Blokowanie IP przez Malwarebytes Pro. - Wersja do druku +- SafeGroup (https://safegroup.pl) +-- Dział: Bezpieczeństwo (https://safegroup.pl/forum-10.html) +--- Dział: Pomoc po zainfekowaniu (https://safegroup.pl/forum-5.html) +--- Wątek: Blokowanie IP przez Malwarebytes Pro. (/thread-5832.html) |
Blokowanie IP przez Malwarebytes Pro. - Galactico - 09.11.2012 Zaczęły pojawiać mi się komunikaty Malwarebytes Pro odnośnie zablokowania dostępu do podejrzanej strony : IP193.17.41.93. Internet coś mi wolno chodzi. O co chodzi? Re: Blokowanie IP przez Malwarebytes Pro. - preter - 09.11.2012 Ten IP należy do grupy O2: [Aby zobaczyć linki, zarejestruj się tutaj] Re: Blokowanie IP przez Malwarebytes Pro. - ktośtam - 09.11.2012 Trojan: [Aby zobaczyć linki, zarejestruj się tutaj] Kod: Blacklist Security Category: Trojan TDSS Re: Blokowanie IP przez Malwarebytes Pro. - Galactico - 09.11.2012 Za chwile dam logi. Dodano: 09 lis 2012, 16:07 OTL OTL logfile created on: 2012-11-09 15:56:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kuba\Downloads Home Premium Edition(Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,66% Memory free 6,00 Gb Paging File | 4,20 Gb Available in Paging File | 70,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 319,18 Gb Total Space | 228,62 Gb Free Space | 71,63% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 39,31 Gb Free Space | 80,50% Space Free | Partition Type: NTFS Drive E: | 97,66 Gb Total Space | 97,56 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Drive F: | 7,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KUBA-KOMPUTER | User Name: Kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-11-09 15:55:11 | 000,602,112 | ---- | M](OldTimer Tools) -- C:\Users\Kuba\Downloads\OTL.exe PRC - [2012-10-28 15:16:23 | 000,917,984 | ---- | M](Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-10-23 12:07:19 | 001,609,272 | ---- | M](Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe PRC - [2012-10-17 11:08:42 | 000,446,664 | ---- | M]() -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe PRC - [2012-10-12 16:08:40 | 001,335,840 | ---- | M](Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe PRC - [2012-10-10 11:42:18 | 001,807,800 | ---- | M](Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe PRC - [2012-10-05 09:54:04 | 000,055,544 | ---- | M](Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe PRC - [2012-09-29 18:54:26 | 000,766,536 | ---- | M](Malwarebytes Corporation) -- C:\Program Files\Malwarebytes'' Anti-Malware\mbamgui.exe PRC - [2012-09-29 18:54:26 | 000,676,936 | ---- | M](Malwarebytes Corporation) -- C:\Program Files\Malwarebytes'' Anti-Malware\mbamservice.exe PRC - [2012-09-29 18:54:26 | 000,399,432 | ---- | M](Malwarebytes Corporation) -- C:\Program Files\Malwarebytes'' Anti-Malware\mbamscheduler.exe PRC - [2012-06-06 08:51:38 | 003,151,392 | ---- | M](Foxit Corporation) -- C:\Users\Kuba\AppData\Local\Temp\Foxit Updater.exe PRC - [2012-05-26 11:04:52 | 000,913,792 | ---- | M](IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe PRC - [2011-09-05 16:11:48 | 000,105,792 | ---- | M]() -- C:\Program Files\Comodo\COMODO Programs Manager\CPMservice.exe PRC - [2011-02-26 06:33:07 | 002,614,784 | ---- | M](Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-03-10 13:26:48 | 000,189,728 | ---- | M](Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M](Microsoft Corporation) -- C:\Windows\System32\taskhost.exe ========== Modules (No Company Name) ========== MOD - [2012-10-28 15:16:23 | 002,295,264 | ---- | M]() -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012-10-10 11:42:18 | 009,814,968 | ---- | M]() -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2012-10-04 18:06:16 | 000,203,840 | ---- | M]() -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll MOD - [2012-04-27 15:08:08 | 000,092,600 | ---- | M]() -- C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll ========== Services (SafeList) ========== SRV - [2012-10-28 15:16:23 | 000,115,168 | ---- | M](Mozilla Foundation) [On_Demand | Stopped]-- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-10-18 18:15:57 | 000,059,152 | ---- | M](Bitdefender) [Disabled | Stopped]-- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental) SRV - [2012-10-17 11:08:42 | 000,446,664 | ---- | M]() [Auto | Running]-- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe -- (IceDragonUpdater) SRV - [2012-10-12 16:08:40 | 001,335,840 | ---- | M](Bitdefender) [Auto | Running]-- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV) SRV - [2012-10-10 11:42:19 | 000,250,808 | ---- | M](Adobe Systems Incorporated) [On_Demand | Stopped]-- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-10-05 09:54:04 | 000,055,544 | ---- | M](Bitdefender) [Auto | Running]-- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV) SRV - [2012-09-29 18:54:26 | 000,676,936 | ---- | M](Malwarebytes Corporation) [Auto | Running]-- C:\Program Files\Malwarebytes'' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-09-29 18:54:26 | 000,399,432 | ---- | M](Malwarebytes Corporation) [Auto | Running]-- C:\Program Files\Malwarebytes'' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-07-01 07:31:02 | 001,343,400 | ---- | M](Microsoft Corporation) [On_Demand | Stopped]-- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012-05-26 11:04:52 | 000,913,792 | ---- | M](IObit) [Auto | Running]-- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5) SRV - [2011-09-05 16:11:48 | 000,105,792 | ---- | M]() [Auto | Running]-- C:\Program Files\Comodo\COMODO Programs Manager\CPMservice.exe -- (CPMService) SRV - [2010-03-10 13:26:48 | 000,189,728 | ---- | M](Protexis Inc.) [Auto | Running]-- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M](Microsoft Corporation) [On_Demand | Stopped]-- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M](Microsoft Corporation) [On_Demand | Stopped]-- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped]-- C:\Windows\system32\DRIVERS\asdrs.sys -- (asdrs) DRV - [2012-10-10 21:14:28 | 010,837,352 | ---- | M](NVIDIA Corporation) [Kernel | On_Demand | Running]-- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012-10-10 14:00:08 | 000,481,464 | ---- | M](BitDefender) [File_System | On_Demand | Running]-- C:\Windows\System32\drivers\avckf.sys -- (avckf) DRV - [2012-10-10 14:00:04 | 000,622,616 | ---- | M](BitDefender) [File_System | Boot | Running]-- C:\Windows\System32\drivers\avc3.sys -- (avc3) DRV - [2012-10-02 11:31:18 | 000,134,136 | ---- | M](BitDefender LLC) [Kernel | System | Running]-- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr) DRV - [2012-09-29 18:54:26 | 000,022,856 | ---- | M](Malwarebytes Corporation) [File_System | On_Demand | Running]-- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012-08-29 17:24:08 | 000,161,312 | ---- | M](BitDefender LLC) [File_System | Boot | Running]-- C:\Windows\System32\drivers\gzflt.sys -- (gzflt) DRV - [2012-07-06 15:13:12 | 000,077,192 | ---- | M](BitDefender LLC) [Kernel | System | Running]-- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf) DRV - [2012-07-02 14:21:35 | 000,343,456 | ---- | M](BitDefender S.R.L.) [File_System | Auto | Running]-- C:\Windows\System32\drivers\trufos.sys -- (trufos) DRV - [2012-06-05 15:33:00 | 000,158,552 | ---- | M](Oracle Corporation) [Kernel | System | Running]-- C:\Windows\System32\drivers\VBorv.sys -- (VBorv) DRV - [2012-06-05 15:33:00 | 000,116,056 | ---- | M](Oracle Corporation) [Kernel | On_Demand | Running]-- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2012-06-05 15:33:00 | 000,104,792 | ---- | M](Oracle Corporation) [Kernel | On_Demand | Running]-- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2012-06-05 15:33:00 | 000,091,992 | ---- | M](Oracle Corporation) [Kernel | System | Running]-- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2011-11-14 20:16:27 | 000,090,704 | ---- | M](BitDefender LLC) [Kernel | System | Running]-- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2011-09-05 16:14:58 | 000,017,520 | ---- | M]() [Kernel | Boot | Running]-- C:\Windows\System32\drivers\evdd.sys -- (Evdd) DRV - [2011-09-05 16:14:08 | 000,178,744 | ---- | M](Windows ® Win 7 DDK provider) [Kernel | Boot | Running]-- C:\Windows\System32\drivers\cumon.sys -- (cumon) DRV - [2009-07-13 23:02:47 | 000,047,104 | ---- | M](Atheros Communications, Inc.) [Kernel | On_Demand | Running]-- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) DRV - [2004-08-13 08:56:20 | 000,005,810 | ---- | M]() [Kernel | On_Demand | Running]-- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = aboutblank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Aby zobaczyć linki, zarejestruj się tutaj] {searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3194645604-3004077479-1033813949-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = aboutblank IE - HKU\S-1-5-21-3194645604-3004077479-1033813949-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3194645604-3004077479-1033813949-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Aby zobaczyć linki, zarejestruj się tutaj] {searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-3194645604-3004077479-1033813949-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3194645604-3004077479-1033813949-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 67.230.164.157:3128 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e -->:1.19.1 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..network.proxy.http: "176.9.132.76" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-28 15:16:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012-11-02 10:37:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-28 15:16:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-07-11 08:20:39 | 000,000,000 | ---D | M](No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\Extensions [2012-10-24 14:07:54 | 000,000,000 | ---D | M](No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\Firefox\Profiles\p9ltcuws.default\extensions [2012-10-03 09:37:01 | 000,000,000 | ---D | M](WOT) -- C:\Users\Kuba\AppData\Roaming\mozilla\Firefox\Profiles\p9ltcuws.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012-09-11 14:02:28 | 000,000,000 | ---D | M](British English Dictionary) -- C:\Users\Kuba\AppData\Roaming\mozilla\Firefox\Profiles\p9ltcuws.default\extensions\[email protected] [2012-10-28 15:16:19 | 000,000,000 | ---D | M](No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-10-28 15:16:23 | 000,261,600 | ---- | M](Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-10-13 08:59:25 | 000,002,767 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-10-13 08:59:25 | 000,001,406 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-10-13 08:59:25 | 000,000,917 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-10-13 08:59:25 | 000,000,858 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-10-13 08:59:25 | 000,001,183 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-10-13 08:59:25 | 000,001,683 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M] ) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [Bdagent]C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4 - HKU\S-1-5-21-3194645604-3004077479-1033813949-1001..\Run: [GG]C:\Users\Kuba\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Aby zobaczyć linki, zarejestruj się tutaj] (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{277B7928-FFFE-49F0-9A6B-BAB1E97C0E28}: DhcpNameServer = 192.168.1.100 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M]() - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011-08-25 20:03:58 | 006,412,160 | R--- | M](Codemasters Software Co.) - F:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2011-08-29 23:13:13 | 000,141,599 | R--- | M]() - F:\autorun.ico -- [ UDF ] O32 - AutoRun File - [2011-08-08 18:44:10 | 000,000,070 | R--- | M]() - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{558ecf0d-c2de-11e1-8ac4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{558ecf0d-c2de-11e1-8ac4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2011-08-25 20:03:58 | 006,412,160 | R--- | M](Codemasters Software Co.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open]-- "%1" %* O35 - HKLM\..exefile [open]-- "%1" %* O37 - HKLM\...com [@ = comfile]-- "%1" %* O37 - HKLM\...exe [@ = exefile]-- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-11-07 19:40:53 | 000,000,000 | ---D | C]-- C:\temp [2012-11-04 19:48:12 | 000,000,000 | ---D | C]-- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [2012-11-02 10:43:21 | 000,072,704 | ---- | C](BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys [2012-11-02 10:43:20 | 000,240,184 | ---- | C](BitDefender) -- C:\Windows\System32\drivers\avchv.sys [2012-11-02 10:37:24 | 000,000,000 | ---D | C]-- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013 [2012-11-02 10:37:22 | 000,000,000 | ---D | C]-- C:\Users\Kuba\AppData\Roaming\Bitdefender [2012-11-02 10:36:48 | 000,000,000 | ---D | C]-- C:\ProgramData\Bitdefender [2012-11-02 10:36:48 | 000,000,000 | ---D | C]-- C:\Program Files\Bitdefender [2012-11-02 10:36:45 | 000,343,456 | ---- | C](BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys [2012-11-02 10:36:43 | 000,161,312 | ---- | C](BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys [2012-11-02 09:56:15 | 000,000,000 | ---D | C]-- C:\ProgramData\bdch [2012-11-02 09:55:29 | 000,000,000 | ---D | C]-- C:\ProgramData\BDLogging [2012-11-02 09:55:00 | 000,511,328 | ---- | C](Microsoft Corporation) -- C:\Windows\capicom.dll [2012-11-02 09:55:00 | 000,077,192 | ---- | C](BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys [2012-11-02 09:55:00 | 000,066,392 | ---- | C](BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys [2012-11-02 09:54:54 | 000,622,616 | ---- | C](BitDefender) -- C:\Windows\System32\drivers\avc3.sys [2012-11-02 09:54:54 | 000,481,464 | ---- | C](BitDefender) -- C:\Windows\System32\drivers\avckf.sys [2012-11-02 09:35:05 | 000,000,000 | ---D | C]-- C:\Users\Kuba\AppData\Roaming\QuickScan [2012-11-02 09:19:13 | 000,000,000 | ---D | C]-- C:\Program Files\Common Files\Bitdefender [2012-11-02 09:07:07 | 000,000,000 | -HSD | C]-- C:\Config.Msi [2012-11-01 09:27:47 | 000,000,000 | ---D | C]-- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012-11-01 09:27:32 | 000,000,000 | ---D | C]-- C:\Program Files\Ashampoo [2012-10-28 15:16:18 | 000,000,000 | ---D | C]-- C:\Program Files\Mozilla Firefox [2012-10-28 07:44:59 | 000,000,000 | ---D | C]-- C:\Users\Kuba\AppData\Roaming\dvdcss [2012-10-24 14:27:24 | 000,000,000 | ---D | C]-- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters [2012-10-24 14:24:20 | 000,000,000 | ---D | C]-- C:\ProgramData\Codemasters [2012-10-24 14:24:08 | 000,000,000 | ---D | C]-- C:\Users\Kuba\Documents\My Games [2012-10-24 14:19:12 | 000,000,000 | ---D | C]-- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound [2012-10-24 14:19:11 | 019,087,360 | ---- | C](Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll [2012-10-24 14:19:11 | 001,302,528 | ---- | C](Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll [2012-10-24 14:19:10 | 000,000,000 | ---D | C]-- C:\Program Files\BRS [2012-10-24 14:19:02 | 000,445,016 | ---- | C](Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2012-10-24 14:19:02 | 000,000,000 | ---D | C]-- C:\Program Files\OpenAL [2012-10-24 14:19:01 | 000,109,144 | ---- | C](Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2012-10-24 14:16:13 | 000,000,000 | ---D | C]-- C:\Windows\System32\xlive [2012-10-24 14:16:01 | 000,000,000 | ---D | C]-- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012-10-24 14:16:01 | 000,000,000 | ---D | C]-- C:\Program Files\Microsoft Games for Windows - LIVE [2012-10-24 14:00:20 | 000,000,000 | ---D | C]-- C:\Program Files\Codemasters [2012-10-21 13:47:00 | 000,174,056 | ---- | C](Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012-10-21 13:47:00 | 000,174,056 | ---- | C](Oracle Corporation) -- C:\Windows\System32\java.exe [2012-10-21 13:47:00 | 000,093,672 | ---- | C](Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012-10-11 09:12:23 | 000,002,048 | ---- | C](Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012-10-11 09:12:10 | 000,271,360 | ---- | C](Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012-10-11 09:12:10 | 000,169,984 | ---- | C](Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012-10-11 09:12:09 | 000,005,120 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012-10-11 09:12:09 | 000,004,608 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012-10-11 09:12:09 | 000,004,096 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012-10-11 09:12:09 | 000,004,096 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012-10-11 09:12:09 | 000,004,096 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012-10-11 09:12:09 | 000,004,096 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012-10-11 09:12:09 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012-10-11 09:12:08 | 000,006,144 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012-10-11 09:12:08 | 000,004,608 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012-10-11 09:12:08 | 000,004,096 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012-10-11 09:12:08 | 000,003,584 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012-10-11 09:12:08 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012-10-11 09:12:08 | 000,003,072 | -H-- | C](Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012-10-11 09:11:37 | 003,958,128 | ---- | C](Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012-10-11 09:11:37 | 003,902,832 | ---- | C](Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012-10-10 21:15:04 | 001,867,112 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2012-10-10 21:15:00 | 002,574,696 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2012-10-10 21:14:50 | 000,888,168 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll [2012-10-10 21:14:46 | 017,559,912 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2012-10-10 21:14:42 | 007,697,768 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2012-10-10 21:14:28 | 010,837,352 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2012-10-10 21:14:22 | 019,906,920 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2012-10-10 21:14:16 | 006,127,464 | ---- | C](NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-11-09 16:02:00 | 002,359,296 | ---- | M]() -- C:\Users\Kuba\NTUSER.DAT [2012-11-09 15:41:00 | 000,000,930 | ---- | M]() -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-11-09 13:51:49 | 000,014,608 | -H-- | M]() -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-11-09 13:51:49 | 000,014,608 | -H-- | M]() -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-11-09 13:45:09 | 000,000,308 | ---- | M]() -- C:\Windows\tasks\GlaryInitialize.job [2012-11-09 13:44:36 | 000,000,006 | -H-- | M]() -- C:\Windows\tasks\SA.DAT [2012-11-09 13:44:12 | 000,067,584 | --S- | M]() -- C:\Windows\bootstat.dat [2012-11-09 13:44:08 | 2415,222,784 | -HS- | M]() -- C:\hiberfil.sys [2012-11-09 11:02:52 | 000,011,522 | ---- | M]() -- C:\Windows\CUAppUsage.Dat [2012-11-09 11:02:31 | 001,495,591 | -H-- | M]() -- C:\Users\Kuba\AppData\Local\IconCache.db [2012-11-02 10:43:21 | 000,072,704 | ---- | M](BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys [2012-11-02 10:43:20 | 000,240,184 | ---- | M](BitDefender) -- C:\Windows\System32\drivers\avchv.sys [2012-11-02 10:38:04 | 000,384,447 | ---- | M]() -- C:\ProgramData\1351848961.bdinstall.bin [2012-11-02 10:37:41 | 000,000,385 | ---- | M]() -- C:\Windows\System32\user_gensett.xml [2012-11-02 10:37:32 | 000,253,404 | -H-- | M]() -- C:\bdr-ld01 [2012-11-02 10:37:32 | 000,009,216 | -H-- | M]() -- C:\bdr-ld01.mbr [2012-11-02 10:37:32 | 000,000,308 | -H-- | M]() -- C:\bdr-cf01 [2012-11-02 10:37:24 | 000,002,126 | ---- | M]() -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk [2012-11-02 10:09:42 | 001,010,216 | ---- | M]() -- C:\ProgramData\1351845282.bdinstall.bin [2012-11-02 09:30:59 | 000,053,062 | ---- | M]() -- C:\ProgramData\1351845051.bdinstall.bin [2012-11-02 09:30:45 | 000,354,826 | ---- | M]() -- C:\ProgramData\1351844398.bdinstall.bin [2012-11-02 09:18:59 | 001,549,696 | ---- | M]() -- C:\Windows\System32\PerfStringBackup.INI [2012-11-02 09:18:59 | 000,697,674 | ---- | M]() -- C:\Windows\System32\perfh015.dat [2012-11-02 09:18:59 | 000,615,810 | ---- | M]() -- C:\Windows\System32\perfh009.dat [2012-11-02 09:18:59 | 000,134,784 | ---- | M]() -- C:\Windows\System32\perfc015.dat [2012-11-02 09:18:59 | 000,106,190 | ---- | M]() -- C:\Windows\System32\perfc009.dat [2012-11-01 13:30:30 | 000,524,288 | -HS- | M]() -- C:\Users\Kuba\NTUSER.DAT{77af983f-241d-11e2-9d1c-002618d46add}.TMContainer00000000000000000002.regtrans-ms [2012-11-01 13:30:30 | 000,065,536 | -HS- | M]() -- C:\Users\Kuba\NTUSER.DAT{77af983f-241d-11e2-9d1c-002618d46add}.TM.blf [2012-11-01 13:30:29 | 000,524,288 | -HS- | M]() -- C:\Users\Kuba\NTUSER.DAT{77af983f-241d-11e2-9d1c-002618d46add}.TMContainer00000000000000000001.regtrans-ms [2012-11-01 13:26:34 | 002,621,440 | -HS- | M]() -- C:\Users\Kuba\NTUSER.DAT.gbck [2012-11-01 10:17:13 | 000,003,584 | ---- | M]() -- C:\Users\Kuba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-10-31 10:04:20 | 000,000,969 | ---- | M]() -- C:\Users\Public\Desktop\CCleaner.lnk [2012-10-31 10:01:41 | 000,001,028 | ---- | M]() -- C:\Users\Kuba\Desktop\Glary Utilities.lnk [2012-10-24 14:19:02 | 000,445,016 | ---- | M](Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2012-10-24 14:19:01 | 000,109,144 | ---- | M](Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2012-10-20 12:59:40 | 000,001,071 | ---- | M]() -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-10-19 12:16:46 | 035,184,777 | -H-- | M]() -- C:\bdr-im01.gz [2012-10-10 21:15:04 | 001,867,112 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2012-10-10 21:15:00 | 002,574,696 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2012-10-10 21:14:50 | 012,501,352 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2012-10-10 21:14:50 | 000,888,168 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll [2012-10-10 21:14:46 | 017,559,912 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2012-10-10 21:14:44 | 002,428,776 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2012-10-10 21:14:42 | 007,697,768 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2012-10-10 21:14:28 | 010,837,352 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2012-10-10 21:14:28 | 000,012,865 | ---- | M]() -- C:\Windows\System32\nvinfo.pb [2012-10-10 21:14:22 | 019,906,920 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2012-10-10 21:14:22 | 001,009,512 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll [2012-10-10 21:14:16 | 015,309,160 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2012-10-10 21:14:16 | 006,127,464 | ---- | M](NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012-11-02 10:38:04 | 000,384,447 | ---- | C]() -- C:\ProgramData\1351848961.bdinstall.bin [2012-11-02 10:37:41 | 000,000,385 | ---- | C]() -- C:\Windows\System32\user_gensett.xml [2012-11-02 10:37:32 | 000,000,308 | -H-- | C]() -- C:\bdr-cf01 [2012-11-02 10:37:24 | 000,002,126 | ---- | C]() -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk [2012-11-02 10:36:50 | 035,184,777 | -H-- | C]() -- C:\bdr-im01.gz [2012-11-02 10:36:50 | 002,294,848 | -H-- | C]() -- C:\bdr-bz01 [2012-11-02 10:36:50 | 000,253,404 | -H-- | C]() -- C:\bdr-ld01 [2012-11-02 10:36:50 | 000,009,216 | -H-- | C]() -- C:\bdr-ld01.mbr [2012-11-02 10:09:42 | 001,010,216 | ---- | C]() -- C:\ProgramData\1351845282.bdinstall.bin [2012-11-02 09:30:59 | 000,053,062 | ---- | C]() -- C:\ProgramData\1351845051.bdinstall.bin [2012-11-02 09:30:45 | 000,354,826 | ---- | C]() -- C:\ProgramData\1351844398.bdinstall.bin [2012-11-01 13:30:24 | 001,495,591 | -H-- | C]() -- C:\Users\Kuba\AppData\Local\IconCache.db [2012-11-01 13:28:20 | 000,524,288 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT{77af983f-241d-11e2-9d1c-002618d46add}.TMContainer00000000000000000002.regtrans-ms [2012-11-01 13:28:20 | 000,524,288 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT{77af983f-241d-11e2-9d1c-002618d46add}.TMContainer00000000000000000001.regtrans-ms [2012-11-01 13:28:19 | 000,065,536 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT{77af983f-241d-11e2-9d1c-002618d46add}.TM.blf [2012-11-01 10:17:13 | 000,003,584 | ---- | C]() -- C:\Users\Kuba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-01 08:27:36 | 000,011,522 | ---- | C]() -- C:\Windows\CUAppUsage.Dat [2012-07-01 08:07:06 | 000,017,520 | ---- | C]() -- C:\Windows\System32\drivers\evdd.sys [2012-06-30 20:05:29 | 000,005,696 | R--- | C]() -- C:\Windows\System32\CHKSUM.COM [2012-06-30 19:24:55 | 000,070,296 | ---- | C]() -- C:\Users\Kuba\AppData\Local\GDIPFONTCACHEV1.DAT [2012-06-30 19:17:18 | 001,549,696 | ---- | C]() -- C:\Windows\System32\PerfStringBackup.INI [2012-06-30 19:14:31 | 002,621,440 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT.gbck [2012-06-30 19:14:31 | 002,359,296 | ---- | C]() -- C:\Users\Kuba\NTUSER.DAT [2012-06-30 19:14:31 | 000,524,288 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012-06-30 19:14:31 | 000,524,288 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2012-06-30 19:14:31 | 000,065,536 | -HS- | C]() -- C:\Users\Kuba\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2012-06-30 19:14:31 | 000,000,020 | -HS- | C]() -- C:\Users\Kuba\ntuser.ini [2011-04-09 17:55:28 | 000,179,261 | ---- | C]() -- C:\Windows\System32\xlive.dll.cat ========== ZeroAccess Check ========== [2009-07-14 05:42:31 | 000,000,227 | RHS- | M]() -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:46:56 | 012,868,608 | ---- | M](Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M](Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M](Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012-07-22 08:02:25 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\.wtw [2012-07-17 11:11:41 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Audacity [2012-07-01 08:25:49 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\AVG2012 [2012-11-02 10:37:22 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Bitdefender [2012-09-27 13:09:52 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\BlackBean [2012-11-01 13:22:57 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Crystal Security [2012-07-13 09:31:46 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Foxit Software [2012-11-09 13:45:29 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\GG [2012-07-19 07:30:44 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\GHISLER [2012-07-20 07:20:12 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Gholam_Inc [2012-09-21 07:52:13 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\GlarySoft [2012-11-01 10:49:21 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\IObit [2012-07-18 11:43:03 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\LibreOffice [2012-08-16 09:47:25 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Origin [2012-09-30 18:25:42 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\ProtectDISC [2012-11-02 09:35:05 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\QuickScan [2012-08-24 13:43:38 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\SoftMaker [2012-07-02 15:52:52 | 000,000,000 | ---D | M]-- C:\Users\Kuba\AppData\Roaming\Ulead Systems ========== Purity Check ========== < End of report > Dodano: 09 lis 2012, 16:09 Extra [Aby zobaczyć linki, zarejestruj się tutaj] Re: Blokowanie IP przez Malwarebytes Pro. - ktośtam - 09.11.2012 Logi lepiej wyślij na wklej.org albo wrzuć jako załączniki do posta. Re: Blokowanie IP przez Malwarebytes Pro. - KaMiL - 09.11.2012 Wykonaj skan TDSS Killerem [Aby zobaczyć linki, zarejestruj się tutaj] Re: Blokowanie IP przez Malwarebytes Pro. - Galactico - 09.11.2012 KaMiL napisał(a):Wykonaj skan TDSS Killerem Skanowałem i nic nie wykrył. Re: Blokowanie IP przez Malwarebytes Pro. - preter - 09.11.2012 Czyli prawdopodobnie jest czysto, w końcu MBAM Pro zablokował adres IP. Re: Blokowanie IP przez Malwarebytes Pro. - Galactico - 09.11.2012 Ale to jest dziwna sprawa. To IP powiązane jestz [malware] z4.przeklej.pl/przo1625/896d0ab1002d19dc4b55aaaf/ajdh4jds453_www.przeklej.pl.jpg[/malware] A to skan tego pliku: [Aby zobaczyć linki, zarejestruj się tutaj] Re: Blokowanie IP przez Malwarebytes Pro. - Miquell - 09.11.2012 Ale skoro MBAM Pro zablokował adres to system powinien być czysty, tak jaki napisał preter Re: Blokowanie IP przez Malwarebytes Pro. - Galactico - 09.11.2012 Ale Internet chodzi tak mulasto jak nigdy. Re: Blokowanie IP przez Malwarebytes Pro. - preter - 09.11.2012 Jeśli jeszcze tego nie robiłeś, to odłącz komputer od internetu i podłącz ponownie. Jeżeli to nie pomoże, to zrestartuj komputer. U mnie to czasem pomaga. Re: Blokowanie IP przez Malwarebytes Pro. - Galactico - 09.11.2012 preter napisał(a):Jeśli jeszcze tego nie robiłeś, to odłącz komputer od internetu i podłącz ponownie. Jeżeli to nie pomoże, to zrestartuj komputer. Dzwoniłem kiedyś (wówczas to było jeszcze tp) zgłaszałem że modem padł. Na to uprzejma Pani powiedziała to samo, co ty wcześniej. To jest lekarstwo na wszystko? Restartowałem i nic. Re: Blokowanie IP przez Malwarebytes Pro. - Miquell - 09.11.2012 A jak wyłączysz blokowanie stron w MBAM to też internet tak się ociąga?? Jeśli tak to może przyczyny szukać trzeba gdzie indziej.... Re: Blokowanie IP przez Malwarebytes Pro. - Galactico - 09.11.2012 Miquell napisał(a):A jak wyłączysz blokowanie stron w MBAM to też internet tak się ociąga?? Trudno określić. Porównywalnie teraz. Re: Blokowanie IP przez Malwarebytes Pro. - Miquell - 09.11.2012 Może to czysty przypadek z tym blokiem, który zrobił MBAM, a rzeczywista wina za wolny transfer leży po stronie operatora.... Re: Blokowanie IP przez Malwarebytes Pro. - Galactico - 09.11.2012 Nie wiem, zaczekajmy aż tachion przyjdzie i zobaczy Logi. Re: Blokowanie IP przez Malwarebytes Pro. - Miquell - 09.11.2012 Gdyby coś mimo wszystko przeszło do systemu i próbowało się zzablokowanym adresem, to zwykły skan MBAM-em powinien to wykryć Re: Blokowanie IP przez Malwarebytes Pro. - preter - 09.11.2012 Galactico napisał(a):preter napisał(a):Jeśli jeszcze tego nie robiłeś, to odłącz komputer od internetu i podłącz ponownie. Jeżeli to nie pomoże, to zrestartuj komputer. Nie mówię, że to jest lekarstwo na wszystko. Czasem się po prostu tak zdarza, że wystąpi jakiś błąd w sterowniku czy na linii połączenia z siecią i wystarczy wtedy restart aplikacji/systemu/routera. Nie jestem ekspertem, ale logi przejrzałem i nie zauważyłem podejrzanych rzeczy. Ale jak sam mówisz, poczekajmy na tachiona Re: Blokowanie IP przez Malwarebytes Pro. - tachion - 09.11.2012 formata zrób |