Jump to content

incredibly persistent malware, tried everything I could find


Recommended Posts

So, the initial problem was, that Windows Firewall turned itself off. I read in the internet, that this can be fixed by enabling it again in the services.msc, so I did that, and yeah, it worked. But the next time I started my computer I noticed, that it happened again, so I thought - virus. But even full scans with avast didn't find anything, so I read some articles in the internet, and I learned that this is a malware problem.

I downloaded rKill, I downloaded Malwarebytes software. I found out, that rKill is terminating one svchost process, and this process doesnt have Microsoft copyrights and in the task manager it looks like this: svchost.exe*32 instead of the rest, which doesn't have the *32 tag. Then I run a scan with malwarebytes software and it removes the svchost.exe responsible for the suspicious process. It's located in C:/Users/[username]/AppData/Local/Temp/svchost.exe

I was scared, so I installed a third party firewall from COMODO right away. I rebooted my computer with new firewall (take note that my network cable was then unplugged). The svchost.exe was no longer in the temp folder, so, with new firewall, I decided to put the cable back. Then I noticed, that after plugging it in, the file generated itself again, and the COMODO firewall showed me, that it is trying to connect to the internet. I blocked this, and made a rule for that. And it happens everytime. I tried also to remove the file manually, change its extension, everything that came to my mind, with no success. I installed some anti-rootkit soft from malware bytes, but it found nothing. I will make a quick summary of what I've done:

- rKill, terminates the process only when connected to internet

- malwarebytes scan, removes svchost.exe from appdata/temp only after rKill

- anti-rootkit scan, nothing found

- antivirus scan, through and before loading the system, nothing

- TDSSKiller finds nothing (program I found somewhere that was supposed to help)

all these steps where done in safemode with networking, with cable unplugged, with cable plugged, in normal windows mode, also both cable versions.

I ended up with the rule that is blocking the connection and with a LaunchLater program, that launches rKill 10 seconds after booting, because with normal startup sometimes rKill was running too early, before the bad svchost had even started.

And now the last thing - right now. I am using my desktop computer in another country, with a different internet provider, I connected the internet cable few minutes ago, and the bad svchost is NOT THERE. rKill finds nothing. And before I left, I checked one last time, and the problem was still there, the computer is 100% still infected. I didn't even turn on the computer since then (about 24 hours ago) But it activates only when I am connecting a cable at home in Netherlands, nowhere else. That's most strange to me.

Please, any genius, help me with this.

Sorry for my grammar, English is not my native language.

dds.txt

attach.txt

Link to post
Share on other sites

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

http://forums.malwar...showtopic=97700

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next..............

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Okay I uninstalled uTorrent. Here is the report from RogueKiller

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Michal [Admin rights]

Mode : Scan -- Date : 01/06/2013 01:49:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\ProgramData\Adobe\EFB01.vbe) -> FOUND

[sTARTUP][sUSP PATH] LaunchLater.lnk @Michal : C:\Users\Michal\AppData\Roaming\Microsoft\Installer\{B16D2B97-0EAE-44A2-87EA-D6E34A18D4B2}\_DB477A4B1562BA9DC400CD.exe -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8E6653D6-5F6B-44D7-A31D-5EF05C3A1016} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{8E6653D6-5F6B-44D7-A31D-5EF05C3A1016} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20EARX-00PASB0 +++++

--- User ---

[MBR] 7b20f67738d1cca27d76cac5d12c3523

[bSP] 1200eaf1ec9ef500c1c3a9c1940672d7 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 499899 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024000000 | Size: 1407728 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01062013_02d0149.txt >>

RKreport[1]_S_01062013_02d0149.txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\ProgramData\Adobe\EFB01.vbe) -> FOUND

[sTARTUP][sUSP PATH] LaunchLater.lnk @Michal : C:\Users\Michal\AppData\Roaming\Microsoft\Installer\{B16D2B97-0EAE-44A2-87EA-D6E34A18D4B2}\_DB477A4B1562BA9DC400CD.exe -> FOUND

Now click Delete on the right hand column under Options

Delete these files if found:

You may have to enable hidden files to see them:

http://www.howtogeek...-windows-vista/

C:\ProgramData\Adobe\EFB01.vbe

C:\Users\Michal\AppData\Roaming\Microsoft\Installer\{B16D2B97-0EAE-44A2-87EA-D6E34A18D4B2}\_DB477A4B1562BA9DC400CD.exe

~~~~~~~~~~~~~~~~~~~~~~~~~

Next.............

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

I did those steps about the RogueKiller.

Anitrootkit didnt find anything, same like before. However, I don't have possibility now to check if that problem still occurs. I am not in Netherlands and the malware seems to activate only there. But, before the anti-rootkit also didn't find any malware, so most probably, when I will plug the cable in Netherland, svchost will come back again. Is it a malware that reacts only with one IP? Or how can I understand that?

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 13-01-05.01 - Michal 2013-01-06 2:56.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1033.18.16349.13945 [GMT 1:00]

Uruchomiony z: c:\users\Michal\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\lsprst7.dll

c:\windows\SysWow64\ssprs.dll

.

.

((((((((((((((((((((((((( Pliki utworzone od 2012-12-06 do 2013-01-06 )))))))))))))))))))))))))))))))

.

.

2013-01-06 02:01 . 2013-01-06 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-05 21:06 . 2013-01-05 21:09 -------- d-----w- c:\program files (x86)\PCSX2 0.9.8

2013-01-05 17:40 . 2013-01-05 17:43 -------- d-----w- c:\program files (x86)\Unreal 3

2013-01-05 17:26 . 2013-01-05 17:26 -------- d-----w- c:\program files (x86)\Bethesda Softworks

2013-01-05 17:13 . 2013-01-05 17:13 -------- d-----w- c:\program files (x86)\SQUARE ENIX

2013-01-04 15:18 . 2013-01-04 15:18 -------- d-----w- c:\program files (x86)\LaunchLater

2013-01-03 19:34 . 2013-01-03 19:34 -------- d-s---w- c:\programdata\Shared Space

2013-01-03 19:33 . 2013-01-03 19:33 -------- d-----w- c:\program files\COMODO

2013-01-03 19:33 . 2013-01-03 19:34 -------- d-----w- c:\programdata\COMODO

2013-01-03 19:33 . 2013-01-03 19:33 -------- d-----w- c:\program files (x86)\Common Files\Comodo

2013-01-03 19:33 . 2013-01-04 14:54 -------- d-----w- c:\program files (x86)\Comodo

2013-01-03 19:33 . 2013-01-03 19:33 -------- d-----w- c:\programdata\Comodo Downloader

2013-01-03 18:57 . 2013-01-03 18:57 -------- d-----w- c:\programdata\Malwarebytes

2013-01-03 18:57 . 2013-01-03 18:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-03 18:57 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-03 17:14 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-01-03 17:14 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-01-03 17:14 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-01-03 17:14 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-01-03 17:14 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-01-03 17:14 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-01-03 17:14 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

2013-01-03 17:13 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2013-01-03 17:13 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2013-01-03 17:13 . 2013-01-03 17:13 -------- d-----w- c:\programdata\AVAST Software

2013-01-03 17:13 . 2013-01-03 17:13 -------- d-----w- c:\program files\AVAST Software

2013-01-02 17:51 . 2013-01-02 17:59 -------- d-----w- c:\program files (x86)\Call of Duty Black Ops 2

2013-01-02 17:50 . 2013-01-02 17:50 -------- d-----w- c:\program files (x86)\GetDiz

2013-01-01 19:09 . 2013-01-01 19:09 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-01-01 18:55 . 2013-01-01 18:55 -------- d-----w- c:\program files (x86)\NAMCO BANDAI Games

2013-01-01 12:58 . 2013-01-01 15:19 -------- d-----w- c:\program files (x86)\Farming Simulator 2013

2012-12-31 22:46 . 2013-01-01 19:09 -------- d-----w- c:\programdata\Orbit

2012-12-31 13:53 . 2012-12-31 13:53 -------- d-----w- c:\program files (x86)\ChomikBox

2012-12-31 10:27 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll

2012-12-31 10:27 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll

2012-12-31 10:27 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2012-12-31 10:27 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-12-31 10:27 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-12-31 10:25 . 2012-12-31 10:25 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-12-31 10:14 . 2012-12-31 10:14 -------- d-----w- c:\program files (x86)\2K Games

2012-12-30 21:33 . 2012-12-30 21:33 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-30 21:33 . 2012-12-30 21:33 289768 ----a-w- c:\windows\system32\javaws.exe

2012-12-30 21:33 . 2012-12-30 21:33 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-12-30 21:33 . 2012-12-30 21:33 189416 ----a-w- c:\windows\system32\javaw.exe

2012-12-30 21:33 . 2012-12-30 21:33 188904 ----a-w- c:\windows\system32\java.exe

2012-12-30 21:33 . 2012-12-30 21:33 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-12-30 21:33 . 2012-12-30 21:33 -------- d-----w- c:\program files\Java

2012-12-30 14:44 . 2012-12-30 14:44 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2012-12-30 14:43 . 2013-01-01 18:55 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2012-12-30 14:43 . 2012-12-30 14:43 -------- d-----w- c:\windows\SysWow64\xlive

2012-12-30 13:59 . 2012-12-30 14:00 -------- d-----w- c:\program files (x86)\Rockstar Games

2012-12-26 21:35 . 2013-01-05 21:13 -------- d-----w- c:\program files\MotioninJoy

2012-12-26 21:35 . 2011-08-29 23:54 117520 ----a-w- c:\windows\system32\drivers\MijXfilt.sys

2012-12-26 21:35 . 2010-08-19 18:24 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys

2012-12-26 21:35 . 2010-08-19 18:24 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-12-26 21:35 . 2010-05-03 15:12 328712 ----a-w- c:\windows\system32\MijFrc.dll

2012-12-26 21:29 . 2012-12-26 21:30 -------- d-----w- c:\program files (x86)\Euro Truck Simulator 2

2012-12-25 13:02 . 2012-12-25 13:02 -------- d-----w- c:\program files\2C-Audio

2012-12-25 04:12 . 2012-12-25 04:12 -------- d-----w- c:\program files (x86)\apulSoft

2012-12-25 01:54 . 2009-12-03 21:40 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-12-25 01:44 . 2011-07-01 11:31 2181120 ----a-w- c:\windows\system32\ReWire.dll

2012-12-25 01:44 . 2012-12-25 01:44 -------- d-----w- c:\users\Public\Waves Audio

2012-12-25 01:41 . 2012-12-25 01:54 -------- d-----w- c:\program files (x86)\Waves

2012-12-25 01:20 . 2012-12-25 01:20 -------- d-----w- c:\program files (x86)\Common Files\reFX

2012-12-25 01:20 . 2012-12-25 01:20 1025 ----a-w- c:\windows\SysWow64\sysprs7.dll

2012-12-25 01:20 . 2012-12-25 01:20 1025 ----a-w- c:\windows\SysWow64\clauth2.dll

2012-12-25 01:20 . 2012-12-25 01:20 1025 ----a-w- c:\windows\SysWow64\clauth1.dll

2012-12-25 01:17 . 2009-10-24 20:15 1332224 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL

2012-12-25 01:13 . 2012-12-25 01:13 -------- d-----w- c:\program files (x86)\Common Files\SoundToys

2012-12-25 01:13 . 2012-12-25 01:13 -------- d-----w- c:\program files (x86)\SoundToys

2012-12-25 01:10 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe

2012-12-25 01:09 . 2012-12-25 01:09 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}

2012-12-25 01:09 . 2012-12-25 01:09 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

2012-12-25 01:08 . 2012-12-25 01:08 -------- dc-h--w- c:\programdata\{3006A797-CDFA-44FC-98EF-155579E2CDBF}

2012-12-25 01:08 . 2012-12-25 01:09 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments

2012-12-25 01:08 . 2012-12-25 01:08 -------- d-----w- c:\program files\Common Files\Native Instruments

2012-12-25 01:08 . 2012-12-25 01:08 -------- d-----w- c:\program files (x86)\Common Files\Digidesign

2012-12-25 01:08 . 2012-12-25 01:09 -------- d-----w- c:\program files\Native Instruments

2012-12-25 01:08 . 2012-12-25 01:08 -------- d-----w- c:\programdata\Native Instruments

2012-12-25 01:06 . 2012-12-25 01:06 -------- d-----w- c:\program files (x86)\LiquidSonics

2012-12-25 01:06 . 2012-12-25 01:06 -------- dc-h--w- c:\programdata\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}

2012-12-25 01:02 . 2012-12-25 01:02 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-12-25 01:02 . 2012-12-25 01:02 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-12-25 01:02 . 2012-12-25 01:02 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2012-12-25 00:57 . 2012-12-25 00:57 -------- d-----w- c:\program files (x86)\Cakewalk

2012-12-25 00:57 . 2012-12-25 00:57 -------- d-----w- C:\Cakewalk Content

2012-12-25 00:56 . 2012-12-25 13:02 -------- d-----w- c:\program files (x86)\Vstplugins

2012-12-25 00:45 . 2012-12-25 00:45 -------- d-----w- c:\programdata\Ableton

2012-12-25 00:44 . 2010-10-08 16:57 368640 ----a-w- c:\windows\SysWow64\ReWire.dll

2012-12-25 00:44 . 2010-10-08 16:57 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll

2012-12-25 00:43 . 2012-12-25 00:43 -------- d-----w- c:\program files (x86)\Ableton

2012-12-19 19:46 . 2012-12-19 19:46 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft

2012-12-19 19:46 . 2012-12-19 19:46 -------- d-----w- c:\program files (x86)\DVDVideoSoft

2012-12-18 18:08 . 2012-12-18 18:08 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2012-12-16 14:09 . 2012-12-16 14:46 -------- d-----w- c:\program files (x86)\Guild Wars 2

2012-12-16 13:58 . 2012-07-03 22:25 31080 ----a-w- c:\windows\system32\nvhdap64.dll

2012-12-16 13:58 . 2012-07-03 22:25 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2012-12-16 13:58 . 2012-07-03 14:37 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-12-16 13:56 . 2012-12-31 06:43 -------- d-----w- c:\users\UpdatusUser

2012-12-16 13:56 . 2013-01-06 02:01 -------- d-----w- c:\programdata\NVIDIA

2012-12-16 13:55 . 2012-12-01 05:49 3663213 ----a-w- c:\windows\system32\nvcoproc.bin

2012-12-16 13:55 . 2012-12-01 05:49 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-12-16 13:55 . 2012-12-01 05:49 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-12-16 13:55 . 2012-12-01 05:49 890216 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-16 13:55 . 2012-12-01 05:48 6223208 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-16 13:55 . 2012-12-01 05:48 3311464 ----a-w- c:\windows\system32\nvsvc64.dll

2012-12-16 13:55 . 2012-08-30 16:18 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-12-16 13:55 . 2012-12-16 13:55 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-12-14 19:45 . 2012-12-14 19:45 95904 ----a-w- c:\windows\system32\drivers\inspect.sys

2012-12-14 19:45 . 2012-12-14 19:45 697960 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2012-12-14 19:45 . 2012-12-14 19:45 48512 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-12-14 19:45 . 2012-12-14 19:45 23328 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-12-14 19:45 . 2012-12-14 19:45 42856 ----a-w- c:\windows\system32\cmdcsr.dll

2012-12-14 19:45 . 2012-12-14 19:45 453808 ----a-w- c:\windows\system32\guard64.dll

2012-12-14 19:45 . 2012-12-14 19:45 350272 ----a-w- c:\windows\SysWow64\guard32.dll

2012-12-14 19:45 . 2012-12-14 19:45 321744 ----a-w- c:\windows\system32\cmdvrt64.dll

2012-12-14 19:45 . 2012-12-14 19:45 260304 ----a-w- c:\windows\SysWow64\cmdvrt32.dll

2012-12-09 21:03 . 2012-12-09 21:03 -------- d-----w- C:\NVIDIA

2012-12-09 15:18 . 2012-12-09 15:18 -------- d-----w- c:\program files\Nexus Mod Manager

2012-12-09 14:57 . 2012-12-09 14:57 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation

2012-12-09 14:43 . 2013-01-05 17:44 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-12-09 14:42 . 2013-01-06 02:02 -------- d-----w- c:\program files (x86)\Steam

2012-12-09 09:00 . 2012-12-09 09:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-12-09 08:57 . 2011-05-10 16:46 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys

2012-12-09 08:54 . 2012-12-09 08:54 -------- d-----w- c:\windows\AsDmiHtm

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-04 08:41 . 2012-12-04 08:41 37976 ----a-w- c:\windows\SysWow64\drivers\CFRMD.sys

2012-12-04 08:41 . 2012-12-04 08:41 37976 ----a-w- c:\windows\inf\CFRMD\cfrmd.sys

2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-11-21 13:10 . 2012-11-21 13:10 3123272 ----a-r- c:\windows\SysWow64\pbsvc.exe

2012-11-14 18:04 . 2012-11-14 18:04 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-14 18:04 . 2012-11-14 18:04 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-14 18:04 . 2012-11-14 18:04 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-11-14 18:04 . 2012-11-14 18:04 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-11-14 18:04 . 2012-11-14 18:04 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-14 18:03 . 2012-11-14 18:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-14 18:03 . 2012-11-14 18:03 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-14 18:03 . 2012-11-14 18:03 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-11-14 18:03 . 2012-11-14 18:03 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-11-14 18:03 . 2012-11-14 18:03 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll

2012-11-14 18:03 . 2012-11-14 18:03 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-11-14 18:03 . 2012-11-14 18:03 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-11-14 18:03 . 2012-11-14 18:03 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-11-14 18:03 . 2012-11-14 18:03 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-11-14 18:03 . 2012-11-14 18:03 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-11-14 18:03 . 2012-11-14 18:03 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-11-14 18:03 . 2012-11-14 18:03 18944 ----a-w- c:\windows\system32\netevent.dll

2012-11-14 18:03 . 2012-11-14 18:03 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-11-14 18:03 . 2012-11-14 18:03 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-11-14 18:02 . 2012-11-14 18:02 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-11-14 18:02 . 2012-11-14 18:02 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-11-14 18:02 . 2012-11-14 18:02 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-11-14 18:02 . 2012-11-14 18:02 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-11-14 18:02 . 2012-11-14 18:02 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-11-14 18:02 . 2012-11-14 18:02 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-11-14 18:01 . 2012-11-14 18:01 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-11-14 18:01 . 2012-11-14 18:01 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-11-14 18:01 . 2012-11-14 18:01 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-11-14 18:00 . 2012-11-14 18:00 503808 ----a-w- c:\windows\system32\srcore.dll

2012-11-14 18:00 . 2012-11-14 18:00 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-11-14 18:00 . 2012-11-14 18:00 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-11-14 17:59 . 2012-11-14 17:59 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2012-11-14 17:59 . 2012-11-14 17:59 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-11-14 17:59 . 2012-11-14 17:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-14 17:59 . 2012-11-14 17:59 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 338432 ----a-w- c:\windows\system32\conhost.exe

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-11-14 17:59 . 2012-11-14 17:59 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-11-14 17:59 . 2012-11-14 17:59 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-11-14 17:59 . 2012-11-14 17:59 243200 ----a-w- c:\windows\system32\wow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-09 1354736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-19 284440]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Calc.lnk - c:\windows\System32\calc.exe [2009-7-14 918528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-19 13592]

R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2012-12-14 158928]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-14 19456]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-11-14 29696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-14 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-14 30208]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-14 1255736]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-12-14 23328]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-12-14 697960]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-12-14 48512]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-07 283200]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\Comodo\launcher_service.exe [2012-11-01 70352]

S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [2012-10-31 1467088]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

S3 MAUSBFASTTRACKULTRA;Service for M-Audio Fast Track Ultra;c:\windows\system32\DRIVERS\MAudioFastTrackUltra.sys [2011-01-11 197424]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-29 117520]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]

.

.

--- Inne Usługi/Sterowniki w Pamięci ---

.

*NewlyCreated* - WS2IFSL

.

Zawartość folderu 'Zaplanowane zadania'

.

2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-07 20:12]

.

2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-07 20:12]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2011-01-11 809264]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2012-12-14 1447632]

.

------- Skan uzupełniający -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube to MP3 Converter - c:\users\Michal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8E6653D6-5F6B-44D7-A31D-5EF05C3A1016}: NameServer = 8.26.56.26,156.154.70.22

.

- - - - USUNIĘTO PUSTE WPISY - - - -

.

Wow6432Node-HKLM-Run-tvncontrol - c:\program files (x86)\Common Files\Comodo\tvnserver.exe

.

.

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Czas ukończenia: 2013-01-06 03:05:23 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2013-01-06 02:05

.

Przed: 247 139 655 680 bytes free

Po: 246 849 077 248 bytes free

.

- - End Of File - - 0F6905A73A57E648C0EDBDECFA83CF56

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

i've got really slow connection speed, I'm already downloading virus database for 10 minutes and it is 03:34AM in my time zone, so I'm leaving the scan to go on and I will post the log tommorow. Thank you for your assistance, your knowledge on malware is great. Hope to hear from you tommorow as well.

Link to post
Share on other sites

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Michal [Admin rights]

Mode : Scan -- Date : 01/06/2013 17:31:07

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8E6653D6-5F6B-44D7-A31D-5EF05C3A1016} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{8E6653D6-5F6B-44D7-A31D-5EF05C3A1016} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20EARX-00PASB0 +++++

--- User ---

[MBR] 7b20f67738d1cca27d76cac5d12c3523

[bSP] 1200eaf1ec9ef500c1c3a9c1940672d7 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 499899 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024000000 | Size: 1407728 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01062013_02d1731.txt >>

RKreport[1]_S_01062013_02d1731.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.