Zamulony komputer / Logi Combofix

[Hikari Kobushi]

Witajcie

Chcialbym was zapytac o rade na temat logow ktore zrobilem Combfixem, jestescie w stanie mi to sprawdzic?? Komputer bardzo wolno chodzi pomimo, ze:
* Zeskanowalem Skannerem Online od Eset (13 zagrozen usunietych)
* Malwarebytes (brak zagrozen)
* Czyszczenie rejestrow CCleanerem
* Defragmentacja dysku aplikacja Defraggler

Kod: Zaznacz wszystko

ComboFix 13-04-26.01 - Krzystof 26/04/2013  14:40:37.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.44.1033.18.2038.999 [GMT 1:00]
Running from: c:\users\Krzystof\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Krzystof\Favorites\HijackThis.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-26 to 2013-04-26  )))))))))))))))))))))))))))))))
.
.
2013-04-26 14:10 . 2013-04-26 14:10   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-04-26 12:16 . 2013-04-26 12:16   --------   d-----w-   c:\users\Krzystof\AppData\Roaming\Malwarebytes
2013-04-26 12:16 . 2013-04-26 12:16   --------   d-----w-   c:\programdata\Malwarebytes
2013-04-26 12:16 . 2013-04-04 13:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-04-26 12:16 . 2013-04-26 12:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-04-26 12:15 . 2013-04-26 12:15   --------   d-----w-   c:\users\Krzystof\AppData\Local\Programs
2013-04-26 12:15 . 2013-04-26 12:15   --------   d-----w-   c:\program files\CCleaner
2013-04-26 09:26 . 2013-04-26 09:26   --------   d-----w-   c:\program files\ESET
2013-04-25 21:15 . 2013-04-25 21:16   --------   d-----w-   c:\program files\Defraggler
2013-04-25 14:13 . 2013-04-25 14:13   --------   d-----w-   c:\programdata\McAfee
2013-04-13 09:09 . 2013-04-13 09:09   60872   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{C560893D-8B3B-446E-A140-AF5A10F47685}\offreg.dll
2013-04-13 09:08 . 2013-03-15 07:21   7108640   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{C560893D-8B3B-446E-A140-AF5A10F47685}\mpengine.dll
2013-04-08 11:55 . 2013-04-08 11:55   --------   d-----w-   c:\users\Krzystof\AppData\Local\DoNotTrackPlus
2013-04-07 18:29 . 2013-04-07 18:29   --------   d-----w-   c:\windows\system32\searchplugins
2013-04-07 18:29 . 2013-04-07 18:29   --------   d-----w-   c:\windows\system32\Extensions
2013-04-07 18:29 . 2013-04-07 18:31   --------   d-----w-   c:\users\Krzystof\AppData\Roaming\PerformerSoft
2013-04-07 18:29 . 2012-12-19 14:53   18096   ----a-w-   c:\windows\system32\roboot.exe
2013-04-07 18:27 . 2013-04-07 18:27   --------   d-----w-   c:\users\Krzystof\AppData\Roaming\PlusWinks
2013-04-07 18:21 . 2013-04-07 18:21   --------   d-----w-   c:\users\Krzystof\AppData\Roaming\SpeedanAlysis
2013-04-07 18:20 . 2013-04-07 18:20   --------   d-----w-   c:\users\Krzystof\AppData\Roaming\Babylon
2013-04-07 18:20 . 2013-04-07 18:20   --------   d-----w-   c:\programdata\Babylon
2013-04-07 18:19 . 2013-04-07 18:19   --------   d-----w-   c:\users\Krzystof\AppData\Roaming\File Scout
2013-04-05 11:31 . 2013-04-05 11:31   --------   d-----w-   c:\program files\Techland
2013-03-27 22:22 . 2013-03-27 22:22   --------   d-----w-   c:\users\Krzystof\AppData\Local\Adobe
2013-03-27 22:17 . 2013-03-27 22:17   --------   d-----w-   c:\program files\Common Files\Adobe
2013-03-27 21:56 . 2013-03-27 21:56   --------   d-----w-   c:\program files\GPLGS
2013-03-27 21:46 . 2013-03-27 21:46   --------   d-----w-   c:\users\Krzystof\AppData\Roaming\Softland
2013-03-27 21:46 . 2010-02-05 14:00   1700352   ----a-w-   c:\windows\system32\GdiPlus.dll
2013-03-27 19:43 . 2013-03-27 19:43   --------   d-----w-   c:\program files\Common Files\Java
2013-03-27 19:43 . 2013-03-27 19:42   861088   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-03-27 19:43 . 2013-03-27 19:42   782240   ----a-w-   c:\windows\system32\deployJava1.dll
2013-03-27 19:42 . 2013-03-27 19:42   94112   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-03-27 19:42 . 2013-03-27 19:42   --------   d-----w-   c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-25 14:13 . 2013-03-15 14:21   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-25 14:13 . 2013-03-15 14:21   691592   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-03-15 13:15 . 2009-07-13 23:40   409088   ----a-w-   c:\windows\system32\systemcpl.dll
2013-03-15 13:15 . 2009-07-13 23:36   13824   ----a-w-   c:\windows\system32\slwga.dll
2013-03-15 13:15 . 2009-07-13 23:24   811520   ----a-w-   c:\windows\system32\user32.dll
2013-03-12 00:10 . 2013-03-15 13:38   237088   ------w-   c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-03-15 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"SearchProtect"="c:\users\Krzystof\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-04-11 2730784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-29 73832]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"SearchProtectAll"="c:\program files\SearchProtect\bin\cltmng.exe" [2013-03-06 2731296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\Krzystof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\SearchProtect\bin\CltMngSvc.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\Yontoo\Y2Desktop.Updater.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 18:59   1642448   ----a-w-   c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-15 14:13]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-08 11:58]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-08 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119661&babsrc=HP_ss&mntrId=2874001E685369A6
TCP: DhcpNameServer = 192.168.52.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(552)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2013-04-26  15:11:57
ComboFix-quarantined-files.txt  2013-04-26 14:11
.
Pre-Run: 20,939,268,096 bytes free
Post-Run: 20,963,545,088 bytes free
.
- - End Of File - - DDAD15A8C8E0C3E6743E7EE9FF23CA0C


[Pangia]

Następny fachmen, co nie czyta regulaminu i nie wie, kiedy się stosuje Combofix. Ilu was tu jeszcze przyjdzie?!
http://postimg.com/136000/omg-135180.jpg

[Hikari Kobushi]

Przepraszam, za zlamanie regulaminu... Teraz sie poprawiam i wrzucam to co wskazane i jak wskazane

OTL
http://www.wklej.eu/index.php?id=5ae8b90132

GMER
http://www.wklej.eu/index.php?id=8d95a7883e

[mateo8898]

To jeszcze doczytaj instrukcję otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967.html#p107754 i podaj 2 logi z OTL. Wtedy będziemy działać.