Czarny ekran z myszką brak pulpitu


(Smiercion) #1

Witam mam laptop hp mini. Instalowałem dzisiaj dużo przez kabel na komórkę. Myślę, że wpadły trojany, gdyż jeszcze na normalnym pulpicie robiłem skana esetem(nod32) i wykazało wirusy m.in. w win32 i teraz robię skana combofixem i usuwa te rzeczy z komputera co mam na komórce. Wcześniej występowały dziwne rzeczy bo foldery z komórki traciły pojemność i nie można było ich otworzyć na komputerze ale po skanie, formacie karty i usuwaniu wirusów opanowałem to. Ostatnią rzeczą jaką robiłem był skan kompa nodem32. Zainstalowałem jeszcze hijackthis, żeby wrzucic log, ale nie może się zapisać w notatniku. W trakcie skanu wyskakuje okienko gdzie jest jedna ścieżka notepad C:\Windows\System32\drivers\etc\hosts

(jak ją usunę to okienko nie wyskakuje) ale i tak nie da się zapisać log w notatniku bo pisze nie mozża znaleźć pliku i podana jest ścieżka do folderu gdzie jest zainstalowany hijackthis z końcówką hijackthis.log. Właśnie skończył swoją pracę combofix. Mam loga i powrócił pulpit. Napiszcie czy muszę coś jeszcze robić?

-- Dodane 03.10.2011 (Pn) 0:18 --

ComboFix 11-10-02.03 - HP 2011-10-02 23:24:05.1.2 - x86

Microsoft Windows 7 Starter 6.1.7601.1.1250.48.1045.18.1012.332 [GMT 2:00]

Uruchomiony z: G:\ComboFix.exe

AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

AV: Norton Internet Security Netbook Edition *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Norton Internet Security Netbook Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\images_PAlbTN

c:\images_PAlbTN\010-001.jpg_160x120

c:\images_PAlbTN\012-001.jpg_160x120

c:\images_PAlbTN\086b678f7b1c0306fddcdde12f562751,9,24,316-220-1280-1280-0.jpg_160x120

c:\images_PAlbTN\13840995_18.1230144913-001.jpg_160x120

c:\images_PAlbTN\16e24a4915-001.jpg_160x120

c:\images_PAlbTN\20090217-001.jpg_160x120

c:\images_PAlbTN\20090225-001.jpg_160x120

c:\images_PAlbTN\20090413_003-002.jpg_160x120

c:\images_PAlbTN\20090417_005-001.jpg_160x120

c:\images_PAlbTN\20090418_002-001.jpg_160x120

c:\images_PAlbTN\20090426_010-001.jpg_160x120

c:\images_PAlbTN\20090527_014-001.jpg_160x120

c:\images_PAlbTN\20090601_015-001.jpg_160x120

c:\images_PAlbTN\20090714-001.jpg_160x120

c:\images_PAlbTN\20090804-001.jpg_160x120

c:\images_PAlbTN\20090816_003-001.jpg_160x120

c:\images_PAlbTN\20100828_006.jpg_160x120

c:\images_PAlbTN\20100918-001.jpg_160x120

c:\images_PAlbTN\20101120_005.jpg_160x120

c:\images_PAlbTN\20101125.jpg_160x120

c:\images_PAlbTN\20110718-001.jpg_160x120

c:\images_PAlbTN\20110725-001.jpg_160x120

c:\images_PAlbTN\2ec943b9e3-001.jpg_160x120

c:\images_PAlbTN\470552-001.jpg_160x120

c:\images_PAlbTN\470554-001.jpg_160x120

c:\images_PAlbTN\470564-001.jpg_160x120

c:\images_PAlbTN\470615-001.jpg_160x120

c:\images_PAlbTN\518861-001.jpg_160x120

c:\images_PAlbTN\aton_black-001.jpg_160x120

c:\images_PAlbTN\BELTIS z wstawka-001.jpg_160x120

c:\images_PAlbTN\big_953457ac3ea7fd042263056715c36c88-001.jpg_160x120

c:\images_PAlbTN\brooke_marks_07-001.jpg_160x120

c:\images_PAlbTN\d00052599c90506emed.jpg_160x120

c:\images_PAlbTN\d28c8a79f5e956c04bcbe31f8571eae1-001.jpg_160x120

c:\images_PAlbTN\diamont heart tylek-001.jpg_160x120

c:\images_PAlbTN\diores-001.jpg_160x120

c:\images_PAlbTN\DSC00164-001.jpg_160x120

c:\images_PAlbTN\DSC00164.jpg_160x120

c:\images_PAlbTN\FLAMINGO DRESS-001.jpg_160x120

c:\images_PAlbTN\foto (13).jpg_160x120

c:\images_PAlbTN\foto (71).jpg_160x120

c:\images_PAlbTN\hot-teen-stripping-fingering-6-001.jpg_160x120

c:\images_PAlbTN\IMAG0137.jpg_160x120

c:\images_PAlbTN\IMAG0144.jpg_160x120

c:\images_PAlbTN\IMAG0150.jpg_160x120

c:\images_PAlbTN\IMAG0151.jpg_160x120

c:\images_PAlbTN\IMAG0155.jpg_160x120

c:\images_PAlbTN\IMAG0222.jpg_160x120

c:\images_PAlbTN\LAIMA-001.jpg_160x120

c:\images_PAlbTN\laski-001.jpg_160x120

c:\images_PAlbTN\mala_gi_5-001.jpg_160x120

c:\images_PAlbTN\oa4-ym-001.jpg_160x120

c:\images_PAlbTN\sweetheart-001.jpg_160x120

c:\images_PAlbTN\sweetheart black-001.jpg_160x120

c:\images_PAlbTN\trzy_sztuki_01-001.jpg_160x120

c:\images_PAlbTN\Zdjęcie017.jpg_160x120

c:\images_PAlbTN\Zdjęcie0623.jpg_160x120

c:\images_PAlbTN\Zdjęcie0624.jpg_160x120

c:\images_PAlbTN\Zdjęcie0625.jpg_160x120

c:\images_PAlbTN\Zdjęcie0628.jpg_160x120

c:\images_PAlbTN\Zdjęcie0631.jpg_160x120

c:\images_PAlbTN\Zdjęcie0632.jpg_160x120

c:\images_PAlbTN\Zdjęcie0633.jpg_160x120

c:\images_PAlbTN\Zdjęcie0634.jpg_160x120

c:\images_PAlbTN\Zdjęcie0635.jpg_160x120

c:\images_PAlbTN\Zdjęcie0636.jpg_160x120

c:\images_PAlbTN\Zdjęcie0637.jpg_160x120

c:\images_PAlbTN\Zdjęcie0639.jpg_160x120

c:\images_PAlbTN\Zdjęcie0640.jpg_160x120

c:\images_PAlbTN\Zdjęcie0657.jpg_160x120

c:\images_PAlbTN\Zdjęcie0658.jpg_160x120

c:\images_PAlbTN\Zdjęcie0665.jpg_160x120

c:\images_PAlbTN\Zdjęcie0666.jpg_160x120

c:\images_PAlbTN\Zdjęcie0667.jpg_160x120

c:\images_PAlbTN\Zdjęcie0668.jpg_160x120

c:\images_PAlbTN\Zdjęcie0669.jpg_160x120

c:\images_PAlbTN\Zdjęcie0670.jpg_160x120

c:\images_PAlbTN\Zdjęcie0671.jpg_160x120

c:\images_PAlbTN\Zdjęcie0672.jpg_160x120

c:\images_PAlbTN\Zdjęcie0673.jpg_160x120

c:\images_PAlbTN\Zdjęcie0674.jpg_160x120

c:\images_PAlbTN\Zdjęcie0675.jpg_160x120

c:\images_PAlbTN\Zdjęcie0676.jpg_160x120

c:\images_PAlbTN\Zdjęcie0677.jpg_160x120

c:\images_PAlbTN\Zdjęcie0678.jpg_160x120

c:\images_PAlbTN\Zdjęcie0679.jpg_160x120

c:\images_PAlbTN\Zdjęcie0680.jpg_160x120

c:\images_PAlbTN\Zdjęcie0681.jpg_160x120

c:\images_PAlbTN\Zdjęcie0682.jpg_160x120

c:\images_PAlbTN\Zdjęcie0683.jpg_160x120

c:\images_PAlbTN\Zdjęcie0684.jpg_160x120

c:\images_PAlbTN\Zdjęcie0685.jpg_160x120

c:\images_PAlbTN\Zdjęcie0686.jpg_160x120

c:\images_PAlbTN\Zdjęcie0687.jpg_160x120

c:\images_PAlbTN\Zdjęcie0688.jpg_160x120

c:\images_PAlbTN\Zdjęcie0689.jpg_160x120

c:\images_PAlbTN\Zdjęcie0691.jpg_160x120

c:\images_PAlbTN\Zdjęcie0692.jpg_160x120

c:\images_PAlbTN\Zdjęcie0701.jpg_160x120

c:\windows\system32\XP-D41D8CD9.EXE

.

.

((((((((((((((((((((((((( Pliki utworzone od 2011-09-02 do 2011-10-02 )))))))))))))))))))))))))))))))

.

.

2011-10-02 21:49 . 2011-10-02 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-02 21:12 . 2011-10-02 21:12 388096 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-02 21:12 . 2011-10-02 21:12 -------- d-----w- c:\program files\Trend Micro

2011-10-02 20:45 . 2011-10-02 20:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates{027FDD44-B3F9-41B6-96FB-49DFADFE46A4}\offreg.dll

2011-10-02 12:23 . 2011-10-02 12:23 -------- d-----w- c:\program files\ESET

2011-10-02 10:58 . 2008-05-07 05:38 90624 ----a-w- c:\windows\system32\nmwcdcls.dll

2011-10-02 10:57 . 2011-10-02 10:57 -------- d-----w- c:\program files\Nokia

2011-10-02 10:56 . 2011-10-02 10:56 -------- d-----w- c:\program files\ODEON

2011-10-02 10:38 . 2011-10-02 10:38 -------- d-----w- c:\programdata\Premium

2011-10-02 10:38 . 2011-10-02 11:05 -------- d-----w- c:\programdata\InstallMate

2011-10-01 18:49 . 2011-10-02 21:47 -------- d-----w- C:\Images

2011-09-30 09:10 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates{027FDD44-B3F9-41B6-96FB-49DFADFE46A4}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-10 12:34 . 2011-08-10 12:34 19456 ----a-w- c:\windows\system32\Z6ZF17DE.EXE

2011-08-10 12:34 . 2011-08-10 12:34 19456 --sh--w- c:\windows\system32\zh39w.exe

2011-08-10 12:31 . 2011-08-10 12:31 69632 ---h--w- c:\windows\system32\spec.fne

2011-08-10 12:31 . 2011-08-10 12:31 217088 ---h--w- c:\windows\system32\RegEx.fnr

2011-08-10 12:31 . 2011-08-10 12:31 184320 ---h--w- c:\windows\system32\internet.fne

2011-08-10 12:30 . 2011-08-10 12:31 40960 ---h--w- c:\windows\system32\shell.fne

2011-08-10 12:30 . 2011-08-10 12:31 323584 ---h--w- c:\windows\system32\eAPI.fne

2011-08-10 12:30 . 2011-08-10 12:31 266240 ---h--w- c:\windows\system32\com.run

2011-08-10 12:30 . 2011-08-10 12:31 114688 ---h--w- c:\windows\system32\dp1.fne

2011-08-10 12:30 . 2011-08-10 12:31 1097728 ---h--w- c:\windows\system32\krnln.fnr

2011-08-09 11:57 . 2011-08-09 11:57 163424 ----a-w- c:\windows\system32\drivers\eamonm.sys

2011-08-04 07:20 . 2011-08-04 07:20 103112 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys

2011-08-04 07:20 . 2011-08-04 07:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2011-07-22 02:54 . 2011-08-12 13:58 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-12 13:58 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-12 13:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27 . 2011-08-11 19:54 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:15 . 2011-08-11 19:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 19:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 19:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 19:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 19:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 19:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-09 04:29 . 2011-08-24 11:04 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30 . 2011-08-11 19:54 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-09-10 14:14 . 2011-09-10 14:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Syncables"="c:\program files\Hewlett-Packard\HP QuickSync\QuickSync.exe" [2010-03-29 530736]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-02-07 1362944]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-24 150552]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-16 1721640]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-26 495708]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-04-09 601144]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-05-18 2038]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]

"CardDetectorHUAWEI1752_1552"="c:\program files\CardDetector\HUAWEI1752_1552\CardDetector.exe" [2009-10-14 282624]

"BEWINTERNET-PLSessionManager"="c:\program files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe" [2009-10-14 140016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-12-29 941320]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-06 3076144]

.

c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

óóóóóó.lnk - c:\windows\System32\XP-D41D8CD9.EXE [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-9 828704]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 136176]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-18 286248]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-18 33320]

R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 136176]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-08-04 103040]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 186912]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-10-03 204288]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2009-08-30 328752]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110518.001\BHDrvx86.sys [2011-04-15 802936]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]

S1 IDSVix86;IDSVix86;c:\programdata\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110527.001\IDSvix86.sys [2011-03-14 353912]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-06 339504]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-07-22 814344]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\aestsrv.exe [2009-03-03 81920]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-31 338168]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-06 974944]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-04-09 26168]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Zawartość folderu 'Zaplanowane zadania'

.

2011-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

  • c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 09:45]

.

2011-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

  • c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 09:45]

.

2011-09-16 c:\windows\Tasks\HPCeeScheduleForHP.job

  • c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.wp.pl/

mStart Page = hxxp://www.bing.com

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qq1fp28w.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.pl/|www.onet.pl

FF - prefs.js: network.proxy.type - 0

.

  • USUNIĘTO PUSTE WPISY - - - -

.

HKCU-Run-wsctf.exe - wsctf.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

.

[HKEY_USERS\S-1-5-21-81529476-2181236488-3156980001-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-81529476-2181236488-3156980001-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Czas ukończenia: 2011-10-02 23:57:22

ComboFix-quarantined-files.txt 2011-10-02 21:57

.

Przed: 184 383 094 784 bajtów wolnych

Po: 186 265 882 624 bajtów wolnych

.

  • End Of File - - E71DF9BD20E183092E8BB5E82196EC6A

Jak powrócił pulpit log z hijackthis też się zapisał.


(Kaka') #2

smiercion ,

Proszę zapoznać się z tutejszymi zasadami wklejania logów: zasady-wklejania-logow-forum-t253052.html, a następnie dokonać stosownej korekty swoich logów.