20 20: 33 . 2013-08-20 20: 33 -------- d-----w- c: \users\Default\AppData\Local\temp
2013-08-20 20: 18 . 2013-08-20 20: 18 388096 ----a-r- c: \users\Jakub\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-20 20: 18 . 2013-08-20 20: 18 -------- d-----w- c: \program files (x86)\Trend Micro
2013-08-20 20: 03 . 2013-07-15 01: 34 9460976 ----a-w- c: \programdata\Microsoft\Windows Defender\Definition Updates\{FE22F2E3-A3EF-40F5-A6CB-D89025311099}\mpengine.dll
2013-08-20 19: 33 . 2013-08-18 09: 53 -------- d-----w- c: \users\Jakub\AppData\Roaming\Adobe64x
2013-08-20 16: 20 . 2013-08-20 18: 30 3307520 ------r- c: \users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\riaiccape.exe
2013-08-20 00: 24 . 2013-08-20 00: 24 -------- d-----w- C: \CodeOpen
2013-08-20 00: 00 . 2013-08-20 00: 01 -------- d-----w- c: \program files\Recuva
2013-08-19 10: 19 . 2013-08-19 10: 19 -------- d-----w- c: \users\Default\AppData\Roaming\TuneUp Software
2013-08-18 15: 16 . 2013-08-18 15: 16 -------- d-----w- c: \users\Jakub\AppData\Local\FOMM
2013-08-18 15: 16 . 2013-08-18 15: 16 -------- d-----w- c: \program files (x86)\GeMM
2013-08-15 01: 55 . 2013-08-15 01: 55 -------- d-----w- c: \users\Jakub\AppData\Local\Black_Tree_Gaming
2013-08-15 01: 55 . 2013-08-15 01: 55 -------- d-----w- c: \program files\Nexus Mod Manager
2013-08-14 15: 24 . 2013-08-14 15: 24 -------- d-----w- c: \users\Jakub\AppData\Local\FalloutNV
2013-08-13 23: 50 . 2013-08-13 23: 50 -------- d-----w- c: \users\Jakub\AppData\Roaming\Unity
2013-08-13 23: 48 . 2013-08-13 23: 48 48648 ----a-w- c: \programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-08-13 23: 48 . 2013-08-13 23: 48 686416 ----a-w- c: \programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-08-13 22: 37 . 2013-08-13 22: 37 -------- d-----w- c: \users\Jakub\AppData\Local\Unity
2013-08-13 09: 37 . 2013-08-13 09: 37 -------- d-----w- c: \users\Jakub\AppData\Local\Two Worlds II
2013-08-12 21: 19 . 2013-08-12 21: 19 -------- d-----w- c: \users\Jakub\AppData\Local\Skyrim
2013-08-12 19: 37 . 2013-08-12 19: 40 -------- d-----w- c: \program files (x86)\ZAR
2013-08-06 16: 35 . 2013-08-06 16: 35 -------- d-----w- c: \program files (x86)\ESET
2013-08-06 16: 05 . 2013-08-06 16: 05 -------- d-----w- c: \programdata\GG
2013-08-06 14: 22 . 2013-08-06 14: 22 -------- d-----w- c: \users\Jakub\Nowy folder
2013-07-24 09: 29 . 2013-07-24 09: 29 -------- d-----w- c: \users\Jakub\AppData\Roaming\Opera Software
2013-07-24 09: 29 . 2013-07-24 09: 29 -------- d-----w- c: \users\Jakub\AppData\Local\Opera Software
2013-07-24 09: 29 . 2013-07-24 09: 29 -------- d-----w- c: \program files (x86)\Opera
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-18 16: 06 . 2013-07-18 14: 15 298584 ----a-w- c: \windows\SysWow64\PnkBstrB.xtr
2013-07-18 16: 06 . 2013-07-17 23: 05 298584 ----a-w- c: \windows\SysWow64\PnkBstrB.exe
2013-07-18 14: 37 . 2013-07-17 23: 05 298584 ----a-w- c: \windows\SysWow64\PnkBstrB.ex0
2013-07-18 11: 32 . 2013-07-04 09: 11 71048 ----a-w- c: \windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-18 11: 32 . 2013-07-04 09: 11 692104 ----a-w- c: \windows\SysWow64\FlashPlayerApp.exe
2013-07-17 23: 05 . 2013-07-17 23: 05 76888 ----a-w- c: \windows\SysWow64\PnkBstrA.exe
2013-07-11 18: 44 . 2013-07-11 18: 44 378944 ----a-w- c: \windows\system32\drivers\aswSP.sys
2013-07-11 18: 44 . 2013-07-11 18: 44 1030952 ----a-w- c: \windows\system32\drivers\aswSnx.sys
2013-07-11 18: 44 . 2013-07-11 18: 44 189936 ----a-w- c: \windows\system32\drivers\aswVmm.sys
2013-07-09 14: 51 . 2013-07-09 14: 52 789416 ----a-w- c: \windows\SysWow64\deployJava1.dll
2013-07-09 14: 51 . 2013-07-09 14: 51 867240 ----a-w- c: \windows\SysWow64\npDeployJava1.dll
2013-07-09 14: 51 . 2013-07-09 14: 51 96168 ----a-w- c: \windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-04 10: 34 . 2013-07-04 10: 35 118104 ----a-w- c: \windows\dxsdkuninst.exe
2013-07-04 10: 34 . 2013-07-04 10: 34 283064 ----a-w- c: \windows\system32\drivers\dtsoftbus01.sys
2013-07-04 09: 47 . 2010-11-21 03: 23 2851840 ----a-w- c: \windows\system32\themeui.dll
2013-07-04 09: 47 . 2009-07-13 23: 55 332288 ----a-w- c: \windows\system32\uxtheme.dll
2013-07-04 09: 47 . 2009-07-13 23: 54 44544 ----a-w- c: \windows\system32\themeservice.dll
2013-07-04 09: 25 . 2013-07-04 09: 25 419840 ----a-w- c: \windows\system32\wrap_oal.dll
2013-07-04 09: 25 . 2013-07-04 09: 25 413696 ----a-w- c: \windows\SysWow64\wrap_oal.dll
2013-07-04 09: 25 . 2013-07-04 09: 25 111616 ----a-w- c: \windows\system32\OpenAL32.dll
2013-07-04 09: 25 . 2013-07-04 09: 25 102400 ----a-w- c: \windows\SysWow64\OpenAL32.dll
2013-07-04 09: 24 . 2011-03-10 13: 44 2725376 ----a-w- c: \windows\system32\drivers\cmudaxp.sys
2013-07-04 09: 24 . 2007-04-19 13: 12 32768 ----a-w- c: \windows\system32\cmudaxp.dll
2013-07-04 09: 24 . 2004-04-14 09: 28 315392 ----a-w- c: \windows\SysWow64\CmiFltr.dll
2013-07-04 09: 24 . 2004-04-14 09: 28 315392 ----a-w- c: \windows\system\CmiFltr.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 122880 ----a-w- c: \windows\system32\Cm_Oal.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 122880 ------w- c: \windows\SysWow64\Cm_Oal.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 8769536 ------w- c: \windows\SysWow64\CmiCnfgp.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 389120 ----a-w- c: \windows\system32\CmiCnfgp.cpl
2013-07-04 09: 24 . 2013-07-04 09: 25 282112 ----a-w- c: \windows\system\HsMgr64.exe
2013-07-04 09: 24 . 2013-07-04 09: 25 217088 ------w- c: \windows\SysWow64\HsSrv2.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 217088 ------w- c: \windows\SysWow64\HsSrv.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 200704 ----a-w- c: \windows\SysWow64\HsMgr.exe
2013-07-04 09: 24 . 2013-07-04 09: 25 200704 ------w- c: \windows\SysWow64\Cmpaoxy.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 143360 ------w- c: \windows\SysWow64\VmixP8.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 121856 ------w- c: \windows\system\HsSrv642.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 121856 ------w- c: \windows\system\HsSrv64.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 465408 ----a-w- c: \windows\system32\cmasiopx.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 303104 ------w- c: \windows\SysWow64\cmasiop.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 359424 ----a-w- c: \windows\system32\CmiInstallResAll64.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 524768 ----a-w- c: \windows\difxapi.dll
2013-07-04 09: 24 . 2013-07-04 09: 25 805376 ----a-w- c: \windows\system32\Cmeauoxy.exe
2013-06-21 12: 06 . 2013-07-04 09: 16 61216 ----a-w- c: \windows\system32\OpenCL.dll
2013-06-21 12: 06 . 2013-07-04 09: 16 53024 ----a-w- c: \windows\SysWow64\OpenCL.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 925648 ----a-w- c: \windows\SysWow64\nvumdshim.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 9239344 ----a-w- c: \windows\system32\nvcuda.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 7687592 ----a-w- c: \windows\SysWow64\nvcuda.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 7641832 ----a-w- c: \windows\system32\nvopencl.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 6324360 ----a-w- c: \windows\SysWow64\nvopencl.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 572704 ----a-w- c: \windows\system32\NvFBC64.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 570656 ----a-w- c: \windows\system32\NvIFR64.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 467232 ----a-w- c: \windows\SysWow64\NvIFR.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 465184 ----a-w- c: \windows\SysWow64\NvFBC.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 2953504 ----a-w- c: \windows\system32\nvcuvid.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 27781920 ----a-w- c: \windows\system32\nvoglv64.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 2777888 ----a-w- c: \windows\SysWow64\nvcuvid.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 266448 ----a-w- c: \windows\system32\nvinitx.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 2363680 ----a-w- c: \windows\system32\nvcuvenc.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 218592 ----a-w- c: \windows\system32\nvoglshim64.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 214448 ----a-w- c: \windows\SysWow64\nvinit.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 21102368 ----a-w- c: \windows\SysWow64\nvoglv32.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 2002720 ----a-w- c: \windows\SysWow64\nvcuvenc.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 1832224 ----a-w- c: \windows\system32\nvdispco6432049.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 181488 ----a-w- c: \windows\SysWow64\nvoglshim32.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 17560352 ----a-w- c: \windows\SysWow64\nvcompiler.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 15920536 ----a-w- c: \windows\system32\nvwgf2umx.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 15144928 ----a-w- c: \windows\system32\nvd3dumx.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 1511712 ----a-w- c: \windows\system32\nvdispgenco6432049.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 13411896 ----a-w- c: \windows\SysWow64\nvwgf2um.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 12427240 ----a-w- c: \windows\SysWow64\nvd3dum.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 11235104 ----a-w- c: \windows\system32\drivers\nvlddmkm.sys
2013-06-21 12: 06 . 2013-07-04 09: 09 1059560 ----a-w- c: \windows\system32\nvumdshimx.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 2936208 ----a-w- c: \windows\system32\nvapi64.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 2597856 ----a-w- c: \windows\SysWow64\nvapi.dll
2013-06-21 12: 06 . 2013-07-04 09: 09 25256224 ----a-w- c: \windows\system32\nvcompiler.dll
2013-06-21 10: 23 . 2013-07-04 09: 17 6496544 ----a-w- c: \windows\system32\nvcpl.dll
2013-06-21 10: 23 . 2013-07-04 09: 17 3514656 ----a-w- c: \windows\system32\nvsvc64.dll
2013-06-21 10: 23 . 2013-07-04 09: 17 884512 ----a-w- c: \windows\system32\nvvsvc.exe
2013-06-21 10: 23 . 2013-07-04 09: 17 63776 ----a-w- c: \windows\system32\nvshext.dll
2013-06-21 10: 23 . 2013-07-04 09: 17 237856 ----a-w- c: \windows\system32\nvmctray.dll
2013-06-21 03: 16 . 2013-06-21 03: 16 566048 ----a-w- c: \windows\SysWow64\nvStreaming.exe
2013-06-20 04: 17 . 2013-07-04 09: 17 3253909 ----a-w- c: \windows\system32\nvcoproc.bin
2013-06-08 12: 11 . 2013-06-08 12: 11 39896 ----a-w- c: \windows\SysWow64\DiscHandler.exe
2013-06-08 11: 57 . 2013-06-08 11: 57 4012544 ----a-w- c: \windows\system32\ffmpeg.dll
2013-06-08 11: 57 . 2013-06-08 11: 57 474624 ----a-w- c: \windows\system32\ff_kernelDeint.dll
2013-06-08 11: 56 . 2013-06-08 11: 56 127488 ----a-w- c: \windows\system32\ff_vfw.dll
2013-06-08 11: 56 . 2013-06-08 11: 56 4372992 ----a-w- c: \windows\system32\ffdshow.ax
2013-06-08 11: 56 . 2013-06-08 11: 56 156672 ----a-w- c: \windows\system32\ff_libmad.dll
2013-06-08 11: 56 . 2013-06-08 11: 56 631296 ----a-w- c: \windows\system32\TomsMoComp_ff.dll
2013-06-08 11: 55 . 2013-06-08 11: 55 114688 ----a-w- c: \windows\system32\ff_wmv9.dll
2013-06-08 11: 55 . 2013-06-08 11: 55 1532928 ----a-w- c: \windows\system32\ff_samplerate.dll
2013-06-08 11: 55 . 2013-06-08 11: 55 116224 ----a-w- c: \windows\system32\ff_liba52.dll
2013-06-08 11: 55 . 2013-06-08 11: 55 222720 ----a-w- c: \windows\system32\ff_libdts.dll
2013-06-08 11: 55 . 2013-06-08 11: 55 183296 ----a-w- c: \windows\system32\ff_unrar.dll
2013-06-08 11: 55 . 2013-06-08 11: 55 190464 ----a-w- c: \windows\system32\libmpeg2_ff.dll
2013-06-08 11: 54 . 2013-06-08 11: 54 3915776 ----a-w- c: \windows\SysWow64\ffmpeg.dll
2013-06-08 11: 53 . 2013-06-08 11: 53 112640 ----a-w- c: \windows\SysWow64\ff_vfw.dll
2013-06-08 11: 53 . 2013-06-08 11: 53 3501568 ----a-w- c: \windows\SysWow64\ffdshow.ax
2013-06-08 11: 52 . 2013-06-08 11: 52 271360 ----a-w- c: \windows\SysWow64\TomsMoComp_ff.dll
2013-06-08 11: 52 . 2013-06-08 11: 52 157184 ----a-w- c: \windows\SysWow64\ff_unrar.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}]
2013-03-25 15: 14 251288 ----a-w- c: \program files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bcadceaafcdc"="ŕ�áw" [X]
"xwidget"="c: \program files (x86)\XWidget\xwidget.exe" [2013-06-09 1811968]
"DAEMON Tools Lite"="c: \program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"RocketDock"="c: \program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ChomikBox"="d: \chomik\chomikbox.exe" [2012-11-15 5979648]
"Steam"="d: \programy\steam\Steam.exe" [2013-07-26 1807272]
"Sidebar"="c: \program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c: \program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c: \program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c: \program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c: \users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
riaiccape.exe [2013-8-20 3307520]
.
c: \programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c: \windows\SysWOW64\C2MP\UpdateChecker.exe [2013-6-8 48200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c: \windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c: \windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c: \windows\system32\Drivers\ssadadb.sys;c: \windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c: \windows\system32\DRIVERS\MijXfilt.sys;c: \windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c: \windows\system32\DRIVERS\ssadbus.sys;c: \windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c: \windows\system32\DRIVERS\ssadmdfl.sys;c: \windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c: \windows\system32\DRIVERS\ssadmdm.sys;c: \windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c: \windows\system32\DRIVERS\ssadserd.sys;c: \windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c: \windows\system32\drivers\tsusbflt.sys;c: \windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c: \windows\system32\drivers\TsUsbGD.sys;c: \windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 X6va011;X6va011;c: \windows\SysWOW64\Drivers\X6va011;c: \windows\SysWOW64\Drivers\X6va011 [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c: \windows\system32\DRIVERS\dtsoftbus01.sys;c: \windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c: \windows\system32\drivers\aswMonFlt.sys;c: \windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c: \program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c: \program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c: \windows\system32\drivers\cmudaxp.sys;c: \windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c: \windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-06 12: 05 1173456 ----a-w- c: \program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-08-20 c: \windows\Tasks\Adobe Flash Player Updater.job
- c: \windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-04 11: 32]
.
2013-08-20 c: \windows\Tasks\GoogleUpdateTaskMachineCore.job
- c: \program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 18: 44]
.
2013-08-20 c: \windows\Tasks\GoogleUpdateTaskMachineUA.job
- c: \program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 18: 44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c: \program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"Cmaudio8788"="c: \windows\Syswow64\cmicnfgp.dll" [2013-07-04 8769536]
"Cmaudio8788GX"="c: \windows\syswow64\HsMgr.exe" [2013-07-04 200704]
"Cmaudio8788GX64"="c: \windows\system\HsMgr64.exe" [2013-07-04 282112]
"AdobeAAMUpdater-1.0"="c: \program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-13 472984]
.
------- Skan uzupełniający -------
.
uLocal Page = c: \windows\system32\blank.htm
uStart Page = hxxp: //searchou.com/?id=12f2dd5f000000000000001e8c6e510f
mDefault_Page_URL = hxxp: //en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHDT725032VLA380_VFJ201R2FXZ2WXFXZ2WXX&ts=1372932043
mStart Page = hxxp: //en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHDT725032VLA380_VFJ201R2FXZ2WXFXZ2WXX&ts=1372932043
mLocal Page = c: \windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.19.1
FF - ProfilePath - c: \users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\ies1h1b9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)
FF - prefs.js: browser.startup.homepage - about: home
FF - prefs.js: keyword.URL - hxxp: //searchou.com/?q={searchTerms}&id=12f2dd5f000000000000001e8c6e510f
FF - ExtSQL: 2013-07-04 17: 30; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; c: \users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\ies1h1b9.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF - ExtSQL: 2013-07-04 23: 25; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c: \users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\ies1h1b9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-07-07 16: 25; ffxtlbr@privitize.com; c: \users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\ies1h1b9.default\extensions\ffxtlbr@privitize.com
FF - ExtSQL: 2013-07-08 16: 25; iuaoioee@iuyaeeoi.com; c: \users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\ies1h1b9.default\extensions\iuaoioee@iuyaeeoi.com
FF - ExtSQL: 2013-07-11 19: 22; IplextoALL@ALLPlayer.org; c: \users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\ies1h1b9.default\extensions\IplextoALL@ALLPlayer.org.xpi
FF - user.js: extensions.privitize.hpOld0 -
FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp: //searchou.com/?id=12f2dd5f000000000000001e8c6e510f&q=
FF - user.js: extensions.privitize.id - 12f2dd5f000000000000001e8c6e510f
FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
FF - user.js: extensions.privitize.instlDay - 15893
FF - user.js: extensions.privitize.vrsn - 1.8.16.22
FF - user.js: extensions.privitize.vrsni - 1.8.16.22
FF - user.js: extensions.privitize.vrsnTs - 1.8.16.2216: 24
FF - user.js: extensions.privitize.prtnrId - privitize
FF - user.js: extensions.privitize.prdct - privitize
FF - user.js: extensions.privitize.aflt - orgnl
FF - user.js: extensions.privitize.smplGrp - none
FF - user.js: extensions.privitize.tlbrId - base
FF - user.js: extensions.privitize.instlRef -
FF - user.js: extensions.privitize.dfltLng -
FF - user.js: extensions.privitize.excTlbr - true
FF - user.js: extensions.privitize.ffxUnstlRst - false
FF - user.js: extensions.privitize.admin - false
FF - user.js: extensions.privitize.autoRvrt - false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.hmpgUrl - hxxp: //searchou.com/?id=12f2dd5f000000000000001e8c6e510f
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.kw_url - hxxp: //searchou.com/?q={searchTerms}&id=12f2dd5f000000000000001e8c6e510f
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
FF - user.js: extensions.privitize.newTabUrl - hxxp: //searchou.com/?id=12f2dd5f000000000000001e8c6e510f
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Wow6432Node-HKCU-Run-EADM - d: \programy\orygin\Origin\Origin.exe
Wow6432Node-HKCU-Run-ALLUpdate - c: \program files (x86)\ALLPlayer\ALLUpdate.exe
Wow6432Node-HKCU-Run-svHost - c: \users\Jakub\AppData\Roaming\svHost.exe
Wow6432Node-HKLM-Run-avast - d: \programy\avast\avastUI.exe
c: \programdata\Microsoft\Windows\Start Menu\Programs\Startup\Aura.lnk - c: \windows\8 Skin Pack\Aura\Aura.exe
c: \programdata\Microsoft\Windows\Start Menu\Programs\Startup\Newgen.lnk - c: \windows\8 Skin Pack\Newgen\Newgen.exe
c: \programdata\Microsoft\Windows\Start Menu\Programs\Startup\TaskbarUserTile.lnk - c: \windows\8 Skin Pack\TaskbarUserTile\UserTile.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Borderlands 2_is1 - d: \gry\bordelands 2\Borderlands 2\unins000.exe
AddRemove-Origin - d: \programy\orygin\Origin\OriginUninstall.exe
AddRemove-Two Worlds II - d: \gry\Two Worlds II\Uninstall.exe
AddRemove-WsysControl - c: \programdata\eSafe\eGdpSvc.exe
AddRemove-{EB03EF39-C655-D560-FA95-79182B837D64} - c: \programdata\MAygniPic\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\?\c: \windows\SysWOW64\Drivers\X6va011"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c: \\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword: 00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c: \\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c: \\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword: 00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c: \\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c: \\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c: \\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c: \\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c: \\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword: 00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c: \program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c: \program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c: \windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Czas ukończenia: 2013-08-20 22: 39: 06 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2013-08-20 20: 39
.
Przed: 9 934 315 520 bajtów wolnych
Po: 12 420 227 072 bajtów wolnych
.
- - End Of File - - 9E6938A2858F9F2481EC5AA025A6CCC1
A36C5E4F47E84449FF07ED3517B43A31
wiem,że to pewnie nie zgodne z regulaminem ale ktoś dał by mi nazwe jakiegoś dobrego antywirusa i firewalla
Post: #1
![[Obrazek: Lady_In_Blue.gif]](https://s26.postimg.cc/o9usxxybd/Lady_In_Blue.gif)
![[Obrazek: sygnaasia.png]](https://s26.postimg.cc/ws492bf4p/sygnaasia.png)
