Czy to jakas infekcja?

witam… malwarebytes znalazl mi 24 trojany… to jest jakas infekcja?

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org


Wersja bazy: 8071


Windows 6.1.7600

Internet Explorer 9.0.8112.16421


2011-11-02 21:25:26

mbam-log-2011-11-02 (21-25-26).txt


Typ skanowania: Pełne skanowanie (C:\|D:\|Q:\|)

Przeskanowano obiektów: 265421

Upłynęło: 23 minut(y), 39 sekund(y)


Zainfekowanych procesów w pamięci: 3

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 0

Zainfekowanych wartości rejestru: 1

Zainfekowane informacje rejestru systemowego: 0

Zainfekowanych folderów: 0

Zainfekowanych plików: 20


Zainfekowanych procesów w pamięci:

c:\Users\uzytkownik01\AppData\Local\winlogon.exe (Trojan.Dropper) -> 2860 -> Unloaded process successfully.

c:\Users\uzytkownik01\AppData\Local\services.exe (Trojan.Dropper) -> 2988 -> Unloaded process successfully.

c:\Users\uzytkownik01\AppData\Local\lsass.exe (Trojan.Dropper) -> 3084 -> Unloaded process successfully.


Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)


Zainfekowanych kluczy rejestru:

(Nie znaleziono zagrożeń)


Zainfekowanych wartości rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus (Trojan.Dropper) -> Value: Tok-Cirrhatus -> Quarantined and deleted successfully.


Zainfekowane informacje rejestru systemowego:

(Nie znaleziono zagrożeń)


Zainfekowanych folderów:

(Nie znaleziono zagrożeń)


Zainfekowanych plików:

c:\Users\uzytkownik01\AppData\Local\winlogon.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\AppData\Local\services.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\AppData\Local\lsass.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\AppData\Local\smss.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\AppData\Local\csrss.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\AppData\Local\inetinfo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\Empty.pif (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\AppData\Roaming\microsoft\Windows\templates\brengkolang.com (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\Desktop\100KC183.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\documents\documents.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\documents\cyberlink\localstorage_v2\defaultmember\Misc\Misc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\documents\cyberlink\localstorage_v2\defaultmember\movie_00020a00-0002-0002-372c-3cfe84481365\disc_00020a00-0002-0002-372c-3cfe84481365\Info\Info.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\documents\cyberlink\localstorage_v2\defaultmember\movie_00020a00-0002-0002-372c-3cfe84481365\disc_00020a00-0002-0002-372c-3cfe84481365\Info\PLK\PLK.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\documents\cyberlink\localstorage_v2\defaultmember\movie_00020a00-0002-0002-372c-3cfe84481365\Info\Info.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\documents\cyberlink\localstorage_v2\localdata\disc_00020a00-0002-0002-372c-3cfe84481365\Chapter\Title00\Title00.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\documents\cyberlink\localstorage_v2\Misc\Misc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\documents\cyberlink\powerdvd9\powerdvd9.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\documents\My Games\jaibogames\heroesofhellas\heroesofhellas.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\uzytkownik01\documents\my stationery\my stationery.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Windows\eksplorasi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

extras http://wklej.eu/index.php?id=996b439927

otl http://wklej.eu/index.php?id=2e23ae2e8a

Trojan.Dropper, to tzw. dozownik wirusów, trojanów i i.t.p.

Malwarebytes’ Anti-Malware wykonał sporo dobrej pracy.

Wykonaj skanowanie przy pomocy skanera Kaspersky rescude disk 10 - http://support.kaspersky.com/pl/faq/?qid=208282170.

Skaner na CD należy nagrać należy jako obraz ISO ( funkcja nagrywania ).

Skanowanie za pomocą Kaspersky Rescude Disk

Uruchom komputer z nagraną płytą w nagrywarce CD/DVD. Potwierdź w czasie 9s chęć skanowania, wybierz język komunikacji ( polski ), potwierdzić znajomość przepisów - litania tekstu. Na dole w pasku jest litera A ( pokazać i Enter )

Wchodzimy w menu partycji. Jeżeli masz aktywne łącze internetowe stałe, możesz zrobić dodatkową aktualizację bazy skanera.

W ustawieniach odszukać pozycje zaawansowane i tryb heurystyki ustawić na max.

Uruchom proces skanowania…

przygotuj raporty OTL zgodnie z zaleceniami na otl-gmer-rsit-dss-inne-instrukcje-t370405.html

są jakies inne sposoby?

bo nie chce mi sie w to bawić

Możesz wykonać skan programem Dr Web - otl-gmer-rsit-dss-inne-instrukcje-t370405.html.

Skanowanie za pomocą skanera nagranego na CD, skanowanie przy wyłączonym systemie, daje większe możliwości zneutralizowania infekcji.

Bez raportów OTL nie ma możliwości zweryfikowania efektów działania użytych skanerów a.wirusowych .

ComboFix 11-11-02.03 - Uzytkownik01 2011-11-02 22:40:29.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.2807.1823 [GMT 1:00]

Uruchomiony z: c:\users\Uzytkownik01\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\Uzytkownik01\AppData\Local\Bron.tok-12-1

c:\users\Uzytkownik01\AppData\Local\Bron.tok-12-2

c:\users\Uzytkownik01\AppData\Local\Bron.tok.A12.em.bin

c:\users\Uzytkownik01\AppData\Local\Kosong.Bron.Tok.txt

c:\users\Uzytkownik01\AppData\Local\Update.12.Bron.Tok.bin

c:\windows\IsUn0415.exe

.

.

((((((((((((((((((((((((( Pliki utworzone od 2011-10-02 do 2011-11-02 )))))))))))))))))))))))))))))))

.

.

2011-11-02 21:43 . 2011-11-02 21:43	--------	d-----w-	c:\users\Default\AppData\Local\temp

2011-11-02 04:43 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C41C469F-9BC3-4FED-AAF9-7983B1284590}\mpengine.dll

2011-11-01 05:02 . 2011-11-01 05:13	--------	d-----w-	c:\users\Uzytkownik01\AppData\Local\Loc.Mail.Bron.Tok

2011-11-01 05:01 . 2011-11-01 05:01	--------	d-----w-	c:\users\Uzytkownik01\AppData\Local\Ok-SendMail-Bron-tok

2011-10-27 04:35 . 2011-10-27 04:35	--------	d-----w-	C:\51bf5eaa55f268bc7466

2011-10-25 21:06 . 2011-10-25 21:06	--------	d-----w-	c:\program files (x86)\Microsoft.NET

2011-10-25 15:54 . 2011-10-25 15:54	--------	d-----w-	c:\windows\Sun

2011-10-25 15:54 . 2011-10-25 15:54	--------	d-----w-	c:\program files (x86)\Common Files\Java

2011-10-25 15:54 . 2011-10-25 15:54	476904	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-10-25 15:54 . 2011-10-25 15:54	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll

2011-10-25 15:54 . 2011-10-25 15:54	--------	d-----w-	c:\program files (x86)\Java

2011-10-25 14:08 . 2011-10-25 14:08	--------	d-----w-	C:\5e9d7f41ce87d80d97ab70382eaee6

2011-10-24 16:57 . 2011-10-25 03:11	--------	d-----w-	c:\program files (x86)\McAfeeScanAndRepair

2011-10-24 16:27 . 2011-10-24 16:28	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-24 16:24 . 2011-10-24 16:24	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys

2011-10-22 16:56 . 2011-10-30 05:25	--------	d-----w-	c:\users\Uzytkownik01\.gstreamer-0.10

2011-10-15 16:14 . 2011-10-15 16:14	--------	d-----w-	c:\users\Uzytkownik01\AppData\Roaming\log

2011-10-15 16:14 . 2010-01-07 12:35	1007616	----a-w-	c:\users\Uzytkownik01\AppData\Roaming\LiveUpdate.exe

2011-10-15 16:14 . 2009-12-31 12:10	151552	----a-w-	c:\users\Uzytkownik01\AppData\Roaming\XMessageBox.dll

2011-10-15 16:14 . 2008-10-11 08:39	927504	----a-w-	c:\users\Uzytkownik01\AppData\Roaming\mfc40u.dll

2011-10-15 16:14 . 2006-12-28 03:34	499712	----a-w-	c:\users\Uzytkownik01\AppData\Roaming\msvcp71.dll

2011-10-15 16:14 . 2006-12-28 03:34	1047552	----a-w-	c:\users\Uzytkownik01\AppData\Roaming\MFC71u.dll

2011-10-15 16:14 . 2006-12-28 03:34	348160	----a-w-	c:\users\Uzytkownik01\AppData\Roaming\msvcr71.dll

2011-10-15 16:14 . 2006-12-28 03:34	1060864	----a-w-	c:\users\Uzytkownik01\AppData\Roaming\mfc71.dll

2011-10-15 16:14 . 2005-08-10 06:19	401462	----a-w-	c:\users\Uzytkownik01\AppData\Roaming\msvcp60.dll

2011-10-15 12:08 . 2011-09-06 03:07	3134976	----a-w-	c:\windows\system32\win32k.sys

2011-10-15 11:38 . 2011-08-17 05:32	613888	----a-w-	c:\windows\system32\psisdecd.dll

2011-10-15 11:38 . 2011-08-17 05:27	108032	----a-w-	c:\windows\system32\psisrndr.ax

2011-10-15 11:38 . 2011-08-17 04:26	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll

2011-10-15 11:38 . 2011-08-17 04:22	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax

2011-10-15 11:38 . 2011-08-17 05:27	75776	----a-w-	c:\windows\system32\MSDvbNP.ax

2011-10-15 11:38 . 2011-08-17 05:27	288256	----a-w-	c:\windows\system32\MSNP.ax

2011-10-15 11:38 . 2011-08-17 05:27	104960	----a-w-	c:\windows\system32\Mpeg2Data.ax

2011-10-15 11:38 . 2011-08-17 04:22	72704	----a-w-	c:\windows\SysWow64\Mpeg2Data.ax

2011-10-15 11:38 . 2011-08-17 04:22	59904	----a-w-	c:\windows\SysWow64\MSDvbNP.ax

2011-10-15 11:38 . 2011-08-17 04:22	204288	----a-w-	c:\windows\SysWow64\MSNP.ax

2011-10-15 11:37 . 2011-08-27 05:40	861184	----a-w-	c:\windows\system32\oleaut32.dll

2011-10-15 11:37 . 2011-08-27 05:40	331776	----a-w-	c:\windows\system32\oleacc.dll

2011-10-15 11:37 . 2011-08-27 04:43	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll

2011-10-15 11:37 . 2011-08-27 04:43	233472	----a-w-	c:\windows\SysWow64\oleacc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-31 15:00 . 2011-09-13 15:49	25416	----a-w-	c:\windows\system32\drivers\mbam.sys

2011-08-11 02:55 . 2011-08-11 02:55	2560	----a-w-	c:\windows\SysWow64\drivers\pl-PL\qwavedrv.sys.mui

2011-08-11 02:55 . 2011-08-11 02:55	2560	----a-w-	c:\windows\SysWow64\drivers\pl-PL\scfilter.sys.mui

2011-08-11 02:55 . 2011-08-11 02:55	6144	----a-w-	c:\windows\SysWow64\drivers\pl-PL\ndiscap.sys.mui

2011-08-11 02:55 . 2011-08-11 02:55	50688	----a-w-	c:\windows\SysWow64\drivers\pl-PL\tcpip.sys.mui

2011-08-11 02:55 . 2011-08-11 02:55	35840	----a-w-	c:\windows\SysWow64\drivers\pl-PL\bfe.dll.mui

2011-08-11 02:55 . 2011-08-11 02:55	16384	----a-w-	c:\windows\SysWow64\drivers\pl-PL\pacer.sys.mui

2011-08-10 17:22 . 2011-08-10 17:22	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll

2011-08-10 17:22 . 2011-08-10 17:22	505128	----a-w-	c:\windows\SysWow64\msvcp71.dll

2011-08-10 17:22 . 2011-08-10 17:22	353576	----a-w-	c:\windows\SysWow64\msvcr71.dll

2011-08-10 17:08 . 2011-08-10 17:08	3	----a-w-	c:\windows\system32\PLD_Framework.cmd

.

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nowe Gadu-Gadu"="c:\program files (x86)\Nowe Gadu-Gadu\gg.exe" [2009-10-28 11539048]

"HW_OPENEYE_OUC_"="c:\program files (x86)\blueconnect\UpdateDog\ouc.exe" [2009-12-31 110592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]

"DataCardMonitor"="c:\program files (x86)\blueconnect\DataCardMonitor.exe" [2011-08-10 253952]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Norton Online Backup"=c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" -d

.

2;2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

R3 McAfee ScanAndRepair Svc;McAfee ScanAndRepair Svc;c:\program files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe [2011-04-06 694864]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5742z&r=27360811x105l04f4z115v4812153r

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5742z&r=27360811x105l04f4z115v4812153r

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

FF - ProfilePath - c:\users\Uzytkownik01\AppData\Roaming\Mozilla\Firefox\Profiles\0ffdjwlz.default\

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

.

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Launch Manager\LMworker.exe

.

**************************************************************************

.

Czas ukończenia: 2011-11-02 22:47:31 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2011-11-02 21:47

.

Przed: 257 884 549 120 bajtów wolnych

Po: 257 716 822 016 bajtów wolnych

.

- - End Of File - - 1654A76B82C8D3047113FADE96B73260

combofix chyba usunal :wink:

Dodane 02.11.2011 (Śr) 23:50

do gory sa logi otl…

Podane logi OTL dotyczą stanu po skanowaniu programem Malwarebytes’ Anti-Malware

Potrzebne są aktualne raporty OTL.