mam podobny problem więc wklejam log z combofixa możę da sie cos zaradzić:
ComboFix 11-07-27.02 - Kamillos 2011-07-27 18:56:24.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.3326.2441 [GMT 2:00]
Uruchomiony z: c:\users\Kamillos\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kamillos\Documents\cc_20110722_161255.reg
c:\users\Kamillos\Documents\rejestr kopia.reg
c:\windows\system32\reginv.dll
c:\windows\system32\winkey.dll
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 16:59 . 2011-07-27 16:59 -------- d-----w- c:\users\Kamillos\AppData\Local\temp
2011-07-27 16:59 . 2011-07-27 16:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-07-27 16:59 . 2011-07-27 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-27 16:37 . 2011-07-27 16:37 -------- d-----w- c:\program files\IObit
2011-07-27 16:37 . 2011-07-27 16:37 -------- d-----w- c:\programdata\IObit
2011-07-27 16:36 . 2011-07-27 16:36 -------- d-----w- c:\users\Kamillos\AppData\Roaming\IObit
2011-07-26 18:49 . 2011-07-26 18:49 -------- d-----w- c:\program files\Ask.com
2011-07-26 18:46 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2011-07-22 14:01 . 2011-07-22 14:01 -------- d-----w- c:\program files\CCleaner
2011-07-22 13:54 . 2011-07-22 13:54 -------- d-----w- c:\users\Kamillos\AppData\Roaming\Bitdefender
2011-07-22 13:40 . 2011-07-27 16:56 81984 ----a-w- c:\windows\system32\bdod.bin
2011-07-22 13:34 . 2011-07-22 13:35 -------- d-----w- c:\programdata\BitDefender
2011-07-22 13:34 . 2011-07-22 13:34 -------- d-----w- c:\program files\Common Files\Softwin
2011-07-19 19:17 . 2011-07-19 19:17 -------- d-----w- c:\users\Kamillos\AppData\Roaming\Activision
2011-07-19 19:17 . 2011-07-19 19:17 -------- d-----w- c:\programdata\Activision
2011-07-06 11:39 . 2011-07-06 11:39 -------- d-----w- c:\users\Kamillos\AppData\Roaming\BlackBean
2011-07-01 12:43 . 2011-07-01 12:43 -------- d-----w- c:\users\Kamillos\AppData\Local\Electronic Arts
2011-06-29 22:20 . 2011-06-29 22:20 -------- d-----w- c:\users\Kamillos\AppData\Roaming\Day 1 Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-09 10:43 . 2011-06-04 09:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 14:58 . 2011-06-16 14:58 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-06-04 13:27 . 2011-06-04 13:27 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-26 14:08 . 2011-05-26 14:08 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-20 13:26 . 2009-08-18 09:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-05-20 13:26 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-10 15:16 . 2011-01-28 19:34 258048 ----a-w- c:\windows\system32\libFLAC.dll
2011-05-10 15:16 . 2011-05-10 15:16 80384 ----a-w- c:\windows\system32\mkzlib.dll
2011-05-10 15:16 . 2011-05-10 15:16 24576 ----a-w- c:\windows\system32\mkunicode.dll
2011-05-06 12:12 . 2011-05-05 18:30 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-05-05 18:30 . 2011-05-05 18:30 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-06-27 15:15 . 2011-06-05 10:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{0a452a47-c5a8-4854-a237-4b9b06b376f0}”= “c:\program files\Gossiper\prxtbGoss.dll” [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
2011-03-28 16:22 176936 ----a-w- c:\program files\Gossiper\prxtbGoss.dll
.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
2011-02-09 17:29 400384 ----a-w- c:\programy\ALLPlayer\Iplex\IplexToALLPlayer.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{0a452a47-c5a8-4854-a237-4b9b06b376f0}”= “c:\program files\Gossiper\prxtbGoss.dll” [2011-03-28 176936]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
.
[HKEY_CLASSES_ROOT\clsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{0A452A47-C5A8-4854-A237-4B9B06B376F0}”= “c:\program files\Gossiper\prxtbGoss.dll” [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 31016]
“BDMCon”=“c:\programy\BitDefender10\bdmcon.exe” [2007-04-02 290816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“PromptOnSecureDesktop”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM~\startupfolder\C:^Users^Kamillos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\users\Kamillos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
2011-06-16 12:29 413072 ----a-w- c:\programy\IObit\Advanced SystemCare 4\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2011-02-07 22:44 1362944 ----a-w- c:\programy\ALLPlayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
2007-03-26 12:49 69632 ----a-w- c:\programy\BitDefender10\bdagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2010-11-16 10:07 422912 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [x]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [x]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [x]
R2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);c:\windows\system32\pr2ah4nb.exe svc [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-29 13224]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-01 98672]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-01 14960]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-01 124016]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-01 117872]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-01 25456]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-01 113904]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-01 123504]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-30 1343400]
S0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);c:\windows\system32\drivers\pe3ah4nb.sys [2007-07-09 64616]
S0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);c:\windows\system32\drivers\ps6ah4nb.sys [2007-07-09 54896]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-28 721904]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-25 218688]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programy\IObit\Advanced SystemCare 4\ASCService.exe [2011-06-16 353168]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-12-29 27632]
.
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://start.facemoods.com/?a=ironto
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.11.1 217.17.34.10
FF - ProfilePath - c:\users\Kamillos\AppData\Roaming\Mozilla\Firefox\Profiles\n7rnft9v.default\
FF - prefs.js: network.proxy.type - 0
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
.
HKLM_ActiveSetup-{5Y99AE78-58TT-11dW-BE53-Y67078979Y} - c:\windows\system\sservice.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,43,0c,5e,10,79,93,4d,a0,50,83,\
“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,43,0c,5e,10,79,93,4d,a0,50,83,\
.
[HKEY_USERS\S-1-5-21-1628495058-3065868583-1346079862-1001\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
“??”=hex:9c,36,59,11,85,6d,c9,d7,0e,f0,83,83,6d,c4,bf,3d,e0,22,02,53,b6,24,09,
6a,d1,2f,ea,5c,b0,a0,e9,38,cd,85,d3,6a,f7,9b,81,0f,15,c7,e3,2b,dd,c2,61,8c,\
“??”=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
.
[HKEY_USERS\S-1-5-21-1628495058-3065868583-1346079862-1001\Software\SecuROM\License information*]
“datasecu”=hex:11,c9,94,e1,52,ee,95,5e,07,90,d0,e7,1b,22,bc,da,2a,27,ad,ea,98,
3d,46,64,65,45,45,9d,e7,8d,c3,89,7a,bc,d1,c6,e0,40,cc,4e,d5,de,6c,c5,45,27,\
“rkeysecu”=hex:44,7b,3e,ec,6e,f7,1d,9b,c1,1e,8a,eb,4a,58,a1,9c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2011-07-27 19:00:08
ComboFix-quarantined-files.txt 2011-07-27 17:00
.
Przed: 126 690 148 352 bajtów wolnych
Po: 126 682 398 720 bajtów wolnych
.
-
- End Of File - - 6B5BC249FB541DE49E0B95567F11B007