30.01.2013, 18:23
Mam duży problem,grałem(nadal chce grac)kiedyś w grę pobierałem,różne pliki i dostałem tak zwanego "haka" ktoś włamał mi się na konto.
Parę dni temu postanowiłem znów zagrac w tą grę,lecz gralem niespełna 3 dni i znów dostalek tkz. "haka" znów ktoś włamał mi się na konto,lecz za drugim razem zrobiłem formata używałem programów do przeglądarki "KeyScrambler",antywirusa "Avira" i do wpisywania loginu i hasła "Neo's SafeKeys v3".
Chciałbym,znów zacząc grac w tą gre i zarazem boję,się o moje konto bankowe,facebooka itp.
Jakby ktoś był uprzejmy mi doradzic co zrobic w/w sytuacji?
(Chodzi o grę "Tibia")
Zrobiłem nową postac wiec nie mógł miec emailu ani nic wszystko dalem nowe.
Przeskanowałem combofixem:
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.j s
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\engine_images.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\engine_maps.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\engine_news.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\engine_videos.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\engine_web.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_amazon.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_ebay.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_facebook.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_games.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_msn.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_shopping.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_travel.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_twitter.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\startnow_logo.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i nstaller.xml
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\chevron_button.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\searchbox_button_hover.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\searchbox_button_normal.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\searchbox_dropdown_button_normal.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\searchbox_input_background.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\searchbox_input_left.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\searchbox_input_middle.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\separator.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\splitter.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ff_hover_c.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ie_hover_c.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ie_hover_l.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ie_hover_r.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ie_normal_c.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ie_normal_l.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ie_normal_r.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\t oolbar.xml
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{59114 88E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\documents and settings\Przemo\Menu Start\Programy\Autostart\m2m.exe
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\msmqinst.log
c:\windows\regopt.log
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\edc4dbe87d55058f.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-12-28 do 2013-01-30 )))))))))))))))))))))))))))))))
.
.
2013-01-30 08:53 . 2013-01-30 08:53 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 20:10 . 2013-01-26 15:09 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-27 17:18 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2013-01-27 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-28 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-11 16342528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-01-27 997320]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2013-01-26 1020512]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2013-01-27 258048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 738984]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-23 73832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\R un]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" ; [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standard profile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-01-26 26984]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-01-26 36552]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-01-26 85280]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [2007-06-25 70976]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-22 497320]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2013-01-26 711112]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambl er.sys [2013-01-26 173880]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-26 20:07]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://isearch.avg.com/?cid={28E449AE-66D3-4334-BC43-73E4439DC1F 2}&mid=b99f01c9151f47e495f553c5b48e91c0-d7b22b68a502e6396c8d 5468ca46d065797ee24a&lang=pl&ds=ax011&pr=&d=2013 -01-26 19:06&v=13.2.0.5&sap=hp
TCP: DhcpNameServer = 192.162.60.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en &gu=98d4eeff338e444f9b0c88b97dfe74bc&tu=10G90006N2B000s& amp;sku=&tstsId=&ver=&
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013& Lan=en&q={searchTerms}&gu=98d4eeff338e444f9b0c88b97dfe74 bc&tu=10G90006N2B000s&sku=&tstsId=&ver=&
FF - ExtSQL: 2013-01-26 17:48; keyscrambler@qfx.software.corporation; c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\k eyscrambler@qfx.software.corporation
FF - ExtSQL: 2013-01-26 19:06; avg@toolbar; c:\documents and settings\All Users\Dane aplikacji\AVG Secure Search\FireFoxExt\13.2.0.5
FF - ExtSQL: 2013-01-28 23:00; {5911488E-9D1E-40ec-8CBB-06B231CC153F}; c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}
FF - ExtSQL: 2013-01-30 14:45; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - ExtSQL: 2013-01-30 15:01; ffxtlbr@zonealarm.com; c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\f fxtlbr@zonealarm.com
FF - ExtSQL: 2013-01-30 15:02; donottrack@checkpoint.com; c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\d onottrack@checkpoint.com
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en &gu=98d4eeff338e444f9b0c88b97dfe74bc&tu=10G90006N2B000s& amp;sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013& Lan=en&q={searchTerms}&gu=98d4eeff338e444f9b0c88b97dfe74 bc&tu=10G90006N2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en &gu=98d4eeff338e444f9b0c88b97dfe74bc&tu=10G90006N2B000s& amp;sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013& Lan={dfltLng}&gu=98d4eeff338e444f9b0c88b97dfe74bc&tu=10G 90006N2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - e42f81a8000000000000001b774ea5ad
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15735
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1614:43
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN116613181734314-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-BroadcomWireless - c:\program files\Broadcom\Wireless\Utility\WlanUtil.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************** **********
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [ www ]
Rootkit scan 2013-01-30 16:15
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************** **********
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(840)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(2768)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\docume~1\Przemo\USTAWI~1\Temp\RtkBtMnt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************** **********
.
Czas ukończenia: 2013-01-30 16:19:50 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2013-01-30 15:19
.
Przed: 60 631 093 248 bajtów wolnych
Po: 60 946 399 232 bajtów wolnych
.
- - End Of File - - 272D7E1629DCEA4D426DA182B4968261
Parę dni temu postanowiłem znów zagrac w tą grę,lecz gralem niespełna 3 dni i znów dostalek tkz. "haka" znów ktoś włamał mi się na konto,lecz za drugim razem zrobiłem formata używałem programów do przeglądarki "KeyScrambler",antywirusa "Avira" i do wpisywania loginu i hasła "Neo's SafeKeys v3".
Chciałbym,znów zacząc grac w tą gre i zarazem boję,się o moje konto bankowe,facebooka itp.
Jakby ktoś był uprzejmy mi doradzic co zrobic w/w sytuacji?
(Chodzi o grę "Tibia")
Zrobiłem nową postac wiec nie mógł miec emailu ani nic wszystko dalem nowe.
Przeskanowałem combofixem:
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.j s
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\engine_images.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\engine_maps.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\engine_news.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\engine_videos.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\engine_web.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_amazon.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_ebay.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_facebook.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_games.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_msn.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_shopping.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_travel.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\icon_twitter.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i mages\startnow_logo.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\i nstaller.xml
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\chevron_button.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\searchbox_button_hover.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\searchbox_button_normal.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\searchbox_dropdown_button_normal.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\searchbox_input_background.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\searchbox_input_left.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\searchbox_input_middle.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\separator.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\splitter.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ff_hover_c.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ie_hover_c.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ie_hover_l.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ie_hover_r.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ie_normal_c.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ie_normal_l.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\s kin\toolbarbutton_ie_normal_r.png
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\t oolbar.xml
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{59114 88E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\documents and settings\Przemo\Menu Start\Programy\Autostart\m2m.exe
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\msmqinst.log
c:\windows\regopt.log
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\edc4dbe87d55058f.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-12-28 do 2013-01-30 )))))))))))))))))))))))))))))))
.
.
2013-01-30 08:53 . 2013-01-30 08:53 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 20:10 . 2013-01-26 15:09 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-27 17:18 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2013-01-27 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-28 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-11 16342528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-01-27 997320]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2013-01-26 1020512]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2013-01-27 258048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 738984]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-23 73832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\R un]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" ; [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standard profile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-01-26 26984]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-01-26 36552]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-01-26 85280]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [2007-06-25 70976]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-22 497320]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2013-01-26 711112]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambl er.sys [2013-01-26 173880]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-26 20:07]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://isearch.avg.com/?cid={28E449AE-66D3-4334-BC43-73E4439DC1F 2}&mid=b99f01c9151f47e495f553c5b48e91c0-d7b22b68a502e6396c8d 5468ca46d065797ee24a&lang=pl&ds=ax011&pr=&d=2013 -01-26 19:06&v=13.2.0.5&sap=hp
TCP: DhcpNameServer = 192.162.60.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en &gu=98d4eeff338e444f9b0c88b97dfe74bc&tu=10G90006N2B000s& amp;sku=&tstsId=&ver=&
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013& Lan=en&q={searchTerms}&gu=98d4eeff338e444f9b0c88b97dfe74 bc&tu=10G90006N2B000s&sku=&tstsId=&ver=&
FF - ExtSQL: 2013-01-26 17:48; keyscrambler@qfx.software.corporation; c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\k eyscrambler@qfx.software.corporation
FF - ExtSQL: 2013-01-26 19:06; avg@toolbar; c:\documents and settings\All Users\Dane aplikacji\AVG Secure Search\FireFoxExt\13.2.0.5
FF - ExtSQL: 2013-01-28 23:00; {5911488E-9D1E-40ec-8CBB-06B231CC153F}; c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\{ 5911488E-9D1E-40ec-8CBB-06B231CC153F}
FF - ExtSQL: 2013-01-30 14:45; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - ExtSQL: 2013-01-30 15:01; ffxtlbr@zonealarm.com; c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\f fxtlbr@zonealarm.com
FF - ExtSQL: 2013-01-30 15:02; donottrack@checkpoint.com; c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\7oocfr4r.default\extensions\d onottrack@checkpoint.com
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en &gu=98d4eeff338e444f9b0c88b97dfe74bc&tu=10G90006N2B000s& amp;sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013& Lan=en&q={searchTerms}&gu=98d4eeff338e444f9b0c88b97dfe74 bc&tu=10G90006N2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en &gu=98d4eeff338e444f9b0c88b97dfe74bc&tu=10G90006N2B000s& amp;sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013& Lan={dfltLng}&gu=98d4eeff338e444f9b0c88b97dfe74bc&tu=10G 90006N2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - e42f81a8000000000000001b774ea5ad
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15735
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1614:43
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN116613181734314-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-BroadcomWireless - c:\program files\Broadcom\Wireless\Utility\WlanUtil.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************** **********
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [ www ]
Rootkit scan 2013-01-30 16:15
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************** **********
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(840)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(2768)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\docume~1\Przemo\USTAWI~1\Temp\RtkBtMnt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************** **********
.
Czas ukończenia: 2013-01-30 16:19:50 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2013-01-30 15:19
.
Przed: 60 631 093 248 bajtów wolnych
Po: 60 946 399 232 bajtów wolnych
.
- - End Of File - - 272D7E1629DCEA4D426DA182B4968261