ComboFix 14-11-25.01 - Kowalczyk 2014-11-25 18:59:10.2.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.2038.1076 [GMT 1:00] Uruchomiony z: c:\users\Kowalczyk\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((( Pliki utworzone od 2014-10-25 do 2014-11-25 ))))))))))))))))))))))))))))))) . . 2014-11-25 18:04 . 2014-11-25 18:04 -------- d-----w- c:\users\wangjihua\AppData\Local\temp 2014-11-25 18:04 . 2014-11-25 18:04 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-11-25 18:04 . 2014-11-25 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-11-22 20:24 . 2014-11-22 20:24 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8824DC6A-2D56-47CE-916C-6B65DB675FC3}\offreg.dll 2014-11-22 19:40 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8824DC6A-2D56-47CE-916C-6B65DB675FC3}\mpengine.dll 2014-11-08 07:38 . 2014-11-08 07:38 -------- d-----w- C:\found.002 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-02 04:20 . 2013-06-22 09:51 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B0A125BF-303E-6057-7599-2663C8155EE8}] 2014-03-30 12:31 424960 ----a-w- c:\programdata\deaili44me\uOk6jo8.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392] "HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x] R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.0.0.100\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.0.0.100\NIS.exe [x] R3 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20130814.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20130814.001\BHDrvx64.sys [x] R3 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1500000.064\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1500000.064\ccSetx64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] R3 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20130805.011\IDSVia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20130805.011\IDSVia64.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x] R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x] R3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1500000.064\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1500000.064\SYMDS64.SYS [x] R3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1500000.064\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1500000.064\SYMEFA64.SYS [x] R3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1500000.064\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1500000.064\Ironx64.SYS [x] R3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1500000.064\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1500000.064\SYMNETS.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x] S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x] S3 netw5v64;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 64-bitowej;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x] S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-03-15 16:30 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2014-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-20 17:03] . 2014-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-20 17:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0A125BF-303E-6057-7599-2663C8155EE8}] 2014-03-30 12:31 474112 ----a-w- c:\programdata\deaili44me\uOk6jo8.x64.dll . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Kowalczyk\AppData\Roaming\Mozilla\Firefox\Profiles\o8xps00f.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKLM-Run- - (no file) BHO-{4F524A2D-5637-4300-76A7-7A786E7484D7} - (no file) WebBrowser-{4F524A2D-5637-4300-76A7-7A786E7484D7} - (no file) AddRemove-NIS - c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\21.0.0.100\InstStub.exe AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\4.1.0.28\InstWrap.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.0.0.100\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.0.0.100\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\system32\drivers\NISx64\1500000.064\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.0.0.100;c:\program files (x86)\Norton Internet Security\Engine64\21.0.0.100" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe . ************************************************************************** . Czas ukończenia: 2014-11-25 19:09:13 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2014-11-25 18:09 ComboFix2.txt 2014-07-31 16:53 ComboFix3.txt 2014-06-26 14:30 . Przed: 16 909 422 592 bajtów wolnych Po: 16 855 642 112 bajtów wolnych . - - End Of File - - FDC272F8CED13FEB6D689A00CF3E4EF3 A36C5E4F47E84449FF07ED3517B43A31