wklejto.pl

Dodane przez: ~Anonim (2014-04-06 14:14) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
ComboFix 14-04-05.01 - Rafał 2014-04-06  13:41:34.1.2 - x86
Microsoft Windows 7 Enterprise   6.1.7601.1.1250.48.1045.18.3071.2074 [GMT 2:00]
Uruchomiony z: c:\users\Rafa-\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\DPINST.LOG
c:\windows\PFRO.log
c:\windows\system32\tmp1C28.tmp
c:\windows\system32\tmp1C29.tmp
c:\windows\system32\tmp6D43.tmp
c:\windows\system32\tmp6D44.tmp
.
Zainfekowana kopia c:\windows\system32\winlogon.exe została znaleziona. Problem naprawiono 
Plik odzyskano z - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.21756_none_722aca974c6fd463\winlogon.exe 
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-03-06 do 2014-04-06  )))))))))))))))))))))))))))))))
.
.
2014-04-06 11:26 . 2014-04-06 11:28     --------        d-----w-        C:\AdwCleaner
2014-04-06 11:08 . 2014-04-06 11:08     --------        d-----w-        c:\users\Rafał\AppData\Roaming\ProductData
2014-04-06 11:08 . 2014-04-06 11:21     --------        d-----w-        c:\programdata\IObit
2014-04-06 11:08 . 2014-04-06 11:08     --------        d-----w-        c:\programdata\ProductData
2014-04-06 11:08 . 2014-04-06 11:08     --------        d-----w-        c:\users\Rafał\AppData\Roaming\IObit
2014-04-06 11:08 . 2014-04-06 11:08     --------        d-----w-        c:\program files\IObit
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-22 06:39 . 2014-02-22 06:40     64168   ----a-w-        c:\windows\system32\drivers\aswStm.sys
2014-02-22 06:39 . 2013-03-19 22:23     79720   ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-02-22 06:39 . 2013-03-19 22:23     180248  ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-02-22 06:39 . 2013-03-19 22:23     49944   ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-02-22 06:39 . 2011-11-01 13:55     410784  ----a-w-        c:\windows\system32\drivers\aswSP.sys
2014-02-22 06:39 . 2011-11-01 13:55     775952  ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2014-02-22 06:39 . 2011-11-01 13:55     67824   ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-02-22 06:39 . 2011-11-01 13:55     43152   ----a-w-        c:\windows\avastSS.scr
2014-02-22 06:39 . 2011-11-01 13:55     270240  ----a-w-        c:\windows\system32\aswBoot.exe
2014-02-10 11:49 . 2014-02-10 11:49     163504  ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-01-22 14:52 . 2011-11-01 13:55     56080   ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2014-01-16 00:40 . 2014-01-16 00:40     487016  ----a-w-        C:\SecurityScanner.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-01-16 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
[-] 2011-10-23 . A451CB66DFA2DE7AA5E460FC1945A0BC . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-10-20 . 5BD9AAA6E29BB935BFE3B30408B86E6F . 2616320 . . [6.1.7601.21624] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21624_none_543adddcf1244385\explorer.exe
[7] 2011-10-20 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-04-06 11:08        752960  ----a-w-        c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-22 06:39        259464  ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-10-31 449760]
"TunesNINJA"="c:\users\Rafał\AppData\Roaming\TunesNINJA\TunesNINJA.exe" [2013-09-08 512000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-03 3774312]
.
c:\users\Rafał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TunesNINJA.lnk - c:\users\Rafał\AppData\Roaming\TunesNINJA\TunesNINJA.exe [2012-12-24 512000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-04-06 2153792]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-04-19 161384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-01-31 13224]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-10-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-20 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-02-22 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-02-22 410784]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-20 239168]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 176128]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-02-22 67824]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-02-22 64168]
S3 SiSGbeLH;Sterownik NDIS 6.0 urządzenia sieci Ethernet SiS191/SiS190;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation  REG_MULTI_SZ    SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12   REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService       REG_MULTI_SZ    HPSLPSVC
hpdevmgmt       REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 20:32        1150280 ----a-w-        c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-18 17:25]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-18 17:25]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://metromsn.pl?pc=UP22&ocid=UP22DHP&dt=031913
mStart Page = hxxp://ciaomembri.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C4D90BBA-E336-47ED-ABC8-05702EC78CD4}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\Rafał\AppData\Roaming\Mozilla\Firefox\Profiles\o6fi0u4r.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - ExtSQL: !HIDDEN! 2013-02-15 15:21; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2461723962-208459755-1151488117-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}"=hex:51,66,7a,6c,4c,1d,3b,1b,e7,53,c0,
   dd,8e,5e,0e,0c,9c,c4,aa,7b,0d,cc,48,14
"{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}"=hex:51,66,7a,6c,4c,1d,3b,1b,e9,37,24,
   6b,10,8b,52,07,a5,d7,2d,6f,c7,a5,0f,86
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,27,3b,
   52,88,3d,17,09,85,f8,bd,9b,07,76,34,6d
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,84,9e,
   87,1b,10,b0,07,8c,da,9c,c6,69,ab,30,a4
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"=hex:51,66,7a,6c,4c,1d,3b,1b,6c,5b,f7,
   9d,62,e5,be,06,8d,9c,73,98,3e,65,f1,cb
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,3b,1b,bd,95,9c,
   11,e1,c1,86,0e,98,90,48,7e,f5,45,27,19
"{C1AF5FA5-852C-4C90-812E-A7F75E011D87}"=hex:51,66,7a,6c,4c,1d,3b,1b,b5,43,b9,
   de,1a,d1,fd,02,94,23,e7,b7,5c,42,50,9f
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,3b,1b,0e,1a,64,
   e2,e8,cb,20,06,b0,87,4b,eb,43,12,87,c0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\users\Rafac:\program files\Skype\Phone\Skype.exe
c:\program files\Sony\Sony PC Companion\PCCompanionInfo.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Czas ukończenia: 2014-04-06  13:59:29 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2014-04-06 11:59
.
Przed: 115 297 652 736 bajtów wolnych
Po: 120 558 796 800 bajtów wolnych
.
- - End Of File - - 01F81534E97AB40CDAFED1BB98BE45BA
A36C5E4F47E84449FF07ED3517B43A31
 
Wygenerowano w 0.017s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!