ComboFix 15-02-16.01 - dzodzo 2015-02-25 13:38

Transkrypt

ComboFix 15-02-16.01 - dzodzo 2015-02-25 13:38:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.7956.5422 [GMT 1:0
0]
Uruchomiony z: c:\users\dzodzo\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))
))))))))))))))))))))
.
.
c:\program files (x86)\Alcohol Soft\ddf1b53c-0af5-48ea-9b88-3cfad45baf09.dll
c:\program files (x86)\ddf1b53c-0af5-48ea-9b88-3cfad45baf09\95cde084-46df-4d90-b
d12-a0184da6b264.dll
c:\program files (x86)\DownnSave
c:\program files (x86)\DownnSave\Kw4i7lRSIJLZ29.dat
c:\program files (x86)\DownnSave\Kw4i7lRSIJLZ29.dll
c:\program files (x86)\DownnSave\Kw4i7lRSIJLZ29.tlb
c:\program files (x86)\DownnSave\Kw4i7lRSIJLZ29.x64.dll
c:\program files (x86)\INSTALL.LOG
c:\programdata\16096186658762785850
c:\programdata\16096186658762785850\07870b539a388c2b6c82b6b4eb07d8be.ini
c:\programdata\16096186658762785850\2a0b23fa8d6e74d46c82b6b4eb07d8be.ini
c:\programdata\16096186658762785850\465f8e59c1c2d7746c82b6b4eb07d8be.ini
c:\programdata\16096186658762785850\48b7d16c1455ab256c82b6b4eb07d8be.ini
c:\programdata\16096186658762785850\4ab07dd0adbafc366c82b6b4eb07d8be.ini
c:\programdata\16096186658762785850\62dd3921369ec2f66c82b6b4eb07d8be.ini
c:\programdata\16096186658762785850\8c84dcdc46445dd66c82b6b4eb07d8be.ini
c:\programdata\16096186658762785850\cd5b15e575e1c3d06c82b6b4eb07d8be.ini
c:\programdata\16096186658762785850\f6f6eb7fa6ec98576c82b6b4eb07d8be.ini
c:\programdata\ntuser.pol
c:\users\dzodzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhflam
heoandbibgflojkjccnenjbda
heoandbibgflojkjccnenjbda\128\background.html
heoandbibgflojkjccnenjbda\128\content.js
heoandbibgflojkjccnenjbda\128\i65tlK3CWf.js
heoandbibgflojkjccnenjbda\128\lsdb.js
heoandbibgflojkjccnenjbda\128\manifest.json
c:\users\dzodzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chro
me-extension_cmemcmjhdeohjpbikcblllcfcnholbol_0.localstorage
c:\users\dzodzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chro
me-extension_mhhflamheoandbibgflojkjccnenjbda_0.localstorage
c:\users\dzodzo\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\dzodzo\AppData\Local\nsdC886.tmp
c:\users\dzodzo\AppData\Local\nsu40F5.tmp
c:\users\dzodzo\AppData\Roaming\AnyProtectEx
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\HELP_DECRYPT.HTML
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\HELP_DECRYPT.PNG
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\HELP_DECRYPT.TXT
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\HELP_DECRYPT.URL
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\installer\ab.test.json
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\installer\tempfile.t
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\language\de.xml
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\language\en.xml
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\language\fr.xml
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.quick.results
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.results
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\swf\HELP_DECRYPT.HTML
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\swf\HELP_DECRYPT.PNG
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\swf\HELP_DECRYPT.TXT
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\swf\HELP_DECRYPT.URL
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\swf\mov01.swf
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\swf\swfIWe.swf
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\swf\swfK3.swf
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\swf\swfk4u.swf
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\swf\swfMF.swf
c:\users\dzodzo\AppData\Roaming\AnyProtectEx\swf\swfwjy8.swf
c:\users\dzodzo\AppData\Roaming\msregsvv.dll
c:\users\dzodzo\Documents\~WRL0001.tmp
c:\windows\msvcr71.dll
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\myeasylog.log
c:\windows\SysWow64\msvcsv60.dll
.
.
((((((((((((((((((((((((( Pliki utworzone od 2015-01-25 do 2015-02-25 )))))))
))))))))))))))))))))))))
.
.
2015-02-25 12:44 . 2015-02-25 12:44
-------d-----wc:\users
\Default\AppData\Local\temp
2015-02-24 17:36 . 2015-02-24 17:37
-------d-----wc:\progr
am files (x86)\Audacity
2015-02-24 15:22 . 2011-02-23 14:57
280408 ----a-wc:\windows\syste
m32\drivers\aswSP.sys
2015-02-24 15:22 . 2011-02-23 14:57
m32\drivers\aswSnx.sys
2015-02-24 15:22 . 2011-02-23 14:55
m32\drivers\aswTdi.sys
2015-02-24 15:22 . 2011-02-23 14:55
m32\drivers\aswRdr.sys
2015-02-24 15:22 . 2011-02-23 14:54
m32\drivers\aswFsBlk.sys
2015-02-24 15:22 . 2011-02-23 14:55
m32\drivers\aswMonFlt.sys
2015-02-24 15:22 . 2011-02-23 15:04
m32\aswBoot.exe
2015-02-24 15:22 . 2011-02-23 15:04
40648 ----a-wc:\windows\avast
SS.scr
2015-02-24 15:22 . 2011-02-23 15:04
190016 ----a-wc:\windows\SysWo
w64\aswBoot.exe
2015-02-24 15:21 . 2015-02-24 15:21
-------d-----wc:\progr
amdata\AVAST Software
2015-02-24 15:21 . 2015-02-24 15:21
-------d-----wc:\progr
am files\AVAST Software
2015-02-24 15:19 . 2015-02-25 12:34
m32\drivers\MBAMSwissArmy.sys
2015-02-24 15:18 . 2015-02-24 15:18
-------d-----wc:\progr
am files (x86)\Malwarebytes Anti-Malware
2015-02-24 15:18 . 2015-02-24 15:18
-------d-----wc:\progr
amdata\Malwarebytes
2015-02-24 15:18 . 2014-11-21 05:14
m32\drivers\mwac.sys
2015-02-24 15:18 . 2014-11-21 05:14
m32\drivers\mbamchameleon.sys
2015-02-24 15:18 . 2014-11-21 05:14
m32\drivers\mbam.sys
2015-02-24 13:56 . 2015-02-24 13:56
-------d-----wc:\progr
am files (x86)\Realtek
2015-02-24 13:56 . 2015-02-24 13:56
-------d--h--wc:\progr
am files (x86)\Temp
2015-02-24 13:56 . 2014-02-26 14:16
2080472 ----a-wc:\windows\RtlEx
Upd.dll
2015-02-24 13:56 . 2015-02-24 13:56
-------d-----wc:\progr
am files (x86)\Common Files\InstallShield
2015-02-24 11:12 . 2015-02-24 14:49
-------d-----wc:\progr
amdata\df61247c21f0043a
2015-02-24 11:11 . 2015-02-24 11:11
-------d-----wc:\progr
am files (x86)\predm
2015-02-24 10:31 . 2015-02-24 10:31
-------d-----wc:\windo
ws\PCHEALTH
2015-02-24 10:31 . 2015-02-24 10:31
-------d-----wc:\progr
am files (x86)\Microsoft.NET
2015-02-24 10:23 . 2015-02-24 10:23
-------d-----rC:\MSOCa
che
2015-02-22 10:14 . 2015-02-22 10:14
-------d-----wc:\progr
amdata\6d8904f500001dc5
2015-02-22 09:58 . 2015-02-24 14:49
-------d-----wc:\progr
am files\CCleaner
2015-02-22 09:48 . 2015-02-22 09:53
-------d-----wc:\progr
amdata\{5692165a-a1a0-4b6f-5692-2165aa1a596a}
2015-02-22 09:47 . 2015-02-25 12:43
-------d-----wc:\progr
am files (x86)\ddf1b53c-0af5-48ea-9b88-3cfad45baf09
2015-02-21 10:29 . 2015-02-24 15:25
-------d-----wc:\progr
am files (x86)\Haappy2Soave
2015-02-21 10:29 . 2015-02-24 15:25
-------d-----wc:\progr
am files (x86)\TransferBigFilescom Gmail Extension
2015-02-21 10:09 . 2015-02-24 15:25
-------d-----wc:\progr
am files (x86)\SeaveeLots
2015-02-21 00:13 . 2015-02-24 15:25
-------d-----wc:\progr
am files (x86)\Cloudy for Gmail
2015-02-21 00:13 . 2015-02-24 15:25
-------d-----wc:\progr
am files (x86)\MinaiomuMPrice
2015-02-21 00:13 . 2015-02-21 00:13
-------d-----wc:\progr
amdata\adpmlaopjikbapeeaadiamcoelehkmkj
2015-02-20 09:12 . 2015-02-24 15:25
-------d-----wc:\progr
am files (x86)\ShoPDrrop
2015-02-20 08:32 . 2015-02-20 08:32
-------d-----wc:\windo
ws\SysWow64\Dane
2015-02-19 09:49 . 2015-02-19 09:49
-------d-----wc:\progr
amdata\Sibelius Software
2015-02-19 09:48 . 2015-02-19 09:48
-------d-----wc:\progr
am files (x86)\Sibelius Software
2015-02-17 16:57 . 2015-02-17 16:57
-------d-----wc:\progr
amdata\Baidu
2015-02-17 16:56 . 2015-02-17 16:56
-------d-----wc:\progr
am files (x86)\FreeTime
2015-02-17 14:45 . 2015-02-17 14:45
-------dc-h--wc:\progr
amdata\{1C7A6EB7-BED0-4444-B0DA-4BFDCF83C380}
2015-02-17 10:24 . 2015-02-17 10:24
-------d-----wc:\progr
am files (x86)\Winamp
2015-02-17 10:22 . 2015-02-17 10:22
-------d-----wc:\windo
ws\aod
2015-02-17 09:37 . 2015-02-17 09:37
-------d-----wc:\progr
amdata\The AdBlocker
2015-02-13 00:20 . 2015-02-13 00:20
-------d-----wc:\progr
am files (x86)\Windows Essentials Codec Pack
2015-02-13 00:16 . 2015-02-13 00:16
-------d-----wc:\progr
am files (x86)\Use VLC for YouTube
2015-02-13 00:16 . 2015-02-13 00:16
-------d-----wc:\progr
amdata\jfjchdnkemjpnjnlkjajllhbhaohpbin
2015-02-12 13:33 . 2015-02-12 13:33
-------d-----wc:\windo
ws\SysWow64\Flash
2015-02-12 13:04 . 2015-02-12 13:04
-------d-----wc:\progr
am files (x86)\ChomikBox
2015-02-12 12:53 . 2015-02-24 16:02
-------d-----wc:\progr
am files (x86)\globalUpdate
2015-02-11 11:36 . 2015-02-11 11:36
-------d-----wc:\progr
am files (x86)\Metronom
2015-02-11 11:33 . 2015-02-11 11:33
-------d-----wc:\progr
am files (x86)\Fine Metronome 3
2015-02-11 11:27 . 2004-08-10 04:00
w64\msvbvm50.dll
2015-02-11 11:27 . 2015-02-11 11:27
-------d-----wc:\progr
am files (x86)\Easy Hi-Q Recorder
2015-02-11 11:27 . 2002-01-05 08:37
w64\msvcr70.dll
2015-02-11 11:27 . 2001-03-13 08:49
w64\comdlg32.ocx
2015-02-09 19:15 . 2015-02-09 19:15
-------d-----wc:\progr
am files (x86)\Toontrack
2015-02-08 22:37 . 2015-02-24 09:23
-------d-----wc:\progr
amdata\M-Audio
2015-02-08 22:37 . 2015-02-08 22:37
-------d-----wc:\progr
am files\Steinberg
2015-02-08 16:25 . 2015-02-08 16:25
-------d-----wc:\progr
am files (x86)\Transcribe!
2015-02-08 14:26 . 2015-02-08 14:26
-------d-----wC:\Trili
an
2015-02-08 14:25 . 2015-02-08 14:25
-------d-----wc:\progr
am files\Cakewalk
2015-02-08 14:25 . 2015-02-08 14:26
-------d-----wc:\progr
amdata\Spectrasonics
2015-02-08 11:34 . 2015-02-08 11:34
amdata\{6032CB49-DE54-4192-9F71-65859D0B544F}
2015-02-08 11:26 . 2015-02-08 11:26
-------dc----wc:\progr
amdata\{B54CEF12-4612-4E77-B06C-403C662468E7}
2015-02-08 11:26 . 2015-02-08 11:26
amdata\{35B46D49-85E2-40EA-8EC6-43B281EDD8E7}
2015-02-08 11:25 . 2015-02-08 11:25
amdata\{FB5C60A0-15D1-4DEF-A6EF-3366AC37909F}
2015-02-08 11:25 . 2015-02-08 11:25
amdata\{EFEC7DCC-2F91-4828-B49D-8506F9F0D9FF}
2015-02-08 11:21 . 2015-02-08 11:21
amdata\{7AFFCFD3-F022-420B-8E87-BBAED1C983C8}
2015-02-08 11:21 . 2015-02-08 11:21
amdata\{F4C30B44-15B7-482B-8B80-38AA0AB0956A}
2015-02-08 11:21 . 2015-02-08 11:21
amdata\{03149E88-061F-4C01-98FF-736811F5AEF5}
2015-02-08 11:21 . 2015-02-08 11:21
amdata\{AD7B6000-2063-4CF8-A07D-49A34A4164E7}
2015-02-08 11:20 . 2015-02-08 11:20
amdata\{F565CCC6-40E0-4D3B-A268-394489E1A288}
2015-02-08 11:20 . 2015-02-08 11:20
amdata\{BC4F73B4-86E2-45AA-A4F8-3D7C23012DDF}
2015-02-08 11:20 . 2015-02-08 11:20
amdata\{831278B3-E363-4BCB-B754-70A9488477C9}
2015-02-08 11:20 . 2015-02-08 11:20
amdata\{E753D955-673D-4851-B06F-9A9D0C44C02C}
2015-02-08 11:19 . 2015-02-08 11:19
amdata\{87A1E31E-1C63-4A99-AEEA-EA57A3043C1D}
2015-02-08 11:19 . 2015-02-08 11:19
amdata\{34163C5E-1AE4-49D8-B5F9-A3C2422AAB96}
2015-02-08 11:17 . 2015-02-08 11:17
amdata\{450C7B07-81AD-445F-87F1-27917FA78AB4}
2015-02-08 11:14 . 2015-02-08 11:14
amdata\{B9F39E05-2A83-4A5C-873C-9004232BF507}
2015-02-08 11:13 . 2015-02-08 11:13
amdata\{D8A99D59-FC0A-442D-AFE3-3ACD232C2D11}
2015-02-08 11:10 . 2015-02-08 11:10
amdata\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}
2015-02-08 11:04 . 2015-02-08 11:04
amdata\{5CCB3323-39AA-41ED-8599-AECD2B307327}
2015-02-08 11:04 . 2015-02-08 11:14
-------d-----wc:\progr
am files (x86)\Common Files\Native Instruments
2015-02-08 10:49 . 2015-02-08 10:49
amdata\{EC39AE66-34A3-419D-BCB8-29619DA92C37}
2015-02-08 10:45 . 2015-02-08 10:45
amdata\{54946576-BA75-44B8-B88E-CA765E921188}
2015-02-08 10:39 . 2015-02-08 10:39
amdata\{E2A3D3D3-946E-4752-90FB-AF37CC248734}
2015-02-08 10:39 . 2015-02-08 11:34
-------d-----wc:\progr
am files\Native Instruments
2015-02-08 10:39 . 2015-02-08 11:25
-------d-----wc:\progr
am files\Common Files\Native Instruments
2015-02-08 00:14 . 2015-02-08 00:14
-------d-----wc:\progr
am files\Spectrasonics
2015-02-08 00:14 . 2015-02-08 00:17
-------d-----wc:\progr
am files (x86)\Spectrasonics
2015-02-06 16:51 . 2015-02-06 16:51
-------d-----wc:\progr
am files (x86)\Common Files\Skype
2015-02-06 16:51 . 2015-02-06 16:51
-------d-----rc:\progr
am files (x86)\Skype
2015-02-06 16:51 . 2015-02-06 16:51
-------d-----wc:\progr
amdata\Skype
2015-02-06 16:49 . 2015-02-06 16:49
-------d-----wc:\progr
amdata\APN
2015-02-06 15:31 . 2015-02-24 09:23
-------d-----wc:\progr
amdata\Line 6
2015-02-06 15:31 . 2015-02-06 15:31
-------d-----wc:\progr
am files (x86)\Line6
2015-02-05 23:02 . 2015-02-25 12:43
-------d-----wc:\progr
am files (x86)\Alcohol Soft
2015-02-05 23:02 . 2015-02-05 23:02
m32\drivers\sptd.sys
2015-02-05 22:53 . 2014-12-02 14:10
m32\unrar64.dll
2015-02-05 22:53 . 2014-12-02 14:10
w64\unrar.dll
2015-02-05 22:53 . 2015-02-24 14:14
-------d-----wc:\progr
am files (x86)\K-Lite Codec Pack
2015-02-05 22:53 . 2015-02-22 09:47
-------d-----wc:\progr
am files (x86)\Google
2015-02-05 22:52 . 2015-02-05 22:52
-------d-----wc:\windo
ws\SysWow64\Macromed
2015-02-05 22:52 . 2015-02-05 22:52
-------d-----wc:\windo
ws\system32\Macromed
2015-02-05 22:08 . 2015-02-05 22:08
-------d-----wc:\progr
am files (x86)\XLN Audio
2015-02-05 21:58 . 2015-02-05 21:58
-------d-----wc:\progr
amdata\Native Instruments
2015-02-05 21:55 . 2015-02-05 21:55
-------d-----wc:\progr
am files\WinRAR
2015-02-05 21:26 . 2015-02-09 19:41
-------d-----wc:\progr
am files (x86)\PowerTracks DirectX Plugins
2015-02-05 21:26 . 2015-02-24 09:23
-------d-----wC:\bb
2015-02-05 20:48 . 2015-02-24 16:02
-------d-----wc:\progr
amdata\7e4df1c2-17ef-43f5-93e3-fbd2eceaa42c
2015-02-05 20:35 . 2015-02-05 20:35
-------d-----wc:\progr
am files (x86)\Common Files\Adobe
2015-02-05 20:26 . 2015-02-24 09:23
-------d-----wc:\progr
amdata\Toontrack
2015-02-05 20:14 . 2015-02-05 20:14
-------d-----wc:\progr
am files (x86)\ASIO4ALL v2
2015-02-05 20:11 . 2015-02-05 20:11
-------d-----wc:\progr
am files (x86)\Common Files\Toontrack
2015-02-05 20:09 . 2012-08-29 12:23
499712 ----a-wc:\windows\msvcp
71.dll
2015-02-05 20:09 . 2015-02-05 20:09
-------d-----wc:\progr
am files\Common Files\Avid
2015-02-05 20:09 . 2015-02-05 20:09
-------d-----wc:\progr
am files (x86)\Common Files\Avid
2015-02-05 20:09 . 2015-02-09 19:10
-------d-----wc:\progr
am files (x86)\VstPlugIns
2015-02-05 20:09 . 2015-02-09 16:22
-------d-----wc:\progr
am files\VstPlugIns
2015-02-05 20:09 . 2015-02-05 20:10
-------d-----wc:\progr
am files (x86)\IK Multimedia
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))
))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domy lne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [201211-06 3673728]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv
.exe" [2012-01-05 75624]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 740
4312]
"ChomikBox"="c:\program files (x86)\ChomikBox\chomikbox.exe" [2014-03-11 6033408
]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Control
ler Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.
exe" [2012-08-31 508144]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2013-05-14 552960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [20
14-12-19 1022152]
"WinampAgent"="c:\program files (x86)\Winamp\Winampa.exe" [2003-04-02 12288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
c:\users\dzodzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HELP_DECRYPT.HTML [2015-2-24 8604]
HELP_DECRYPT.PNG [2015-2-24 45768]
HELP_DECRYPT.TXT [2015-2-24 4242]
HELP_DECRYPT.URL [2015-2-24 288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\win
dows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\
Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Al
cohol 120\AxAutoMntSrv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:
\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IntcDAud;Audio dla wy wietlaczy Intel(R);c:\windows\system32\DRIVERS\IntcDAud.s
ys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Li
censing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciSe
rver.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\Drivers\L6TPortB64
.sys;c:\windows\SYSNATIVE\Drivers\L6TPortB64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATI
VE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD
.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\
DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\
DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Sterownik prze³¹cznika kontrolera hosta Intel(R) USB 3.0;c:\windows\syst
em32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\System
Root\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsof
tbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSN
ATIVE\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Int
el(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel
(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing
Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program
files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\pro
gram files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_serv
ice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\
mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler
.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbam
service.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\wind
ows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS
\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Sterownik kontrolera hosta Intel(R) USB 3.0 eXtensible;c:\windows\sy
stem32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controlle
r;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64
.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\S
YSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\
windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sy
s;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows
\SYSNATIVE\Drivers\vm331avs.sys [x]
.
.
--- Inne Us³ugi/Sterowniki w Pamiêci --.
*NewlyCreated* - MBAMSWISSARMY
.
Zawarto æ folderu 'Zaplanowane zadania'
.
2015-02-21 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_pepper.exe [2015-0205 22:52]
.
2015-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 22
:52]
.
.
--------- X64 Entries ----------.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04
134384 ----a-wc:\program files\AVAST Software\
Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIco
nLaunch.exe" [2013-04-30 36352]
"DolbyTrayApp"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [201208-31 508144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-06-18 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-06-18 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-06-18 444400]
.
------- Skan uzupe³niaj¹cy ------.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
uDefault_Search_URL = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: E&ksport do programu Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.E
XE/3000
Trusted Zone: line6.net
TCP: DhcpNameServer = 155.158.99.2
.
- - - - USUNIÊTO PUSTE WPISY - - - .
BHO-{32698761-3e96-446e-84ca-bc989f9f6e3a} - c:\program files (x86)\DownnSave\Kw
4i7lRSIJLZ29.dll
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-B4520F43 - c:\users\dzodzo\AppData\Roaming\B4520F43\bin.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-BBServer_is1 - f:\bb\BBHelper\unins000.exe
AddRemove-BB_is1 - f:\bb\uninstall\unins078.exe
AddRemove-WorldofTanks - c:\users\dzodzo\AppData\Local\Temp\is1094620407\358E12B
0_stp\Uninstaller.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukoñczenia: 2015-02-25 13:46:42
ComboFix-quarantined-files.txt 2015-02-25 12:46
.
Przed: 43 231 227 904 bajtów wolnych
Po: 43 282 620 416 bajtów wolnych
.
- - End Of File - - 0911524696F902DAF6F67FE603A552E1
A36C5E4F47E84449FF07ED3517B43A31

ComboFix 15-02-16.01 - dzodzo 2015-02-25 13:38

Transkrypt

Podobne dokumenty

OTL Extras logfile created on: 2012-05-25 08:10:49