[Problem] Keylogger (?)

[sticky9]

Witam, niedawno złapałem jakieś świnstwo które strasznie zamula net, czy możecie sprawdzić logi z combofixa i sprawdzić co tam siedzi? Już mam ochotę w weekend zrobić formata, bo nie lubię walczyć z wirusami, jak 15min i po sprawie. Proszę o pomoc

 

ComboFix 12-11-06.03 - Mateusz 2012-11-06  20:18:01.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.2047.1361 [GMT 1:00]
Uruchomiony z: c:\users\Mateusz\Desktop\Combofix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-10-06 do 2012-11-06  )))))))))))))))))))))))))))))))
.
.
2012-11-06 19:25 . 2012-11-06 19:25 -------- d-----w- c:\users\Mateusz\AppData\Local\temp
2012-11-06 19:25 . 2012-11-06 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-06 19:24 . 2012-11-06 19:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7869A8A3-A370-47A7-A6A0-7039F2B07771}\offreg.dll
2012-11-01 17:57 . 2012-11-01 17:57 -------- d-----r- C:\Sandbox
2012-11-01 10:59 . 2012-11-01 10:59 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-01 10:39 . 2012-11-03 14:18 -------- d-----w- c:\users\Mateusz\VirtualBox VMs
2012-11-01 10:39 . 2012-11-03 14:42 -------- d-----w- c:\users\Mateusz\.VirtualBox
2012-11-01 10:38 . 2012-10-26 19:03 187736 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-11-01 10:38 . 2012-10-26 19:02 94040 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-11-01 10:38 . 2012-11-01 10:38 -------- d-----w- c:\program files\Oracle
2012-11-01 10:21 . 2012-11-01 10:21 -------- d-----r- c:\users\Mateusz\Virtual Machines
2012-11-01 10:12 . 2009-09-23 01:18 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2012-11-01 10:12 . 2009-09-23 01:18 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2012-11-01 10:12 . 2009-09-23 01:18 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2012-10-30 16:19 . 2012-10-30 16:19 -------- d-----w- c:\users\Mateusz\AppData\Local\VS Revo Group
2012-10-30 16:19 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-10-30 16:19 . 2012-10-30 16:19 -------- d-----w- c:\program files\VS Revo Group
2012-10-30 16:06 . 2012-10-30 16:14 -------- d-----w- c:\programdata\Free Ride Games
2012-10-30 16:06 . 2012-10-30 16:14 -------- d-----w- c:\program files\Free Ride Games
2012-10-30 16:05 . 2012-10-30 16:14 -------- d-----w- c:\users\Mateusz\AppData\Local\SwvUpdater
2012-10-30 15:56 . 2012-11-01 17:47 -------- d-----w- c:\programdata\ZalmanInstaller_otshot
2012-10-26 19:03 . 2012-10-26 19:03 104280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-10-26 19:02 . 2012-10-26 19:02 84312 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2012-10-26 19:02 . 2012-10-26 19:02 115544 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-10-26 19:02 . 2012-10-26 19:02 174424 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-10-18 13:21 . 2012-10-18 13:21 -------- d-----w- c:\programdata\IObit
2012-10-18 13:21 . 2012-10-18 13:21 -------- d-----w- c:\program files\IObit
2012-10-17 14:02 . 2012-10-17 14:06 -------- d-----w- c:\users\Mateusz\AppData\Roaming\BitTorrent
2012-10-13 12:06 . 2012-10-13 12:06 -------- d-----w- c:\users\Mateusz\AppData\Roaming\RayV
2012-10-13 12:06 . 2012-10-14 13:29 -------- d-----w- c:\program files\RayV
2012-10-12 20:01 . 2012-10-18 15:38 -------- d-----w- c:\users\Mateusz\AppData\Local\Google
2012-10-12 20:00 . 2012-10-18 15:38 -------- d-----w- c:\program files\Google
2012-10-12 17:15 . 2012-10-12 17:15 -------- d-----w- c:\users\Mateusz\AppData\Roaming\S.A.D
2012-10-12 17:10 . 2011-12-15 17:29 26624 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-10-12 17:10 . 2012-10-12 17:12 -------- d-----w- c:\program files\CyberGhost VPN
2012-10-12 16:57 . 2012-10-12 16:57 -------- d-----w- c:\users\Mateusz\AppData\Roaming\Unity
2012-10-12 16:20 . 2012-10-12 16:20 -------- d-----w- c:\users\Mateusz\AppData\Local\Unity
2012-10-11 14:07 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-10-11 14:07 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2012-10-11 14:06 . 2012-10-11 14:06 -------- d-----w- c:\program files\Microsoft Works
2012-10-11 14:04 . 2012-10-11 14:04 -------- d-----w- c:\windows\PCHEALTH
2012-10-11 14:02 . 2012-10-11 14:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-10-11 14:00 . 2012-10-11 14:00 -------- d-----w- c:\users\Mateusz\AppData\Local\Microsoft Help
2012-10-11 13:59 . 2012-10-11 14:07 -------- d-----w- c:\programdata\Microsoft Help
2012-10-11 13:56 . 2012-10-11 13:56 -------- d-----r- C:\MSOCache
2012-10-10 13:00 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 13:00 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 13:00 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 13:00 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 13:00 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 13:00 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 13:00 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 13:42 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7869A8A3-A370-47A7-A6A0-7039F2B07771}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 19:47 . 2012-09-20 19:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-20 19:47 . 2012-07-23 10:46 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-20 19:47 . 2012-07-12 20:15 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-12 14:18 . 2012-08-06 10:45 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-09-09 09:18 . 2012-07-16 16:23 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-09-09 09:18 . 2012-07-16 16:23 686416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-01 10:58 . 2012-09-10 18:26 1892184 ----a-w- c:\windows\system32\d3dx9_42.dll
2012-08-26 18:26 . 2012-08-26 18:07 20480 ----a-w- c:\windows\system32\H@tKeysH@@k.DLL
2012-08-25 09:07 . 2012-08-25 09:07 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-08-24 06:59 . 2012-09-22 14:05 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 14:05 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 14:05 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 14:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 14:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 14:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 13:24 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 13:24 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 13:24 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 13:24 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 13:19 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-15 18:42 . 2012-08-15 18:42 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-08-15 18:42 . 2012-08-15 18:42 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-10-27 20:24 . 2012-10-27 20:24 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2012-07-27 11:37 427688 ----a-w- c:\program files\DAP\LinkVerifier.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"screenSHU"="c:\program files\screenSHU\screenSHU.exe" [2012-04-03 2121216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19 3671872 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 11:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]
2012-08-15 18:42 438272 ----a-w- c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-08-25 20:27 545552 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-18 15:34]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-18 15:34]
.
.
------- Skan uzupełniający -------
.
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files\DAP\dapverify.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{03DD7E53-9DFC-4AD5-B5D3-3EE64899E538}: NameServer = 194.204.159.1,194.204.159.34
FF - ProfilePath - c:\users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\31br613e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.http - 198.27.120.152
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-03 17:37; {14f6a182-4c6f-45ae-9f5a-aa3ccbb1cfa3}; c:\users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\31br613e.default\extensions\{14f6a182-4c6f-45ae-9f5a-aa3ccbb1cfa3}
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
MSConfigStartUp-ChomikBox - c:\program files\ChomikBox\chomikbox.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-NokiaSuite - c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
AddRemove-Polanie II - d:\gry\POLANI~1\UNWISE.EXE
AddRemove-Ravia.eu - c:\users\Mateusz\Desktop\Ravia\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1846653623-290796394-3473935148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1846653623-290796394-3473935148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1846653623-290796394-3473935148-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1846653623-290796394-3473935148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1846653623-290796394-3473935148-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1846653623-290796394-3473935148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1846653623-290796394-3473935148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1846653623-290796394-3473935148-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1846653623-290796394-3473935148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1846653623-290796394-3473935148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1846653623-290796394-3473935148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1846653623-290796394-3473935148-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1846653623-290796394-3473935148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1846653623-290796394-3473935148-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1846653623-290796394-3473935148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1846653623-290796394-3473935148-1000\Software\SecuROM\License information*]
"datasecu"=hex:5a,e7,4b,2e,ce,3b,1d,2e,73,a8,b0,e3,47,ae,3b,a6,91,ba,19,cc,29,
  29,79,c2,08,2d,45,a1,7a,d0,2e,a8,6b,25,52,83,80,0e,81,fa,94,99,8e,8c,b7,f4,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2012-11-06  20:30:56
ComboFix-quarantined-files.txt  2012-11-06 19:30
.
Przed: 70 235 717 632 bajtów wolnych
Po: 75 673 214 976 bajtów wolnych
.
- - End Of File - - DDA5426BE76D0999BBC3DBC7F017396C

[Fr3shMak3r]

Ja pierdole ile razy mam mowic by nie uzywac combofixa do tworzenia logow ...

Jak juz zrobiles to daj tego loga w zalaczniku to sprawdze.

Zrob loga otl.

[sticky9]

OTL:

http://wklej.to/km4Ml

COMBOFIX:

http://wklej.to/ad98g

[Fr3shMak3r]

To nie zalaczniki .

Podczas tworzenia posta klikasz na wiecej opcji i na dole wybierasz pliki.

[sticky9]

mam za mało postów, wyśle ci to w rar

 

http://www.mcncc.pl/666349

[Fr3shMak3r]

Kilka plikow dziwnych jest + sterownik.

Jutro ci podam lokalizacje plików i je na virustotal dasz.

 

Edit. WMIADAP znasz ten proces ?

[sticky9]

jutro? jutro robie formata, chce tylko wiedziec czy to jest zarazalne, bo nie chce formatowac 2 dyskow, tylko ten systemowy

[Fr3shMak3r]

Zarazalne sa wirusy polimorficzne z czego nie notuje w logach .

 

[sticky9]

A możesz mi powiedzieć jaki plik spowodował tą serie zdarzeń?

[sticky9]

Przeinstalowałem kompa, wszystko jest ok, dzięki za pomoc cls.