SafeGroupBezpieczeństwoPomoc po zainfekowaniu v
Blokowanie IP przez Malwarebytes Pro.

Tryby wyświetlania wątku
Blokowanie IP przez Malwarebytes Pro.
Galactico Offline
Użytkownik
Liczba postów: 805
Liczba wątków: 46
Dołączył: 13.03.2012
Reputacja: 25
#1
09.11.2012, 15:57
Zaczęły pojawiać mi się komunikaty Malwarebytes Pro odnośnie zablokowania dostępu do podejrzanej strony : IP193.17.41.93. Internet coś mi wolno chodzi. O co chodzi?
1. PC:
Comodo Internet Security 6, WOT
Szukaj
Odpowiedz
preter Offline
Specjalista
Liczba postów: 1 279
Liczba wątków: 30
Dołączył: 21.05.2011
Reputacja: 58
#2
09.11.2012, 16:03
Ten IP należy do grupy O2:

[Aby zobaczyć linki, zarejestruj się tutaj]

...
Szukaj
Odpowiedz
ktośtam
Gość
 
#3
09.11.2012, 16:04
Trojan:

[Aby zobaczyć linki, zarejestruj się tutaj]

Kod:
Blacklist
Google     Google Diagnostic Page
My WOT     WOT Score Card
hpHosts     hpHosts listing
MalwareDomainList     MDL listing

Security Category: Trojan TDSS
Odpowiedz
Galactico Offline
Użytkownik
Liczba postów: 805
Liczba wątków: 46
Dołączył: 13.03.2012
Reputacja: 25
#4
09.11.2012, 16:09
Za chwile dam logi.

Dodano: 09 lis 2012, 16:07

OTL
OTL logfile created on: 2012-11-09 15:56:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kuba\Downloads
Home Premium Edition(Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,66% Memory free
6,00 Gb Paging File | 4,20 Gb Available in Paging File | 70,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 319,18 Gb Total Space | 228,62 Gb Free Space | 71,63% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 39,31 Gb Free Space | 80,50% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 97,56 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive F: | 7,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: KUBA-KOMPUTER | User Name: Kuba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-09 15:55:11 | 000,602,112 | ---- | M](OldTimer Tools) -- C:\Users\Kuba\Downloads\OTL.exe
PRC - [2012-10-28 15:16:23 | 000,917,984 | ---- | M](Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-10-23 12:07:19 | 001,609,272 | ---- | M](Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
PRC - [2012-10-17 11:08:42 | 000,446,664 | ---- | M]() -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
PRC - [2012-10-12 16:08:40 | 001,335,840 | ---- | M](Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
PRC - [2012-10-10 11:42:18 | 001,807,800 | ---- | M](Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012-10-05 09:54:04 | 000,055,544 | ---- | M](Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
PRC - [2012-09-29 18:54:26 | 000,766,536 | ---- | M](Malwarebytes Corporation) -- C:\Program Files\Malwarebytes'' Anti-Malware\mbamgui.exe
PRC - [2012-09-29 18:54:26 | 000,676,936 | ---- | M](Malwarebytes Corporation) -- C:\Program Files\Malwarebytes'' Anti-Malware\mbamservice.exe
PRC - [2012-09-29 18:54:26 | 000,399,432 | ---- | M](Malwarebytes Corporation) -- C:\Program Files\Malwarebytes'' Anti-Malware\mbamscheduler.exe
PRC - [2012-06-06 08:51:38 | 003,151,392 | ---- | M](Foxit Corporation) -- C:\Users\Kuba\AppData\Local\Temp\Foxit Updater.exe
PRC - [2012-05-26 11:04:52 | 000,913,792 | ---- | M](IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011-09-05 16:11:48 | 000,105,792 | ---- | M]() -- C:\Program Files\Comodo\COMODO Programs Manager\CPMservice.exe
PRC - [2011-02-26 06:33:07 | 002,614,784 | ---- | M](Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-03-10 13:26:48 | 000,189,728 | ---- | M](Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M](Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012-10-28 15:16:23 | 002,295,264 | ---- | M]() -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-10-10 11:42:18 | 009,814,968 | ---- | M]() -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012-10-04 18:06:16 | 000,203,840 | ---- | M]() -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
MOD - [2012-04-27 15:08:08 | 000,092,600 | ---- | M]() -- C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll


========== Services (SafeList) ==========

SRV - [2012-10-28 15:16:23 | 000,115,168 | ---- | M](Mozilla Foundation) [On_Demand | Stopped]-- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-10-18 18:15:57 | 000,059,152 | ---- | M](Bitdefender) [Disabled | Stopped]-- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2012-10-17 11:08:42 | 000,446,664 | ---- | M]() [Auto | Running]-- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe -- (IceDragonUpdater)
SRV - [2012-10-12 16:08:40 | 001,335,840 | ---- | M](Bitdefender) [Auto | Running]-- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV - [2012-10-10 11:42:19 | 000,250,808 | ---- | M](Adobe Systems Incorporated) [On_Demand | Stopped]-- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-10-05 09:54:04 | 000,055,544 | ---- | M](Bitdefender) [Auto | Running]-- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV - [2012-09-29 18:54:26 | 000,676,936 | ---- | M](Malwarebytes Corporation) [Auto | Running]-- C:\Program Files\Malwarebytes'' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 18:54:26 | 000,399,432 | ---- | M](Malwarebytes Corporation) [Auto | Running]-- C:\Program Files\Malwarebytes'' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-07-01 07:31:02 | 001,343,400 | ---- | M](Microsoft Corporation) [On_Demand | Stopped]-- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012-05-26 11:04:52 | 000,913,792 | ---- | M](IObit) [Auto | Running]-- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011-09-05 16:11:48 | 000,105,792 | ---- | M]() [Auto | Running]-- C:\Program Files\Comodo\COMODO Programs Manager\CPMservice.exe -- (CPMService)
SRV - [2010-03-10 13:26:48 | 000,189,728 | ---- | M](Protexis Inc.) [Auto | Running]-- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M](Microsoft Corporation) [On_Demand | Stopped]-- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M](Microsoft Corporation) [On_Demand | Stopped]-- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped]-- C:\Windows\system32\DRIVERS\asdrs.sys -- (asdrs)
DRV - [2012-10-10 21:14:28 | 010,837,352 | ---- | M](NVIDIA Corporation) [Kernel | On_Demand | Running]-- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-10-10 14:00:08 | 000,481,464 | ---- | M](BitDefender) [File_System | On_Demand | Running]-- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2012-10-10 14:00:04 | 000,622,616 | ---- | M](BitDefender) [File_System | Boot | Running]-- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2012-10-02 11:31:18 | 000,134,136 | ---- | M](BitDefender LLC) [Kernel | System | Running]-- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)
DRV - [2012-09-29 18:54:26 | 000,022,856 | ---- | M](Malwarebytes Corporation) [File_System | On_Demand | Running]-- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-08-29 17:24:08 | 000,161,312 | ---- | M](BitDefender LLC) [File_System | Boot | Running]-- C:\Windows\System32\drivers\gzflt.sys -- (gzflt)
DRV - [2012-07-06 15:13:12 | 000,077,192 | ---- | M](BitDefender LLC) [Kernel | System | Running]-- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2012-07-02 14:21:35 | 000,343,456 | ---- | M](BitDefender S.R.L.) [File_System | Auto | Running]-- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2012-06-05 15:33:00 | 000,158,552 | ---- | M](Oracle Corporation) [Kernel | System | Running]-- C:\Windows\System32\drivers\VBoCrazerv.sys -- (VBoCrazerv)
DRV - [2012-06-05 15:33:00 | 000,116,056 | ---- | M](Oracle Corporation) [Kernel | On_Demand | Running]-- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2012-06-05 15:33:00 | 000,104,792 | ---- | M](Oracle Corporation) [Kernel | On_Demand | Running]-- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2012-06-05 15:33:00 | 000,091,992 | ---- | M](Oracle Corporation) [Kernel | System | Running]-- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011-11-14 20:16:27 | 000,090,704 | ---- | M](BitDefender LLC) [Kernel | System | Running]-- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2011-09-05 16:14:58 | 000,017,520 | ---- | M]() [Kernel | Boot | Running]-- C:\Windows\System32\drivers\evdd.sys -- (Evdd)
DRV - [2011-09-05 16:14:08 | 000,178,744 | ---- | M](Windows ® Win 7 DDK provider) [Kernel | Boot | Running]-- C:\Windows\System32\drivers\cumon.sys -- (cumon)
DRV - [2009-07-13 23:02:47 | 000,047,104 | ---- | M](Atheros Communications, Inc.) [Kernel | On_Demand | Running]-- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2004-08-13 08:56:20 | 000,005,810 | ---- | M]() [Kernel | On_Demand | Running]-- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = aboutblank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

[Aby zobaczyć linki, zarejestruj się tutaj]

{searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3194645604-3004077479-1033813949-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = aboutblank
IE - HKU\S-1-5-21-3194645604-3004077479-1033813949-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3194645604-3004077479-1033813949-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

[Aby zobaczyć linki, zarejestruj się tutaj]

{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3194645604-3004077479-1033813949-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3194645604-3004077479-1033813949-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 67.230.164.157:3128

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e -->:1.19.1
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..network.proxy.http: "176.9.132.76"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-28 15:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012-11-02 10:37:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-28 15:16:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-07-11 08:20:39 | 000,000,000 | ---D | M](No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\Extensions
[2012-10-24 14:07:54 | 000,000,000 | ---D | M](No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\Firefox\Profiles\p9ltcuws.default\extensions
[2012-10-03 09:37:01 | 000,000,000 | ---D | M](WOT) -- C:\Users\Kuba\AppData\Roaming\mozilla\Firefox\Profiles\p9ltcuws.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012-09-11 14:02:28 | 000,000,000 | ---D | M](British English Dictionary) -- C:\Users\Kuba\AppData\Roaming\mozilla\Firefox\Profiles\p9ltcuws.default\extensions\[email protected]
[2012-10-28 15:16:19 | 000,000,000 | ---D | M](No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-10-28 15:16:23 | 000,261,600 | ---- | M](Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-10-13 08:59:25 | 000,002,767 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-10-13 08:59:25 | 000,001,406 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-10-13 08:59:25 | 000,000,917 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-10-13 08:59:25 | 000,000,858 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-10-13 08:59:25 | 000,001,183 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-10-13 08:59:25 | 000,001,683 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M] ) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Bdagent]C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKU\S-1-5-21-3194645604-3004077479-1033813949-1001..\Run: [GG]C:\Users\Kuba\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

[Aby zobaczyć linki, zarejestruj się tutaj]

(Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{277B7928-FFFE-49F0-9A6B-BAB1E97C0E28}: DhcpNameServer = 192.168.1.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M]() - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011-08-25 20:03:58 | 006,412,160 | R--- | M](Codemasters Software Co.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011-08-29 23:13:13 | 000,141,599 | R--- | M]() - F:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2011-08-08 18:44:10 | 000,000,070 | R--- | M]() - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{558ecf0d-c2de-11e1-8ac4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{558ecf0d-c2de-11e1-8ac4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2011-08-25 20:03:58 | 006,412,160 | R--- | M](Codemasters Software Co.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open]-- "%1" %*
O35 - HKLM\..exefile [open]-- "%1" %*
O37 - HKLM\...com [@ = comfile]-- "%1" %*
O37 - HKLM\...exe [@ = exefile]-- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-07 19:40:53 | 000,000,000 | ---D | C]-- C:\temp
[2012-11-04 19:48:12 | 000,000,000 | ---D | C]-- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012-11-02 10:43:21 | 000,072,704 | ---- | C](BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2012-11-02 10:43:20 | 000,240,184 | ---- | C](BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2012-11-02 10:37:24 | 000,000,000 | ---D | C]-- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2012-11-02 10:37:22 | 000,000,000 | ---D | C]-- C:\Users\Kuba\AppData\Roaming\Bitdefender
[2012-11-02 10:36:48 | 000,000,000 | ---D | C]-- C:\ProgramData\Bitdefender
[2012-11-02 10:36:48 | 000,000,000 | ---D | C]-- C:\Program Files\Bitdefender
[2012-11-02 10:36:45 | 000,343,456 | ---- | C](BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2012-11-02 10:36:43 | 000,161,312 | ---- | C](BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2012-11-02 09:56:15 | 000,000,000 | ---D | C]-- C:\ProgramData\bdch
[2012-11-02 09:55:29 | 000,000,000 | ---D | C]-- C:\ProgramData\BDLogging
[2012-11-02 09:55:00 | 000,511,328 | ---- | C](Microsoft Corporation) -- C:\Windows\capicom.dll
[2012-11-02 09:55:00 | 000,077,192 | ---- | C](BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys
[2012-11-02 09:55:00 | 000,066,392 | ---- | C](BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
[2012-11-02 09:54:54 | 000,622,616 | ---- | C](BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2012-11-02 09:54:54 | 000,481,464 | ---- | C](BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2012-11-02 09:35:05 | 000,000,000 | ---D | C]-- C:\Users\Kuba\AppData\Roaming\QuickScan
[2012-11-02 09:19:13 | 000,000,000 | ---D | C]-- C:\Program Files\Common Files\Bitdefender
[2012-11-02 09:07:07 | 000,000,000 | -HSD | C]-- C:\Config.Msi
[2012-11-01 09:27:47 | 000,000,000 | ---D | C]-- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012-11-01 09:27:32 | 000,000,000 | ---D | C]-- C:\Program Files\Ashampoo
[2012-10-28 15:16:18 | 000,000,000 | ---D | C]-- C:\Program Files\Mozilla Firefox
[2012-10-28 07:44:59 | 000,000,000 | ---D | C]-- C:\Users\Kuba\AppData\Roaming\dvdcss
[2012-10-24 14:27:24 | 000,000,000 | ---D | C]-- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
[2012-10-24 14:24:20 | 000,000,000 | ---D | C]-- C:\ProgramData\Codemasters
[2012-10-24 14:24:08 | 000,000,000 | ---D | C]-- C:\Users\Kuba\Documents\My Games
[2012-10-24 14:19:12 | 000,000,000 | ---D | C]-- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2012-10-24 14:19:11 | 019,087,360 | ---- | C](Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll
[2012-10-24 14:19:11 | 001,302,528 | ---- | C](Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll
[2012-10-24 14:19:10 | 000,000,000 | ---D | C]-- C:\Program Files\BRS
[2012-10-24 14:19:02 | 000,445,016 | ---- | C](Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2012-10-24 14:19:02 | 000,000,000 | ---D | C]-- C:\Program Files\OpenAL
[2012-10-24 14:19:01 | 000,109,144 | ---- | C](Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2012-10-24 14:16:13 | 000,000,000 | ---D | C]-- C:\Windows\System32\xlive
[2012-10-24 14:16:01 | 000,000,000 | ---D | C]-- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012-10-24 14:16:01 | 000,000,000 | ---D | C]-- C:\Program Files\Microsoft Games for Windows - LIVE
[2012-10-24 14:00:20 | 000,000,000 | ---D | C]-- C:\Program Files\Codemasters
[2012-10-21 13:47:00 | 000,174,056 | ---- | C](Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012-10-21 13:47:00 | 000,174,056 | ---- | C](Oracle Corporation) -- C:\Windows\System32\java.exe
[2012-10-21 13:47:00 | 000,093,672 | ---- | C](Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012-10-11 09:12:23 | 000,002,048 | ---- | C](Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012-10-11 09:12:10 | 000,271,360 | ---- | C](Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012-10-11 09:12:10 | 000,169,984 | ---- | C](Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012-10-11 09:12:09 | 000,005,120 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012-10-11 09:12:09 | 000,004,608 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012-10-11 09:12:09 | 000,004,096 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012-10-11 09:12:09 | 000,004,096 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012-10-11 09:12:09 | 000,004,096 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012-10-11 09:12:09 | 000,004,096 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012-10-11 09:12:08 | 000,006,144 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012-10-11 09:12:08 | 000,004,608 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012-10-11 09:12:08 | 000,004,096 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012-10-11 09:12:08 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012-10-11 09:12:08 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012-10-11 09:12:08 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012-10-11 09:11:37 | 003,958,128 | ---- | C](Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012-10-11 09:11:37 | 003,902,832 | ---- | C](Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012-10-10 21:15:04 | 001,867,112 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012-10-10 21:15:00 | 002,574,696 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012-10-10 21:14:50 | 000,888,168 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2012-10-10 21:14:46 | 017,559,912 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012-10-10 21:14:42 | 007,697,768 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012-10-10 21:14:28 | 010,837,352 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012-10-10 21:14:22 | 019,906,920 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012-10-10 21:14:16 | 006,127,464 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-11-09 16:02:00 | 002,359,296 | ---- | M]() -- C:\Users\Kuba\NTUSER.DAT
[2012-11-09 15:41:00 | 000,000,930 | ---- | M]() -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-11-09 13:51:49 | 000,014,608 | -H-- | M]() -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-09 13:51:49 | 000,014,608 | -H-- | M]() -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-09 13:45:09 | 000,000,308 | ---- | M]() -- C:\Windows\tasks\GlaryInitialize.job
[2012-11-09 13:44:36 | 000,000,006 | -H-- | M]() -- C:\Windows\tasks\SA.DAT
[2012-11-09 13:44:12 | 000,067,584 | --S- | M]() -- C:\Windows\bootstat.dat
[2012-11-09 13:44:08 | 2415,222,784 | -HS- | M]() -- C:\hiberfil.sys
[2012-11-09 11:02:52 | 000,011,522 | ---- | M]() -- C:\Windows\CUAppUsage.Dat
[2012-11-09 11:02:31 | 001,495,591 | -H-- | M]() -- C:\Users\Kuba\AppData\Local\IconCache.db
[2012-11-02 10:43:21 | 000,072,704 | ---- | M](BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2012-11-02 10:43:20 | 000,240,184 | ---- | M](BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2012-11-02 10:38:04 | 000,384,447 | ---- | M]() -- C:\ProgramData\1351848961.bdinstall.bin
[2012-11-02 10:37:41 | 000,000,385 | ---- | M]() -- C:\Windows\System32\user_gensett.xml
[2012-11-02 10:37:32 | 000,253,404 | -H-- | M]() -- C:\bdr-ld01
[2012-11-02 10:37:32 | 000,009,216 | -H-- | M]() -- C:\bdr-ld01.mbr
[2012-11-02 10:37:32 | 000,000,308 | -H-- | M]() -- C:\bdr-cf01
[2012-11-02 10:37:24 | 000,002,126 | ---- | M]() -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2012-11-02 10:09:42 | 001,010,216 | ---- | M]() -- C:\ProgramData\1351845282.bdinstall.bin
[2012-11-02 09:30:59 | 000,053,062 | ---- | M]() -- C:\ProgramData\1351845051.bdinstall.bin
[2012-11-02 09:30:45 | 000,354,826 | ---- | M]() -- C:\ProgramData\1351844398.bdinstall.bin
[2012-11-02 09:18:59 | 001,549,696 | ---- | M]() -- C:\Windows\System32\PerfStringBackup.INI
[2012-11-02 09:18:59 | 000,697,674 | ---- | M]() -- C:\Windows\System32\perfh015.dat
[2012-11-02 09:18:59 | 000,615,810 | ---- | M]() -- C:\Windows\System32\perfh009.dat
[2012-11-02 09:18:59 | 000,134,784 | ---- | M]() -- C:\Windows\System32\perfc015.dat
[2012-11-02 09:18:59 | 000,106,190 | ---- | M]() -- C:\Windows\System32\perfc009.dat
[2012-11-01 13:30:30 | 000,524,288 | -HS- | M]() -- C:\Users\Kuba\NTUSER.DAT{77af983f-241d-11e2-9d1c-002618d46add}.TMContainer00000000000000000002.regtrans-ms
[2012-11-01 13:30:30 | 000,065,536 | -HS- | M]() -- C:\Users\Kuba\NTUSER.DAT{77af983f-241d-11e2-9d1c-002618d46add}.TM.blf
[2012-11-01 13:30:29 | 000,524,288 | -HS- | M]() -- C:\Users\Kuba\NTUSER.DAT{77af983f-241d-11e2-9d1c-002618d46add}.TMContainer00000000000000000001.regtrans-ms
[2012-11-01 13:26:34 | 002,621,440 | -HS- | M]() -- C:\Users\Kuba\NTUSER.DAT.gbck
[2012-11-01 10:17:13 | 000,003,584 | ---- | M]() -- C:\Users\Kuba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-10-31 10:04:20 | 000,000,969 | ---- | M]() -- C:\Users\Public\Desktop\CCleaner.lnk
[2012-10-31 10:01:41 | 000,001,028 | ---- | M]() -- C:\Users\Kuba\Desktop\Glary Utilities.lnk
[2012-10-24 14:19:02 | 000,445,016 | ---- | M](Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2012-10-24 14:19:01 | 000,109,144 | ---- | M](Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2012-10-20 12:59:40 | 000,001,071 | ---- | M]() -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-10-19 12:16:46 | 035,184,777 | -H-- | M]() -- C:\bdr-im01.gz
[2012-10-10 21:15:04 | 001,867,112 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012-10-10 21:15:00 | 002,574,696 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012-10-10 21:14:50 | 012,501,352 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012-10-10 21:14:50 | 000,888,168 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2012-10-10 21:14:46 | 017,559,912 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012-10-10 21:14:44 | 002,428,776 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012-10-10 21:14:42 | 007,697,768 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012-10-10 21:14:28 | 010,837,352 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012-10-10 21:14:28 | 000,012,865 | ---- | M]() -- C:\Windows\System32\nvinfo.pb
[2012-10-10 21:14:22 | 019,906,920 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012-10-10 21:14:22 | 001,009,512 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012-10-10 21:14:16 | 015,309,160 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012-10-10 21:14:16 | 006,127,464 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-11-02 10:38:04 | 000,384,447 | ---- | C]() -- C:\ProgramData\1351848961.bdinstall.bin
[2012-11-02 10:37:41 | 000,000,385 | ---- | C]() -- C:\Windows\System32\user_gensett.xml
[2012-11-02 10:37:32 | 000,000,308 | -H-- | C]() -- C:\bdr-cf01
[2012-11-02 10:37:24 | 000,002,126 | ---- | C]() -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2012-11-02 10:36:50 | 035,184,777 | -H-- | C]() -- C:\bdr-im01.gz
[2012-11-02 10:36:50 | 002,294,848 | -H-- | C]() -- C:\bdr-bz01
[2012-11-02 10:36:50 | 000,253,404 | -H-- | C]() -- C:\bdr-ld01
[2012-11-02 10:36:50 | 000,009,216 | -H-- | C]() -- C:\bdr-ld01.mbr
[2012-11-02 10:09:42 | 001,010,216 | ---- | C]() -- C:\ProgramData\1351845282.bdinstall.bin
[2012-11-02 09:30:59 | 000,053,062 | ---- | C]() -- C:\ProgramData\1351845051.bdinstall.bin
[2012-11-02 09:30:45 | 000,354,826 | ---- | C]() -- C:\ProgramData\1351844398.bdinstall.bin
[2012-11-01 13:30:24 | 001,495,591 | -H-- | C]() -- C:\Users\Kuba\AppData\Local\IconCache.db
[2012-11-01 13:28:20 | 000,524,288 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT{77af983f-241d-11e2-9d1c-002618d46add}.TMContainer00000000000000000002.regtrans-ms
[2012-11-01 13:28:20 | 000,524,288 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT{77af983f-241d-11e2-9d1c-002618d46add}.TMContainer00000000000000000001.regtrans-ms
[2012-11-01 13:28:19 | 000,065,536 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT{77af983f-241d-11e2-9d1c-002618d46add}.TM.blf
[2012-11-01 10:17:13 | 000,003,584 | ---- | C]() -- C:\Users\Kuba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-01 08:27:36 | 000,011,522 | ---- | C]() -- C:\Windows\CUAppUsage.Dat
[2012-07-01 08:07:06 | 000,017,520 | ---- | C]() -- C:\Windows\System32\drivers\evdd.sys
[2012-06-30 20:05:29 | 000,005,696 | R--- | C]() -- C:\Windows\System32\CHKSUM.COM
[2012-06-30 19:24:55 | 000,070,296 | ---- | C]() -- C:\Users\Kuba\AppData\Local\GDIPFONTCACHEV1.DAT
[2012-06-30 19:17:18 | 001,549,696 | ---- | C]() -- C:\Windows\System32\PerfStringBackup.INI
[2012-06-30 19:14:31 | 002,621,440 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT.gbck
[2012-06-30 19:14:31 | 002,359,296 | ---- | C]() -- C:\Users\Kuba\NTUSER.DAT
[2012-06-30 19:14:31 | 000,524,288 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012-06-30 19:14:31 | 000,524,288 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012-06-30 19:14:31 | 000,065,536 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012-06-30 19:14:31 | 000,000,020 | -HS- | C]() -- C:\Users\Kuba\ntuser.ini
[2011-04-09 17:55:28 | 000,179,261 | ---- | C]() -- C:\Windows\System32\xlive.dll.cat

========== ZeroAccess Check ==========

[2009-07-14 05:42:31 | 000,000,227 | RHS- | M]() -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:46:56 | 012,868,608 | ---- | M](Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M](Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M](Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-07-22 08:02:25 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\.wtw
[2012-07-17 11:11:41 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Audacity
[2012-07-01 08:25:49 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\AVG2012
[2012-11-02 10:37:22 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Bitdefender
[2012-09-27 13:09:52 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\BlackBean
[2012-11-01 13:22:57 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Crystal Security
[2012-07-13 09:31:46 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Foxit Software
[2012-11-09 13:45:29 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\GG
[2012-07-19 07:30:44 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\GHISLER
[2012-07-20 07:20:12 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Gholam_Inc
[2012-09-21 07:52:13 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\GlarySoft
[2012-11-01 10:49:21 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\IObit
[2012-07-18 11:43:03 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\LibreOffice
[2012-08-16 09:47:25 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Origin
[2012-09-30 18:25:42 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\ProtectDISC
[2012-11-02 09:35:05 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\QuickScan
[2012-08-24 13:43:38 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\SoftMaker
[2012-07-02 15:52:52 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Ulead Systems

========== Purity Check ==========



< End of report >

Dodano: 09 lis 2012, 16:09

Extra

[Aby zobaczyć linki, zarejestruj się tutaj]

1. PC:
Comodo Internet Security 6, WOT
Szukaj
Odpowiedz
ktośtam
Gość
 
#5
09.11.2012, 16:10
Logi lepiej wyślij na wklej.org albo wrzuć jako załączniki do posta.
Odpowiedz
KaMiL Offline
SG PRO
Liczba postów: 4 085
Liczba wątków: 94
Dołączył: 13.05.2011
Reputacja: 109
#6
09.11.2012, 16:18
Wykonaj skan TDSS Killerem

[Aby zobaczyć linki, zarejestruj się tutaj]

Strona WWW Szukaj
Odpowiedz
Galactico Offline
Użytkownik
Liczba postów: 805
Liczba wątków: 46
Dołączył: 13.03.2012
Reputacja: 25
#7
09.11.2012, 16:19
KaMiL napisał(a):Wykonaj skan TDSS Killerem

[Aby zobaczyć linki, zarejestruj się tutaj]



Skanowałem i nic nie wykrył.
1. PC:
Comodo Internet Security 6, WOT
Szukaj
Odpowiedz
preter Offline
Specjalista
Liczba postów: 1 279
Liczba wątków: 30
Dołączył: 21.05.2011
Reputacja: 58
#8
09.11.2012, 16:43
Czyli prawdopodobnie jest czysto, w końcu MBAM Pro zablokował adres IP.
...
Szukaj
Odpowiedz
Galactico Offline
Użytkownik
Liczba postów: 805
Liczba wątków: 46
Dołączył: 13.03.2012
Reputacja: 25
#9
09.11.2012, 16:46
Ale to jest dziwna sprawa. To IP powiązane jestz

[malware] z4.przeklej.pl/przo1625/896d0ab1002d19dc4b55aaaf/ajdh4jds453_www.przeklej.pl.jpg[/malware]

A to skan tego pliku:

[Aby zobaczyć linki, zarejestruj się tutaj]

1. PC:
Comodo Internet Security 6, WOT
Szukaj
Odpowiedz
Miquell Offline
Specjalista
Liczba postów: 1 221
Liczba wątków: 16
Dołączył: 24.03.2012
Reputacja: 91
#10
09.11.2012, 16:52
Ale skoro MBAM Pro zablokował adres to system powinien być czysty, tak jaki napisał preter
Szukaj
Odpowiedz
Galactico Offline
Użytkownik
Liczba postów: 805
Liczba wątków: 46
Dołączył: 13.03.2012
Reputacja: 25
#11
09.11.2012, 16:52
Ale Internet chodzi tak mulasto jak nigdy.
1. PC:
Comodo Internet Security 6, WOT
Szukaj
Odpowiedz
preter Offline
Specjalista
Liczba postów: 1 279
Liczba wątków: 30
Dołączył: 21.05.2011
Reputacja: 58
#12
09.11.2012, 16:57
Jeśli jeszcze tego nie robiłeś, to odłącz komputer od internetu i podłącz ponownie. Jeżeli to nie pomoże, to zrestartuj komputer.
U mnie to czasem pomaga.
...
Szukaj
Odpowiedz
Galactico Offline
Użytkownik
Liczba postów: 805
Liczba wątków: 46
Dołączył: 13.03.2012
Reputacja: 25
#13
09.11.2012, 16:58
preter napisał(a):Jeśli jeszcze tego nie robiłeś, to odłącz komputer od internetu i podłącz ponownie. Jeżeli to nie pomoże, to zrestartuj komputer.


Dzwoniłem kiedyś (wówczas to było jeszcze tp) zgłaszałem że modem padł. Na to uprzejma Pani powiedziała to samo, co ty wcześniej. To jest lekarstwo na wszystko?

Restartowałem i nic.
1. PC:
Comodo Internet Security 6, WOT
Szukaj
Odpowiedz
Miquell Offline
Specjalista
Liczba postów: 1 221
Liczba wątków: 16
Dołączył: 24.03.2012
Reputacja: 91
#14
09.11.2012, 17:07
A jak wyłączysz blokowanie stron w MBAM to też internet tak się ociąga??
Jeśli tak to może przyczyny szukać trzeba gdzie indziej....
Szukaj
Odpowiedz
Galactico Offline
Użytkownik
Liczba postów: 805
Liczba wątków: 46
Dołączył: 13.03.2012
Reputacja: 25
#15
09.11.2012, 17:10
Miquell napisał(a):A jak wyłączysz blokowanie stron w MBAM to też internet tak się ociąga??
Jeśli tak to może przyczyny szukać trzeba gdzie indziej....


Trudno określić. Porównywalnie teraz.
1. PC:
Comodo Internet Security 6, WOT
Szukaj
Odpowiedz
Miquell Offline
Specjalista
Liczba postów: 1 221
Liczba wątków: 16
Dołączył: 24.03.2012
Reputacja: 91
#16
09.11.2012, 17:12
Może to czysty przypadek z tym blokiem, który zrobił MBAM, a rzeczywista wina za wolny transfer leży po stronie operatora....
Szukaj
Odpowiedz
Galactico Offline
Użytkownik
Liczba postów: 805
Liczba wątków: 46
Dołączył: 13.03.2012
Reputacja: 25
#17
09.11.2012, 17:13
Nie wiem, zaczekajmy aż tachion przyjdzie i zobaczy Logi.
1. PC:
Comodo Internet Security 6, WOT
Szukaj
Odpowiedz
Miquell Offline
Specjalista
Liczba postów: 1 221
Liczba wątków: 16
Dołączył: 24.03.2012
Reputacja: 91
#18
09.11.2012, 17:16
Gdyby coś mimo wszystko przeszło do systemu i próbowało się zzablokowanym adresem, to zwykły skan MBAM-em powinien to wykryć Wink
Szukaj
Odpowiedz
preter Offline
Specjalista
Liczba postów: 1 279
Liczba wątków: 30
Dołączył: 21.05.2011
Reputacja: 58
#19
09.11.2012, 17:31
Galactico napisał(a):
preter napisał(a):Jeśli jeszcze tego nie robiłeś, to odłącz komputer od internetu i podłącz ponownie. Jeżeli to nie pomoże, to zrestartuj komputer.


Dzwoniłem kiedyś (wówczas to było jeszcze tp) zgłaszałem że modem padł. Na to uprzejma Pani powiedziała to samo, co ty wcześniej. To jest lekarstwo na wszystko?

Restartowałem i nic.

Nie mówię, że to jest lekarstwo na wszystko. Czasem się po prostu tak zdarza, że wystąpi jakiś błąd w sterowniku czy na linii połączenia z siecią i wystarczy wtedy restart aplikacji/systemu/routera.

Nie jestem ekspertem, ale logi przejrzałem i nie zauważyłem podejrzanych rzeczy. Ale jak sam mówisz, poczekajmy na tachiona Smile
...
Szukaj
Odpowiedz
tachion Offline
Ekipa forum
Liczba postów: 4 766
Liczba wątków: 33
Dołączył: 16.02.2011
Reputacja: 507
#20
09.11.2012, 18:58
formata zróbGrin
Szukaj
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 1 gości