Witam mam laptop hp mini. Instalowałem dzisiaj dużo przez kabel na komórkę. Myślę, że wpadły trojany, gdyż jeszcze na normalnym pulpicie robiłem skana esetem(nod32) i wykazało wirusy m.in. w win32 i teraz robię skana combofixem i usuwa te rzeczy z komputera co mam na komórce. Wcześniej występowały dziwne rzeczy bo foldery z komórki traciły pojemność i nie można było ich otworzyć na komputerze ale po skanie, formacie karty i usuwaniu wirusów opanowałem to. Ostatnią rzeczą jaką robiłem był skan kompa nodem32. Zainstalowałem jeszcze hijackthis, żeby wrzucic log, ale nie może się zapisać w notatniku. W trakcie skanu wyskakuje okienko gdzie jest jedna ścieżka notepad C:\Windows\System32\drivers\etc\hosts
(jak ją usunę to okienko nie wyskakuje) ale i tak nie da się zapisać log w notatniku bo pisze nie mozża znaleźć pliku i podana jest ścieżka do folderu gdzie jest zainstalowany hijackthis z końcówką hijackthis.log. Właśnie skończył swoją pracę combofix. Mam loga i powrócił pulpit. Napiszcie czy muszę coś jeszcze robić?
– Dodane 03.10.2011 (Pn) 0:18 –
ComboFix 11-10-02.03 - HP 2011-10-02 23:24:05.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1250.48.1045.18.1012.332 [GMT 2:00]
Uruchomiony z: G:\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Norton Internet Security Netbook Edition *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Norton Internet Security Netbook Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\images_PAlbTN
c:\images_PAlbTN\010-001.jpg_160x120
c:\images_PAlbTN\012-001.jpg_160x120
c:\images_PAlbTN\086b678f7b1c0306fddcdde12f562751,9,24,316-220-1280-1280-0.jpg_160x120
c:\images_PAlbTN\13840995_18.1230144913-001.jpg_160x120
c:\images_PAlbTN\16e24a4915-001.jpg_160x120
c:\images_PAlbTN\20090217-001.jpg_160x120
c:\images_PAlbTN\20090225-001.jpg_160x120
c:\images_PAlbTN\20090413_003-002.jpg_160x120
c:\images_PAlbTN\20090417_005-001.jpg_160x120
c:\images_PAlbTN\20090418_002-001.jpg_160x120
c:\images_PAlbTN\20090426_010-001.jpg_160x120
c:\images_PAlbTN\20090527_014-001.jpg_160x120
c:\images_PAlbTN\20090601_015-001.jpg_160x120
c:\images_PAlbTN\20090714-001.jpg_160x120
c:\images_PAlbTN\20090804-001.jpg_160x120
c:\images_PAlbTN\20090816_003-001.jpg_160x120
c:\images_PAlbTN\20100828_006.jpg_160x120
c:\images_PAlbTN\20100918-001.jpg_160x120
c:\images_PAlbTN\20101120_005.jpg_160x120
c:\images_PAlbTN\20101125.jpg_160x120
c:\images_PAlbTN\20110718-001.jpg_160x120
c:\images_PAlbTN\20110725-001.jpg_160x120
c:\images_PAlbTN\2ec943b9e3-001.jpg_160x120
c:\images_PAlbTN\470552-001.jpg_160x120
c:\images_PAlbTN\470554-001.jpg_160x120
c:\images_PAlbTN\470564-001.jpg_160x120
c:\images_PAlbTN\470615-001.jpg_160x120
c:\images_PAlbTN\518861-001.jpg_160x120
c:\images_PAlbTN\aton_black-001.jpg_160x120
c:\images_PAlbTN\BELTIS z wstawka-001.jpg_160x120
c:\images_PAlbTN\big_953457ac3ea7fd042263056715c36c88-001.jpg_160x120
c:\images_PAlbTN\brooke_marks_07-001.jpg_160x120
c:\images_PAlbTN\d00052599c90506emed.jpg_160x120
c:\images_PAlbTN\d28c8a79f5e956c04bcbe31f8571eae1-001.jpg_160x120
c:\images_PAlbTN\diamont heart tylek-001.jpg_160x120
c:\images_PAlbTN\diores-001.jpg_160x120
c:\images_PAlbTN\DSC00164-001.jpg_160x120
c:\images_PAlbTN\DSC00164.jpg_160x120
c:\images_PAlbTN\FLAMINGO DRESS-001.jpg_160x120
c:\images_PAlbTN\foto (13).jpg_160x120
c:\images_PAlbTN\foto (71).jpg_160x120
c:\images_PAlbTN\hot-teen-stripping-fingering-6-001.jpg_160x120
c:\images_PAlbTN\IMAG0137.jpg_160x120
c:\images_PAlbTN\IMAG0144.jpg_160x120
c:\images_PAlbTN\IMAG0150.jpg_160x120
c:\images_PAlbTN\IMAG0151.jpg_160x120
c:\images_PAlbTN\IMAG0155.jpg_160x120
c:\images_PAlbTN\IMAG0222.jpg_160x120
c:\images_PAlbTN\LAIMA-001.jpg_160x120
c:\images_PAlbTN\laski-001.jpg_160x120
c:\images_PAlbTN\mala_gi_5-001.jpg_160x120
c:\images_PAlbTN\oa4-ym-001.jpg_160x120
c:\images_PAlbTN\sweetheart-001.jpg_160x120
c:\images_PAlbTN\sweetheart black-001.jpg_160x120
c:\images_PAlbTN\trzy_sztuki_01-001.jpg_160x120
c:\images_PAlbTN\Zdjęcie017.jpg_160x120
c:\images_PAlbTN\Zdjęcie0623.jpg_160x120
c:\images_PAlbTN\Zdjęcie0624.jpg_160x120
c:\images_PAlbTN\Zdjęcie0625.jpg_160x120
c:\images_PAlbTN\Zdjęcie0628.jpg_160x120
c:\images_PAlbTN\Zdjęcie0631.jpg_160x120
c:\images_PAlbTN\Zdjęcie0632.jpg_160x120
c:\images_PAlbTN\Zdjęcie0633.jpg_160x120
c:\images_PAlbTN\Zdjęcie0634.jpg_160x120
c:\images_PAlbTN\Zdjęcie0635.jpg_160x120
c:\images_PAlbTN\Zdjęcie0636.jpg_160x120
c:\images_PAlbTN\Zdjęcie0637.jpg_160x120
c:\images_PAlbTN\Zdjęcie0639.jpg_160x120
c:\images_PAlbTN\Zdjęcie0640.jpg_160x120
c:\images_PAlbTN\Zdjęcie0657.jpg_160x120
c:\images_PAlbTN\Zdjęcie0658.jpg_160x120
c:\images_PAlbTN\Zdjęcie0665.jpg_160x120
c:\images_PAlbTN\Zdjęcie0666.jpg_160x120
c:\images_PAlbTN\Zdjęcie0667.jpg_160x120
c:\images_PAlbTN\Zdjęcie0668.jpg_160x120
c:\images_PAlbTN\Zdjęcie0669.jpg_160x120
c:\images_PAlbTN\Zdjęcie0670.jpg_160x120
c:\images_PAlbTN\Zdjęcie0671.jpg_160x120
c:\images_PAlbTN\Zdjęcie0672.jpg_160x120
c:\images_PAlbTN\Zdjęcie0673.jpg_160x120
c:\images_PAlbTN\Zdjęcie0674.jpg_160x120
c:\images_PAlbTN\Zdjęcie0675.jpg_160x120
c:\images_PAlbTN\Zdjęcie0676.jpg_160x120
c:\images_PAlbTN\Zdjęcie0677.jpg_160x120
c:\images_PAlbTN\Zdjęcie0678.jpg_160x120
c:\images_PAlbTN\Zdjęcie0679.jpg_160x120
c:\images_PAlbTN\Zdjęcie0680.jpg_160x120
c:\images_PAlbTN\Zdjęcie0681.jpg_160x120
c:\images_PAlbTN\Zdjęcie0682.jpg_160x120
c:\images_PAlbTN\Zdjęcie0683.jpg_160x120
c:\images_PAlbTN\Zdjęcie0684.jpg_160x120
c:\images_PAlbTN\Zdjęcie0685.jpg_160x120
c:\images_PAlbTN\Zdjęcie0686.jpg_160x120
c:\images_PAlbTN\Zdjęcie0687.jpg_160x120
c:\images_PAlbTN\Zdjęcie0688.jpg_160x120
c:\images_PAlbTN\Zdjęcie0689.jpg_160x120
c:\images_PAlbTN\Zdjęcie0691.jpg_160x120
c:\images_PAlbTN\Zdjęcie0692.jpg_160x120
c:\images_PAlbTN\Zdjęcie0701.jpg_160x120
c:\windows\system32\XP-D41D8CD9.EXE
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-09-02 do 2011-10-02 )))))))))))))))))))))))))))))))
.
.
2011-10-02 21:49 . 2011-10-02 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-02 21:12 . 2011-10-02 21:12 388096 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-02 21:12 . 2011-10-02 21:12 -------- d-----w- c:\program files\Trend Micro
2011-10-02 20:45 . 2011-10-02 20:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates{027FDD44-B3F9-41B6-96FB-49DFADFE46A4}\offreg.dll
2011-10-02 12:23 . 2011-10-02 12:23 -------- d-----w- c:\program files\ESET
2011-10-02 10:58 . 2008-05-07 05:38 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-10-02 10:57 . 2011-10-02 10:57 -------- d-----w- c:\program files\Nokia
2011-10-02 10:56 . 2011-10-02 10:56 -------- d-----w- c:\program files\ODEON
2011-10-02 10:38 . 2011-10-02 10:38 -------- d-----w- c:\programdata\Premium
2011-10-02 10:38 . 2011-10-02 11:05 -------- d-----w- c:\programdata\InstallMate
2011-10-01 18:49 . 2011-10-02 21:47 -------- d-----w- C:\Images
2011-09-30 09:10 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates{027FDD44-B3F9-41B6-96FB-49DFADFE46A4}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-10 12:34 . 2011-08-10 12:34 19456 ----a-w- c:\windows\system32\Z6ZF17DE.EXE
2011-08-10 12:34 . 2011-08-10 12:34 19456 --sh–w- c:\windows\system32\zh39w.exe
2011-08-10 12:31 . 2011-08-10 12:31 69632 —h–w- c:\windows\system32\spec.fne
2011-08-10 12:31 . 2011-08-10 12:31 217088 —h–w- c:\windows\system32\RegEx.fnr
2011-08-10 12:31 . 2011-08-10 12:31 184320 —h–w- c:\windows\system32\internet.fne
2011-08-10 12:30 . 2011-08-10 12:31 40960 —h–w- c:\windows\system32\shell.fne
2011-08-10 12:30 . 2011-08-10 12:31 323584 —h–w- c:\windows\system32\eAPI.fne
2011-08-10 12:30 . 2011-08-10 12:31 266240 —h–w- c:\windows\system32\com.run
2011-08-10 12:30 . 2011-08-10 12:31 114688 —h–w- c:\windows\system32\dp1.fne
2011-08-10 12:30 . 2011-08-10 12:31 1097728 —h–w- c:\windows\system32\krnln.fnr
2011-08-09 11:57 . 2011-08-09 11:57 163424 ----a-w- c:\windows\system32\drivers\eamonm.sys
2011-08-04 07:20 . 2011-08-04 07:20 103112 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2011-08-04 07:20 . 2011-08-04 07:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-07-22 02:54 . 2011-08-12 13:58 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-12 13:58 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-12 13:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-11 19:54 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-11 19:54 4096 —ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 4096 —ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3072 —ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 5120 —ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 4608 —ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 4096 —ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 4096 —ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3584 —ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3072 —ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3072 —ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3072 —ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3584 —ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3584 —ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3584 —ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3584 —ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3072 —ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3072 —ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3584 —ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3072 —ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3072 —ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3072 —ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3072 —ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 4096 —ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 19:54 3072 —ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 19:54 4608 —ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 19:54 3584 —ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 19:54 3072 —ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 19:54 6144 —ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-09 04:29 . 2011-08-24 11:04 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30 . 2011-08-11 19:54 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-10 14:14 . 2011-09-10 14:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Syncables”=“c:\program files\Hewlett-Packard\HP QuickSync\QuickSync.exe” [2010-03-29 530736]
“ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2011-02-07 1362944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2010-04-24 141848]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2010-04-24 173592]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2010-04-24 150552]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2010-04-16 1721640]
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2009-10-13 186904]
“SysTrayApp”=“c:\program files\IDT\WDM\sttray.exe” [2010-02-26 495708]
“HP Quick Launch”=“c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe” [2010-04-09 601144]
“HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe” [2008-12-08 54576]
“ZumoDrive”=“c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk” [2010-05-18 2038]
“HPWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe” [2010-04-05 8192]
“CardDetectorHUAWEI1752_1552”=“c:\program files\CardDetector\HUAWEI1752_1552\CardDetector.exe” [2009-10-14 282624]
“BEWINTERNET-PLSessionManager”=“c:\program files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe” [2009-10-14 140016]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-10-29 249064]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2011-09-07 37296]
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2011-03-30 937920]
“Bonus.SSR.FR10”=“c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe” [2010-12-29 941320]
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2010-11-29 421888]
“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2011-09-06 3076144]
.
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
óóóóóó.lnk - c:\windows\System32\XP-D41D8CD9.EXE [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-9 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“mixer1”=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 136176]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-18 286248]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-18 33320]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-08-04 103040]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 186912]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-10-03 204288]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110518.001\BHDrvx86.sys [2011-04-15 802936]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 IDSVix86;IDSVix86;c:\programdata\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110527.001\IDSvix86.sys [2011-03-14 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-06 339504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-07-22 814344]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\aestsrv.exe [2009-03-03 81920]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-31 338168]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-06 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-04-09 26168]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Zawartość folderu ‘Zaplanowane zadania’
.
2011-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 09:45]
.
2011-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 09:45]
.
2011-09-16 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
mStart Page = hxxp://www.bing.com
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Wyślij obraz do urządzenia &Bluetooth… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qq1fp28w.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.pl/|www.onet.pl
FF - prefs.js: network.proxy.type - 0
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
.
HKCU-Run-wsctf.exe - wsctf.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
“ImagePath”="“c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe” /s “NIS” /m “c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll” /prefetch:1"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-81529476-2181236488-3156980001-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts.eml\UserChoice]
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.Email.1”
.
[HKEY_USERS\S-1-5-21-81529476-2181236488-3156980001-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts.vcf\UserChoice]
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.VCard.1”
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2011-10-02 23:57:22
ComboFix-quarantined-files.txt 2011-10-02 21:57
.
Przed: 184 383 094 784 bajtów wolnych
Po: 186 265 882 624 bajtów wolnych
.
-
- End Of File - - E71DF9BD20E183092E8BB5E82196EC6A
Jak powrócił pulpit log z hijackthis też się zapisał.