Combofix - log

**Posty:** 2 · przez **microlot** 15 Lis 2013, 18:55

Witam. Proszę o sprawdzenie logu.

ComboFix 13-11-15.01 - Tomek 2013-11-15 17:22:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3959.2248 [GMT 1:00]
Uruchomiony z: c:\users\Tomek\Downloads\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\program files (x86)\facemoods.com\sqlite3.dll
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files (x86)\QuestBasic
c:\program files (x86)\QuestBasic\uninstall.exe
c:\programdata\84971630482bc8f01393e1e965c6e289_c
c:\programdata\continuetosave
c:\programdata\continuetosave\51068a53195c2.dll
c:\programdata\continuetosave\51068a53195c2.tlb
c:\programdata\continuetosave\data\continuetosave.dat
c:\programdata\continuetosave\settings.ini
c:\programdata\continuetosave\uninstall.exe
c:\programdata\ntuser.dat
c:\users\Tomek\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Tomek\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Tomek\AppData\Roaming\Microsoft\Windows\Recent\search.url
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Pliki utworzone od 2013-10-15 do 2013-11-15 )))))))))))))))))))))))))))))))
.
.
2013-11-15 16:37 . 2013-11-15 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-15 16:17 . 2013-11-15 16:17 -------- d-----w- c:\users\Tomek\AppData\Local\avgchrome
2013-11-15 16:00 . 2013-11-15 16:00 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5789BF7-A645-4984-8FE4-FA239B3F18CB}\offreg.dll
2013-11-15 15:10 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5789BF7-A645-4984-8FE4-FA239B3F18CB}\mpengine.dll
2013-11-15 15:10 . 2013-11-15 15:10 -------- d-----w- C:\04c7af0ef58fa229a3131a255c
2013-11-14 22:50 . 2013-10-12 08:45 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:50 . 2013-10-12 08:45 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-14 22:50 . 2013-10-12 08:43 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-14 22:50 . 2013-10-12 07:03 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-14 22:50 . 2013-10-12 07:03 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-14 22:50 . 2013-10-12 08:43 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-11-14 22:50 . 2013-10-12 08:43 19269632 ----a-w- c:\windows\system32\mshtml.dll
2013-11-14 06:22 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-14 06:22 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-14 06:22 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 06:22 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-14 06:22 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 06:22 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-14 06:22 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-14 06:22 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 06:22 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-14 06:22 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-14 06:22 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-28 18:02 . 2013-10-28 18:02 -------- d-----w- c:\windows\SysWow64\jmdp
2013-10-28 18:02 . 2013-10-28 18:02 -------- d-----w- c:\windows\system32\ljkb
2013-10-18 13:32 . 2013-11-15 15:07 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 06:21 . 2010-08-17 07:26 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-10 21:44 . 2012-09-04 13:21 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-10-15 09:05 . 2012-09-13 12:17 1754928 ----a-w- c:\windows\system32\dmwu.exe
2013-10-15 08:59 . 2012-09-13 12:17 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-10-12 15:49 . 2012-05-29 18:19 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-10-12 15:49 . 2012-05-29 14:38 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-12 15:46 . 2012-05-29 14:38 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-10 12:09 . 2011-09-23 17:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-30 15:53 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-09-30 15:53 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-09-08 02:30 . 2013-10-10 19:56 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 19:56 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 19:56 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-03 12:35 . 2010-08-17 07:10 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 02:17 . 2013-10-10 19:56 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 19:56 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 19:56 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 19:56 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 19:56 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 19:56 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 19:56 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 19:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 19:56 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 19:56 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 19:56 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 19:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-10 19:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 19:56 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 19:56 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 19:56 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-10 19:56 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-10 19:56 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll" [2011-05-09 176936]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files (x86)\Free_Lunch_Design\prxtbFre2.dll" [2013-07-17 226592]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2013-07-17 08:13 226592 ----a-w- c:\program files (x86)\Free_Lunch_Design\prxtbFre2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-11-10 21:44 3353624 ----a-w- c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-08-15 08:08 314264 ----a-w- c:\program files (x86)\Delta\delta\1.8.24.6\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-25 14:22 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-02-19 12:46 1337648 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll" [2011-05-09 176936]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files (x86)\Free_Lunch_Design\prxtbFre2.dll" [2013-07-17 226592]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-10 3353624]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll" [2013-08-15 300952]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-10 396152]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-20 3093624]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2013-03-18 438272]
"Tiny download manager"="c:\users\Tomek\AppData\Local\DM\TinyDM.exe" [2013-06-03 282624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-03-19 111640]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-11-10 2420248]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-25 1648264]
"RaidCall"="c:\program files (x86)\RaidCall\raidcall.exe" [2013-04-01 3423928]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-20 356968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 ioyenosp;ioyenosp;c:\windows\system32\drivers\ioyenosp.sys;c:\windows\SYSNATIVE\drivers\ioyenosp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 netr7364;Sterownik karty RT73 USB Wireless LAN dla systemu Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BitGuard;BitGuard;c:\programdata\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe;c:\programdata\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
S2 CSObjectsSrv;Usługa zarządzająca CryptoStorage;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 15:50 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-22 12:09]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 20:57]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 20:57]
.
2013-11-15 c:\windows\Tasks\schedule!1143840799.job
- c:\programdata\BetterSoft\ContinueToSave\ContinueToSave.exe [2013-01-28 19:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-08 10867816]
"MRT"="c:\windows\system32\MRT.exe" [2013-11-14 82896128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.pl/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://start.facemoods.com/?a=nv1&s={searchTerms}&f=4
IE: Dodaj do listy blokowanych banerów - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
FF - ProfilePath - c:\users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\4uzsxj3y.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://www.google.pl/
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
BHO-{529DA69C-E0FD-4BED-8CAF-E341DAF55259} - c:\programdata\ADDICT-THING\bhoclass.dll
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
BHO-{E3732A8D-681A-575A-38AC-2102861EBB27} - c:\programdata\continuetosave\51068a53195c2.dll
Toolbar-Locked - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
Wow6432Node-HKCU-Run-vcs - c:\program files (x86)\AV Vcs 7.0\VcsCore.exe
Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\MF.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
WebBrowser-{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - (no file)
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\continuetosave\uninstall.exe
AddRemove-FoxTab PDF Creator - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-168799913-2514494230-1696124032-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**s¨ócŃp]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:4f789aa5
.
[HKEY_USERS\S-1-5-21-168799913-2514494230-1696124032-1000\Software\SecuROM\License information*]
"datasecu"=hex:e4,f2,0e,db,58,d2,61,13,97,4d,9d,ee,01,2b,5b,dc,c7,0a,f0,fd,ba,
1f,03,4a,68,1f,f2,16,cf,67,e8,46,3f,70,ae,4f,4f,8f,18,b7,19,44,3f,7c,ca,63,\
"rkeysecu"=hex:45,92,4e,e8,a0,15,4c,94,e4,a6,b9,2a,d0,20,d7,6f
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2013-11-15 17:49:22
ComboFix-quarantined-files.txt 2013-11-15 16:49
.
Przed: 716 586 336 256 bajtów wolnych
Po: 733 555 593 216 bajtów wolnych
.
- - End Of File - - 494478A6A025EF0746C34111417549C0
A36C5E4F47E84449FF07ED3517B43A31

**Posty:** 14516 · przez **ToServeAndProtect** 15 Lis 2013, 18:57

może jakieś informacje o problemie, co działo się z kompem. combofix to ostateczność, powinieneś najpierw przygotować loga z OTL

**Posty:** 2 · przez **microlot** 15 Lis 2013, 19:10

Strasznie muli. Większość syfu usunąłem CCleanerem. Trochę pomogło. Log jest niestety sprzed czyszczenia CCleanerem, nie pomyślałem żeby najpierw wyczyścić a potem użyć ComboFixa. Czy przygotować nowy log z OTL?

**Posty:** 681 · przez **XMan 1** 15 Lis 2013, 19:36

ComboFix jest programem/narzędziem który mocno integruje w system i zamiast naprawić komputer to szybko go możesz zepsuć.
Ostatnio mało polecany dla nie zaawansowanych.
Nie używaj tego programu, chyba na wyraźne polecenie specjalistów wraz z instrukcją.

Przeskanuj komputer programem Malwarebytes Anti-Malware
Zaktualizuj bazę wirusów.
Pełne skanowanie
(nie instaluj wersji PRO tylko Freeware)
W razie wykrycia infekcji usuń zainfekowane pliki.
Usuń zarażone pliki z kwarantanny.
Po skanowaniu wrzuć z niego raport na:
http://www.wklej.eu/
Podaj link do niego.

Wrzuć jeszcze potrzebne logi z OTL.txt i Extras.txt oraz TDSSKiller.

Zainstalowany SP1 ?

AV: Kaspersky

Ciągnie ładnie procesor oraz pamięć :wink:

**Posty:** 4765 · przez **ordynat** 15 Lis 2013, 21:56

A przed zrobieniem logów z OTL:
Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport.
(to dlatego, że w logu ComboFixa widzę szkodliwe sponsorskie śmieci)
.

Combofix - log

Combofix - log

Combofix - log

Combofix - log

Combofix - log

Combofix - log

Kto jest na forum