ZAmula PC procesor z 0%skacze do 30-70% svhost wyłączam włącza się samo Combofix txt:
ComboFix 13-09-10.03 - Maszek 2013-09-11 23:07:45.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1033.18.4093.2551 [GMT 2:00]
Uruchomiony z: c:\users\Maszek\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* ‹D68DDC3A-831F-4fae-9E44-DA132C1ACF46›
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\SaveShare
c:\program files (x86)\SaveShare\sprotector.dll
c:\program files (x86)\SaveShare\uninstall.exe
c:\programdata\Local Settings\Temp
c:\programdata\Local Settings\Temp\ccqhyygx.com
c:\programdata\Local Settings\Temp\libnspr4.dll
c:\programdata\Local Settings\Temp\msaaiqovo.exe
c:\programdata\Local Settings\Temp\msacif.exe
c:\programdata\Local Settings\Temp\msaexkwox.exe
c:\programdata\Local Settings\Temp\msahzl.exe
c:\programdata\Local Settings\Temp\msaiaiki.scr
c:\programdata\Local Settings\Temp\msantqyhi.exe
c:\programdata\Local Settings\Temp\msaoay.exe
c:\programdata\Local Settings\Temp\msaovkly.scr
c:\programdata\Local Settings\Temp\msaowcoc.scr
c:\programdata\Local Settings\Temp\msaoyv.exe
c:\programdata\Local Settings\Temp\msapopkuo.pif
c:\programdata\Local Settings\Temp\msaqeu.com
c:\programdata\Local Settings\Temp\msaqguwq.scr
c:\programdata\Local Settings\Temp\msaqviic.scr
c:\programdata\Local Settings\Temp\msasfvyuu.exe
c:\programdata\Local Settings\Temp\msashipcn.exe
c:\programdata\Local Settings\Temp\msashtiqe.exe
c:\programdata\Local Settings\Temp\msatlnupy.pif
c:\programdata\Local Settings\Temp\msauoikza.exe
c:\programdata\Local Settings\Temp\msavfpveq.pif
c:\programdata\Local Settings\Temp\msavyauz.scr
c:\programdata\Local Settings\Temp\msavycwzp.pif
c:\programdata\Local Settings\Temp\msawbaptk.exe
c:\programdata\Local Settings\Temp\msawytbrq.exe
c:\programdata\Local Settings\Temp\msayfvxob.exe
c:\programdata\Local Settings\Temp\msaypuac.scr
c:\programdata\Local Settings\Temp\msayuaery.exe
c:\programdata\Local Settings\Temp\msbedau.com
c:\programdata\Local Settings\Temp\msbpsoa.com
c:\programdata\Local Settings\Temp\msbptdu.com
c:\programdata\Local Settings\Temp\msbqpch.com
c:\programdata\Local Settings\Temp\msbvsyo.com
c:\programdata\Local Settings\Temp\msbvzei.com
c:\programdata\Local Settings\Temp\msbyyff.com
c:\programdata\Local Settings\Temp\mscfpqqa.com
c:\programdata\Local Settings\Temp\mscibmqw.com
c:\programdata\Local Settings\Temp\msciuyba.com
c:\programdata\Local Settings\Temp\mscrxiv.bat
c:\programdata\Local Settings\Temp\mscuqaqe.com
c:\programdata\Local Settings\Temp\mscvvlou.com
c:\programdata\Local Settings\Temp\msedhwza.scr
c:\programdata\Local Settings\Temp\msefwivy.scr
c:\programdata\Local Settings\Temp\mseiapau.scr
c:\programdata\Local Settings\Temp\mseoaqur.scr
c:\programdata\Local Settings\Temp\mseora.exe
c:\programdata\Local Settings\Temp\mseouxxm.scr
c:\programdata\Local Settings\Temp\mseqoani.exe
c:\programdata\Local Settings\Temp\msexoy.exe
c:\programdata\Local Settings\Temp\msfeao.cmd
c:\programdata\Local Settings\Temp\msfiou.cmd
c:\programdata\Local Settings\Temp\msfiyw.cmd
c:\programdata\Local Settings\Temp\msfvcu.cmd
c:\programdata\Local Settings\Temp\mshiyoc.bat
c:\programdata\Local Settings\Temp\mshkhia.bat
c:\programdata\Local Settings\Temp\mshoeks.bat
c:\programdata\Local Settings\Temp\mshoxml.bat
c:\programdata\Local Settings\Temp\mshvlny.bat
c:\programdata\Local Settings\Temp\msicinoa.com
c:\programdata\Local Settings\Temp\msihyyaua.pif
c:\programdata\Local Settings\Temp\msiinruwf.pif
c:\programdata\Local Settings\Temp\msiiuihyc.pif
c:\programdata\Local Settings\Temp\msimaxnwr.exe
c:\programdata\Local Settings\Temp\msivatcoe.pif
c:\programdata\Local Settings\Temp\msivirwib.pif
c:\programdata\Local Settings\Temp\msiweqyy.com
c:\programdata\Local Settings\Temp\msjotpdi.scr
c:\programdata\Local Settings\Temp\msjrpfet.scr
c:\programdata\Local Settings\Temp\msjrvuat.scr
c:\programdata\Local Settings\Temp\msjwvycq.scr
c:\programdata\Local Settings\Temp\msnaif.exe
c:\programdata\Local Settings\Temp\msnoab.exe
c:\programdata\Local Settings\Temp\msnvpr.exe
c:\programdata\Local Settings\Temp\msofzy.cmd
c:\programdata\Local Settings\Temp\msoiaay.bat
c:\programdata\Local Settings\Temp\msojpxc.bat
c:\programdata\Local Settings\Temp\msowvra.bat
c:\programdata\Local Settings\Temp\msqayvbp.com
c:\programdata\Local Settings\Temp\msqcrmra.com
c:\programdata\Local Settings\Temp\msqfjvoei.pif
c:\programdata\Local Settings\Temp\msqhcpwiu.pif
c:\programdata\Local Settings\Temp\msqiowhm.com
c:\programdata\Local Settings\Temp\msqiuysr.com
c:\programdata\Local Settings\Temp\msqiwuds.com
c:\programdata\Local Settings\Temp\msqoizii.com
c:\programdata\Local Settings\Temp\msqoxrial.pif
c:\programdata\Local Settings\Temp\msqsiiuz.com
c:\programdata\Local Settings\Temp\msqtajrxw.pif
c:\programdata\Local Settings\Temp\msqtealf.com
c:\programdata\Local Settings\Temp\msqvairu.com
c:\programdata\Local Settings\Temp\msqvayo.com
c:\programdata\Local Settings\Temp\msqvgvwau.pif
c:\programdata\Local Settings\Temp\msqvswc.com
c:\programdata\Local Settings\Temp\msqvtwwu.com
c:\programdata\Local Settings\Temp\msqvuro.com
c:\programdata\Local Settings\Temp\msqvuuki.com
c:\programdata\Local Settings\Temp\msqxexti.com
c:\programdata\Local Settings\Temp\msqxrwb.com
c:\programdata\Local Settings\Temp\msqygzw.com
c:\programdata\Local Settings\Temp\msqzacefo.pif
c:\programdata\Local Settings\Temp\mstokozfy.pif
c:\programdata\Local Settings\Temp\mstorcwux.com
c:\programdata\Local Settings\Temp\mstpwuyoq.pif
c:\programdata\Local Settings\Temp\mstqayaub.pif
c:\programdata\Local Settings\Temp\mstvcuooz.pif
c:\programdata\Local Settings\Temp\mstwubcia.pif
c:\programdata\Local Settings\Temp\mstzizkvf.pif
c:\programdata\Local Settings\Temp\msuahf.cmd
c:\programdata\Local Settings\Temp\msuflf.cmd
c:\programdata\Local Settings\Temp\msuuoy.cmd
c:\programdata\Local Settings\Temp\msuuvw.com
c:\programdata\Local Settings\Temp\msuuya.pif
c:\programdata\Local Settings\Temp\msvackxvq.exe
c:\programdata\Local Settings\Temp\msvapov.bat
c:\programdata\Local Settings\Temp\msvauwcev.exe
c:\programdata\Local Settings\Temp\msvbnoz.bat
c:\programdata\Local Settings\Temp\msvezy.cmd
c:\programdata\Local Settings\Temp\msvkca.cmd
c:\programdata\Local Settings\Temp\msvocub.bat
c:\programdata\Local Settings\Temp\msvpufy.bat
c:\programdata\Local Settings\Temp\msvraxh.bat
c:\programdata\Local Settings\Temp\msvvafa.bat
c:\programdata\Local Settings\Temp\msvxtaove.exe
c:\programdata\Local Settings\Temp\mswbgyq.com
c:\programdata\Local Settings\Temp\mswoaz.exe
c:\programdata\Local Settings\Temp\mswoeo.exe
c:\programdata\Local Settings\Temp\mswpicd.com
c:\programdata\Local Settings\Temp\mswvfx.exe
c:\programdata\Local Settings\Temp\mswvyyi.com
c:\programdata\Local Settings\Temp\mszamohq.scr
c:\programdata\Local Settings\Temp\mszcus.cmd
c:\programdata\Local Settings\Temp\mszeruuu.scr
c:\programdata\Local Settings\Temp\msziauyo.scr
c:\programdata\Local Settings\Temp\mszibxvv.scr
c:\programdata\Local Settings\Temp\mszica.cmd
c:\programdata\Local Settings\Temp\mszicaby.scr
c:\programdata\Local Settings\Temp\msziuo.cmd
c:\programdata\Local Settings\Temp\mszombre.scr
c:\programdata\Local Settings\Temp\mszoycaa.scr
c:\programdata\Local Settings\Temp\mszqcpux.scr
c:\programdata\Local Settings\Temp\mszrsx.cmd
c:\programdata\Local Settings\Temp\mszrwr.cmd
c:\programdata\Local Settings\Temp\mszuvz.bat
c:\programdata\Local Settings\Temp\mszvoiqg.scr
c:\programdata\Local Settings\Temp\mszwffar.scr
c:\programdata\ntuser.dat
c:\programdata\savensharre
c:\programdata\savensharre\data\savensharre.dat
c:\programdata\savensharre\gx3mtfO7.dll
c:\programdata\savensharre\settings.ini
c:\programdata\savensharre\yyQBgSn1.dll
c:\programdata\savensharre\yyQBgSn1.tlb
c:\programdata\Searchh-NewTTaab
c:\programdata\Searchh-NewTTaab\5QG.dll
c:\programdata\Searchh-NewTTaab\data\Searchh-NewTTaab.dat
c:\programdata\Searchh-NewTTaab\EV7.dll
c:\programdata\Searchh-NewTTaab\EV7.tlb
c:\programdata\Searchh-NewTTaab\settings.ini
c:\windows\SysWow64\364894
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((( Pliki utworzone od 2013-08-11 do 2013-09-11 )))))))))))))))))))))))))))))))
.
.
2013-09-11 21:12 . 2013-09-11 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-11 20:49 . 2013-09-11 20:49 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-09-11 20:48 . 2013-09-11 20:48 -------- d-----w- c:\users\UpdatusUser
2013-09-11 20:46 . 2013-08-18 19:34 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-11 20:46 . 2013-08-18 19:34 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-11 20:46 . 2013-08-18 19:34 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-11 20:46 . 2013-08-18 19:34 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-11 20:46 . 2013-08-18 19:34 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-11 20:46 . 2013-08-17 05:30 3319709 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-11 20:46 . 2013-08-18 21:02 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-09-11 20:46 . 2013-08-18 21:02 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-09-11 20:46 . 2013-09-11 20:46 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-09-11 00:34 . 2013-09-11 00:34 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\‹DC9911D5-2AA4-49F6-8CC7-B4FCECF47131›\offreg.dll
2013-09-05 14:56 . 2013-09-05 14:56 -------- d-----w- c:\users\Maszek\AppData\Roaming\The Creative Assembly
2013-09-05 11:42 . 2013-09-11 16:15 -------- d-----w- c:\program files (x86)\Total War ROME II
2013-08-28 03:14 . 2013-08-28 03:14 -------- d-----w- c:\users\Maszek\Zomboid
2013-08-28 03:12 . 2013-09-04 03:34 -------- d-----w- C:\Games
2013-08-18 12:58 . 2013-08-18 12:58 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-08-16 14:58 . 2013-08-16 15:00 -------- d-----w- c:\program files (x86)\Europa Universalis IV
2013-08-14 19:36 . 2013-08-14 19:36 -------- d-----w- c:\programdata\StarApp
2013-08-14 19:36 . 2013-08-14 19:36 -------- d-----w- c:\program files (x86)\WebSearch
2013-08-14 19:35 . 2013-08-14 19:36 -------- d-----w- c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 20:52 . 2012-07-29 14:25 25640 ----a-w- c:\windows\gdrv.sys
2013-09-11 20:27 . 2012-07-29 14:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 20:27 . 2012-07-29 14:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-05 05:45 1406935 --sh--r- c:\windows\SysWOW64\40C1CB\A4EC42.EXE
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"‹0F3DC9E0-C459-4a40-BCF8-747BD9322E10›"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 165776]
.
[HKEY_CLASSES_ROOT\clsid\‹0f3dc9e0-c459-4a40-bcf8-747bd9322e10›]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\‹4E8E0178-00EF-413d-9324-E7B3E31572E3›]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 PLAY ONLINE. RunOuc;PLAY ONLINE. OUC;c:\program files (x86)\PLAY ONLINE\UpdateDog\ouc.exe;c:\program files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [x]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 20:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://websearch.pur-esult.info/?pid=724&r=2013/08/14&hid=999645584&lg=EN&cc=PL
mStart Page = hxxp://websearch.pur-esult.info/?pid=724&r=2013/08/14&hid=999645584&lg=EN&cc=PL
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\‹007423F1-A1A9-4855-8E1D-21767F5B80F7›: NameServer = 89.108.195.21 89.108.202.21
TCP: Interfaces\‹40850293-7CE0-45A3-BF48-B6E1822E4854›: NameServer = 89.108.195.20 89.108.202.20
TCP: Interfaces\‹447A10E4-1AEF-4226-9891-A44908696DBE›: NameServer = 89.108.195.21 89.108.202.21
TCP: Interfaces\‹4BE4D1A2-4962-4540-8A61-E8DF4977EE03›: NameServer = 89.108.195.21 89.108.202.21
TCP: Interfaces\‹4FB25CA5-3CB1-4A79-93F9-F96C8FDBC6A3›: NameServer = 89.108.202.20 89.108.195.20
TCP: Interfaces\‹69B045DD-F48A-4D51-992C-E5EB257483E0›: NameServer = 89.108.195.21 89.108.202.21
TCP: Interfaces\‹744C42B8-78C9-4165-B699-6BBF26590CFD›: NameServer = 89.108.202.20 89.108.195.20
TCP: Interfaces\‹87A9A03A-1654-41E7-BBB2-08C760FEB806›: NameServer = 89.108.202.20 89.108.195.20
TCP: Interfaces\‹A21E84ED-C0FA-497F-A095-C12A0A265E45›: NameServer = 89.108.195.21 89.108.202.21
TCP: Interfaces\‹AE953AFF-D0CD-4C21-A5B6-8FCA37D9571B›: NameServer = 89.108.202.20 89.108.195.20
TCP: Interfaces\‹BB8DFDF5-D90F-4FFE-941E-0F61D5F7C36A›: NameServer = 89.108.202.20 89.108.195.20
TCP: Interfaces\‹BC42C869-DE81-4D8B-A7FD-26B2D374C5BA›: NameServer = 89.108.195.21 89.108.202.21
TCP: Interfaces\‹E9A8F368-D17A-44DF-AF25-A6AF491B0DF1›: NameServer = 89.108.202.20 89.108.195.20
TCP: Interfaces\‹F2F45009-5BDC-4F57-B386-D4949C790AA0›: NameServer = 89.108.202.21 89.108.195.21
FF - ProfilePath - c:\users\Maszek\AppData\Roaming\Mozilla\Firefox\Profiles\7c9mezwg.default-1349114728197\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pur-esult.info/?pid=724&r=2013/08/14&hid=999645584&lg=EN&cc=PL&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://websearch.pur-esult.info/?pid=724&r=2013/08/14&hid=999645584&lg=EN&cc=PL&l=1&q=
FF - ExtSQL: 2013-08-16 15:21; [email protected]; c:\users\Maszek\AppData\Roaming\Mozilla\Firefox\Profiles\7c9mezwg.default-1349114728197\extensions\[email protected]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
BHO-‹4E8C55D3-CE03-AD4F-17D7-926BFBBE5A20› - c:\programdata\savensharre\yyQBgSn1.dll
BHO-‹AE21E59C-1411-CD2C-EFE3-0BD70721BA1F› - c:\programdata\Searchh-NewTTaab\EV7.dll
Wow6432Node-HKLM-Run-EaseUS EPM tray - c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
Wow6432Node-HKLM-Explorer_Run-57128 - c:\programdata\Local Settings\Temp\msaiaiki.scr
AddRemove-SP_703c874a - c:\program files (x86)\SaveShare\uninstall.exe
AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
AddRemove-‹E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88› - c:\program files (x86)\InstallShield Installation Information\‹E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88›\setup.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\‹73C9DFA0-750D-11E1-B0C4-0800200C9A66›]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\‹73C9DFA0-750D-11E1-B0C4-0800200C9A66›\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\‹73C9DFA0-750D-11E1-B0C4-0800200C9A66›\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\‹73C9DFA0-750D-11E1-B0C4-0800200C9A66›\TypeLib]
@="‹FAB3E735-69C7-453B-A446-B6823C6DF1C9›"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\‹6AE38AE0-750C-11E1-B0C4-0800200C9A66›]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\‹6AE38AE0-750C-11E1-B0C4-0800200C9A66›\ProxyStubClsid32]
@="‹00020424-0000-0000-C000-000000000046›"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\‹6AE38AE0-750C-11E1-B0C4-0800200C9A66›\TypeLib]
@="‹FAB3E735-69C7-453B-A446-B6823C6DF1C9›"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹73C9DFA0-750D-11E1-B0C4-0800200C9A66›]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹73C9DFA0-750D-11E1-B0C4-0800200C9A66›\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹73C9DFA0-750D-11E1-B0C4-0800200C9A66›\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹73C9DFA0-750D-11E1-B0C4-0800200C9A66›\TypeLib]
@="‹FAB3E735-69C7-453B-A446-B6823C6DF1C9›"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB6E-AE6D-11cf-96B8-444553540000›]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB6E-AE6D-11cf-96B8-444553540000›\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB6E-AE6D-11cf-96B8-444553540000›\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB6E-AE6D-11cf-96B8-444553540000›\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB6E-AE6D-11cf-96B8-444553540000›\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB6E-AE6D-11cf-96B8-444553540000›\TypeLib]
@="‹D27CDB6B-AE6D-11cf-96B8-444553540000›"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB6E-AE6D-11cf-96B8-444553540000›\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB6E-AE6D-11cf-96B8-444553540000›\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB70-AE6D-11cf-96B8-444553540000›]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB70-AE6D-11cf-96B8-444553540000›\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB70-AE6D-11cf-96B8-444553540000›\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB70-AE6D-11cf-96B8-444553540000›\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB70-AE6D-11cf-96B8-444553540000›\TypeLib]
@="‹D27CDB6B-AE6D-11cf-96B8-444553540000›"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB70-AE6D-11cf-96B8-444553540000›\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\‹D27CDB70-AE6D-11cf-96B8-444553540000›\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\‹6AE38AE0-750C-11E1-B0C4-0800200C9A66›]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\‹6AE38AE0-750C-11E1-B0C4-0800200C9A66›\ProxyStubClsid32]
@="‹00020424-0000-0000-C000-000000000046›"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\‹6AE38AE0-750C-11E1-B0C4-0800200C9A66›\TypeLib]
@="‹FAB3E735-69C7-453B-A446-B6823C6DF1C9›"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="‹E23FE9C6-778E-49D4-B537-38FCDE4887D8›"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="‹9BE31822-FDAD-461B-AD51-BE1D1C159921›"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\‹4D36E96D-E325-11CE-BFC1-08002BE10318›\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2013-09-11 23:14:22
ComboFix-quarantined-files.txt 2013-09-11 21:14
.
Przed: 16 831 627 264 bajtów wolnych
Po: 18 002 132 992 bajtów wolnych
.
- - End Of File - - A4BE4681BE2E85A42D76353243E202B9
A36C5E4F47E84449FF07ED3517B43A31
Spróbuj może na dzieńdobry włączyć windows update i zainstalować sp1 + te 120łatek po service packu - większość z nich łatających dziury krytyczne.
Reinstall systemu. svhost to robak, trzeba by go usunac (i pewnie pare innych tez). Oczywiscie da sie to zrobic, ale poniewaz nie masz wiedzy, spedzisz tu kilka dni czekajac na posty z instrukcjami itp. Przeinstaluj windowsa i nie klikaj w dziwne linki na dziwnych stronach.
.
nagytow--> jeśli masz chwile i wiesz jak to naprawić prosiłbym o rade reinstalacja nie wchodzi w grę mam zbyt dużo cennych plików
Spróbuj wyłączyć windows update, nieraz to przez to svchost dużo procesora zużywa.
@nagytow svchost to nie żaden robak tylko proces systemu windows, przeważnie gdy zużywa dużo RAM/Procesora to jest to wina Windows Update, ale może to być też wirus.
Masz wirusa, zrób logi i daj tutaj.
http://www.fixitpc.pl/forum/38-dzia%C5%82-pomocy-dora%C5%BAnej/
Rób według tych zasad:
http://www.fixitpc.pl/forum-38/announcement-3-wa%C5%BCne-zak%C5%82adanie-tematu-obowi%C4%85zkowe-logi/
Na własną rękę możesz przeskanować programem Malwarebytes antimalware.
Dołącz raport z Combofixa i na drugi raz z dala od tego programu, bo się nie znasz i możesz pogorszyć nim sprawę.
Oczywiście zastosuj się do porady z postu 3. Ale to po wyleczeniu infekcji.
[1] wata_PL Cenne pliki trzyma sie na backupie. Sprobuj Malwarebytes, jest dobry i ma darmowa wersje. Instrukcji poszukaj na necie, to jest dlugi i zmudny proces i nigdy nie bedziesz pewny czy cos ci nie zostalo.
[8] Legion 13 Czy OP napisal cos o svchost?
