ComboFix 17-11-14.01 - Adrian 2017-11-25 20:16:27.6.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.3070.2211 [GMT 1:00] Uruchomiony z: c:\users\Adrian\Desktop\Programy\ComboFix.exe FW: COMODO Firewall *Enabled* {346ADFA5-A93A-68E5-1F1A-0C241B12C186} SP: COMODO Advanced Protection *Enabled/Updated* {B730BF64-C56F-6633-0EF5-9E639E46CC40} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2017-10-25 do 2017-11-25 ))))))))))))))))))))))))))))))) . . 2017-11-25 19:23 . 2017-11-25 19:23 -------- d-----w- c:\users\Public\AppData\Local\temp 2017-11-25 19:23 . 2017-11-25 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-11-25 19:23 . 2017-11-25 19:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2017-11-25 18:42 . 2017-11-25 18:42 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{978D2FF8-D4B8-4A4B-8AE8-794C6FC1EC46}\offreg.1400.dll 2017-11-21 17:39 . 2017-11-21 17:39 -------- d-----w- c:\programdata\KONAMI 2017-11-21 13:54 . 2017-10-30 07:26 11282328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{978D2FF8-D4B8-4A4B-8AE8-794C6FC1EC46}\mpengine.dll 2017-11-15 09:11 . 2017-10-04 13:04 1918464 ----a-w- c:\windows\system32\aitstatic.exe 2017-11-15 09:11 . 2017-10-18 02:16 114408 ----a-w- c:\windows\system32\CompatTelRunner.exe 2017-11-15 09:11 . 2017-10-18 02:11 488448 ----a-w- c:\windows\system32\aeinv.dll 2017-11-15 09:11 . 2017-10-15 22:04 313184 ----a-w- c:\windows\system32\centel.dll 2017-11-15 09:11 . 2017-10-04 13:04 541696 ----a-w- c:\windows\system32\generaltel.dll 2017-11-15 09:11 . 2017-10-04 13:04 509440 ----a-w- c:\windows\system32\devinv.dll 2017-11-15 09:11 . 2017-10-04 13:04 303616 ----a-w- c:\windows\system32\invagent.dll 2017-11-15 09:11 . 2017-10-04 13:04 193536 ----a-w- c:\windows\system32\aepic.dll 2017-11-15 09:11 . 2017-10-04 13:04 150016 ----a-w- c:\windows\system32\acmigration.dll 2017-11-15 09:11 . 2017-10-04 13:04 1321472 ----a-w- c:\windows\system32\appraiser.dll 2017-11-04 21:34 . 2017-11-04 21:34 -------- d-----w- c:\programdata\{74E9F814-C737-42CC-B721-DBBC4059367A} 2017-11-04 21:34 . 2017-11-25 18:32 -------- d-----w- c:\program files\Common Files\IObit 2017-11-04 21:34 . 2017-11-04 21:34 -------- d-----w- c:\program files\IObit 2017-11-04 21:25 . 2017-11-04 21:25 -------- d-----w- c:\users\Adrian\AppData\Roaming\ChemTable Software 2017-11-04 21:25 . 2017-11-04 21:25 -------- d-----w- c:\users\Adrian\AppData\Local\ChemTable Software 2017-11-04 21:25 . 2017-11-04 21:25 -------- d-s---w- c:\program files\Reg Organizer . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-11-21 16:58 . 2016-11-21 14:12 290304 ----a-w- c:\windows\system32\subinacl.exe 2017-11-14 23:17 . 2016-11-26 16:20 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2017-11-14 23:17 . 2016-11-26 16:20 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2017-11-04 23:21 . 2017-04-17 18:06 220088 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2017-10-18 02:25 . 2017-11-15 09:12 3072 ----a-w- c:\windows\system32\drivers\pl-PL\usbehci.sys.mui 2017-10-18 02:20 . 2017-11-15 09:12 25088 ----a-w- c:\windows\system32\drivers\pl-PL\usbport.sys.mui 2017-10-18 02:20 . 2017-11-15 09:12 11776 ----a-w- c:\windows\system32\drivers\pl-PL\usbhub.sys.mui 2017-10-11 16:01 . 2017-10-11 16:01 124059592 -c--a-w- c:\windows\system32\MRT-KB890830.exe 2017-09-13 15:13 . 2017-10-11 15:43 4001512 ----a-w- c:\windows\system32\ntkrnlpa.exe 2017-09-13 15:13 . 2017-10-11 15:43 3945704 ----a-w- c:\windows\system32\ntoskrnl.exe 2017-09-13 15:13 . 2017-10-11 15:43 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2017-09-13 15:13 . 2017-10-11 15:43 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2017-09-13 15:10 . 2017-10-11 15:43 1310528 ----a-w- c:\windows\system32\ntdll.dll 2017-09-13 15:09 . 2017-10-11 15:43 392704 ----a-w- c:\windows\system32\wlansec.dll 2017-09-13 15:09 . 2017-10-11 15:43 83968 ----a-w- c:\windows\system32\wlanhlp.dll 2017-09-13 15:09 . 2017-10-11 15:43 828928 ----a-w- c:\windows\system32\wlansvc.dll 2017-09-13 15:09 . 2017-10-11 15:43 80896 ----a-w- c:\windows\system32\wlanapi.dll 2017-09-13 15:09 . 2017-10-11 15:43 428032 ----a-w- c:\windows\system32\wlanmsm.dll 2017-09-13 15:09 . 2017-10-11 15:43 172032 ----a-w- c:\windows\system32\wdigest.dll 2017-09-13 15:09 . 2017-10-11 15:43 99840 ----a-w- c:\windows\system32\sspicli.dll 2017-09-13 15:09 . 2017-10-11 15:43 65536 ----a-w- c:\windows\system32\TSpkg.dll 2017-09-13 15:09 . 2017-10-11 15:43 43008 ----a-w- c:\windows\system32\srclient.dll 2017-09-13 15:09 . 2017-10-11 15:43 400896 ----a-w- c:\windows\system32\srcore.dll 2017-09-13 15:09 . 2017-10-11 15:43 655360 ----a-w- c:\windows\system32\rpcrt4.dll 2017-09-13 15:09 . 2017-10-11 15:43 50176 ----a-w- c:\windows\system32\setbcdlocale.dll 2017-09-13 15:09 . 2017-10-11 15:43 254464 ----a-w- c:\windows\system32\schannel.dll 2017-09-13 15:09 . 2017-10-11 15:43 22016 ----a-w- c:\windows\system32\secur32.dll 2017-09-13 15:09 . 2017-10-11 15:43 141312 ----a-w- c:\windows\system32\rpchttp.dll 2017-09-13 15:09 . 2017-10-11 15:43 261120 ----a-w- c:\windows\system32\msv1_0.dll 2017-09-13 15:09 . 2017-10-11 15:43 223232 ----a-w- c:\windows\system32\ncrypt.dll 2017-09-13 15:09 . 2017-10-11 15:43 830464 ----a-w- c:\windows\system32\msctf.dll 2017-09-13 15:09 . 2017-10-11 15:43 60416 ----a-w- c:\windows\system32\msobjs.dll 2017-09-13 15:09 . 2017-10-11 15:43 146432 ----a-w- c:\windows\system32\msaudite.dll 2017-09-13 15:08 . 2017-10-11 15:43 554496 ----a-w- c:\windows\system32\kerberos.dll 2017-09-13 15:08 . 2017-10-11 15:43 1062912 ----a-w- c:\windows\system32\lsasrv.dll 2017-09-13 15:08 . 2017-10-11 15:43 38912 ----a-w- c:\windows\system32\csrsrv.dll 2017-09-13 15:08 . 2017-10-11 15:43 17408 ----a-w- c:\windows\system32\credssp.dll 2017-09-13 15:08 . 2017-10-11 15:43 82432 ----a-w- c:\windows\system32\bcrypt.dll 2017-09-13 15:08 . 2017-10-11 15:43 644096 ----a-w- c:\windows\system32\advapi32.dll 2017-09-13 15:08 . 2017-10-11 15:43 690688 ----a-w- c:\windows\system32\adtschema.dll 2017-09-13 15:08 . 2017-10-11 15:43 6656 ----a-w- c:\windows\system32\apisetschema.dll 2017-09-13 15:08 . 2017-10-11 15:43 50688 ----a-w- c:\windows\system32\appidapi.dll 2017-09-13 14:53 . 2017-10-11 15:43 271360 ----a-w- c:\windows\system32\drivers\nwifi.sys 2017-09-13 14:50 . 2017-10-11 15:43 97792 ----a-w- c:\windows\system32\appidpolicyconverter.exe 2017-09-13 14:50 . 2017-10-11 15:43 50688 ----a-w- c:\windows\system32\drivers\appid.sys 2017-09-13 14:50 . 2017-10-11 15:43 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe 2017-09-13 14:50 . 2017-10-11 15:43 29696 ----a-w- c:\windows\system32\appidsvc.dll 2017-09-13 14:50 . 2017-10-11 15:43 50176 ----a-w- c:\windows\system32\auditpol.exe 2017-09-13 14:48 . 2017-10-11 15:43 262656 ----a-w- c:\windows\system32\rstrui.exe 2017-09-13 14:46 . 2017-10-11 15:43 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2017-09-13 14:46 . 2017-10-11 15:43 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2017-09-13 14:46 . 2017-10-11 15:43 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2017-09-13 14:46 . 2017-10-11 15:43 36352 ----a-w- c:\windows\system32\cryptbase.dll 2017-09-13 14:46 . 2017-10-11 15:43 22016 ----a-w- c:\windows\system32\lsass.exe 2017-09-13 14:46 . 2017-10-11 15:43 15872 ----a-w- c:\windows\system32\sspisrv.dll 2017-09-13 14:46 . 2017-10-11 15:43 69632 ----a-w- c:\windows\system32\smss.exe 2017-09-08 15:09 . 2017-10-11 15:43 306688 ----a-w- c:\windows\system32\gdi32.dll 2017-09-08 14:20 . 2017-10-11 15:43 8704 ----a-w- c:\windows\system32\msjint40.dll 2017-09-08 14:20 . 2017-10-11 15:43 640512 ----a-w- c:\windows\system32\mswstr10.dll 2017-09-07 15:12 . 2017-10-11 15:43 2755072 ----a-w- c:\windows\system32\themeui.dll 2017-09-07 14:48 . 2017-10-11 15:43 312320 ----a-w- c:\windows\system32\drivers\srv.sys 2017-09-07 14:48 . 2017-10-11 15:43 313856 ----a-w- c:\windows\system32\drivers\srv2.sys 2017-09-07 14:48 . 2017-10-11 15:43 115712 ----a-w- c:\windows\system32\drivers\srvnet.sys 2017-08-29 04:59 . 2015-08-04 22:29 44008 ----a-w- c:\windows\system32\cmdcsr.dll 2017-08-29 04:59 . 2015-09-03 09:52 731344 ----a-w- c:\windows\system32\guard32.dll 2017-08-29 04:55 . 2015-08-04 22:27 363712 ----a-w- c:\windows\system32\cmdvrt32.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KeyScrambler"="c:\program files\Programy\KeyScrambler\keyscrambler.exe" [2015-10-12 509216] "COMODO Internet Security"="c:\program files\Programy\COMODO\COMODO Internet Security\cistray.exe" [2017-08-29 1390784] "Eraser"="c:\program files\Eraser\Eraser.exe" [2016-08-27 1074600] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2016-04-09 280576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes TrayApp] 2017-04-17 18:05 2780112 ----a-w- c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AlcoholAutomount"="c:\program files\Programy\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount "Steam"="c:\program files\Steam\steam.exe" -silent . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AvgUi"="c:\program files\AVG\Framework\Common\avguirnx.exe" /lps=fmw "Malwarebytes TrayApp"=c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe . R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Programy\COMODO\COMODO Internet Security\cmdvirth.exe [2017-08-29 2080448] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2017-05-18 109456] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-10-14 104960] R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-04-17 3303888] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-11-04 220088] R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [2017-08-19 64288] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2016-12-16 40384] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2016-05-30 27192] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2017-05-18 147344] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2017-08-08 27504] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2017-08-08 658704] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2017-08-08 53344] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2016-04-08 23840] S2 AdvancedSystemCareService11;Advanced SystemCare Service 11;c:\program files\IObit\Advanced SystemCare\ASCService.exe [2017-09-16 1053472] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2015-08-18 211536] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2017-06-14 794608] S3 RTSUER;Realtek USB Card Reader - UER;c:\windows\system32\Drivers\RtsUer.sys [2017-05-10 308192] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc utcsvc REG_MULTI_SZ DiagTrack . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2017-11-13 22:27 1509208 ----a-w- c:\program files\Google\Chrome\Application\62.0.3202.94\Installer\chrmstp.exe . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=189 TCP: DhcpNameServer = 91.189.136.10 91.189.136.11 192.168.0.1 FF - ProfilePath - c:\users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\vzpkllji.default\ . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1195799040-1513517072-2440341013-1000\Software\SecuROM\License information*] "datasecu"=hex:93,92,b1,08,06,91,89,f6,e5,ca,56,f1,9b,a5,1c,f2,90,17,9c,e4,66, 17,6a,23,d2,39,34,cc,98,19,8b,e0,a1,9d,4b,02,58,90,42,0c,18,4e,71,b9,5e,a5,\ "rkeysecu"=hex:f4,b5,d3,0b,9b,70,cf,cb,7c,ad,c0,43,75,db,27,7c . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2017-11-25 20:25:47 ComboFix-quarantined-files.txt 2017-11-25 19:25 ComboFix2.txt 2017-06-16 06:40 ComboFix3.txt 2017-05-12 06:54 . Przed: 48 321 077 248 bajtów wolnych Po: 47 929 135 104 bajtów wolnych . - - End Of File - - 462C4C887C6F93B8FFD0BA891CB6844E A36C5E4F47E84449FF07ED3517B43A31