Witam
Bardzo proszę o pomoc, wklejam log z combofixa:
ComboFix 12-09-23.02 - Marcin 2012-09-23 21:19:37.4.4 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.4095.3325 [GMT 2:00]
Uruchomiony z: c:\users\Marcin\Downloads\ComboFix.exe
Użyto następujących komend :: c:\users\Marcin\Downloads\CFScript.txt
AV: ESET Smart Security 5.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Zapora osobista *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
FILE ::
“c:\windows\SET265.tmp”
“c:\windows\SET268.tmp”
“c:\windows\SET274.tmp”
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-08-23 do 2012-09-23 )))))))))))))))))))))))))))))))
.
.
2012-09-23 19:22 . 2012-09-23 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 13:24 . 2012-04-12 11:42 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 13:24 . 2012-04-12 11:42 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 20:47 . 2012-07-27 20:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RGSC”=“c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe” [bU]
“DAEMON Tools Lite”=“c:\program files (x86)\DAEMON Tools Lite\DTLite.exe” [2011-01-20 1305408]
“Facebook Update”=“c:\users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe” [2012-07-11 138096]
“NokiaSuite.exe”=“c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe” [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
“AMD AVT”=“start AMD Accelerated Video Transcoding device initialization” [X]
“HDAudDeck”=“c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe” [2009-09-21 2583040]
“GrooveMonitor”=“c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 31016]
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [2011-09-27 59240]
“QuickTime Task”=“c:\program files (x86)\QuickTime\QTTask.exe” [2011-10-24 421888]
“Browsers Protector”=“c:\program files (x86)\Browsers Protector\regmon32.exe” [bU]
“Malwarebytes Anti-Malware (reboot)”=“c:\program files (x86)\Malwarebytes’ Anti-Malware\mbam.exe” [2009-09-10 1312080]
“Microsoft Default Manager”=“c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” [2010-05-10 439568]
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-03 843712]
“StartCCC”=“c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2012-08-06 642216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
“PromptOnSecureDesktop”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 AVEO;USB2.0 PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys [2010-12-31 348672]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 127600]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 19568]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 161904]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 141424]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 34416]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 137328]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 158320]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-09 254528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
.
.
Zawartość folderu ‘Zaplanowane zadania’
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 13:24]
.
2012-09-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-280985965-407824408-2573217321-1001Core.job
- c:\users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-24 20:51]
.
2012-09-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-280985965-407824408-2573217321-1001UA.job
- c:\users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-24 20:51]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 22:16]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 22:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{9D717F81-9148-4f12-8568-69135F087DB0}]
c:\progra~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“egui”=“c:\program files\ESET\ESET Smart Security\egui.exe” [2012-03-07 4081008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“LoadAppInit_DLLs”=0x1
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://startsear.ch/?aff=1&cf=64522531- … 2522a44347
mStart Page = hxxp://startsear.ch/?aff=1&cf=64522531- … 2522a44347
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.1
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} - hxxps://www.pekaobiznes24.pl/components … XPEKAO.cab
FF - ProfilePath - c:\users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\3ed52vfc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
BHO-{62945179-4ABC-06DB-344E-20A76ACC1F3B} - (no file)
Toolbar-10 - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-280985965-407824408-2573217321-1001\Software\SecuROM\License information*]
“datasecu”=hex:8d,b4,7c,d3,81,71,13,3d,63,e9,5c,d0,8b,e3,a5,ba,c5,84,08,f6,ec,
5b,4a,c1,11,77,da,f8,10,39,03,eb,c2,89,47,36,d1,3c,e4,67,2f,a4,d6,bd,71,b5,\
“rkeysecu”=hex:09,66,f7,f8,c7,14,74,2f,5d,e8,77,e9,28,d8,ef,e5
.
[HKEY_USERS\S-1-5-21-280985965-407824408-2573217321-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\d:\GAMES\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
“qgif4.dll”=multi:“2011-10-10T17:42\00gif\00\00”
“qico4.dll”=multi:“2011-10-10T17:42\00ico\00\00”
“qjpeg4.dll”=multi:“2011-10-10T17:42\00jpeg\00jpg\00\00”
.
[HKEY_USERS\S-1-5-21-280985965-407824408-2573217321-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\d:\GAMES\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
“qcncodecs4.dll”=multi:“2011-10-10T17:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00”
“qkrcodecs4.dll”=multi:“2011-10-10T17:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00”
“qtwcodecs4.dll”=multi:“2011-10-10T17:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00”
.
[HKEY_USERS\S-1-5-21-280985965-407824408-2573217321-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\d:\games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
“qcncodecs4.dll”=multi:“40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00”
“qjpcodecs4.dll”=multi:“40602\000\00Windows msvc release full-config\002011-10-10T17:42\00\00”
“qjpcodecsd4.dll”=multi:“40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00”
“qkrcodecs4.dll”=multi:“40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00”
“qtwcodecs4.dll”=multi:“40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00”
.
[HKEY_USERS\S-1-5-21-280985965-407824408-2573217321-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\d:\games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
“Microsoft.VC80.CRT.manifest”=multi:“0\001\00unknown\002011-10-10T17:42\00\00”
“msvcr80.dll”=multi:“0\001\00unknown\002011-10-10T17:42\00\00”
“qgif4.dll”=multi:“40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00”
“qico4.dll”=multi:“40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00”
“qjpeg4.dll”=multi:“40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00”
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Czas ukończenia: 2012-09-23 21:26:36 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2012-09-23 19:26
ComboFix2.txt 2012-09-22 19:06
.
Przed: 28 585 537 536 bajtów wolnych
Po: 28 263 133 184 bajtów wolnych
.
-
- End Of File - - E6108CDEEF6F496ECB30C2B1922B74D5