Ping spowodowany (raczej) jakimiś wirusami

popek123 · 12 Listopad 2011 19:54

Witam. Jak w temacie od niedawna skacze mi ping czego wcześniej nie było, sądze ze winą tej sytuacji jest komputer a nie dostawca internetu ponieważ sąsiad ma ten sam internet i jemu sie tak nie dzieje.Posiadam logi z COMBOFIX-a lecz ja sie na tym nie znam.czytałem że może coś mi zapychać łącze (wirus). Dodam jeszcze iz mam jeszcze jakis wobaki w rejestrach a program SpyBot nie może ich usunąć ;/ pomocy ja jestem w tym zielony skanowalem tez kompa ; Norton sntywirus , Malwarebytes’ Anti-Malware,spybot. jeszcze dodam aktywne połączenia netstat ;

Microsoft Windows [Wersja 6.1.7600]

C:\Users\popek>nettest

Nazwa ‘nettest’ nie jest rozpoznawana jako polecenie wewnętrzne lub zewnętrzne,

program wykonywalny lub plik wsadowy.

C:\Users\popek>netstat

Aktywne połączenia

Protokół Adres lokalny Obcy adres Stan

TCP 192.168.0.10:49174 ip-91-214-237-47:https USTANOWIONO

TCP 192.168.0.10:51315 bru01m01-in-f113:http USTANOWIONO

TCP 192.168.0.10:51358 bru01m01-in-f100:http USTANOWIONO

TCP 192.168.0.10:51544 fx-in-f167:http USTANOWIONO

TCP 192.168.0.10:51564 bru01m01-in-f97:https USTANOWIONO

TCP 192.168.0.10:51623 wy-in-f100:http USTANOWIONO

TCP 192.168.0.10:51633 fx-in-f156:http USTANOWIONO

TCP 192.168.0.10:51668 fx-in-f96:http USTANOWIONO

TCP 192.168.0.10:51753 fx-in-f148:http USTANOWIONO

TCP 192.168.0.10:51773 fx-in-f148:http USTANOWIONO

TCP 192.168.0.10:51809 ateros:http USTANOWIONO

TCP 192.168.0.10:51815 fx-in-f156:http USTANOWIONO

TCP 192.168.0.10:51816 fra07s07-in-f165:http USTANOWIONO

TCP 192.168.0.10:51817 fra07s07-in-f165:http USTANOWIONO

TCP 192.168.0.10:51831 fx-in-f106:http USTANOWIONO

TCP 192.168.0.10:51832 fx-in-f106:http USTANOWIONO

TCP 192.168.0.10:51833 fx-in-f106:http USTANOWIONO

TCP 192.168.0.10:51834 fx-in-f106:http USTANOWIONO

TCP 192.168.0.10:51835 fx-in-f106:http USTANOWIONO

TCP 192.168.0.10:51836 fx-in-f106:http USTANOWIONO

TCP 192.168.0.10:51837 173.194.32.95:http USTANOWIONO

TCP 192.168.0.10:51838 173.194.32.95:http USTANOWIONO

C:\Users\popek>

LOGI COMBOFIX;

ComboFix 11-11-04.02 - popek 2011-11-04 13:35:10.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.4095.2899 [GMT 1:00]

Uruchomiony z: c:\users\popek\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\install.exe

.

((((((((((((((((((((((((( Pliki utworzone od 2011-10-04 do 2011-11-04 )))))))))))))))))))))))))))))))

.

2011-11-04 13:12 . 2011-11-04 13:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-03 19:31 . 2011-11-03 19:31 -------- d-----w- c:\program files (x86)\vShare.tv plugin

2011-11-03 09:11 . 2011-11-03 09:11 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-10-31 10:51 . 2011-10-31 10:51 -------- d-----w- c:\users\UpdatusUser

2011-10-31 10:44 . 2011-10-31 10:44 -------- d-----w- c:\windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP

2011-10-31 10:42 . 2011-03-03 15:59 1359976 ----a-w- c:\windows\system32\nvhdagenco642040.dll

2011-10-31 10:42 . 2011-04-08 05:14 1619048 ----a-w- c:\windows\system32\nvdispco6420140.dll

2011-10-31 10:42 . 2011-04-08 05:14 1404008 ----a-w- c:\windows\system32\nvgenco642060.dll

2011-10-31 10:42 . 2011-04-08 05:14 11240 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2011-10-30 18:45 . 2011-07-07 23:21 1452648 ----a-w- c:\windows\system32\nvhdagenco6420102.dll

2011-10-30 18:45 . 2011-10-15 08:53 1533248 ----a-w- c:\windows\system32\nvdispco64.dll

2011-10-30 18:45 . 2011-10-15 08:53 1454400 ----a-w- c:\windows\system32\nvgenco64.dll

2011-10-30 18:43 . 2011-10-30 18:43 -------- d-----w- C:\NVIDIA

2011-10-30 11:05 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll

2011-10-30 11:05 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll

2011-10-30 11:05 . 2008-07-31 09:41 72200 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2011-10-30 11:05 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2011-10-30 11:05 . 2008-07-31 09:40 513544 ----a-w- c:\windows\system32\XAudio2_2.dll

2011-10-30 11:05 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2011-10-30 11:05 . 2008-07-31 09:41 238088 ----a-w- c:\windows\SysWow64\xactengine3_2.dll

2011-10-30 11:05 . 2008-07-31 09:41 177672 ----a-w- c:\windows\system32\xactengine3_2.dll

2011-10-16 11:35 . 2011-10-16 11:35 -------- d-----w- c:\users\popek\AppData\Roaming\2K Sports

2011-10-14 23:54 . 2011-10-14 23:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-18 13:06 . 2011-07-22 22:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-15 08:53 . 2011-04-07 22:19 3074368 ----a-w- c:\windows\system32\nvsvcr.dll

2011-10-15 08:53 . 2011-04-07 22:19 222528 ----a-w- c:\windows\system32\nvmctray.dll

2011-10-15 08:53 . 2011-04-07 22:19 1640768 ----a-w- c:\windows\system32\nvvsvc.exe

2011-10-15 08:53 . 2011-04-07 22:19 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll

2011-10-15 08:53 . 2011-04-07 22:19 10406208 ----a-w- c:\windows\system32\nvcpl.dll

2011-10-15 08:53 . 2011-04-07 22:18 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

2011-10-15 08:53 . 2011-03-15 18:14 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-10-15 08:53 . 2011-03-15 18:14 2808128 ----a-w- c:\windows\system32\nvapi64.dll

2011-10-15 08:53 . 2011-03-15 18:14 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2011-10-15 08:53 . 2011-01-07 19:49 137536 ----a-w- c:\windows\system32\nvshext.dll

2011-10-03 04:06 . 2011-06-05 13:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-25 13:09 . 2011-06-17 08:26 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2011-09-25 13:09 . 2011-06-17 08:26 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2011-09-25 13:09 . 2011-06-17 08:26 122968 ----a-w- c:\windows\system32\OpenAL32.dll

2011-09-25 13:09 . 2011-06-17 08:26 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2011-09-15 22:19 . 2011-09-15 22:19 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2011-08-21 17:43 . 2011-08-21 17:43 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys

2011-08-21 17:43 . 2011-08-21 17:43 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2011-08-08 17:44 . 2011-09-25 13:09 809560 ----a-r- c:\windows\SysWow64\tmpDEA3.tmp

2011-08-08 17:44 . 2011-08-08 17:44 809560 ----a-r- c:\windows\SysWow64\tmpDEA2.tmp

2011-08-03 08:58 . 2011-08-01 17:20 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node~\Browser Helper Objects{EEE6C35C-6118-11DC-9C72-001320C79847}]

2011-08-24 16:21 1299248 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

“{EEE6C35B-6118-11DC-9C72-001320C79847}”= “c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll” [2011-08-24 1299248]

“{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}”= “c:\program files (x86)\vShare.tv plugin\BarLcher.dll” [2011-09-22 177712]

.

[HKEY_CLASSES_ROOT\clsid{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CLASSES_ROOT\clsid{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]

[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]

[HKEY_CLASSES_ROOT\TypeLib{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]

[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu 10”=“d:\program files (x86)\Gadu-Gadu 10\gg.exe” [2010-12-16 12984928]

“Steam”=“c:\program files (x86)\popek\STEAM\steam.exe” [2011-08-02 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

“HDAudDeck”=“c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe” [2010-05-24 2439072]

“BCU”=“c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe” [2010-03-05 411864]

“QFan Help”=“c:\program files\ASUS\Ai Suite\QFan4\FanHelp.exe” [2010-03-25 888960]

“Cpu Level Up help”=“c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe” [2009-12-28 887936]

“Turbo Key”=“c:\program files\ASUS\Turbo Key\TurboKey.exe” [2009-11-24 1874432]

“SweetIM”=“c:\program files (x86)\SweetIM\Messenger\SweetIM.exe” [2011-08-01 114992]

“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“ConsentPromptBehaviorAdmin”= 5 (0x5)

“ConsentPromptBehaviorUser”= 3 (0x3)

“EnableUIADesktopToggle”= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

.

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAVx64\1000000.07D\ccHPx64.sys [x]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;d:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [2011-10-14 1155704]

S1 IDSVia64;IDSVia64;c:\programdata\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20111103.030\IDSvia64.sys [2011-08-22 488568]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]

S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2011-08-03 168864]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

.

Zawartość folderu ‘Zaplanowane zadania’

.

2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-335587777-12427348-1640928024-1000Core.job

c:\users\popek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 09:04]

.

2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-335587777-12427348-1640928024-1000UA.job

c:\users\popek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 09:04]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

“LoadAppInit_DLLs”=0x0

.

------- Skan uzupełniający -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://startsear.ch/?aff=1

mStart Page = hxxp://startsear.ch/?aff=1

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &P&obierz &za pomocą BitComet - d:\program files (x86)\BitComet\BitComet_x64.exe/AddLink.htm

IE: Pobierz wszystko za pomocą BitComet - d:\program files (x86)\BitComet\BitComet_x64.exe/AddAllLink.htm

TCP: DhcpNameServer = 109.197.168.2 109.197.168.3

FF - ProfilePath - c:\users\popek\AppData\Roaming\Mozilla\Firefox\Profiles\hxfncmap.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files (x86)\Mozilla Firefox\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - d:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - d:\program files (x86)\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - d:\program files (x86)\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com

FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn

.

- - - USUNIĘTO PUSTE WPISY - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Mumble - d:\program files (x86)\Mumble\Uninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

“ImagePath”="“c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe” /s “NAV” /m “c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll” /prefetch:1"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

.

[HKEY_USERS\S-1-5-21-335587777-12427348-1640928024-1000\Software\SecuROM\License information*]

“datasecu”=hex:25,f3,9a,6a,8c,eb,55,13,9a,d9,69,1c,c6,5e,2e,95,63,8a,1d,86,8e,

82,ac,8e,3a,f5,23,32,e1,4c,fc,5e,2f,02,e5,be,04,55,60,d2,7a,46,6e,de,50,e1,\

“rkeysecu”=hex:fc,71,d0,6c,a2,54,f1,ee,ac,c0,4c,43,bc,a4,a3,75

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@=“Shockwave Flash Object”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@=“c:\Windows\SysWow64\Macromed\Flash\Flash9f.ocx”

“ThreadingModel”=“Apartment”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@=“0”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@=“ShockwaveFlash.ShockwaveFlash.9”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@=“c:\Windows\SysWow64\Macromed\Flash\Flash9f.ocx, 1”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@=“1.0”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@=“ShockwaveFlash.ShockwaveFlash”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@=“Macromedia Flash Factory Object”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@=“c:\Windows\SysWow64\Macromed\Flash\Flash9f.ocx”

“ThreadingModel”=“Apartment”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@=“FlashFactory.FlashFactory.1”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@=“c:\Windows\SysWow64\Macromed\Flash\Flash9f.ocx, 1”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@=“1.0”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@=“FlashFactory.FlashFactory”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]

@Denied: (A 2) (Everyone)

@=“FlashBroker”

“LocalizedString”="@c:\Windows\system32\Macromed\Flash\FlashUtil9f.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]

“Enabled”=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]

@=“c:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@=“IFlashBroker”

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

“Version”=“1.0”

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\ASUS\AI Direct Link\AsCmd.exe

c:\program files (x86)\ASUS\AI Direct Link\AsShare.exe

.

**************************************************************************

.

Czas ukończenia: 2011-11-04 14:16:45 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2011-11-04 13:16

.

Przed: 17 029 726 208 bajtów wolnych

Po: 16 791 228 416 bajtów wolnych

.

- End Of File - - CD32A18205DBF43A92B14805C67638A5

mdaleki · 12 Listopad 2011 20:09

Witam!

Poszukaj na portalu dobreprogramy Kasperski rescuecd, ściągnij i nagraj na cd. Uruchom Kasperskiego z cd, uaktualnij bazy i przeskanuj komputer.

Pozdrawiam