Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fast blue screen. Closing programs and systems. Please Help ! [LOGS COMBOFIX]


  • This topic is locked This topic is locked
2 replies to this topic

#1 Tomatoken

Tomatoken

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 18 February 2013 - 07:49 AM

Hi guys,
 
I have big problem.
 
My system automatically closes, there is a lot of blue screen and something I close the program without my interference.
 
And how do I delete yahoo browser, which itself sets me ...
 
Please help Me.
 
[LOGS][COMBOFIX]

System language : Polish
 
 
ComboFix 13-02-18.01 - Kheaz 2013-02-18  13:36:36.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1045.18.16283.14473 [GMT 1:00]
Uruchomiony z: c:\users\Kheaz\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
 * Rezydentny antywirus jest aktywny
.
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-01-18 do 2013-02-18  )))))))))))))))))))))))))))))))
.
.
2013-02-18 12:42 . 2013-02-18 12:42    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-18 08:54 . 2013-01-15 01:45    9161176    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{245561BD-AC1F-4F43-8CFB-C318AEC25DBB}\mpengine.dll
2013-02-14 13:12 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-14 13:12 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 13:12 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 13:12 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-14 13:12 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-14 13:12 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-14 13:12 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-14 13:12 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-14 13:12 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-14 13:12 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-14 13:12 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-14 13:12 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 14:58 . 2013-02-12 14:58    --------    d-----w-    c:\program files (x86)\Common Files\BattlEye
2013-02-12 14:31 . 2013-02-12 14:31    --------    d-----w-    c:\programdata\Bohemia Interactive Studio
2013-02-11 20:21 . 2013-02-11 20:21    --------    d-----w-    c:\program files (x86)\Bohemia Interactive
2013-02-07 18:42 . 2013-02-07 18:42    --------    d-----w-    c:\programdata\Spectrasonics
2013-02-02 07:31 . 2013-02-10 08:03    281520    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-02-02 07:26 . 2013-02-02 10:37    --------    d-----w-    c:\programdata\EA Logs
2013-02-02 07:26 . 2013-02-02 07:26    --------    d-----w-    c:\programdata\EA Core
2013-02-02 01:22 . 2013-02-11 17:27    --------    d--h--w-    c:\program files (x86)\Common Files\EAInstaller
2013-02-02 01:22 . 2013-02-10 08:03    281520    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-02-02 01:22 . 2013-02-10 08:02    280904    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2013-02-02 01:22 . 2013-02-02 07:36    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-02-01 16:32 . 2013-02-11 17:29    --------    d-----w-    c:\programdata\Origin
2013-02-01 16:32 . 2013-02-02 07:26    --------    d-----w-    c:\programdata\Electronic Arts
2013-01-28 11:34 . 2009-10-24 20:15    1332224    ----a-w-    c:\windows\SysWow64\SYNSOEMU.DLL
2013-01-28 11:15 . 2013-01-28 11:15    --------    d-----w-    c:\program files\Common Files\Native Instruments
2013-01-28 11:15 . 2013-01-28 11:15    --------    d-----w-    c:\program files (x86)\Common Files\Native Instruments
2013-01-28 11:15 . 2013-01-28 11:15    --------    d-----w-    c:\programdata\Native Instruments
2013-01-28 11:15 . 2013-01-28 11:15    --------    d-----w-    c:\program files\Native Instruments
2013-01-28 11:10 . 2013-01-28 11:10    --------    d-----w-    c:\programdata\4Front
2013-01-28 10:58 . 2013-01-28 10:58    --------    d-----w-    c:\program files (x86)\Common Files\Digidesign
2013-01-28 10:57 . 2013-01-28 10:57    --------    d-----w-    c:\program files (x86)\4Front
2013-01-28 10:47 . 2013-01-28 10:47    283200    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-28 10:46 . 2013-01-28 10:47    --------    d-----w-    c:\program files (x86)\DAEMON Tools Lite
2013-01-28 10:45 . 2013-01-28 11:13    --------    d-----w-    c:\programdata\DAEMON Tools Lite
2013-01-27 08:51 . 2012-11-23 03:13    68608    ----a-w-    c:\windows\system32\taskhost.exe
2013-01-27 08:40 . 2013-01-27 08:40    --------    d-----w-    c:\windows\system32\SPReview
2013-01-27 08:39 . 2013-01-27 08:39    --------    d-----w-    c:\windows\system32\EventProviders
2013-01-26 10:38 . 2013-01-26 10:38    --------    dc----w-    c:\windows\system32\DRVSTORE
2013-01-26 10:38 . 2012-08-21 12:01    33240    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-26 10:38 . 2013-01-26 10:38    --------    d-----w-    c:\program files\iPod
2013-01-26 10:38 . 2013-01-26 10:38    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-26 10:38 . 2013-01-26 10:38    --------    d-----w-    c:\program files\iTunes
2013-01-26 10:38 . 2013-01-26 10:38    --------    d-----w-    c:\program files (x86)\iTunes
2013-01-26 10:38 . 2013-01-26 10:38    --------    d-----w-    c:\programdata\Apple Computer
2013-01-26 10:38 . 2013-01-26 10:38    --------    d-----w-    c:\program files (x86)\Apple Software Update
2013-01-26 10:38 . 2013-02-10 13:38    --------    d-----w-    c:\program files\Common Files\Apple
2013-01-26 10:37 . 2013-02-10 13:38    --------    d-----w-    c:\program files (x86)\Common Files\Apple
2013-01-26 10:37 . 2013-01-26 10:38    --------    d-----w-    c:\programdata\Apple
2013-01-25 18:23 . 2013-01-25 18:23    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2013-01-25 18:23 . 2013-01-25 18:23    1700352    ----a-w-    c:\windows\SysWow64\gdiplus.dll
2013-01-25 18:23 . 2013-01-25 18:23    1060864    ----a-w-    c:\windows\SysWow64\mfc71.dll
2013-01-25 18:22 . 2013-01-25 18:22    --------    d-----w-    c:\program files (x86)\ASIO4ALL v2
2013-01-25 18:22 . 2011-10-11 14:45    1431552    ----a-w-    c:\windows\SysWow64\rewire.dll
2013-01-25 18:22 . 2013-01-25 18:22    --------    d-----w-    c:\program files (x86)\Outsim
2013-01-25 18:22 . 2009-09-15 09:14    1554944    ----a-w-    c:\windows\SysWow64\vorbis.acm
2013-01-25 18:21 . 2013-01-28 12:13    --------    d-----w-    c:\program files (x86)\FL Studio 10
2013-01-25 18:19 . 2013-01-25 18:22    --------    d-----w-    c:\program files (x86)\Image-Line
2013-01-25 18:01 . 2013-01-25 18:01    231376    ----a-w-    c:\windows\system32\drivers\truecrypt.sys
2013-01-24 07:40 . 2010-11-05 01:57    48976    ----a-w-    c:\windows\system32\netfxperf.dll
2013-01-24 07:39 . 2010-11-20 13:34    34688    ----a-w-    c:\windows\system32\drivers\storvsc.sys
2013-01-24 05:40 . 2012-07-06 20:07    552960    ----a-w-    c:\windows\system32\drivers\bthport.sys
2013-01-23 19:40 . 2009-09-04 16:29    1974616    ----a-w-    c:\windows\SysWow64\D3DCompiler_42.dll
2013-01-23 19:40 . 2009-09-04 16:29    1892184    ----a-w-    c:\windows\SysWow64\D3DX9_42.dll
2013-01-23 18:38 . 2007-05-07 17:19    85504    ----a-w-    c:\windows\SysWow64\DeathAdder64.cpl
2013-01-23 18:38 . 2013-01-23 18:38    --------    d-----w-    c:\program files (x86)\Razer
2013-01-23 18:38 . 2007-08-02 16:33    12672    ----a-w-    c:\windows\system32\drivers\dadder.sys
2013-01-23 17:05 . 2013-01-23 17:05    --------    d-----w-    c:\program files\ESET
2013-01-23 17:04 . 2013-01-23 17:04    --------    d-----w-    c:\program files\CCleaner
2013-01-23 16:52 . 2011-02-19 12:05    1139200    ----a-w-    c:\windows\system32\FntCache.dll
2013-01-23 16:52 . 2011-02-19 12:04    902656    ----a-w-    c:\windows\system32\d2d1.dll
2013-01-23 16:52 . 2011-02-19 06:30    739840    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-01-23 16:08 . 2013-01-31 07:52    --------    d-----w-    c:\program files\TeamSpeak 3 Client
2013-01-23 15:38 . 2013-01-23 15:38    --------    d-----w-    c:\windows\system32\appmgmt
2013-01-23 15:37 . 2013-01-23 15:37    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-01-23 15:37 . 2013-01-23 15:37    859552    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-01-23 15:37 . 2013-01-23 15:37    780192    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-01-23 15:37 . 2013-01-23 15:37    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-23 15:37 . 2013-01-23 15:37    --------    d-----w-    c:\program files (x86)\Java
2013-01-23 13:40 . 2013-01-23 13:40    --------    d-----w-    c:\program files (x86)\Microsoft.NET
2013-01-23 13:08 . 2013-01-23 13:08    --------    d-----w-    c:\program files (x86)\AIMP3
2013-01-23 13:07 . 2013-01-23 13:07    --------    d-----w-    c:\program files\WinRAR
2013-01-23 12:25 . 2013-01-23 12:25    --------    d-----w-    c:\program files (x86)\Common Files\Intel Corporation
2013-01-23 12:23 . 2013-01-23 12:23    --------    d-----w-    c:\programdata\Atheros
2013-01-23 12:23 . 2013-01-23 12:23    --------    d-----w-    c:\programdata\Intel
2013-01-23 12:21 . 2013-01-23 12:21    --------    d-----w-    c:\windows\SysWow64\Wat
2013-01-23 12:21 . 2013-01-23 12:21    --------    d-----w-    c:\windows\system32\Wat
2013-01-23 12:02 . 2012-07-26 05:05    2560    ----a-w-    c:\windows\system32\drivers\pl-PL\wdf01000.sys.mui
2013-01-23 12:02 . 2012-07-26 04:55    785512    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-01-23 12:02 . 2012-07-26 04:55    54376    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-01-23 12:02 . 2012-07-26 02:36    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-01-23 12:02 . 2013-02-14 19:22    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-01-23 11:55 . 2010-02-23 08:16    294912    ----a-w-    c:\windows\system32\browserchoice.exe
2013-01-23 11:51 . 2013-01-23 11:51    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2013-01-23 11:51 . 2013-01-23 11:51    --------    d-----r-    c:\program files (x86)\Skype
2013-01-23 11:51 . 2013-01-23 11:51    --------    d-----w-    c:\programdata\Skype
2013-01-23 11:46 . 2012-03-01 06:46    23408    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2013-01-23 11:46 . 2012-03-01 06:33    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-01-23 11:46 . 2012-03-01 06:28    5120    ----a-w-    c:\windows\system32\wmi.dll
2013-01-23 11:46 . 2012-03-01 05:33    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-01-23 11:46 . 2012-03-01 05:29    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2013-01-23 11:41 . 2011-10-26 05:25    1572864    ----a-w-    c:\windows\system32\quartz.dll
2013-01-23 11:40 . 2011-12-30 06:26    515584    ----a-w-    c:\windows\system32\timedate.cpl
2013-01-23 11:39 . 2013-01-23 11:39    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-01-23 11:39 . 2013-02-02 14:17    --------    d-----w-    c:\users\UpdatusUser
2013-01-23 11:39 . 2013-01-23 11:39    --------    d-----w-    c:\program files (x86)\NVIDIA Corporation
2013-01-23 11:39 . 2013-02-18 12:35    --------    d-----w-    c:\programdata\NVIDIA
2013-01-23 11:39 . 2012-12-29 08:40    6382008    ----a-w-    c:\windows\system32\nvcpl.dll
2013-01-23 11:39 . 2012-12-29 08:40    3455416    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-01-23 11:39 . 2012-12-29 08:40    884152    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-01-23 11:39 . 2012-12-29 08:40    63928    ----a-w-    c:\windows\system32\nvshext.dll
2013-01-23 11:39 . 2012-12-29 08:40    2558392    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-01-23 11:39 . 2012-12-29 08:40    118712    ----a-w-    c:\windows\system32\nvmctray.dll
2013-01-23 11:39 . 2013-01-23 11:39    --------    d-----w-    c:\programdata\NVIDIA Corporation
2013-01-23 11:32 . 2012-08-24 18:05    220160    ----a-w-    c:\windows\system32\wintrust.dll
2013-01-23 11:32 . 2012-08-24 16:57    172544    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-01-23 11:32 . 2013-01-23 11:32    --------    d-----w-    c:\program files (x86)\Common Files\Adobe AIR
2013-01-23 11:32 . 2011-01-17 11:09    197120    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-01-23 11:32 . 2010-11-20 13:26    321024    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-01-23 11:32 . 2010-11-20 12:18    219136    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-01-23 11:32 . 2011-01-17 05:47    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-01-23 11:32 . 2013-01-23 11:32    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-27 08:42 . 2009-07-14 02:36    152576    ----a-w-    c:\windows\SysWow64\msclmd.dll
2013-01-27 08:42 . 2009-07-14 02:36    175616    ----a-w-    c:\windows\system32\msclmd.dll
2013-01-04 04:43 . 2013-02-14 13:12    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-29 10:34 . 2009-07-13 21:59    15052368    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2012-12-29 01:54 . 2012-12-29 01:54    550328    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"uTorrent"="f:\utorrent\uTorrent.exe" [2013-02-04 1075024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-12 49152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-23 1255736]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-20 14592]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2011-03-14 24880]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-28 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-11-26 1329304]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 138744]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 12672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-23 14:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 6325936]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?hspart=litmus&hsimp=yhs-litmus&type=181058
mStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?hspart=litmus&hsimp=yhs-litmus&type=181058
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kheaz\AppData\Roaming\Mozilla\Firefox\Profiles\wb8rbf7q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://us.yhs4.search.yahoo.com/web/partner?hspart=litmus&hsimp=yhs-litmus&type=181058
FF - ExtSQL: 2013-01-23 11:53; testpilot@labs.mozilla.com; c:\users\Kheaz\AppData\Roaming\Mozilla\Firefox\Profiles\wb8rbf7q.default\extensions\testpilot@labs.mozilla.com.xpi
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: browser.startup.homepage - hxxp://us.yhs4.search.yahoo.com/web/partner?hspart=litmus&hsimp=yhs-litmus&type=181058
FF - user.js: browser.search.defaultenginename - Yahoo
FF - user.js: browser.startup.page - 1
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-Native Instruments Massive - c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.exe
AddRemove-Native Instruments Service Center - c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}\Service Center Setup PC.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2013-02-18  13:43:49
ComboFix-quarantined-files.txt  2013-02-18 12:43
ComboFix2.txt  2013-02-08 13:08
.
Przed: 7 846 567 936 bajtów wolnych
Po: 8 177 213 440 bajtów wolnych
.
- - End Of File - - DC40F85E3C5C681E34539B54D2B4C89F

***Mod Edit: Moved from Windows 7 to the Logs forum and removed quote tags. ~bloopie***

Edited by bloopie, 18 February 2013 - 12:20 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:07 PM

Posted 19 February 2013 - 09:15 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:07 PM

Posted 24 February 2013 - 07:13 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users