x-kom hosting

Wirus? Pomocy

xCrystal
utworzono
utworzono

Krótko, zwięźle i na temat- zaczął mi wariować komputer, programy przestają działać, nie włączają się, bluescreen'y..

 

Nie wiem czy pomoże log z Combofixa.

 

Spoiler

ComboFix 18-08-08.01 - Filip 09/01/2019   0:54.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.8148.6226 [GMT 2:00]
Uruchomiony z: d:\program files (x86)\Pobrane\scoped_dir8760_24472\ComboFix.exe
AV: Kaspersky Free *Enabled/Updated* {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
SP: Kaspersky Free *Enabled/Updated* {B1D2E896-6D96-7460-F17A-838B9D00DD65}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\loltxd.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINMON
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2019-07-28 do 2019-08-31  )))))))))))))))))))))))))))))))
.
.
2019-08-31 22:29 . 2019-08-31 22:29    --------    d-----w-    C:\found.005
2019-08-31 15:00 . 2019-08-31 15:00    --------    d-----w-    C:\found.004
2019-08-31 14:04 . 2019-08-31 14:04    --------    d-----w-    C:\found.003
2019-08-31 13:54 . 2019-01-08 14:32    153328    ----a-w-    c:\windows\system32\drivers\mbae64.sys
2019-08-31 13:50 . 2019-08-31 13:50    66556    ----a-w-    c:\programdata\agent.uninstall.1567259400.bdinstall.v2.bin
2019-08-31 13:37 . 2019-08-31 13:37    --------    d-----w-    C:\found.002
2019-08-31 13:08 . 2019-08-31 13:09    --------    d-----w-    C:\AdwCleaner
2019-08-30 14:59 . 2019-08-30 14:59    --------    d-----w-    C:\found.001
2019-08-30 09:49 . 2019-02-28 16:04    66848    ----a-w-    c:\windows\system32\drivers\adgnetworktdidrv.sys
2019-08-15 08:09 . 2019-08-15 08:09    --------    d-----w-    c:\users\Filip\AppData\Local\VCLStylesSkin
2019-08-14 16:18 . 2019-08-14 16:18    --------    d-----w-    c:\programdata\WEBZEN
2019-08-13 23:00 . 2019-08-13 23:00    5244984    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2019-08-07 19:46 . 2019-08-08 20:20    --------    d-----w-    c:\users\Filip\AppData\Roaming\Wargaming.net
2019-08-07 19:32 . 2019-08-07 19:32    --------    d-----w-    c:\programdata\Wargaming.net
2019-08-05 19:06 . 2016-03-24 23:35    4855048    ----a-w-    c:\windows\system32\rtwlanu.sys
2019-08-05 19:06 . 2016-03-24 23:35    4855048    ----a-w-    c:\windows\system32\drivers\rtwlanu.sys
2019-08-05 19:06 . 2016-03-24 23:35    30472    ----a-w-    c:\windows\system32\rtlCoInst.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-08-29 08:42 . 2018-10-03 18:19    7220352    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2019-08-27 10:05 . 2018-12-14 21:38    226168    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2019-08-26 16:37 . 2018-12-14 21:38    226168    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2019-08-24 08:31 . 2019-06-09 00:15    217216    ----a-w-    c:\windows\system32\drivers\klflt.sys
2019-08-24 08:31 . 2019-02-13 12:09    122488    ----a-w-    c:\windows\system32\drivers\klbackupflt.sys
2019-08-24 08:31 . 2019-06-09 00:15    1123456    ----a-w-    c:\windows\system32\drivers\klif.sys
2019-08-24 08:27 . 2019-06-09 00:15    151768    ----a-w-    c:\windows\system32\klhkum.dll
2019-08-24 08:27 . 2019-02-13 12:09    1093240    ----a-w-    c:\windows\system32\drivers\klhk.sys
2019-08-13 23:01 . 2017-12-16 23:20    842296    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2019-08-13 23:01 . 2017-12-16 23:20    175160    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2019-07-18 19:17 . 2019-05-31 21:07    508864    ----a-w-    c:\windows\system32\nvumdshimx.dll
2019-07-18 16:13 . 2017-12-16 23:39    38756680    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2019-07-18 16:13 . 2017-12-16 23:39    18089824    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2019-07-18 16:12 . 2017-12-16 23:39    4934728    ----a-w-    c:\windows\system32\nvapi64.dll
2019-07-17 21:10 . 2017-12-16 23:41    5435192    ----a-w-    c:\windows\system32\nvcpl.dll
2019-07-17 21:10 . 2017-12-16 23:41    2637352    ----a-w-    c:\windows\system32\nvsvc64.dll
2019-07-17 21:10 . 2017-12-16 23:41    83440    ----a-w-    c:\windows\system32\nv3dappshextr.dll
2019-07-17 21:10 . 2017-12-16 23:41    650608    ----a-w-    c:\windows\system32\nv3dappshext.dll
2019-07-17 21:10 . 2017-12-16 23:41    451056    ----a-w-    c:\windows\system32\nvmctray.dll
2019-07-17 21:10 . 2017-12-16 23:41    1767920    ----a-w-    c:\windows\system32\nvsvcr.dll
2019-07-17 21:10 . 2017-12-16 23:41    125424    ----a-w-    c:\windows\system32\nvshext.dll
2019-07-16 08:18 . 2017-12-16 23:41    8642772    ----a-w-    c:\windows\system32\nvcoproc.bin
2019-06-18 08:59 . 2018-12-24 20:03    2164080    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2019-06-18 08:59 . 2018-12-24 20:03    1316664    ----a-w-    c:\windows\system32\NvRtmpStreamer64.dll
2019-06-18 08:59 . 2018-12-24 20:03    2785776    ----a-w-    c:\windows\system32\nvspcap64.dll
2019-06-18 08:56 . 2017-12-16 23:41    1951    ----a-w-    c:\windows\NvTelemetryContainerRecovery.bat
2019-06-13 03:37 . 2017-12-16 23:41    179184    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2019-06-13 03:37 . 2017-12-16 23:41    154608    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2019-06-09 01:08 . 2018-02-12 02:17    56144    ----a-w-    c:\windows\system32\drivers\klim6.sys
2019-06-09 01:08 . 2019-02-13 12:09    177280    ----a-w-    c:\windows\system32\drivers\klwtp.sys
2019-06-09 01:08 . 2019-02-13 12:09    86656    ----a-w-    c:\windows\system32\drivers\kldisk.sys
2019-06-09 01:08 . 2018-01-15 03:16    56656    ----a-w-    c:\windows\system32\drivers\klkbdflt.sys
2019-06-09 01:07 . 2017-05-30 16:51    49280    ----a-w-    c:\windows\system32\drivers\klpd.sys
2019-06-09 01:07 . 2017-12-11 09:49    57464    ----a-w-    c:\windows\system32\drivers\klmouflt.sys
2019-06-09 01:07 . 2018-02-24 03:17    201552    ----a-w-    c:\windows\system32\drivers\kneps.sys
2019-06-09 01:07 . 2019-02-13 12:09    72016    ----a-w-    c:\windows\system32\drivers\klbackupdisk.sys
1601-01-03 20:26 . 1601-01-03 20:26    73216    ------w-    c:\program files (x86)\uGdVUvwEI.exe
1601-01-03 20:26 . 1601-01-03 20:26    73216    ------w-    c:\program files (x86)\nYXdaxXyKQ.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2018-10-18 02:48 . 75D67181BAFE8251AE16BC2E77F30A36 . 25737728 . . [------] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.19180_none_f5c1531c37191b66\mshtml.dll
[7] 2018-09-18 . BAFBDABB6C8B0947043DBC64BDAAFAA2 . 25735168 . . [11.00.9600.19180] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.19155_none_f5bde056371c4f86\mshtml.dll
[7] 2017-11-14 . 153F36822704831A1D0F58F3C3497C0B . 25731072 . . [11.00.9600.18860] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18860_none_f573a12e3753af28\mshtml.dll
[7] 2017-06-27 . 33063F69D8E97D6A5C81AE5D9083239D . 25770496 . . [11.00.9600.18450] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18449_none_f59c13423735f35f\mshtml.dll
[7] 2017-06-27 . 523F47400273489EC40B0D2735DE0787 . 25731584 . . [11.00.9600.18710] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18709_none_f577a2563751e1d6\mshtml.dll
[7] 2017-05-14 . C9A3BD66728425F4F843FD4523A4FF36 . 25738752 . . [11.00.9600.18698] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18697_none_f58ba26c374176b2\mshtml.dll
[-] 2017-04-04 . F1F004FA94F13DFC83DDA232326158A7 . 25746944 . . [11.00.9600.18618] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\mshtml.dll
[-] 2017-04-04 . F1F004FA94F13DFC83DDA232326158A7 . 25746944 . . [11.00.9600.18618] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18426_none_f59a5706373773ce\mshtml.dll
[7] 2010-11-21 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll
[-] 2018-10-18 02:48 . 75D67181BAFE8251AE16BC2E77F30A36 . 25737728 . . [------] .. c:\windows\system32\mshtml.dll
.
[7] 2016-11-10 . 34BA256FBF83457F9D5E51A56DB54542 . 1009152 . . [6.1.7601.23594] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2016-11-10 . 34BA256FBF83457F9D5E51A56DB54542 . 1009152 . . [6.1.7601.23594] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23594_none_2b915fa59d5abee0\user32.dll
[-] 2016-11-10 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2018-12-14 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2016-11-10 . 3CB074875AC88A7C1010A2A7F9881A8C . 833024 . . [6.1.7601.23594] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2016-11-10 . 3CB074875AC88A7C1010A2A7F9881A8C . 833024 . . [6.1.7601.23594] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23594_none_35e609f7d1bb80db\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}]
2019-06-09 01:07    1179344    ----a-w-    c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\ieext\ie_plugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{C500C267-63BF-451F-8797-4D720C9A2ED9}"= "c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\IEExt\ie_plugin.dll" [2019-06-09 1179344]
.
[HKEY_CLASSES_ROOT\clsid\{c500c267-63bf-451f-8797-4d720c9a2ed9}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2019-08-10 19:15    1292408    ----a-w-    c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2019-08-10 19:15    1292408    ----a-w-    c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2019-08-10 19:15    1292408    ----a-w-    c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2019-08-10 19:15    1292408    ----a-w-    c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2019-08-10 19:15    1292408    ----a-w-    c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6]
@="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}"
[HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}]
2019-08-10 19:15    1292408    ----a-w-    c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adguard"="d:\program files (x86)\Adguard\Adguard.exe" [2019-05-29 4157800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2019-07-17 601784]
"M0G98CYCLONERun"="c:\program files (x86)\GAMING MOUSE CYCLONE\M0G98MON.exe" [2015-10-27 3192320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 ClickToRunSvc;Usługa Szybka instalacja pakietu Microsoft Office;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
R3 fcvsc;fcvsc;c:\windows\system32\drivers\fcvsc.sys;c:\windows\SYSNATIVE\drivers\fcvsc.sys [x]
R3 gencounter;Licznik generacji funkcji Microsoft Hyper-V;c:\windows\system32\drivers\vmgencounter.sys;c:\windows\SYSNATIVE\drivers\vmgencounter.sys [x]
R3 hyperkbd;hyperkbd;c:\windows\system32\drivers\hyperkbd.sys;c:\windows\SYSNATIVE\drivers\hyperkbd.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 klvssbridge64_19.0.0;klvssbridge64_19.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\vssbridge64.exe [x]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0050.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0050.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;d:\program files (x86)\MSI Afterburner\RTCore64.sys;d:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;Karta USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 USER_ESRV_SVC_QUEENCREEK;User Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R3 YSDrv;VBox Support Driver;c:\program files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys;c:\program files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [x]
S0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Sterownik przełącznika kontrolera hosta Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
S1 adgnetworktdidrv;adgnetworktdidrv;c:\windows\system32\drivers\adgnetworktdidrv.sys;c:\windows\SYSNATIVE\drivers\adgnetworktdidrv.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
S1 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 klim6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 Adguard Service;Adguard Service;d:\program files (x86)\Adguard\AdguardSvc.exe;d:\program files (x86)\Adguard\AdguardSvc.exe [x]
S2 AVP19.0.0;Usługa Kaspersky Anti-Virus 19.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DSAService;Intel(R) Driver & Support Assistant;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe [x]
S2 ESRV_SVC_QUEENCREEK;Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 KSDE3.0.0;Usługa Kaspersky Secure Connection 3.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 Origin Web Helper Service;Origin Web Helper Service;d:\program files (x86)\Origin\OriginWebHelperService.exe;d:\program files (x86)\Origin\OriginWebHelperService.exe [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 RemoteMouseService;RemoteMouseService;c:\program files (x86)\Remote Mouse\RemoteMouseService.exe;c:\program files (x86)\Remote Mouse\RemoteMouseService.exe [x]
S2 RzSurroundVADStreamingService;RzSurroundVADStreamingService;c:\program files (x86)\Razer\Razer Surround\Driver\RzSurroundVADStreamingService.exe;c:\program files (x86)\Razer\Razer Surround\Driver\RzSurroundVADStreamingService.exe [x]
S2 SystemUsageReportSvc_QUEENCREEK;Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK;c:\program files\Intel Driver and Support Assistant\SUR\SurSvc.exe;c:\program files\Intel Driver and Support Assistant\SUR\SurSvc.exe [x]
S3 AmUStor;Al USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Sterownik kontrolera hosta Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\DRIVERS\kltap.sys;c:\windows\SYSNATIVE\DRIVERS\kltap.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RZSURROUNDVADService;Razer Surround Audio Service;c:\windows\system32\drivers\RzSurroundVAD.sys;c:\windows\SYSNATIVE\drivers\RzSurroundVAD.sys [x]
S3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}]
2019-06-09 01:07    1410256    ----a-w-    c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ieext\ie_plugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C500C267-63BF-451F-8797-4D720C9A2ED9}"= "c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\IEExt\ie_plugin.dll" [2019-06-09 1410256]
.
[HKEY_CLASSES_ROOT\CLSID\{C500C267-63BF-451F-8797-4D720C9A2ED9}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2019-08-10 19:15    1473352    ----a-w-    c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2019-08-10 19:15    1473352    ----a-w-    c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2019-08-10 19:15    1473352    ----a-w-    c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2019-08-10 19:15    1473352    ----a-w-    c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2019-08-10 19:15    1473352    ----a-w-    c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6]
@="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}"
[HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}]
2019-08-10 19:15    1473352    ----a-w-    c:\users\Filip\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2019-01-15 18391096]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalSystemNetworkRestricted
vmickvpexchange
vmicvss
vmicshutdown
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalServiceNetworkRestricted
vmictimesync
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{940CA9D9-081D-448B-8442-3A1CA604F34B}: NameServer = 8.8.8.8
TCP: Interfaces\{D9FC6EB9-6B22-405B-993C-F36CD940A601}: NameServer = 8.8.8.8
TCP: Interfaces\{E75EA2E2-EF40-47CC-985B-59CA3757D5CF}: NameServer = 8.8.8.8
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
.
.
------- Skojarzenia plików -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avpui.exe
c:\windows\system32\PnkBstrA.exe
c:\program files (x86)\Remote Mouse\RemoteMouseCore.exe
c:\program files (x86)\Remote Mouse\RemoteMouse.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
.
**************************************************************************
.
Czas ukończenia: 2019-09-01  01:07:27 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2019-08-31 23:07
.
Przed: 6 253 576 192 bajtów wolnych
Po: 5 961 613 312 bajtów wolnych
.
- - End Of File - - 9C840F0858F2EA3B3203252164A3F469
A36C5E4F47E84449FF07ED3517B43A31
 

 

received_364538634448387.jpeg

Twój_Anioł_Stróż
komentarz
komentarz
Cytuj

1601-01-03 20:26 . 1601-01-03 20:26    73216    ------w-    c:\program files (x86)\uGdVUvwEI.exe
1601-01-03 20:26 . 1601-01-03 20:26    73216    ------w-    c:\program files (x86)\nYXdaxXyKQ.exe

To mi się nie podoba!

 

Zrób logi z FRSThttp://www.forumpc.pl/topic/277786-nieingerencyjne-narzędzia-do-tworzenia-logów-systemowych/?p=2010191
przed skanem zaznacz: Additional.txt,  Shortcut.txt,

 

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.