Skype - infekcja komputera

jasiu05 · 23 Maj 2013 11:43

Witam,

Na komputerze zainstalował mi się wirus, który atakuje Skype’a w następujący sposób:

dostałem linka do “zdjęć”
w linku znajdował się .zip a w nim plik .exe
po kliknięciu komp został zainfekowany - Skype rozsyła linki do wszystkich kontaktów, a po jakimś czasie zanika mi Menu Start i pulpit.

Poniżej log ComboFixa. Proszę o pomoc. Dziękuję.

ComboFix 13-05-23.01 - Administrator 2013-05-23 13:24:25.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4003.2213 [GMT 2:00]

Uruchomiony z: \\ttapp02\tt_files\IT\public\ComboFix.exe

AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: Zapora osobista *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\users\pajre\171

c:\users\pajre\171\disk1\mfricres.dl_

c:\users\pajre\171\disk1\mp171dat.dl_

c:\users\pajre\171\disk1\OEMSETUP.DSC

c:\users\pajre\171\disk1\OEMSETUP.INF

c:\users\pajre\171\disk1\readme.htm

c:\users\pajre\171\disk1\rica1hcb.dl_

c:\users\pajre\171\disk1\rica1hcd.dl_

c:\users\pajre\171\disk1\rica1hcd.psz

c:\users\pajre\171\disk1\rica1hcf.cfz

c:\users\pajre\171\disk1\rica1hch.chm

c:\users\pajre\171\disk1\rica1hcj.dl_

c:\users\pajre\171\disk1\rica1hcl.ini

c:\users\pajre\171\disk1\rica1hcp.dl_

c:\users\pajre\171\disk1\rica1hct.cat

c:\users\pajre\171\disk1\rica1hct.dl_

c:\users\pajre\171\disk1\rica1hgi.dl_

c:\users\pajre\171\disk1\rica1hgr.dl_

c:\users\pajre\171\disk1\rica1hlm.dl_

c:\users\pajre\171\disk1\rica1hpb.dl_

c:\users\pajre\171\disk1\rica1hpw.dl_

c:\users\pajre\171\disk1\rica1hug.dl_

c:\users\pajre\171\disk1\rica1hug.miz

c:\users\pajre\171\disk1\rica1hui.dl_

c:\users\pajre\171\disk1\rica1hui.irj

c:\users\pajre\171\disk1\rica1hui.rcf

c:\users\pajre\171\disk1\rica1hui.rdj

c:\users\pajre\171\disk1\rica1hur.dl_

c:\users\pajre\171\disk1\ricdb32.dl_

c:\users\pajre\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56134081-305B-4C5A-98D7-A95C81747D04}.xps

c:\users\pajre\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C36276C-F938-4578-B287-1F7CCF137B1A}.xps

c:\users\pajre\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC30CC0D-9A0B-4A57-9E2A-9845EED5CB7E}.xps

c:\users\pajre\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E237C8D3-9FC2-45E5-969B-1BB01EEFB461}.xps

c:\users\Renata Pajewska\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C4B3BD44-14F7-46D3-9D61-D0267ABFBE4D}.xps

c:\users\Renata Pajewska\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E4B833EE-CA70-448B-9550-5F7B445A4E21}.xps

c:\windows\PFRO.log

.

.

((((((((((((((((((((((((( Pliki utworzone od 2013-04-23 do 2013-05-23 )))))))))))))))))))))))))))))))

.

.

2013-05-23 11:32 . 2013-05-23 11:32	--------	d-----w-	c:\users\WesWe\AppData\Local\temp

2013-05-23 11:32 . 2013-05-23 11:32	--------	d-----w-	c:\users\Renata Pajewska\AppData\Local\temp

2013-05-23 11:32 . 2013-05-23 11:32	--------	d-----w-	c:\users\plumi\AppData\Local\temp

2013-05-23 11:32 . 2013-05-23 11:32	--------	d-----w-	c:\users\pajre\AppData\Local\temp

2013-05-23 11:32 . 2013-05-23 11:32	--------	d-----w-	c:\users\MocGr\AppData\Local\temp

2013-05-23 11:32 . 2013-05-23 11:32	--------	d-----w-	c:\users\dzial\AppData\Local\temp

2013-05-23 10:46 . 2013-05-23 10:46	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Malwarebytes

2013-05-23 10:46 . 2013-05-23 10:46	--------	d-----w-	C:\RDCab

2013-05-23 09:32 . 2013-05-23 09:32	--------	d-----w-	c:\users\pajre\AppData\Roaming\Malwarebytes

2013-05-23 09:30 . 2013-05-23 09:30	--------	d-----w-	c:\programdata\Malwarebytes

2013-05-23 09:30 . 2013-05-23 09:30	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-23 09:30 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys

2013-05-23 09:30 . 2013-05-23 09:30	--------	d-----w-	c:\users\pajre\AppData\Local\Programs

2013-05-23 07:14 . 2013-05-23 07:14	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2013-05-23 07:13 . 2013-05-23 07:13	686416	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2013-05-20 11:00 . 2013-05-20 11:03	--------	d---a-w-	C:\AutoControl 2.0

2013-05-15 20:09 . 2011-12-14 06:49	18456	----a-w-	c:\windows\system32\drivers\massfilter_LTE.sys

2013-05-15 20:09 . 2011-12-14 06:49	169496	----a-w-	c:\windows\system32\drivers\zgdcnet3.sys

2013-05-15 20:09 . 2011-12-14 06:49	169496	----a-w-	c:\windows\system32\drivers\zgdcnet2.sys

2013-05-15 20:09 . 2011-12-14 06:49	169496	----a-w-	c:\windows\system32\drivers\zgdcnet.sys

2013-05-15 20:09 . 2011-12-14 06:49	130200	----a-w-	c:\windows\system32\drivers\zgdcvousb.sys

2013-05-15 20:09 . 2011-12-14 06:49	130200	----a-w-	c:\windows\system32\drivers\zgdcnmea.sys

2013-05-15 20:09 . 2011-12-14 06:49	130200	----a-w-	c:\windows\system32\drivers\zgdcmdm.sys

2013-05-15 20:09 . 2011-12-14 06:49	130200	----a-w-	c:\windows\system32\drivers\zgdcdiag.sys

2013-05-15 20:09 . 2011-12-14 06:49	130200	----a-w-	c:\windows\system32\drivers\zgdcatext.sys

2013-05-15 20:09 . 2011-12-14 06:49	130200	----a-w-	c:\windows\system32\drivers\zgdcat.sys

2013-05-15 20:08 . 2013-05-15 20:09	--------	d-----w-	c:\windows\SysWow64\SupportAppZXH

2013-04-29 21:40 . 2013-05-01 21:56	--------	d-----w-	c:\users\pajre\AppData\Roaming\RedApp

2013-04-29 21:39 . 2013-05-23 07:07	--------	d-----w-	c:\users\pajre\AppData\Roaming\ipla

2013-04-29 21:39 . 2013-05-02 09:39	--------	d-----w-	c:\programdata\ipla

2013-04-29 21:39 . 2013-05-01 22:12	--------	d-----w-	c:\programdata\RDRM

2013-04-29 21:39 . 2013-05-01 22:12	--------	d-----w-	c:\program files (x86)\ipla

2013-04-29 21:38 . 2013-04-29 21:38	1700352	----a-w-	c:\windows\SysWow64\gdiplus.dll

2013-04-29 21:38 . 2013-04-29 21:38	--------	d-----w-	c:\program files (x86)\RedApp

2013-04-29 21:38 . 2011-09-15 09:01	151040	----a-w-	c:\windows\system32\drivers\ZTEusbnet.sys

2013-04-29 21:38 . 2011-09-15 09:01	123520	----a-w-	c:\windows\system32\drivers\ZTEusbnmeaext2.sys

2013-04-29 21:38 . 2011-09-15 09:01	123520	----a-w-	c:\windows\system32\drivers\ZTEusbnmeaext.sys

2013-04-29 21:38 . 2011-09-15 09:01	123520	----a-w-	c:\windows\system32\drivers\ZTEusbgps.sys

2013-04-29 21:38 . 2011-09-15 09:01	123520	----a-w-	c:\windows\system32\drivers\ZTEusbdvbh.sys

2013-04-29 21:38 . 2011-09-15 09:01	123264	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys

2013-04-29 21:38 . 2011-09-15 09:01	123264	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys

2013-04-29 21:38 . 2011-09-15 09:01	123264	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys

2013-04-29 21:38 . 2011-09-15 09:01	11776	----a-w-	c:\windows\system32\drivers\massfilter.sys

2013-04-29 21:37 . 2013-04-29 21:38	--------	d-----w-	c:\windows\SysWow64\SupportAppCB

2013-04-29 21:37 . 2013-05-15 20:08	--------	d-----w-	c:\program files (x86)\Cyfrowy Polsat

2013-04-29 21:28 . 2013-04-29 21:28	--------	d-----w-	c:\windows\system32\%LOCALAPPDATA%

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-22 11:41 . 2013-02-22 11:41	56016	----a-w-	c:\windows\system32\drivers\fsbts.sys

2013-02-22 11:35 . 2013-02-22 11:35	33408	----a-w-	c:\windows\SysWow64\drivers\fsbts.sys

.

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{93a3111f-4f74-4ed8-895e-d9708497629e}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll" [2012-07-24 62864]

.

[HKEY_CLASSES_ROOT\clsid\{93a3111f-4f74-4ed8-895e-d9708497629e}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]

2012-07-24 11:12	699536	----a-w-	c:\progra~2\VIDEOD~2\bar\1.bin\4zbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]

2012-07-24 11:12	62864	----a-w-	c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [2012-07-24 699536]

.

[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-04-22 296056]

"VideoDownloadConverter Search Scope Monitor"="c:\progra~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" [2012-07-24 42536]

"VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~2\VIDEOD~2\bar\1.bin\4zbrmon.exe" [2012-07-24 30096]

"iPlusManager"="c:\program files (x86)\iPlus\iPlusChecker.exe" [2009-03-17 434176]

"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2012-06-26 306928]

"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2012-06-26 1654512]

"CancelAutoPlay"="c:\program files (x86)\Cyfrowy Polsat\MF669\CancelAutoPlay.exe" [2011-12-27 414544]

"UIExec"="c:\program files (x86)\Cyfrowy Polsat\MF669\UIExec.exe" [2012-05-11 156448]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Function Palette.lnk - c:\program files (x86)\RDS\PLTBar.exe [2012-7-13 163840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages	REG_MULTI_SZ DPPassFilter scecli

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-2000478354-725345543-1273\Scripts\Logon\0\0]

"Script"=logon_TT.cmd

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 PLAY ONLINE. RunOuc;PLAY ONLINE. OUC;c:\program files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [2012-01-09 246112]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 AMPPALP;Protok?3 Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-01-09 117248]

R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-01-09 421376]

R3 F-Secure Launcher;F-Secure Launcher;c:\windows\Launcher.exe fslaunch.ini [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-09-15 11776]

R3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_lte.sys [2011-12-14 18456]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-09 1255736]

R3 zgdcat;ZTE Datacard AT Port;c:\windows\system32\DRIVERS\zgdcat.sys [2011-12-14 130200]

R3 zgdcdiag;ZTE Datacard Diagnostics Port;c:\windows\system32\DRIVERS\zgdcdiag.sys [2011-12-14 130200]

R3 zgdcmdm;ZTE Datacard Modem;c:\windows\system32\DRIVERS\zgdcmdm.sys [2011-12-14 130200]

R3 zgdcnet;ZTE Datacard Network Adapter;c:\windows\system32\DRIVERS\zgdcnet.sys [2011-12-14 169496]

R3 zgdcnmea;ZTE Datacard NMEA Port;c:\windows\system32\DRIVERS\zgdcnmea.sys [2011-12-14 130200]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2011-09-15 151040]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2012-06-26 41072]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [2012-06-26 26352]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2013-02-22 56016]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\HIPS\drivers\fshs.sys [2012-06-26 61104]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-06-26 45872]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-06-26 94160]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2012-06-26 14064]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]

S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886016]

S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Cyfrowy Polsat\MF669\AssistantServices.exe [2012-05-11 274720]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-12-03 3143472]

S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2012-07-24 42504]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]

S3 AMPPAL;Karta wirtualna Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]

S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2013-02-27 200760]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\ORSP Client\fsorsp.exe [2012-06-26 61168]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-01-09 86016]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 59904]

S3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]

.

.

Zawartość folderu 'Zaplanowane zadania'

.

2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-22 17:54]

.

2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-22 17:54]

.

2013-05-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]

.

2013-05-23 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-15 686704]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-09-10 206336]

"zLoader.exe"="c:\program files (x86)\Cyfrowy Polsat\MF821\Bin\zLoader.exe" [2012-05-22 26480]

"CancelAutoPlay.exe"="c:\program files (x86)\Cyfrowy Polsat\MF821\Bin\CancelAutoPlay.exe" [2012-05-22 74096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-09-10 7168]

.

------- Skan uzupełniający -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.10 192.168.0.45

TCP: Interfaces\{4897DA40-4A67-4C18-BF9A-AE8AE178F63E}: NameServer = 212.2.96.53 212.2.96.51

TCP: Interfaces\{5442266C-1072-4911-9624-063CBBC31B35}: NameServer = 212.2.96.54 212.2.96.52

TCP: Interfaces\{D37AAF4F-4BF6-4DBA-8032-D92026D736D3}: NameServer = 89.108.202.21 89.108.195.21

FF - ProfilePath - 

.

- - - - USUNIĘTO PUSTE WPISY - - - -

.

Wow6432Node-HKLM-Run- - (no file)

WebBrowser-{48586425-6BB7-4F51-8DC6-38C88E3EBB58} - (no file)

HKLM-Run-SysTrayApp - c:\program files\IDT\WDM\sttray64.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

AddRemove-{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC} - c:\programdata\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe

.

.

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

.

[HKEY_USERS\S-1-5-21-1833140284-4201759208-2591030679-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c5,

   02,99,ba,e8,0f,bb,95,bc,17,88,6f,f8,de

"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f9,dc,53,

   2a,55,e6,ae,06,96,73,0a,49,10,20,d7,d7

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,47,9a,

   b4,68,7c,bf,03,91,78,b7,b7,81,5b,01,8a

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e9,

   ae,15,5c,32,04,a4,21,04,f3,04,cf,47,e2

"{C6867EB7-8350-4856-877F-93CF8AE3DC9C}"=hex:51,66,7a,6c,4c,1d,3b,1b,a7,61,9c,

   dc,64,d1,3d,05,99,7c,d5,8f,8e,a2,99,81

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d2,

   c1,71,f6,30,0e,a2,77,da,65,c5,84,cd,b4

.

[HKEY_USERS\S-1-5-21-1833140284-4201759208-2591030679-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"Timestamp"=hex:6d,d0,a1,73,a7,57,ce,01

.

[HKEY_USERS\S-1-5-21-1833140284-4201759208-2591030679-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,7e,24,28,53,aa,89,4c,b7,55,8e,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Czas ukończenia: 2013-05-23 13:35:36

ComboFix-quarantined-files.txt 2013-05-23 11:35

.

Przed: 31 672 782 848 bajtów wolnych

Po: 31 392 862 208 bajtów wolnych

.

- - End Of File - - C829105ED2A3C6B563FA4963870FD57B

Atis · 23 Maj 2013 11:48

OTL - Raport obowiązkowy:

analiza-dezynfekcja-zestaw-nieingerencyjnych-narzedzi-t485632.html#p305974

jasiu05 · 23 Maj 2013 14:52

Problem rozwiązany. Combofix pomógł