Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 14-05-16.01 - WIJHARS1 2014-05-19 12:16:21.1.2 - x86
- Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.1976.716 [GMT 2:00]
- Uruchomiony z: c:\users\WIJHARS1\Downloads\ComboFix.exe
- AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
- AV: FortiClient AntiVirus *Disabled/Outdated* {385618A6-2256-708E-3FB9-7E98B93F91F9}
- SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
- SP: FortiClient AntiVirus *Disabled/Outdated* {8337F942-046C-7F00-0509-45EAC2B8DB44}
- SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- .
- .
- ((((((((((((((((((((((((( Pliki utworzone od 2014-04-19 do 2014-05-19 )))))))))))))))))))))))))))))))
- .
- .
- 2014-05-19 10:22 . 2014-05-19 10:22 -------- d-----w- c:\users\Default\AppData\Local\temp
- 2014-05-19 10:14 . 2014-05-19 10:14 -------- d-----w- c:\program files\HD Tune
- 2014-05-18 19:20 . 2014-05-18 19:20 -------- d-----w- c:\users\WIJHARS1\AppData\Local\Macromedia
- 2014-05-18 18:38 . 2014-05-18 18:38 -------- d-----w- c:\users\WIJHARS1\AppData\Local\Mozilla
- 2014-05-18 18:38 . 2014-05-18 18:38 -------- d-----w- c:\program files\Mozilla Maintenance Service
- 2014-05-18 17:54 . 2014-04-17 03:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B7519E6-B483-4C8F-BD10-6740D9C37ED4}\mpengine.dll
- 2014-05-15 18:26 . 2014-05-15 18:26 -------- d-sh--w- c:\users\WIJHARS1\AppData\Local\EmieUserList
- 2014-05-15 18:26 . 2014-05-15 18:26 -------- d-sh--w- c:\users\WIJHARS1\AppData\Local\EmieSiteList
- 2014-05-15 08:37 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
- 2014-05-15 07:59 . 2014-05-09 07:06 369664 ----a-w- c:\windows\system32\aepdu.dll
- 2014-05-15 07:59 . 2014-05-09 07:04 302592 ----a-w- c:\windows\system32\aeinv.dll
- 2014-05-15 07:59 . 2014-03-04 09:20 3969984 ----a-w- c:\windows\system32\ntkrnlpa.exe
- 2014-05-07 11:23 . 2014-05-07 12:14 -------- d-----w- c:\users\WIJHARS1\AppData\Roaming\vlc
- 2014-05-07 11:22 . 2014-05-07 11:22 -------- d-----w- c:\program files\VideoLAN
- 2014-05-06 14:30 . 2014-05-15 15:37 -------- d-s---w- c:\windows\system32\CompatTel
- 2014-05-06 00:13 . 2014-05-07 11:17 -------- d-----w- c:\users\WIJHARS1\AppData\Roaming\NapiProjekt
- 2014-05-06 00:13 . 2014-05-06 00:13 -------- d-----w- c:\program files\NapiProjekt
- 2014-05-06 00:12 . 2014-05-06 00:12 -------- d-----w- c:\users\WIJHARS1\AppData\Local\Programs
- 2014-05-02 10:54 . 2014-05-02 10:54 -------- d-----w- c:\windows\Migration
- 2014-05-02 10:16 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
- 2014-05-02 10:16 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
- 2014-05-02 10:16 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
- 2014-05-02 10:16 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
- 2014-05-02 10:16 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
- 2014-05-02 10:16 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
- 2014-05-02 10:16 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
- 2014-05-02 10:16 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
- 2014-05-02 10:16 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
- 2014-05-02 10:04 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
- 2014-05-02 10:04 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
- 2014-05-02 10:04 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
- 2014-05-02 10:01 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
- 2014-05-02 10:01 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
- 2014-05-02 10:01 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
- 2014-05-02 10:01 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
- 2014-05-02 10:01 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
- 2014-05-02 10:01 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
- 2014-05-02 10:01 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
- 2014-05-02 10:01 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
- 2014-05-02 10:01 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
- 2014-05-02 10:00 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
- 2014-05-02 10:00 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
- 2014-05-02 10:00 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
- 2014-05-02 09:59 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
- 2014-05-02 09:59 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
- 2014-05-02 09:59 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
- 2014-05-02 09:59 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
- 2014-05-02 09:59 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
- 2014-05-02 09:59 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
- 2014-05-02 09:59 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
- .
- .
- .
- (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2014-05-18 19:16 . 2013-11-09 18:15 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
- 2014-05-18 19:16 . 2013-11-09 18:15 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
- 2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
- 2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
- 2014-03-31 07:35 . 2013-05-08 09:11 231584 ------w- c:\windows\system32\MpSigStub.exe
- 2014-03-09 10:52 . 2014-03-09 10:52 49940480 ----a-w- c:\program files\GUTEA01.tmp
- .
- .
- ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
- REGEDIT4
- .
- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
- "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-18 280576]
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
- "ConsentPromptBehaviorAdmin"= 5 (0x5)
- "ConsentPromptBehaviorUser"= 3 (0x3)
- "EnableUIADesktopToggle"= 0 (0x0)
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
- "aux1"=wdmaud.drv
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
- 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
- 2009-05-14 13:47 2029640 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
- 2011-02-11 17:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
- 2011-02-11 17:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager]
- 2009-03-17 14:18 434176 ----a-w- c:\program files\iPlus\iPlusChecker.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
- 2011-02-11 17:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
- 2013-11-14 15:42 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe
- .
- R1 FortiFW;FortiFW;c:\windows\system32\drivers\FortiFW2.sys [2013-06-06 32480]
- R3 FARegMon;FARegMon;c:\windows\system32\drivers\FortiRmon.sys [2013-06-06 47328]
- R3 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys [2013-06-06 107232]
- R3 FortiRdr;FortiRdr;c:\windows\system32\drivers\FortiRdr2.sys [2013-06-06 39648]
- R3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys [2011-03-21 14496]
- R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
- R3 mdareDriver_43;mdareDriver_43;c:\program files\Fortinet\FortiClient\mdare32_43.sys [2013-11-01 84448]
- R3 mdareDriver_47;mdareDriver_47;c:\program files\Fortinet\FortiClient\mdare32_47.sys [2014-05-02 85216]
- R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
- R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-17 1343400]
- R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
- S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
- S1 FAFileMon;FAFileMon;c:\windows\system32\drivers\fortimon2.sys [2013-06-06 45280]
- S1 FortiFilter;Fortinet NDIS6 Packet Filter Service;c:\windows\system32\DRIVERS\FortiFilter.sys [2013-05-27 21976]
- S1 FortiShield;FortiShield;c:\windows\system32\drivers\FortiShield.sys [2013-06-06 53984]
- S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
- S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
- S3 fortiapd;fortiapd;c:\windows\system32\drivers\fortiapd.sys [2013-06-06 14560]
- S3 FortiWF;FortiWF;c:\windows\system32\drivers\FortiWF2.sys [2013-06-06 23776]
- S3 netr28;Sterownik karty sieci bezprzewodowej Ralink 802.11n dla systemu Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
- S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop.sys [2011-03-21 36384]
- S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
- .
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
- 2014-05-15 18:31 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
- .
- Zawartość folderu 'Zaplanowane zadania'
- .
- 2014-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- - c:\program files\Google\Update\GoogleUpdate.exe [2013-11-01 13:54]
- .
- 2014-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- - c:\program files\Google\Update\GoogleUpdate.exe [2013-11-01 13:54]
- .
- .
- ------- Skan uzupełniający -------
- .
- uStart Page = hxxp://google.pl/
- IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
- TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
- FF - ProfilePath - c:\users\WIJHARS1\AppData\Roaming\Mozilla\Firefox\Profiles\l4twwqfp.default\
- .
- .
- --------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- "MSCurrentCountry"=dword:000000b5
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
- @Denied: (Full) (Everyone)
- .
- --------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- .
- - - - - - - - > 'Explorer.exe'(1304)
- c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
- .
- Czas ukończenia: 2014-05-19 12:24:52
- ComboFix-quarantined-files.txt 2014-05-19 10:24
- .
- Przed: 126 554 968 064 bajtów wolnych
- Po: 128 250 540 032 bajtów wolnych
- .
- - - End Of File - - D9C4E51BEC5203717DDDA449197EAA69
- A36C5E4F47E84449FF07ED3517B43A31
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement