API tools faq
paste
Advertisement
Guest User

log

a guest
May 19th, 2014
274
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.79 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 14-05-16.01 - WIJHARS1 2014-05-19 12:16:21.1.2 - x86
  2. Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.1976.716 [GMT 2:00]
  3. Uruchomiony z: c:\users\WIJHARS1\Downloads\ComboFix.exe
  4. AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
  5. AV: FortiClient AntiVirus *Disabled/Outdated* {385618A6-2256-708E-3FB9-7E98B93F91F9}
  6. SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
  7. SP: FortiClient AntiVirus *Disabled/Outdated* {8337F942-046C-7F00-0509-45EAC2B8DB44}
  8. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  9. .
  10. .
  11. ((((((((((((((((((((((((( Pliki utworzone od 2014-04-19 do 2014-05-19 )))))))))))))))))))))))))))))))
  12. .
  13. .
  14. 2014-05-19 10:22 . 2014-05-19 10:22 -------- d-----w- c:\users\Default\AppData\Local\temp
  15. 2014-05-19 10:14 . 2014-05-19 10:14 -------- d-----w- c:\program files\HD Tune
  16. 2014-05-18 19:20 . 2014-05-18 19:20 -------- d-----w- c:\users\WIJHARS1\AppData\Local\Macromedia
  17. 2014-05-18 18:38 . 2014-05-18 18:38 -------- d-----w- c:\users\WIJHARS1\AppData\Local\Mozilla
  18. 2014-05-18 18:38 . 2014-05-18 18:38 -------- d-----w- c:\program files\Mozilla Maintenance Service
  19. 2014-05-18 17:54 . 2014-04-17 03:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B7519E6-B483-4C8F-BD10-6740D9C37ED4}\mpengine.dll
  20. 2014-05-15 18:26 . 2014-05-15 18:26 -------- d-sh--w- c:\users\WIJHARS1\AppData\Local\EmieUserList
  21. 2014-05-15 18:26 . 2014-05-15 18:26 -------- d-sh--w- c:\users\WIJHARS1\AppData\Local\EmieSiteList
  22. 2014-05-15 08:37 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
  23. 2014-05-15 07:59 . 2014-05-09 07:06 369664 ----a-w- c:\windows\system32\aepdu.dll
  24. 2014-05-15 07:59 . 2014-05-09 07:04 302592 ----a-w- c:\windows\system32\aeinv.dll
  25. 2014-05-15 07:59 . 2014-03-04 09:20 3969984 ----a-w- c:\windows\system32\ntkrnlpa.exe
  26. 2014-05-07 11:23 . 2014-05-07 12:14 -------- d-----w- c:\users\WIJHARS1\AppData\Roaming\vlc
  27. 2014-05-07 11:22 . 2014-05-07 11:22 -------- d-----w- c:\program files\VideoLAN
  28. 2014-05-06 14:30 . 2014-05-15 15:37 -------- d-s---w- c:\windows\system32\CompatTel
  29. 2014-05-06 00:13 . 2014-05-07 11:17 -------- d-----w- c:\users\WIJHARS1\AppData\Roaming\NapiProjekt
  30. 2014-05-06 00:13 . 2014-05-06 00:13 -------- d-----w- c:\program files\NapiProjekt
  31. 2014-05-06 00:12 . 2014-05-06 00:12 -------- d-----w- c:\users\WIJHARS1\AppData\Local\Programs
  32. 2014-05-02 10:54 . 2014-05-02 10:54 -------- d-----w- c:\windows\Migration
  33. 2014-05-02 10:16 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
  34. 2014-05-02 10:16 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
  35. 2014-05-02 10:16 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
  36. 2014-05-02 10:16 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
  37. 2014-05-02 10:16 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
  38. 2014-05-02 10:16 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
  39. 2014-05-02 10:16 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
  40. 2014-05-02 10:16 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
  41. 2014-05-02 10:16 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
  42. 2014-05-02 10:04 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
  43. 2014-05-02 10:04 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
  44. 2014-05-02 10:04 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
  45. 2014-05-02 10:01 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
  46. 2014-05-02 10:01 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
  47. 2014-05-02 10:01 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
  48. 2014-05-02 10:01 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
  49. 2014-05-02 10:01 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
  50. 2014-05-02 10:01 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
  51. 2014-05-02 10:01 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
  52. 2014-05-02 10:01 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
  53. 2014-05-02 10:01 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
  54. 2014-05-02 10:00 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
  55. 2014-05-02 10:00 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
  56. 2014-05-02 10:00 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
  57. 2014-05-02 09:59 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
  58. 2014-05-02 09:59 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
  59. 2014-05-02 09:59 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
  60. 2014-05-02 09:59 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
  61. 2014-05-02 09:59 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
  62. 2014-05-02 09:59 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
  63. 2014-05-02 09:59 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
  64. .
  65. .
  66. .
  67. (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
  68. .
  69. 2014-05-18 19:16 . 2013-11-09 18:15 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
  70. 2014-05-18 19:16 . 2013-11-09 18:15 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
  71. 2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
  72. 2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
  73. 2014-03-31 07:35 . 2013-05-08 09:11 231584 ------w- c:\windows\system32\MpSigStub.exe
  74. 2014-03-09 10:52 . 2014-03-09 10:52 49940480 ----a-w- c:\program files\GUTEA01.tmp
  75. .
  76. .
  77. ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
  78. .
  79. .
  80. *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
  81. REGEDIT4
  82. .
  83. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  84. "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-18 280576]
  85. .
  86. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  87. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  88. "ConsentPromptBehaviorUser"= 3 (0x3)
  89. "EnableUIADesktopToggle"= 0 (0x0)
  90. .
  91. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  92. "aux1"=wdmaud.drv
  93. .
  94. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  95. 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
  96. .
  97. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
  98. 2009-05-14 13:47 2029640 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
  99. .
  100. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
  101. 2011-02-11 17:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
  102. .
  103. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
  104. 2011-02-11 17:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
  105. .
  106. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager]
  107. 2009-03-17 14:18 434176 ----a-w- c:\program files\iPlus\iPlusChecker.exe
  108. .
  109. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
  110. 2011-02-11 17:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
  111. .
  112. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
  113. 2013-11-14 15:42 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe
  114. .
  115. R1 FortiFW;FortiFW;c:\windows\system32\drivers\FortiFW2.sys [2013-06-06 32480]
  116. R3 FARegMon;FARegMon;c:\windows\system32\drivers\FortiRmon.sys [2013-06-06 47328]
  117. R3 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys [2013-06-06 107232]
  118. R3 FortiRdr;FortiRdr;c:\windows\system32\drivers\FortiRdr2.sys [2013-06-06 39648]
  119. R3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys [2011-03-21 14496]
  120. R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
  121. R3 mdareDriver_43;mdareDriver_43;c:\program files\Fortinet\FortiClient\mdare32_43.sys [2013-11-01 84448]
  122. R3 mdareDriver_47;mdareDriver_47;c:\program files\Fortinet\FortiClient\mdare32_47.sys [2014-05-02 85216]
  123. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
  124. R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-17 1343400]
  125. R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
  126. S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
  127. S1 FAFileMon;FAFileMon;c:\windows\system32\drivers\fortimon2.sys [2013-06-06 45280]
  128. S1 FortiFilter;Fortinet NDIS6 Packet Filter Service;c:\windows\system32\DRIVERS\FortiFilter.sys [2013-05-27 21976]
  129. S1 FortiShield;FortiShield;c:\windows\system32\drivers\FortiShield.sys [2013-06-06 53984]
  130. S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
  131. S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
  132. S3 fortiapd;fortiapd;c:\windows\system32\drivers\fortiapd.sys [2013-06-06 14560]
  133. S3 FortiWF;FortiWF;c:\windows\system32\drivers\FortiWF2.sys [2013-06-06 23776]
  134. S3 netr28;Sterownik karty sieci bezprzewodowej Ralink 802.11n dla systemu Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
  135. S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop.sys [2011-03-21 36384]
  136. S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
  137. .
  138. .
  139. [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
  140. 2014-05-15 18:31 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
  141. .
  142. Zawartość folderu 'Zaplanowane zadania'
  143. .
  144. 2014-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  145. - c:\program files\Google\Update\GoogleUpdate.exe [2013-11-01 13:54]
  146. .
  147. 2014-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  148. - c:\program files\Google\Update\GoogleUpdate.exe [2013-11-01 13:54]
  149. .
  150. .
  151. ------- Skan uzupełniający -------
  152. .
  153. uStart Page = hxxp://google.pl/
  154. IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
  155. TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
  156. FF - ProfilePath - c:\users\WIJHARS1\AppData\Roaming\Mozilla\Firefox\Profiles\l4twwqfp.default\
  157. .
  158. .
  159. --------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
  160. .
  161. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  162. @Denied: (A) (Users)
  163. @Denied: (A) (Everyone)
  164. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  165. "BlindDial"=dword:00000000
  166. "MSCurrentCountry"=dword:000000b5
  167. .
  168. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  169. @Denied: (A) (Users)
  170. @Denied: (A) (Everyone)
  171. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  172. "BlindDial"=dword:00000000
  173. .
  174. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  175. @Denied: (A) (Users)
  176. @Denied: (A) (Everyone)
  177. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  178. "BlindDial"=dword:00000000
  179. .
  180. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  181. @Denied: (Full) (Everyone)
  182. .
  183. --------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
  184. .
  185. - - - - - - - > 'Explorer.exe'(1304)
  186. c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
  187. .
  188. Czas ukończenia: 2014-05-19 12:24:52
  189. ComboFix-quarantined-files.txt 2014-05-19 10:24
  190. .
  191. Przed: 126 554 968 064 bajtów wolnych
  192. Po: 128 250 540 032 bajtów wolnych
  193. .
  194. - - End Of File - - D9C4E51BEC5203717DDDA449197EAA69
  195. A36C5E4F47E84449FF07ED3517B43A31
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!