Komputer zamula - log z combofix

(matis105) #1

Po formacie zaczął zamulać mi laptop, win 7, poniżej wklejam loga z combofix, jestem w tym temacie totalnie zielony, licze na pomoc

raport z FRST:
https://pastebin.com/TBSmJMu2
addition:
https://pastebin.com/bvEqAfwP
combofix:
https://pastebin.com/wbt1WeXj

chcialbym makysmalnie wykorzystac potencjal tego sprzetu

(synaptyk) #2

Usuń ten log i wklej go na pastebin.com

Zapoznaj się z obowiązkowym raportem, który musi być zrobiony.
Logi FRST i addition wklej również na pastebin.com

3 Likes
(krystian3w) #3
Log Combofix w polu kodowym - zwinięty
ComboFix 18-06-17.01 - Mateusz 2018-06-28  13:38:16.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1250.48.1045.18.2486.612 [GMT 2:00]
Uruchomiony z: c:\users\Mateusz\AppData\Local\Temp\scoped_dir3136_2927\ComboFix.exe
AV: AVG Antivirus *Enabled/Updated* {C50510DE-367A-330C-FD5C-556ACFB11243}
SP: AVG Antivirus *Enabled/Updated* {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\SET298D.tmp
c:\windows\SysWow64\SETD95B.tmp
c:\windows\SysWow64\SETF835.tmp
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2018-05-28 do 2018-06-28  )))))))))))))))))))))))))))))))
.
.
2018-06-28 11:42 . 2018-06-28 11:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2018-06-28 10:56 . 2006-03-31 10:39	83664	----a-w-	c:\windows\system32\xinput1_1.dll
2018-06-28 10:56 . 2006-03-31 10:40	352464	----a-w-	c:\windows\system32\xactengine2_1.dll
2018-06-28 10:56 . 2006-03-31 10:41	3927248	----a-w-	c:\windows\system32\d3dx9_30.dll
2018-06-28 10:46 . 2005-02-05 17:45	3544272	----a-w-	c:\windows\system32\d3dx9_24.dll
2018-06-28 10:22 . 2018-06-28 10:22	--------	d-----w-	c:\users\Mateusz\AppData\Local\Steam
2018-06-28 10:17 . 2018-06-28 11:07	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2018-06-28 10:17 . 2018-06-28 11:23	--------	d-----w-	c:\program files (x86)\Steam
2018-06-04 11:08 . 2018-06-04 11:16	--------	d-----w-	c:\program files (x86)\Common Files\BattlEye
2018-06-04 11:08 . 2018-06-04 11:08	--------	d-----w-	c:\users\Mateusz\AppData\Local\BattlEye
2018-06-04 11:07 . 2018-06-04 11:07	--------	d-----w-	c:\users\Mateusz\AppData\Local\Tibia
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-06-10 08:57 . 2018-04-10 13:48	842240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2018-06-10 08:57 . 2018-04-10 13:48	175104	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-05-17 13:31 . 2018-04-09 14:09	198368	----a-w-	c:\windows\system32\drivers\avgStm.sys
2018-05-17 13:31 . 2018-05-17 13:31	377584	----a-w-	c:\windows\system32\avgBoot.exe
2018-05-17 13:31 . 2018-04-09 14:09	373944	----a-w-	c:\windows\system32\drivers\avgVmm.sys
2018-05-17 13:31 . 2018-04-09 14:09	78352	----a-w-	c:\windows\system32\drivers\avgRvrt.sys
2018-05-17 13:31 . 2018-04-09 14:09	452904	----a-w-	c:\windows\system32\drivers\avgSP.sys
2018-05-17 13:31 . 2018-04-09 14:09	151504	----a-w-	c:\windows\system32\drivers\avgMonFlt.sys
2018-05-17 13:31 . 2018-04-09 14:09	39352	----a-w-	c:\windows\system32\drivers\avgHwid.sys
2018-05-17 13:31 . 2018-04-09 14:09	189032	----a-w-	c:\windows\system32\drivers\avgArPot.sys
2018-05-17 13:31 . 2018-04-09 14:09	103744	----a-w-	c:\windows\system32\drivers\avgRdr2.sys
2018-05-17 13:31 . 2018-04-09 14:09	1020112	----a-w-	c:\windows\system32\drivers\avgSnx.sys
2018-05-17 13:31 . 2018-04-09 14:09	50776	----a-w-	c:\windows\system32\drivers\avgbuniva.sys
2018-05-17 13:31 . 2018-04-09 14:09	336848	----a-w-	c:\windows\system32\drivers\avgbloga.sys
2018-05-17 13:31 . 2018-04-09 14:09	220600	----a-w-	c:\windows\system32\drivers\avgbidsdrivera.sys
2018-05-17 13:31 . 2018-04-09 14:09	192536	----a-w-	c:\windows\system32\drivers\avgbidsha.sys
2018-05-16 19:25 . 2018-05-16 19:25	1232264	----a-w-	c:\windows\system32\coinst_18.10.dll
2018-05-16 19:24 . 2018-05-16 19:24	9936	----a-w-	c:\windows\SysWow64\detoured.dll
2018-05-16 19:24 . 2018-05-16 19:24	9936	----a-w-	c:\windows\system32\detoured.dll
2018-05-16 19:24 . 2018-05-16 19:24	164440	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2018-05-16 19:24 . 2018-04-09 12:54	200008	----a-w-	c:\windows\system32\atiuxp64.dll
2018-05-16 19:24 . 2018-04-09 12:54	9990664	----a-w-	c:\windows\SysWow64\atiumdag.dll
2018-05-16 19:24 . 2018-04-09 12:54	12517800	----a-w-	c:\windows\system32\atiumd64.dll
2018-05-16 19:24 . 2018-04-09 12:54	146960	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2018-05-16 19:24 . 2018-04-09 12:54	177312	----a-w-	c:\windows\system32\atiu9p64.dll
2018-05-16 19:23 . 2018-05-16 19:23	448392	----a-w-	c:\windows\system32\GameManager64.dll
2018-05-16 19:23 . 2018-05-16 19:23	356744	----a-w-	c:\windows\SysWow64\GameManager32.dll
2018-05-16 19:23 . 2018-05-16 19:23	469896	----a-w-	c:\windows\system32\dgtrayicon.exe
2018-05-16 19:23 . 2018-05-16 19:23	476552	----a-w-	c:\windows\system32\atitmm64.dll
2018-05-16 19:23 . 2018-05-16 19:23	115592	----a-w-	c:\windows\system32\atimuixx.dll
2018-05-16 19:23 . 2018-05-16 19:23	544136	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2018-05-16 19:23 . 2018-05-16 19:23	126344	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2018-05-16 19:23 . 2018-05-16 19:23	126344	----a-w-	c:\windows\system32\atiglpxx.dll
2018-05-16 19:23 . 2018-05-16 19:23	11894144	----a-w-	c:\windows\SysWow64\atiumdvt.dll
2018-05-16 19:22 . 2018-05-16 19:22	196488	----a-w-	c:\windows\SysWow64\atigktxx.dll
2018-05-16 19:22 . 2018-05-16 19:22	11882832	----a-w-	c:\windows\SysWow64\atiumdva.dll
2018-05-16 19:22 . 2018-04-09 12:54	226184	----a-w-	c:\windows\system32\atig6txx.dll
2018-05-16 19:22 . 2018-04-09 12:54	146824	----a-w-	c:\windows\system32\atig6pxx.dll
2018-05-16 19:22 . 2018-05-16 19:22	472968	----a-w-	c:\windows\system32\atiesrxx.exe
2018-05-16 19:22 . 2018-05-16 19:22	12427184	----a-w-	c:\windows\system32\atiumd6t.dll
2018-05-16 19:22 . 2018-05-16 19:22	704392	----a-w-	c:\windows\system32\atieclxx.exe
2018-05-16 19:22 . 2018-05-16 19:22	12412240	----a-w-	c:\windows\system32\atiumd6a.dll
2018-05-16 19:22 . 2018-05-16 19:22	92328	----a-w-	c:\windows\SysWow64\atimpc32.dll
2018-05-16 19:22 . 2018-05-16 19:22	92328	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2018-05-16 19:22 . 2018-05-16 19:22	111440	----a-w-	c:\windows\system32\atimpc64.dll
2018-05-16 19:22 . 2018-05-16 19:22	111440	----a-w-	c:\windows\system32\amdpcom64.dll
2018-05-16 19:22 . 2018-05-16 19:22	405896	----a-w-	c:\windows\system32\atieah64.exe
2018-05-16 19:22 . 2018-05-16 19:22	175288	----a-w-	c:\windows\system32\amdhcp64.dll
2018-05-16 19:22 . 2018-05-16 19:22	153640	----a-w-	c:\windows\SysWow64\amdhcp32.dll
2018-05-16 19:22 . 2018-05-16 19:22	326024	----a-w-	c:\windows\SysWow64\atieah32.exe
2018-05-16 19:22 . 2018-05-16 19:22	458632	----a-w-	c:\windows\system32\atidemgy.dll
2018-05-16 19:22 . 2018-05-16 19:22	342920	----a-w-	c:\windows\system32\clinfo.exe
2018-05-16 19:22 . 2018-05-16 19:22	166280	----a-w-	c:\windows\system32\OpenCL.dll
2018-05-16 19:22 . 2018-05-16 19:22	142216	----a-w-	c:\windows\SysWow64\OpenCL.dll
2018-05-16 19:22 . 2018-04-09 12:54	16363808	----a-w-	c:\windows\system32\atidxx64.dll
2018-05-16 19:22 . 2018-05-16 19:22	120680	----a-w-	c:\windows\system32\amdave64.dll
2018-05-16 19:22 . 2018-05-16 19:22	105736	----a-w-	c:\windows\SysWow64\amdave32.dll
2018-05-16 19:22 . 2018-05-16 19:22	13544168	----a-w-	c:\windows\SysWow64\atidxx32.dll
2018-05-16 19:21 . 2018-05-16 19:21	1059720	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2018-05-16 19:21 . 2018-05-16 19:21	1059720	----a-w-	c:\windows\SysWow64\atiadlxx.dll
2018-05-16 19:21 . 2018-04-09 12:54	1997352	----a-w-	c:\windows\system32\aticfx64.dll
2018-05-16 19:21 . 2018-04-09 12:54	1581720	----a-w-	c:\windows\SysWow64\aticfx32.dll
2018-05-16 19:21 . 2018-04-09 12:54	1468808	----a-w-	c:\windows\system32\atiadlxx.dll
2018-05-16 19:21 . 2018-05-16 19:21	148360	----a-w-	c:\windows\system32\atisamu64.dll
2018-05-16 19:21 . 2018-05-16 19:21	36744	----a-w-	c:\windows\system32\RapidFireServer64.dll
2018-05-16 19:21 . 2018-05-16 19:21	124296	----a-w-	c:\windows\SysWow64\atisamu32.dll
2018-05-16 19:21 . 2018-05-16 19:21	33672	----a-w-	c:\windows\SysWow64\RapidFireServer.dll
2018-05-16 19:21 . 2018-05-16 19:21	556936	----a-w-	c:\windows\system32\Rapidfire64.dll
2018-05-16 19:21 . 2018-05-16 19:21	467848	----a-w-	c:\windows\SysWow64\Rapidfire.dll
2018-05-16 19:21 . 2018-05-16 19:21	150920	----a-w-	c:\windows\system32\mantleaxl64.dll
2018-05-16 19:21 . 2018-05-16 19:21	67909512	----a-w-	c:\windows\system32\amdocl64.dll
2018-05-16 19:21 . 2018-05-16 19:21	126344	----a-w-	c:\windows\SysWow64\mantleaxl32.dll
2018-05-16 19:21 . 2018-05-16 19:21	44673416	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2018-05-16 19:21 . 2018-05-16 19:21	171400	----a-w-	c:\windows\system32\mantle64.dll
2018-05-16 19:21 . 2018-05-16 19:21	141704	----a-w-	c:\windows\SysWow64\mantle32.dll
2018-05-16 19:21 . 2018-05-16 19:21	349064	----a-w-	c:\windows\system32\ATIODE.exe
2018-05-16 19:21 . 2018-05-16 19:21	67464	----a-w-	c:\windows\system32\ATIODCLI.exe
2018-05-16 19:21 . 2018-05-16 19:21	60296	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2018-05-16 19:21 . 2018-05-16 19:21	3128200	----a-w-	c:\windows\system32\amfrt64.dll
2018-05-16 19:21 . 2018-05-16 19:21	31604104	----a-w-	c:\windows\system32\amdocl12cl64.dll
2018-05-16 19:21 . 2018-05-16 19:21	2726792	----a-w-	c:\windows\SysWow64\amfrt32.dll
2018-05-16 19:21 . 2018-05-16 19:21	437128	----a-w-	c:\windows\system32\amdgfxinfo64.dll
2018-05-16 19:21 . 2018-05-16 19:21	352648	----a-w-	c:\windows\SysWow64\amdgfxinfo32.dll
2018-05-16 19:21 . 2018-05-16 19:21	16489352	----a-w-	c:\windows\system32\amdvlk64.dll
2018-05-16 19:21 . 2018-05-16 19:21	305544	----a-w-	c:\windows\system32\drivers\amdacpksd.sys
2018-05-16 19:20 . 2018-05-16 19:20	16095624	----a-w-	c:\windows\system32\amdmantle64.dll
2018-05-16 19:20 . 2018-05-16 19:20	25181064	----a-w-	c:\windows\SysWow64\amdocl12cl.dll
2018-05-16 19:20 . 2018-05-16 19:20	14063496	----a-w-	c:\windows\SysWow64\amdvlk32.dll
2018-05-16 19:20 . 2018-05-16 19:20	13600136	----a-w-	c:\windows\SysWow64\amdmantle32.dll
2018-05-16 19:20 . 2018-05-16 19:20	866184	----a-w-	c:\windows\system32\amdlvr64.dll
2018-05-16 19:20 . 2018-05-16 19:20	157576	----a-w-	c:\windows\system32\amduve64.dll
2018-05-16 19:20 . 2018-05-16 19:20	135560	----a-w-	c:\windows\SysWow64\amduve32.dll
2018-05-16 19:20 . 2018-05-16 19:20	694152	----a-w-	c:\windows\SysWow64\amdlvr32.dll
2018-05-16 19:20 . 2018-05-16 19:20	139144	----a-w-	c:\windows\system32\amdmmcl6.dll
2018-05-16 19:20 . 2018-05-16 19:20	53600648	----a-w-	c:\windows\SysWow64\amdocl.dll
2018-05-16 19:20 . 2018-05-16 19:20	117128	----a-w-	c:\windows\SysWow64\amdmmcl.dll
2018-05-16 19:20 . 2018-05-16 19:20	543624	----a-w-	c:\windows\system32\amdmcl64.dll
2018-05-16 19:20 . 2018-05-16 19:20	373640	----a-w-	c:\windows\SysWow64\amdmcl32.dll
2018-05-16 19:20 . 2018-05-16 19:20	29714312	----a-w-	c:\windows\SysWow64\atioglxx.dll
2018-05-16 19:19 . 2018-05-16 19:19	35889032	----a-w-	c:\windows\system32\atio6axx.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2009-07-14 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2018-05-10 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2018-06-08 3201312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2013-03-01 552960]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-08-31 508656]
"DSATray"="c:\program files (x86)\Intel Driver and Support Assistant\DsaTray.exe" [2018-03-15 135968]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2013-2-19 1393880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
R2 avgStm;avgStm;c:\windows\system32\drivers\avgStm.sys;c:\windows\SYSNATIVE\drivers\avgStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 avgbIDSAgent;avgbIDSAgent;c:\program files (x86)\AVG\Antivirus\x64\aswidsagenta.exe;c:\program files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [x]
R3 avgHwid;avgHwid;c:\windows\system32\drivers\avgHwid.sys;c:\windows\SYSNATIVE\drivers\avgHwid.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
R3 ESRV_SVC_QUEENCREEK;Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [x]
R3 IntcDAud;Audio dla wyświetlaczy Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) SUR QC SAM;Intel(R) SUR QC Software Asset Manager;c:\program files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe;c:\program files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x]
R3 USER_ESRV_SVC_QUEENCREEK;User Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 avgbidsh;avgbidsh;c:\windows\system32\drivers\avgbidsha.sys;c:\windows\SYSNATIVE\drivers\avgbidsha.sys [x]
S0 avgblog;avgblog;c:\windows\system32\drivers\avgbloga.sys;c:\windows\SYSNATIVE\drivers\avgbloga.sys [x]
S0 avgbuniv;avgbuniv;c:\windows\system32\drivers\avgbuniva.sys;c:\windows\SYSNATIVE\drivers\avgbuniva.sys [x]
S0 avgRvrt;avgRvrt;c:\windows\system32\drivers\avgRvrt.sys;c:\windows\SYSNATIVE\drivers\avgRvrt.sys [x]
S0 avgVmm;avgVmm;c:\windows\system32\drivers\avgVmm.sys;c:\windows\SYSNATIVE\drivers\avgVmm.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Sterownik przełącznika kontrolera hosta Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 avgArPot;avgArPot;c:\windows\system32\drivers\avgArPot.sys;c:\windows\SYSNATIVE\drivers\avgArPot.sys [x]
S1 avgbidsdriver;avgbidsdriver;c:\windows\system32\drivers\avgbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\avgbidsdrivera.sys [x]
S1 avgRdr;avgRdr;c:\windows\system32\drivers\avgRdr2.sys;c:\windows\SYSNATIVE\drivers\avgRdr2.sys [x]
S1 avgSnx;avgSnx;c:\windows\system32\drivers\avgSnx.sys;c:\windows\SYSNATIVE\drivers\avgSnx.sys [x]
S1 avgSP;avgSP;c:\windows\system32\drivers\avgSP.sys;c:\windows\SYSNATIVE\drivers\avgSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVG Antivirus;AVG Antivirus;c:\program files (x86)\AVG\Antivirus\AVGSvc.exe;c:\program files (x86)\AVG\Antivirus\AVGSvc.exe [x]
S2 avgMonFlt;avgMonFlt;c:\windows\system32\drivers\avgMonFlt.sys;c:\windows\SYSNATIVE\drivers\avgMonFlt.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DSAService;Intel(R) Driver & Support Assistant;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SystemUsageReportSvc_QUEENCREEK;Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK;c:\program files\Intel\SUR\QUEENCREEK\SurSvc.exe;c:\program files\Intel\SUR\QUEENCREEK\SurSvc.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Sterownik kontrolera hosta Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2018-04-09 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2018-04-09 6199128]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2013-02-04 899680]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2013-03-05 1647616]
"AVGUI.exe"="c:\program files (x86)\AVG\Antivirus\AvLaunch.exe" [2018-05-17 291568]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\drtxprsa.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.30"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2018-06-28  13:44:54
ComboFix-quarantined-files.txt  2018-06-28 11:44
.
Przed: 226 305 253 376 bajtów wolnych
Po: 227 080 089 600 bajtów wolnych
.
- - End Of File - - A39D88CDD788E378A301028175275DC3
A36C5E4F47E84449FF07ED3517B43A31

Na przyszłość @matis105 nie uruchamiaj Combofix bez wyraźnej prośby ze strony specjalisty działu bezpieczeństwo.

1 Like
(matis105) #4

poprawione :slight_smile:

1 Like