Wirus weelsof

Wszystko co dotyczy bezpieczeństwa systemów oraz walki z malware, w szczególności analiza logów
vona777

Użytkownik
Posty: 1
Rejestracja: 27 gru 2012, 20:01

Wirus weelsof

Post27 gru 2012, 20:13

Witam,
Złapałam trojana weelsoft , kolega podesłał mi pomocną stronkę z instrukcją jak się go pozbyć. Zainstalowałam na laptopie ComboFix - nic się nie zmieniło, nie wiem co dalej z tym fantem robić.
Log OTL został zmieniony lub przeniesiony (info z okienka) znalazłam plik ComboFix.txt więc załączam z nadzieją uzyskania pomocy.
Dodam tylko, że jestem zielona jak chodzi o jakieś logi itd więc liczę na wyrozumiałość :)


ComboFix 12-12-27.03 - Acer 2012-12-27 17:46:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3767.2398 [GMT 1:00]
Uruchomiony z: H:\Combo.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-11-27 do 2012-12-27 )))))))))))))))))))))))))))))))
.
.
2012-12-27 16:51 . 2012-12-27 16:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-27 16:51 . 2012-12-27 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-27 11:10 . 2012-12-27 11:10 -------- d-----w- c:\users\Acer\AppData\Local\AVG Secure Search
2012-12-27 11:10 . 2012-12-27 11:10 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems
2012-12-27 11:10 . 2012-12-27 11:10 -------- d-----w- c:\program files (x86)\UltraISO
2012-12-27 11:10 . 2012-12-27 11:10 -------- d-----w- c:\programdata\AVG Secure Search
2012-12-27 11:10 . 2012-12-27 11:10 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-12-27 11:10 . 2012-12-27 11:10 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-12-27 08:58 . 2012-12-27 08:58 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-27 08:58 . 2012-12-27 08:58 -------- d-----w- c:\program files (x86)\Java
2012-12-27 00:57 . 2012-06-22 11:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2012-12-27 00:57 . 2012-12-27 00:57 110080 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
2012-12-27 00:57 . 2012-12-27 00:57 110080 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2012-12-27 00:57 . 2012-12-27 00:57 110080 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2012-12-27 00:57 . 2012-12-27 00:57 -------- d-----w- C:\sh4ldr
2012-12-27 00:57 . 2012-12-27 00:57 -------- d-----w- c:\program files\Enigma Software Group
2012-12-26 14:42 . 2012-12-26 14:42 2864 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2012-12-25 14:36 . 2012-12-25 14:36 -------- d-----w- c:\users\Acer\AppData\Local\Activision
2012-12-25 14:30 . 2012-12-25 14:30 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-12-19 11:20 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-12-19 08:40 . 2012-12-19 08:40 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-12-19 08:40 . 2012-12-19 08:40 686416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-18 18:04 . 2012-12-18 18:05 -------- d-----w- c:\users\Acer\AppData\Local\Skyrim
2012-12-18 17:55 . 2008-03-05 14:56 1860120 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2012-12-18 17:54 . 2005-03-18 16:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2012-12-18 17:54 . 2005-02-05 18:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2012-12-08 22:15 . 2012-12-08 22:15 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-30 17:29 . 2012-11-30 17:29 -------- d-----w- c:\users\Acer\AppData\Roaming\MumboJumbo
2012-11-30 17:29 . 2012-12-03 12:39 -------- d-----w- c:\program files (x86)\7 Wonders Ancient Alien Makeover CE
2012-11-30 17:29 . 2012-11-30 17:29 -------- d-----w- c:\windows\7 Wonders Ancient Alien Makeover CE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-27 11:10 . 2012-11-26 20:37 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-12-27 08:58 . 2012-10-16 18:12 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-27 08:58 . 2012-10-16 18:12 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-26 12:28 . 2012-11-05 18:41 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-26 12:28 . 2012-11-05 16:13 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-26 12:27 . 2012-11-05 16:13 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-25 14:54 . 2012-11-05 16:13 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-12 19:56 . 2012-10-14 15:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 19:56 . 2012-10-14 15:45 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-26 20:38 . 2012-11-26 20:38 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-11-26 20:38 . 2012-11-26 20:38 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-11-08 17:08 . 2012-11-08 17:08 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-31 16:21 . 2012-10-31 16:21 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-10-31 16:21 . 2012-10-31 16:21 686416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-14 14:16 . 2012-10-14 14:16 9216 ----a-w- c:\windows\system32\drivers\SjtWinIo.sys
2012-10-14 14:12 . 2012-10-14 14:13 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-10-14 14:12 . 2012-10-14 14:13 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-10-14 14:12 . 2012-10-14 14:13 3617280 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-10-14 14:12 . 2012-10-14 14:13 4745280 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-10-14 14:12 . 2012-10-14 14:13 3952128 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-10-02 22:21 . 2012-10-14 16:10 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-02 22:21 . 2012-10-14 16:10 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-02 22:21 . 2012-10-14 16:07 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-02 22:21 . 2012-10-14 16:07 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-02 22:21 . 2012-10-14 16:07 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-02 22:21 . 2012-10-14 16:07 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-02 22:21 . 2012-10-14 16:07 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-02 22:21 . 2012-10-14 16:07 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-02 22:21 . 2012-10-14 16:07 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-10-02 22:21 . 2012-10-14 16:07 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-02 22:21 . 2012-10-14 16:07 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-02 22:21 . 2012-10-14 16:07 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-02 22:21 . 2012-10-14 16:07 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-02 22:21 . 2012-10-14 16:07 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-02 22:21 . 2012-10-14 16:07 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-02 22:21 . 2012-10-14 16:07 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-02 22:21 . 2012-10-14 16:07 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-02 22:21 . 2012-10-14 16:07 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-02 22:21 . 2012-10-14 16:07 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-02 22:21 . 2012-10-14 16:07 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-02 22:21 . 2012-10-14 16:07 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-02 22:21 . 2012-10-14 16:07 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2012-10-14 16:07 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 22:21 . 2012-10-14 16:07 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-02 22:21 . 2012-10-14 16:07 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-02 22:21 . 2012-10-14 16:07 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-02 22:21 . 2012-10-14 16:07 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-02 22:21 . 2012-10-14 16:07 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-02 19:51 . 2012-10-14 16:10 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2012-10-14 16:10 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-10-14 16:10 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-10-14 16:10 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-10-14 16:10 866664 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-10-02 19:50 . 2012-10-14 16:10 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-10-14 16:10 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-10-02 19:50 . 2012-10-14 16:10 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-10-14 16:10 118120 ----a-w- c:\windows\system32\nvmctray.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-12-27 11:10 1828808 ----a-w- c:\program files (x86)\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll" [2012-12-27 1828808]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"ALLUpdate"="c:\program files (x86)\ALLPlayer\ALLUpdate.exe" [2012-10-08 2991616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-11-26 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-12-27 1046984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-12-27 30568]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-08 283200]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2012-12-27 894920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 SjtWinIo;SJT I/O Driver;c:\windows\system32\DRIVERS\SjtWinIo.sys [2012-10-14 9216]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 19:56]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-20 18:12]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-20 18:12]
.
2012-12-25 c:\windows\Tasks\ReclaimerUpdateFiles_Acer.job
- c:\users\Acer\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 10:59]
.
2012-12-27 c:\windows\Tasks\ReclaimerUpdateXML_Acer.job
- c:\users\Acer\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 10:59]
.
2012-12-27 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Acer.job
- c:\users\Acer\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 10:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={13A86E8A-B4E8-452A-894F-993B6F5A7347}&mid=32a17ef209c447d0a201cd3c4e287442-8727f14e740d5d407c6caec199a29e433180640f&lang=pl&ds=xn011&pr=sa&d=2012-12-27 12:10&v=13.3.0.17&sap=hp
mDefault_Page_URL = hxxp://www.v9.com/?utm_source=b&utm_med ... 1350287391
mStart Page = hxxp://www.v9.com/?utm_source=b&utm_med ... 1350287391
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\8ye56d4b.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={13A86E8A-B4E8-452A-894F-993B6F5A7347}&mid=32a17ef209c447d0a201cd3c4e287442-8727f14e740d5d407c6caec199a29e433180640f&lang=pl&ds=xn011&pr=sa&d=&v=&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={13A86E8A-B4E8-452A-894F-993B6F5A7347}&mid=32a17ef209c447d0a201cd3c4e287442-8727f14e740d5d407c6caec199a29e433180640f&lang=pl&ds=xn011&pr=sa&d=2012-12-27 12:10&v=13.3.0.17&sap=ku&q=
FF - ExtSQL: 2012-11-26 17:58; IplextoALL@ALLPlayer.org; c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\8ye56d4b.default\extensions\IplextoALL@ALLPlayer.org.xpi
FF - ExtSQL: 2012-11-26 21:38; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2012-12-27 12:10; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\13.3.0.17
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2012-12-27 17:52:47
ComboFix-quarantined-files.txt 2012-12-27 16:52
.
Przed: 76 062 089 216 bajtów wolnych
Po: 76 216 598 528 bajtów wolnych
.
- - End Of File - - 24BC0C9C6A46029FDCDFC098CF72914D
Na górę
Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:
Skontaktuj się z kominekl

Wirus weelsof

Post27 gru 2012, 20:30

vona777


Zgłaszam temat, bo nie podpinamy się pod cudze tematy! Przeczytaj regulamin. Nie zakładaj nowego tematu, sami wydzielimy Ci tym razem -> bezpieczenstwo/regulamin-bezpiecze-stwa-t19001.html.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
Na górę

  • Reklama

Wróć do „Bezpieczeństwo”



Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 2 gości