Logi combofix, spambot

Iudex · 14 Styczeń 2013 16:49

Witam.

Zadzwonił do mnie ISP, że mam cutwail spambota. Oto wynik z ComboFixa. Wszystko ok? Zaraz wrzucę drugi z kolejnego komputera.

ComboFix 13-01-14.01 - Marko 2013-01-14 17:32:57.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1033.18.3561.1397 [GMT 1:00]

Uruchomiony z: c:\users\Marko\Downloads\ComboFix.exe

AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: Zapora osobista *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Rezydentny antywirus jest aktywny

.

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

----- Powielacze/Replikatory plików -----

.

c:\windows\Installer\{12E777A1-74B6-AD5A-D2CD-C792464E425B}\ARPPRODUCTICON.exe

c:\windows\Installer\{2B8D8529-DA80-74D8-4898-DAA028746E08}\ARPPRODUCTICON.exe

c:\windows\Installer\{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}\ARPPRODUCTICON.exe

c:\windows\Installer\{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}\ARPPRODUCTICON.exe

c:\windows\Installer\{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}\ARPPRODUCTICON.exe

c:\windows\Installer\{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}\ARPPRODUCTICON.exe

c:\windows\Installer\{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}\ARPPRODUCTICON.exe

c:\windows\Installer\{613C67FF-E71D-124A-6380-E0E77F9438F7}\ARPPRODUCTICON.exe

c:\windows\Installer\{632B73D1-C23A-0BD4-FBE2-175B680876A9}\ARPPRODUCTICON.exe

c:\windows\Installer\{659F48FB-0A8A-49A1-3FD2-C6F069C10893}\ARPPRODUCTICON.exe

c:\windows\Installer\{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}\ARPPRODUCTICON.exe

c:\windows\Installer\{74A3C7EE-10A4-EA61-AC31-335E0500DE48}\ARPPRODUCTICON.exe

c:\windows\Installer\{77F94BE8-A504-352B-E873-FC78E5FA9CD7}\ARPPRODUCTICON.exe

c:\windows\Installer\{79AAA7A5-6917-2C53-7FCB-C00B54602149}\ARPPRODUCTICON.exe

c:\windows\Installer\{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}\ARPPRODUCTICON.exe

c:\windows\Installer\{926E4789-8065-6F3B-9D9A-5E6AABA000BC}\ARPPRODUCTICON.exe

c:\windows\Installer\{9700C74F-1D07-FD53-6430-A858B34E30B7}\ARPPRODUCTICON.exe

c:\windows\Installer\{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}\ARPPRODUCTICON.exe

c:\windows\Installer\{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}\ARPPRODUCTICON.exe

c:\windows\Installer\{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}\ARPPRODUCTICON.exe

c:\windows\Installer\{ABA15F5D-057C-2677-3C90-04838682F66B}\ARPPRODUCTICON.exe

c:\windows\Installer\{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{ACC88BAA-D748-E9D9-3F72-B359EFD11912}\ARPPRODUCTICON.exe

c:\windows\Installer\{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}\ARPPRODUCTICON.exe

c:\windows\Installer\{D33CE733-2DE9-D582-9D35-323F9F79A1EB}\ARPPRODUCTICON.exe

c:\windows\Installer\{D67A9023-307F-B5A0-8621-5258D3FA9813}\ARPPRODUCTICON.exe

c:\windows\Installer\{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}\ARPPRODUCTICON.exe

c:\windows\Installer\{EF666029-2EDF-C792-D438-34940ED13A46}\ARPPRODUCTICON.exe

c:\windows\Installer\{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}\ARPPRODUCTICON.exe

c:\windows\Installer\{F436A08B-63BB-72A2-17C0-6D8E5182CA49}\ARPPRODUCTICON.exe

c:\windows\Installer\{F436A08B-63BB-72A2-17C0-6D8E5182CA49}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{F436A08B-63BB-72A2-17C0-6D8E5182CA49}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{F436A08B-63BB-72A2-17C0-6D8E5182CA49}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{F436A08B-63BB-72A2-17C0-6D8E5182CA49}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{F972FD73-47FC-55F7-5EF1-8CA5311FF96E}\ARPPRODUCTICON.exe

c:\windows\Installer\{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}\ARPPRODUCTICON.exe

.

.

((((((((((((((((((((((((( Pliki utworzone od 2012-12-14 do 2013-01-14 )))))))))))))))))))))))))))))))

.

.

2013-01-14 16:42 . 2013-01-14 16:42	--------	d-----w-	c:\users\Default\AppData\Local\temp

2013-01-14 14:17 . 2013-01-14 14:17	--------	d-----w-	c:\users\Marko\AppData\Local\ESET

2013-01-14 14:14 . 2013-01-14 14:14	--------	d-----w-	c:\program files\ESET

2013-01-10 13:13 . 2013-01-10 13:13	--------	d-----w-	c:\program files (x86)\EA GAMES

2013-01-10 03:09 . 2013-01-14 16:38	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{35D26C1F-450B-4872-9D9A-37970BEB7A72}\offreg.dll

2013-01-09 14:45 . 2013-01-09 14:45	--------	d-----w-	c:\program files (x86)\Ashampoo

2013-01-07 23:48 . 2013-01-08 01:09	--------	d-----w-	c:\users\Marko\AppData\Roaming\Mp3tag

2013-01-07 23:47 . 2013-01-07 23:47	--------	d-----w-	c:\program files (x86)\Mp3tag

2013-01-07 23:44 . 2013-01-07 23:44	--------	d-----w-	c:\program files (x86)\Tunatic

2013-01-07 20:09 . 2000-05-22 15:58	209608	----a-w-	c:\windows\SysWow64\tabctl32.ocx

2013-01-07 20:09 . 2009-10-29 09:34	2656176	----a-w-	c:\windows\SysWow64\Codejock.Calendar.v13.2.1.ocx

2013-01-07 20:09 . 2004-03-08 22:00	132880	----a-w-	c:\windows\SysWow64\MSINET.OCX

2013-01-07 20:09 . 2013-01-08 20:19	--------	d-----w-	c:\program files (x86)\CoD RconTool

2013-01-07 01:52 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{35D26C1F-450B-4872-9D9A-37970BEB7A72}\mpengine.dll

2013-01-06 14:40 . 2013-01-06 14:40	--------	d-----w-	c:\programdata\Hewlett-Packard

2013-01-06 14:40 . 2009-07-14 01:41	230400	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

2013-01-05 23:54 . 2013-01-05 23:54	--------	d-----w-	c:\windows\Sun

2013-01-05 23:48 . 2013-01-05 23:48	--------	d-----w-	c:\program files (x86)\Common Files\Java

2013-01-05 23:48 . 2013-01-05 23:47	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll

2013-01-05 23:48 . 2013-01-05 23:47	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll

2013-01-05 23:48 . 2013-01-05 23:47	95184	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-05 23:47 . 2013-01-05 23:47	--------	d-----w-	c:\program files (x86)\Java

2013-01-03 17:36 . 2013-01-03 17:36	--------	d-----w-	c:\users\Marko\AppData\Roaming\MySQL

2013-01-03 17:02 . 2013-01-03 17:02	--------	d-----w-	c:\program files (x86)\MySQL

2013-01-01 20:31 . 2013-01-01 20:32	--------	d-----w-	C:\mech

2013-01-01 20:30 . 2013-01-01 20:30	--------	d-----w-	c:\program files (x86)\DOSBox-0.72

2012-12-30 16:13 . 2012-12-30 16:13	--------	d-----w-	c:\program files (x86)\DigiPen

2012-12-27 01:10 . 2012-12-27 01:10	--------	d-----w-	c:\users\Marko\AppData\Local\Rockstar Games

2012-12-24 15:22 . 2012-12-24 15:22	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll

2012-12-24 15:20 . 2012-12-24 15:20	--------	d-----w-	c:\windows\SysWow64\xlive

2012-12-24 15:20 . 2012-12-27 01:05	--------	d-----w-	c:\program files (x86)\Microsoft Games for Windows - LIVE

2012-12-24 14:35 . 2012-12-24 14:35	--------	d-----w-	c:\program files (x86)\Rockstar Games

2012-12-24 13:13 . 2013-01-08 19:56	--------	d-----w-	c:\users\Marko\AppData\Roaming\TS3Client

2012-12-24 13:13 . 2012-12-24 13:13	--------	d-----w-	c:\program files\TeamSpeak 3 Client

2012-12-24 00:41 . 2012-12-24 00:41	--------	d-----w-	c:\users\Marko\AppData\Local\4A Games

2012-12-24 00:30 . 2012-12-24 00:30	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation

2012-12-24 00:23 . 2007-01-24 21:27	393576	----a-w-	c:\windows\system32\xactengine2_6.dll

2012-12-23 22:50 . 2012-12-25 22:35	--------	d-----w-	c:\program files\Core Temp

2012-12-23 20:47 . 2012-12-23 20:47	--------	d-----w-	c:\users\Marko\AppData\Roaming\NapiProjekt

2012-12-23 20:47 . 2012-12-23 20:47	--------	d-----w-	c:\program files (x86)\NapiProjekt

2012-12-23 16:53 . 2012-12-23 16:53	--------	d-----w-	c:\users\Marko\AppData\Local\SKIDROW

2012-12-22 11:34 . 2012-12-22 11:36	--------	d-----w-	c:\users\Marko\AppData\Roaming\MyPhoneExplorer

2012-12-22 11:34 . 2012-12-22 11:34	--------	d-----w-	c:\program files (x86)\MyPhoneExplorer

2012-12-21 00:26 . 2012-12-21 00:26	--------	d-----w-	c:\programdata\NFS Underground

2012-12-21 00:25 . 2012-12-21 00:25	--------	d-----w-	c:\users\Marko\AppData\Local\ElevatedDiagnostics

2012-12-20 09:46 . 2012-12-20 10:48	--------	d-----w-	c:\users\Marko\AppData\Roaming\Notepad++

2012-12-20 09:46 . 2012-12-20 09:46	--------	d-----w-	c:\program files (x86)\Notepad++

2012-12-19 21:22 . 2012-12-19 21:22	--------	d-----w-	c:\program files (x86)\GPU-Z

2012-12-19 16:04 . 2012-12-19 16:04	--------	d-----w-	c:\users\Marko\AppData\Local\SplitMediaLabs

2012-12-19 16:03 . 2012-12-19 16:03	--------	d-----w-	c:\programdata\SplitMediaLabs

2012-12-19 16:03 . 2012-12-19 16:03	--------	d-----w-	c:\program files (x86)\SplitMediaLabs

2012-12-19 16:02 . 2012-12-19 16:02	--------	d-----w-	c:\users\Marko\AppData\Roaming\SplitMediaLabs

2012-12-19 15:20 . 2012-12-19 15:21	--------	d-----w-	c:\users\Marko\AppData\Roaming\Unity

2012-12-19 15:19 . 2012-12-19 15:19	--------	d-----w-	c:\users\Marko\AppData\Roaming\Apple Computer

2012-12-19 15:19 . 2012-12-19 15:19	--------	d-----w-	c:\users\Marko\AppData\Local\Apple Computer

2012-12-19 15:19 . 2012-12-23 22:57	--------	d-----w-	c:\programdata\Unity

2012-12-19 15:18 . 2012-12-19 15:19	--------	d-----w-	c:\users\Marko\AppData\Local\Unity

2012-12-19 15:14 . 2012-12-19 15:18	--------	d-----w-	c:\program files (x86)\Unity

2012-12-19 10:59 . 2012-12-19 14:17	--------	d-----w-	C:\xampp

2012-12-18 16:23 . 2012-12-18 16:23	--------	d-----w-	c:\programdata\ATI

2012-12-18 16:23 . 2012-12-18 16:23	--------	d-----w-	c:\program files (x86)\AMD AVT

2012-12-18 16:22 . 2012-12-18 16:22	--------	d-----w-	c:\program files (x86)\AMD APP

2012-12-18 11:00 . 2013-01-07 07:10	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr

2012-12-18 10:59 . 2013-01-07 19:59	--------	d-----w-	c:\users\Marko\AppData\Local\PunkBuster

2012-12-18 10:59 . 2012-12-18 10:59	--------	d-----w-	c:\programdata\Orbit

2012-12-18 10:21 . 2013-01-08 19:53	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.exe

2012-12-18 10:21 . 2013-01-08 19:52	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0

2012-12-18 10:21 . 2012-12-18 10:21	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe

2012-12-18 10:21 . 2012-12-18 10:21	--------	d-----w-	c:\program files (x86)\Ubisoft

2012-12-17 18:56 . 2012-12-17 18:56	--------	d-----w-	c:\program files (x86)\SilicMobile

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 00:17 . 2012-12-10 07:06	45056	----a-w-	c:\windows\SysWow64\acovcnt.exe

2013-01-08 23:46 . 2012-12-09 23:51	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-08 23:46 . 2012-12-09 23:51	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 22:22 . 2012-12-12 22:22	231376	----a-w-	c:\windows\system32\drivers\truecrypt.sys

2012-12-11 08:29 . 2012-12-11 08:29	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-12-11 08:29 . 2012-12-11 08:29	161792	----a-w-	c:\windows\SysWow64\msls31.dll

2012-12-11 08:29 . 2012-12-11 08:29	1129472	----a-w-	c:\windows\SysWow64\wininet.dll

2012-12-11 08:29 . 2012-12-11 08:29	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll

2012-12-11 08:29 . 2012-12-11 08:29	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe

2012-12-11 08:29 . 2012-12-11 08:29	74752	----a-w-	c:\windows\SysWow64\iesetup.dll

2012-12-11 08:29 . 2012-12-11 08:29	63488	----a-w-	c:\windows\SysWow64\tdc.ocx

2012-12-11 08:29 . 2012-12-11 08:29	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll

2012-12-11 08:29 . 2012-12-11 08:29	420864	----a-w-	c:\windows\SysWow64\vbscript.dll

2012-12-11 08:29 . 2012-12-11 08:29	367104	----a-w-	c:\windows\SysWow64\html.iec

2012-12-11 08:29 . 2012-12-11 08:29	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll

2012-12-11 08:29 . 2012-12-11 08:29	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll

2012-12-11 08:29 . 2012-12-11 08:29	152064	----a-w-	c:\windows\SysWow64\wextract.exe

2012-12-11 08:29 . 2012-12-11 08:29	150528	----a-w-	c:\windows\SysWow64\iexpress.exe

2012-12-11 08:29 . 2012-12-11 08:29	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl

2012-12-11 08:29 . 2012-12-11 08:29	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll

2012-12-11 08:29 . 2012-12-11 08:29	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe

2012-12-11 08:29 . 2012-12-11 08:29	85504	----a-w-	c:\windows\system32\jsproxy.dll

2012-12-11 08:29 . 2012-12-11 08:29	35840	----a-w-	c:\windows\SysWow64\imgutil.dll

2012-12-11 08:29 . 2012-12-11 08:29	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb

2012-12-11 08:29 . 2012-12-11 08:29	2382848	----a-w-	c:\windows\system32\mshtml.tlb

2012-12-11 08:29 . 2012-12-11 08:29	222208	----a-w-	c:\windows\system32\msls31.dll

2012-12-11 08:29 . 2012-12-11 08:29	2144768	----a-w-	c:\windows\system32\iertutil.dll

2012-12-11 08:29 . 2012-12-11 08:29	197120	----a-w-	c:\windows\system32\msrating.dll

2012-12-11 08:29 . 2012-12-11 08:29	17811968	----a-w-	c:\windows\system32\mshtml.dll

2012-12-11 08:29 . 2012-12-11 08:29	173056	----a-w-	c:\windows\system32\ieUnatt.exe

2012-12-11 08:29 . 2012-12-11 08:29	149504	----a-w-	c:\windows\system32\occache.dll

2012-12-11 08:29 . 2012-12-11 08:29	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe

2012-12-11 08:29 . 2012-12-11 08:29	1392128	----a-w-	c:\windows\system32\wininet.dll

2012-12-11 08:29 . 2012-12-11 08:29	1346048	----a-w-	c:\windows\system32\urlmon.dll

2012-12-11 08:29 . 2012-12-11 08:29	11776	----a-w-	c:\windows\SysWow64\mshta.exe

2012-12-11 08:29 . 2012-12-11 08:29	101888	----a-w-	c:\windows\SysWow64\admparse.dll

2012-12-11 08:29 . 2012-12-11 08:29	65024	----a-w-	c:\windows\system32\pngfilt.dll

2012-12-11 08:29 . 2012-12-11 08:29	96768	----a-w-	c:\windows\system32\mshtmled.dll

2012-12-11 08:29 . 2012-12-11 08:29	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe

2012-12-11 08:29 . 2012-12-11 08:29	89088	----a-w-	c:\windows\system32\ie4uinit.exe

2012-12-11 08:29 . 2012-12-11 08:29	85504	----a-w-	c:\windows\system32\iesetup.dll

2012-12-11 08:29 . 2012-12-11 08:29	82432	----a-w-	c:\windows\system32\icardie.dll

2012-12-11 08:29 . 2012-12-11 08:29	816640	----a-w-	c:\windows\system32\jscript.dll

2012-12-11 08:29 . 2012-12-11 08:29	76800	----a-w-	c:\windows\system32\tdc.ocx

2012-12-11 08:29 . 2012-12-11 08:29	729088	----a-w-	c:\windows\system32\msfeeds.dll

2012-12-11 08:29 . 2012-12-11 08:29	599040	----a-w-	c:\windows\system32\vbscript.dll

2012-12-11 08:29 . 2012-12-11 08:29	55296	----a-w-	c:\windows\system32\msfeedsbs.dll

2012-12-11 08:29 . 2012-12-11 08:29	534528	----a-w-	c:\windows\system32\ieapfltr.dll

2012-12-11 08:29 . 2012-12-11 08:29	49664	----a-w-	c:\windows\system32\imgutil.dll

2012-12-11 08:29 . 2012-12-11 08:29	48640	----a-w-	c:\windows\system32\mshtmler.dll

2012-12-11 08:29 . 2012-12-11 08:29	452608	----a-w-	c:\windows\system32\dxtmsft.dll

2012-12-11 08:29 . 2012-12-11 08:29	448512	----a-w-	c:\windows\system32\html.iec

2012-12-11 08:29 . 2012-12-11 08:29	403248	----a-w-	c:\windows\system32\iedkcs32.dll

2012-12-11 08:29 . 2012-12-11 08:29	39936	----a-w-	c:\windows\system32\iernonce.dll

2012-12-11 08:29 . 2012-12-11 08:29	3695416	----a-w-	c:\windows\system32\ieapfltr.dat

2012-12-11 08:29 . 2012-12-11 08:29	30720	----a-w-	c:\windows\system32\licmgr10.dll

2012-12-11 08:29 . 2012-12-11 08:29	282112	----a-w-	c:\windows\system32\dxtrans.dll

2012-12-11 08:29 . 2012-12-11 08:29	267776	----a-w-	c:\windows\system32\ieaksie.dll

2012-12-11 08:29 . 2012-12-11 08:29	249344	----a-w-	c:\windows\system32\webcheck.dll

2012-12-11 08:29 . 2012-12-11 08:29	248320	----a-w-	c:\windows\system32\ieui.dll

2012-12-11 08:29 . 2012-12-11 08:29	237056	----a-w-	c:\windows\system32\url.dll

2012-12-11 08:29 . 2012-12-11 08:29	2312704	----a-w-	c:\windows\system32\jscript9.dll

2012-12-11 08:29 . 2012-12-11 08:29	165888	----a-w-	c:\windows\system32\iexpress.exe

2012-12-11 08:29 . 2012-12-11 08:29	163840	----a-w-	c:\windows\system32\ieakui.dll

2012-12-11 08:29 . 2012-12-11 08:29	160256	----a-w-	c:\windows\system32\wextract.exe

2012-12-11 08:29 . 2012-12-11 08:29	160256	----a-w-	c:\windows\system32\ieakeng.dll

2012-12-11 08:29 . 2012-12-11 08:29	1494528	----a-w-	c:\windows\system32\inetcpl.cpl

2012-12-11 08:29 . 2012-12-11 08:29	145920	----a-w-	c:\windows\system32\iepeers.dll

2012-12-11 08:29 . 2012-12-11 08:29	135168	----a-w-	c:\windows\system32\IEAdvpack.dll

2012-12-11 08:29 . 2012-12-11 08:29	12288	----a-w-	c:\windows\system32\mshta.exe

2012-12-11 08:29 . 2012-12-11 08:29	114176	----a-w-	c:\windows\system32\admparse.dll

2012-12-11 08:29 . 2012-12-11 08:29	111616	----a-w-	c:\windows\system32\iesysprep.dll

2012-12-11 08:29 . 2012-12-11 08:29	10925568	----a-w-	c:\windows\system32\ieframe.dll

2012-12-11 08:29 . 2012-12-11 08:29	10752	----a-w-	c:\windows\system32\msfeedssync.exe

2012-12-11 08:29 . 2012-12-11 08:29	103936	----a-w-	c:\windows\system32\inseng.dll

2012-12-10 07:44 . 2012-12-10 07:44	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys

2012-12-02 08:31 . 2012-12-02 08:31	5626536	----a-w-	c:\windows\SysWow64\atiumdag.dll

2012-12-02 08:29 . 2012-12-02 08:29	11270656	----a-w-	c:\windows\system32\drivers\atikmdag.sys

2012-12-02 08:17 . 2012-12-02 08:17	23455744	----a-w-	c:\windows\system32\atio6axx.dll

2012-12-02 08:00 . 2012-12-02 08:00	163840	----a-w-	c:\windows\system32\atiapfxx.exe

2012-12-02 07:59 . 2012-12-02 07:59	70144	----a-w-	c:\windows\system32\coinst_9.01.8.dll

2012-12-02 07:58 . 2012-12-02 07:58	51200	----a-w-	c:\windows\system32\aticalrt64.dll

2012-12-02 07:58 . 2012-12-02 07:58	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll

2012-12-02 07:58 . 2012-12-02 07:58	44544	----a-w-	c:\windows\system32\aticalcl64.dll

2012-12-02 07:58 . 2012-12-02 07:58	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll

2012-12-02 07:58 . 2012-12-02 07:58	16082944	----a-w-	c:\windows\system32\aticaldd64.dll

2012-12-02 07:57 . 2012-12-02 07:57	18979328	----a-w-	c:\windows\SysWow64\atioglxx.dll

2012-12-02 07:54 . 2012-12-02 07:54	13703168	----a-w-	c:\windows\SysWow64\aticaldd.dll

2012-12-02 07:50 . 2012-12-02 07:50	949248	----a-w-	c:\windows\SysWow64\aticfx32.dll

2012-12-02 07:48 . 2012-09-28 01:41	1137664	----a-w-	c:\windows\system32\aticfx64.dll

2012-12-02 07:46 . 2012-12-02 07:46	6684672	----a-w-	c:\windows\SysWow64\atidxx32.dll

2012-12-02 07:41 . 2012-12-02 07:41	4674048	----a-w-	c:\windows\system32\atiumd6a.dll

2012-12-02 07:37 . 2012-12-02 07:37	442368	----a-w-	c:\windows\system32\atidemgy.dll

2012-12-02 07:37 . 2012-12-02 07:37	548864	----a-w-	c:\windows\system32\atieclxx.exe

2012-12-02 07:36 . 2012-12-02 07:36	240640	----a-w-	c:\windows\system32\atiesrxx.exe

2012-12-02 07:35 . 2012-12-02 07:35	120320	----a-w-	c:\windows\system32\atitmm64.dll

2012-12-02 07:35 . 2012-12-02 07:35	21504	----a-w-	c:\windows\system32\atimuixx.dll

2012-12-02 07:35 . 2012-12-02 07:35	59392	----a-w-	c:\windows\system32\atiedu64.dll

2012-12-02 07:35 . 2012-12-02 07:35	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll

2012-12-02 07:29 . 2012-12-02 07:29	3862528	----a-w-	c:\windows\SysWow64\atiumdva.dll

.

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]

"Facebook Update"="c:\users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-14 138096]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Application Restart 0"="c:\windows\System32\Magnify.exe" [2009-07-14 629760]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Ashampoo MouseTracer.lnk - c:\program files (x86)\Ashampoo\Ashampoo MouseTracer\MouseTracer.exe [2013-1-9 737184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]

R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-10 1255736]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-11-16 62024]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-10 283200]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-11-16 209808]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-02 240640]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-02 361984]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-16 913184]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-10-14 17152]

S3 ALSysIO;ALSysIO;c:\users\Marko\AppData\Local\Temp\ALSysIO64.sys [x]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-10-25 102528]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-10-25 219776]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-13 56448]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-12 04:59	1606760	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Zawartość folderu 'Zaplanowane zadania'

.

2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-09 23:46]

.

2013-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-156526972-1140688921-909382698-1000Core.job

- c:\users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-14 21:13]

.

2013-01-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-156526972-1140688921-909382698-1000UA.job

- c:\users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-14 21:13]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-09 23:53]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-09 23:53]

.

2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-156526972-1140688921-909382698-1000Core.job

- c:\users\Marko\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-02 23:53]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-156526972-1140688921-909382698-1000UA.job

- c:\users\Marko\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-02 23:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-16 4090824]

.

------- Skan uzupełniający -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - USUNIĘTO PUSTE WPISY - - - -

.

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Czas ukończenia: 2013-01-14 17:46:08

ComboFix-quarantined-files.txt 2013-01-14 16:46

.

Przed: 23 294 554 112 bajtów wolnych

Po: 23 573 950 464 bajtów wolnych

.

- - End Of File - - 488438A61C3761A1D9D0281DB014438D

Agaton · 14 Styczeń 2013 18:34

Obowiązkowe logi, wklejanie logów na forum

analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html