Witam,
Na komputerze zainstalował mi się wirus, który atakuje Skype’a w następujący sposób:
-
dostałem linka do “zdjęć”
-
w linku znajdował się .zip a w nim plik .exe
-
po kliknięciu komp został zainfekowany - Skype rozsyła linki do wszystkich kontaktów, a po jakimś czasie zanika mi Menu Start i pulpit.
Poniżej log ComboFixa. Proszę o pomoc. Dziękuję.
ComboFix 13-05-23.01 - Administrator 2013-05-23 13:24:25.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4003.2213 [GMT 2:00]
Uruchomiony z: \\ttapp02\tt_files\IT\public\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Zapora osobista *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\pajre\171
c:\users\pajre\171\disk1\mfricres.dl_
c:\users\pajre\171\disk1\mp171dat.dl_
c:\users\pajre\171\disk1\OEMSETUP.DSC
c:\users\pajre\171\disk1\OEMSETUP.INF
c:\users\pajre\171\disk1\readme.htm
c:\users\pajre\171\disk1\rica1hcb.dl_
c:\users\pajre\171\disk1\rica1hcd.dl_
c:\users\pajre\171\disk1\rica1hcd.psz
c:\users\pajre\171\disk1\rica1hcf.cfz
c:\users\pajre\171\disk1\rica1hch.chm
c:\users\pajre\171\disk1\rica1hcj.dl_
c:\users\pajre\171\disk1\rica1hcl.ini
c:\users\pajre\171\disk1\rica1hcp.dl_
c:\users\pajre\171\disk1\rica1hct.cat
c:\users\pajre\171\disk1\rica1hct.dl_
c:\users\pajre\171\disk1\rica1hgi.dl_
c:\users\pajre\171\disk1\rica1hgr.dl_
c:\users\pajre\171\disk1\rica1hlm.dl_
c:\users\pajre\171\disk1\rica1hpb.dl_
c:\users\pajre\171\disk1\rica1hpw.dl_
c:\users\pajre\171\disk1\rica1hug.dl_
c:\users\pajre\171\disk1\rica1hug.miz
c:\users\pajre\171\disk1\rica1hui.dl_
c:\users\pajre\171\disk1\rica1hui.irj
c:\users\pajre\171\disk1\rica1hui.rcf
c:\users\pajre\171\disk1\rica1hui.rdj
c:\users\pajre\171\disk1\rica1hur.dl_
c:\users\pajre\171\disk1\ricdb32.dl_
c:\users\pajre\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56134081-305B-4C5A-98D7-A95C81747D04}.xps
c:\users\pajre\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C36276C-F938-4578-B287-1F7CCF137B1A}.xps
c:\users\pajre\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC30CC0D-9A0B-4A57-9E2A-9845EED5CB7E}.xps
c:\users\pajre\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E237C8D3-9FC2-45E5-969B-1BB01EEFB461}.xps
c:\users\Renata Pajewska\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C4B3BD44-14F7-46D3-9D61-D0267ABFBE4D}.xps
c:\users\Renata Pajewska\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E4B833EE-CA70-448B-9550-5F7B445A4E21}.xps
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Pliki utworzone od 2013-04-23 do 2013-05-23 )))))))))))))))))))))))))))))))
.
.
2013-05-23 11:32 . 2013-05-23 11:32 -------- d-----w- c:\users\WesWe\AppData\Local\temp
2013-05-23 11:32 . 2013-05-23 11:32 -------- d-----w- c:\users\Renata Pajewska\AppData\Local\temp
2013-05-23 11:32 . 2013-05-23 11:32 -------- d-----w- c:\users\plumi\AppData\Local\temp
2013-05-23 11:32 . 2013-05-23 11:32 -------- d-----w- c:\users\pajre\AppData\Local\temp
2013-05-23 11:32 . 2013-05-23 11:32 -------- d-----w- c:\users\MocGr\AppData\Local\temp
2013-05-23 11:32 . 2013-05-23 11:32 -------- d-----w- c:\users\dzial\AppData\Local\temp
2013-05-23 10:46 . 2013-05-23 10:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2013-05-23 10:46 . 2013-05-23 10:46 -------- d-----w- C:\RDCab
2013-05-23 09:32 . 2013-05-23 09:32 -------- d-----w- c:\users\pajre\AppData\Roaming\Malwarebytes
2013-05-23 09:30 . 2013-05-23 09:30 -------- d-----w- c:\programdata\Malwarebytes
2013-05-23 09:30 . 2013-05-23 09:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-23 09:30 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-23 09:30 . 2013-05-23 09:30 -------- d-----w- c:\users\pajre\AppData\Local\Programs
2013-05-23 07:14 . 2013-05-23 07:14 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-05-23 07:13 . 2013-05-23 07:13 686416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-20 11:00 . 2013-05-20 11:03 -------- d---a-w- C:\AutoControl 2.0
2013-05-15 20:09 . 2011-12-14 06:49 18456 ----a-w- c:\windows\system32\drivers\massfilter_LTE.sys
2013-05-15 20:09 . 2011-12-14 06:49 169496 ----a-w- c:\windows\system32\drivers\zgdcnet3.sys
2013-05-15 20:09 . 2011-12-14 06:49 169496 ----a-w- c:\windows\system32\drivers\zgdcnet2.sys
2013-05-15 20:09 . 2011-12-14 06:49 169496 ----a-w- c:\windows\system32\drivers\zgdcnet.sys
2013-05-15 20:09 . 2011-12-14 06:49 130200 ----a-w- c:\windows\system32\drivers\zgdcvousb.sys
2013-05-15 20:09 . 2011-12-14 06:49 130200 ----a-w- c:\windows\system32\drivers\zgdcnmea.sys
2013-05-15 20:09 . 2011-12-14 06:49 130200 ----a-w- c:\windows\system32\drivers\zgdcmdm.sys
2013-05-15 20:09 . 2011-12-14 06:49 130200 ----a-w- c:\windows\system32\drivers\zgdcdiag.sys
2013-05-15 20:09 . 2011-12-14 06:49 130200 ----a-w- c:\windows\system32\drivers\zgdcatext.sys
2013-05-15 20:09 . 2011-12-14 06:49 130200 ----a-w- c:\windows\system32\drivers\zgdcat.sys
2013-05-15 20:08 . 2013-05-15 20:09 -------- d-----w- c:\windows\SysWow64\SupportAppZXH
2013-04-29 21:40 . 2013-05-01 21:56 -------- d-----w- c:\users\pajre\AppData\Roaming\RedApp
2013-04-29 21:39 . 2013-05-23 07:07 -------- d-----w- c:\users\pajre\AppData\Roaming\ipla
2013-04-29 21:39 . 2013-05-02 09:39 -------- d-----w- c:\programdata\ipla
2013-04-29 21:39 . 2013-05-01 22:12 -------- d-----w- c:\programdata\RDRM
2013-04-29 21:39 . 2013-05-01 22:12 -------- d-----w- c:\program files (x86)\ipla
2013-04-29 21:38 . 2013-04-29 21:38 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-04-29 21:38 . 2013-04-29 21:38 -------- d-----w- c:\program files (x86)\RedApp
2013-04-29 21:38 . 2011-09-15 09:01 151040 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2013-04-29 21:38 . 2011-09-15 09:01 123520 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext2.sys
2013-04-29 21:38 . 2011-09-15 09:01 123520 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext.sys
2013-04-29 21:38 . 2011-09-15 09:01 123520 ----a-w- c:\windows\system32\drivers\ZTEusbgps.sys
2013-04-29 21:38 . 2011-09-15 09:01 123520 ----a-w- c:\windows\system32\drivers\ZTEusbdvbh.sys
2013-04-29 21:38 . 2011-09-15 09:01 123264 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2013-04-29 21:38 . 2011-09-15 09:01 123264 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2013-04-29 21:38 . 2011-09-15 09:01 123264 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2013-04-29 21:38 . 2011-09-15 09:01 11776 ----a-w- c:\windows\system32\drivers\massfilter.sys
2013-04-29 21:37 . 2013-04-29 21:38 -------- d-----w- c:\windows\SysWow64\SupportAppCB
2013-04-29 21:37 . 2013-05-15 20:08 -------- d-----w- c:\program files (x86)\Cyfrowy Polsat
2013-04-29 21:28 . 2013-04-29 21:28 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-22 11:41 . 2013-02-22 11:41 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys
2013-02-22 11:35 . 2013-02-22 11:35 33408 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{93a3111f-4f74-4ed8-895e-d9708497629e}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll" [2012-07-24 62864]
.
[HKEY_CLASSES_ROOT\clsid\{93a3111f-4f74-4ed8-895e-d9708497629e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]
2012-07-24 11:12 699536 ----a-w- c:\progra~2\VIDEOD~2\bar\1.bin\4zbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]
2012-07-24 11:12 62864 ----a-w- c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [2012-07-24 699536]
.
[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-04-22 296056]
"VideoDownloadConverter Search Scope Monitor"="c:\progra~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" [2012-07-24 42536]
"VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~2\VIDEOD~2\bar\1.bin\4zbrmon.exe" [2012-07-24 30096]
"iPlusManager"="c:\program files (x86)\iPlus\iPlusChecker.exe" [2009-03-17 434176]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2012-06-26 306928]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2012-06-26 1654512]
"CancelAutoPlay"="c:\program files (x86)\Cyfrowy Polsat\MF669\CancelAutoPlay.exe" [2011-12-27 414544]
"UIExec"="c:\program files (x86)\Cyfrowy Polsat\MF669\UIExec.exe" [2012-05-11 156448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Function Palette.lnk - c:\program files (x86)\RDS\PLTBar.exe [2012-7-13 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-2000478354-725345543-1273\Scripts\Logon\0\0]
"Script"=logon_TT.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PLAY ONLINE. RunOuc;PLAY ONLINE. OUC;c:\program files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [2012-01-09 246112]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AMPPALP;Protok?3 Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-01-09 117248]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-01-09 421376]
R3 F-Secure Launcher;F-Secure Launcher;c:\windows\Launcher.exe fslaunch.ini [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-09-15 11776]
R3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_lte.sys [2011-12-14 18456]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-09 1255736]
R3 zgdcat;ZTE Datacard AT Port;c:\windows\system32\DRIVERS\zgdcat.sys [2011-12-14 130200]
R3 zgdcdiag;ZTE Datacard Diagnostics Port;c:\windows\system32\DRIVERS\zgdcdiag.sys [2011-12-14 130200]
R3 zgdcmdm;ZTE Datacard Modem;c:\windows\system32\DRIVERS\zgdcmdm.sys [2011-12-14 130200]
R3 zgdcnet;ZTE Datacard Network Adapter;c:\windows\system32\DRIVERS\zgdcnet.sys [2011-12-14 169496]
R3 zgdcnmea;ZTE Datacard NMEA Port;c:\windows\system32\DRIVERS\zgdcnmea.sys [2011-12-14 130200]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2011-09-15 151040]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2012-06-26 41072]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [2012-06-26 26352]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2013-02-22 56016]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\HIPS\drivers\fshs.sys [2012-06-26 61104]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-06-26 45872]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-06-26 94160]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2012-06-26 14064]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886016]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Cyfrowy Polsat\MF669\AssistantServices.exe [2012-05-11 274720]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-12-03 3143472]
S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2012-07-24 42504]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Karta wirtualna Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2013-02-27 200760]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\ORSP Client\fsorsp.exe [2012-06-26 61168]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-01-09 86016]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 59904]
S3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-22 17:54]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-22 17:54]
.
2013-05-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2013-05-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-15 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-09-10 206336]
"zLoader.exe"="c:\program files (x86)\Cyfrowy Polsat\MF821\Bin\zLoader.exe" [2012-05-22 26480]
"CancelAutoPlay.exe"="c:\program files (x86)\Cyfrowy Polsat\MF821\Bin\CancelAutoPlay.exe" [2012-05-22 74096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-09-10 7168]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.10 192.168.0.45
TCP: Interfaces\{4897DA40-4A67-4C18-BF9A-AE8AE178F63E}: NameServer = 212.2.96.53 212.2.96.51
TCP: Interfaces\{5442266C-1072-4911-9624-063CBBC31B35}: NameServer = 212.2.96.54 212.2.96.52
TCP: Interfaces\{D37AAF4F-4BF6-4DBA-8032-D92026D736D3}: NameServer = 89.108.202.21 89.108.195.21
FF - ProfilePath -
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Wow6432Node-HKLM-Run- - (no file)
WebBrowser-{48586425-6BB7-4F51-8DC6-38C88E3EBB58} - (no file)
HKLM-Run-SysTrayApp - c:\program files\IDT\WDM\sttray64.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC} - c:\programdata\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1833140284-4201759208-2591030679-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c5,
02,99,ba,e8,0f,bb,95,bc,17,88,6f,f8,de
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f9,dc,53,
2a,55,e6,ae,06,96,73,0a,49,10,20,d7,d7
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,47,9a,
b4,68,7c,bf,03,91,78,b7,b7,81,5b,01,8a
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e9,
ae,15,5c,32,04,a4,21,04,f3,04,cf,47,e2
"{C6867EB7-8350-4856-877F-93CF8AE3DC9C}"=hex:51,66,7a,6c,4c,1d,3b,1b,a7,61,9c,
dc,64,d1,3d,05,99,7c,d5,8f,8e,a2,99,81
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d2,
c1,71,f6,30,0e,a2,77,da,65,c5,84,cd,b4
.
[HKEY_USERS\S-1-5-21-1833140284-4201759208-2591030679-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:6d,d0,a1,73,a7,57,ce,01
.
[HKEY_USERS\S-1-5-21-1833140284-4201759208-2591030679-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,7e,24,28,53,aa,89,4c,b7,55,8e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2013-05-23 13:35:36
ComboFix-quarantined-files.txt 2013-05-23 11:35
.
Przed: 31 672 782 848 bajtów wolnych
Po: 31 392 862 208 bajtów wolnych
.
- - End Of File - - C829105ED2A3C6B563FA4963870FD57B