Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Asus n50vn rootkit
Message
<blockquote data-quote="mario81" data-source="post: 311123" data-attributes="member: 31549"><p>ComboFix 14-12-07.01 - Mariusz 2014-12-07 11:47:42.2.2 - x64</p><p>Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4095.2067 [GMT 1:00]</p><p>Uruchomiony z: c:\users\Mariusz\Downloads\ComboFix.exe</p><p>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>C:\Recycler</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Pliki utworzone od 2014-11-07 do 2014-12-07 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2014-12-07 10:53 . 2014-12-07 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2014-12-07 10:41 . 2014-10-01 10:20 93400 ----a-w- c:\windows\system32\drivers\is-GJ4SP.tmp</p><p>2014-12-07 10:41 . 2014-12-07 10:41 -------- d-----w- C:\Program Files )</p><p>2014-12-07 10:41 . 2014-10-01 10:20 25816 ----a-w- c:\windows\system32\drivers\is-HRU1D.tmp</p><p>2014-12-07 08:01 . 2014-12-07 08:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com</p><p>2014-12-07 07:48 . 2014-12-07 08:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy</p><p>2014-12-07 07:44 . 2014-12-07 07:44 -------- d-----w- c:\programdata\HitmanPro</p><p>2014-12-07 03:23 . 2014-12-07 03:23 -------- d-----w- c:\program files\WinRAR</p><p>2014-12-06 19:43 . 2014-12-06 19:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service</p><p>2014-12-06 19:43 . 2014-12-06 19:43 -------- d-----w- c:\program files\Nightly</p><p>2014-12-06 17:44 . 2014-12-06 17:44 -------- d-----w- c:\programdata\GlassWire</p><p>2014-12-06 17:44 . 2014-11-05 05:41 33296 ----a-w- c:\windows\system32\drivers\gwdrv.sys</p><p>2014-12-06 17:44 . 2014-12-06 17:44 -------- d-----w- c:\program files (x86)\GlassWire</p><p>2014-12-06 17:33 . 2014-11-17 01:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9840109A-ACB0-46A3-8ED1-C7A31D26BED5}\mpengine.dll</p><p>2014-12-06 17:15 . 2014-12-06 17:18 -------- d-----w- c:\windows\system32\catroot2</p><p>2014-12-06 16:26 . 2014-12-06 17:05 -------- d-----w- c:\windows\SysWow64\wbem\Performance</p><p>2014-12-06 16:18 . 2014-12-06 16:18 -------- d-----w- C:\RegBackup</p><p>2014-12-06 15:58 . 2014-12-06 15:58 -------- d-----w- c:\program files (x86)\WinDirStat</p><p>2014-12-06 15:49 . 2014-12-06 15:49 -------- d-----w- c:\program files (x86)\Secunia</p><p>2014-12-06 15:48 . 2014-12-06 15:48 -------- d-----w- c:\program files (x86)\Tweaking.com</p><p>2014-12-06 15:44 . 2014-12-07 10:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)</p><p>2014-12-06 15:36 . 2014-12-06 15:36 -------- d-----w- c:\program files (x86)\Zemana AntiLogger Free</p><p>2014-12-06 15:36 . 2014-12-06 15:36 -------- d-----w- c:\program files (x86)\KeyCryptSDK</p><p>2014-12-06 15:36 . 2014-11-28 11:15 71400 ----a-w- c:\windows\system32\drivers\KeyCrypt64.sys</p><p>2014-12-06 15:32 . 2014-12-06 15:32 -------- d-----w- c:\programdata\InstallMate</p><p>2014-12-06 15:32 . 2014-12-06 15:32 -------- d-----w- c:\program files (x86)\Ruiware</p><p>2014-12-06 15:21 . 2014-12-07 10:29 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit</p><p>2014-12-06 15:21 . 2014-12-06 15:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit</p><p>2014-12-06 12:50 . 2014-12-06 12:50 129752 ----a-w- c:\windows\system32\drivers\06E03FF8.sys</p><p>2014-12-05 19:08 . 2014-12-06 17:21 -------- d-----w- c:\programdata\Skype</p><p>2014-11-28 12:02 . 2014-11-28 12:02 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys</p><p>2014-11-25 18:39 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll</p><p>2014-11-25 18:39 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe</p><p>2014-11-25 18:39 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll</p><p>2014-11-25 18:39 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll</p><p>2014-11-25 18:39 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll</p><p>2014-11-25 18:39 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll</p><p>2014-11-25 18:39 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll</p><p>2014-11-25 18:39 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll</p><p>2014-11-25 18:39 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll</p><p>2014-11-25 18:39 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll</p><p>2014-11-25 18:38 . 2014-05-14 08:23 198600 ----a-w- c:\windows\system32\wuwebv.dll</p><p>2014-11-25 18:38 . 2014-05-14 08:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll</p><p>2014-11-25 18:38 . 2014-05-14 08:20 36864 ----a-w- c:\windows\system32\wuapp.exe</p><p>2014-11-25 18:38 . 2014-05-14 08:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe</p><p>2014-11-25 14:22 . 2014-11-25 14:22 -------- d-----w- c:\programdata\Package Cache</p><p>2014-11-25 14:21 . 2014-11-25 14:21 -------- d-----w- c:\program files (x86)\Seagate</p><p>2014-11-25 14:17 . 2014-11-25 14:17 -------- d-----w- c:\program files (x86)\Microsoft.NET</p><p>2014-11-25 14:08 . 2014-10-31 22:26 103374192 ----a-w- c:\windows\system32\MRT.exe</p><p>2014-11-25 13:51 . 2014-11-25 13:51 -------- d-----w- C:\TDSSKiller_Quarantine</p><p>2014-11-25 13:45 . 2014-12-06 20:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2014-11-25 13:45 . 2014-12-06 20:11 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2014-11-25 13:45 . 2014-11-25 13:45 -------- d-----w- c:\windows\SysWow64\Macromed</p><p>2014-11-25 13:45 . 2014-11-25 13:45 -------- d-----w- c:\windows\system32\Macromed</p><p>2014-11-25 13:26 . 2014-12-07 10:39 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys</p><p>2014-11-25 13:26 . 2014-12-07 07:27 -------- d-----w- c:\programdata\Malwarebytes</p><p>2014-11-25 13:26 . 2014-12-06 17:29 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys</p><p>2014-11-25 13:26 . 2014-12-06 15:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware</p><p>2014-11-25 13:26 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2014-11-25 13:26 . 2014-10-01 10:20 63704 ----a-w- c:\windows\system32\drivers\mwac.sys</p><p>2014-11-25 13:19 . 2014-12-06 13:21 -------- d-----w- c:\program files (x86)\Opera</p><p>2014-11-25 13:16 . 2009-06-25 23:38 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys</p><p>2014-11-25 13:16 . 2007-07-25 19:48 172032 ----a-w- c:\windows\system32\rixdicon.dll</p><p>2014-11-25 13:16 . 2009-06-26 00:04 67584 ----a-w- c:\windows\system32\drivers\rimmpx64.sys</p><p>2014-11-25 13:16 . 2009-06-25 23:13 55296 ----a-w- c:\windows\system32\drivers\rimspx64.sys</p><p>2014-11-25 13:16 . 2004-09-04 10:00 90112 ----a-w- c:\windows\system32\snymsico.dll</p><p>2014-11-25 13:13 . 2014-11-25 13:14 -------- d-----w- c:\programdata\NVIDIA</p><p>2014-11-25 13:12 . 2009-05-11 10:49 81952 ----a-w- c:\windows\system32\drivers\nvhda64v.sys</p><p>2014-11-25 13:12 . 2009-05-11 10:49 62976 ----a-w- c:\windows\system32\nvapo64v.dll</p><p>2014-11-25 13:12 . 2009-05-11 10:48 22528 ----a-w- c:\windows\system32\nvhdap64.dll</p><p>2014-11-25 13:12 . 2009-05-08 14:50 159232 ----a-w- c:\windows\system32\nvcohda6.dll</p><p>2014-11-25 13:12 . 2009-05-08 14:50 506400 ----a-w- c:\windows\system32\nvuhda6.exe</p><p>2014-11-25 13:11 . 2009-06-11 09:09 508448 ----a-w- c:\windows\system32\nvudisp.exe</p><p>2014-11-25 13:11 . 2009-06-22 11:28 539168 ----a-w- c:\windows\system32\NVUNINST.EXE</p><p>2014-11-25 13:06 . 2009-07-20 16:29 15416 ----a-w- c:\windows\system32\drivers\kbfiltr.sys</p><p>2014-11-25 13:05 . 2009-08-23 04:24 5435904 ----a-w- c:\windows\system32\drivers\NETw5v64.sys</p><p>2014-11-25 13:04 . 2014-11-25 13:53 -------- d-----w- c:\program files\ATKGFNEX</p><p>2014-11-25 13:04 . 2014-11-25 13:04 -------- d-----w- c:\program files (x86)\InstallShield Installation Information</p><p>2014-11-25 13:03 . 2014-11-25 13:04 -------- d-----w- c:\program files (x86)\ASUS</p><p>2014-11-25 13:02 . 2014-12-05 19:08 -------- d-sh--w- c:\windows\Installer</p><p>2014-11-25 12:56 . 2014-11-25 12:57 -------- d-----w- c:\users\Mariusz</p><p>2014-11-25 12:49 . 2014-11-25 12:56 -------- d-----w- c:\windows\Panther</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2014-11-24 13:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane </p><p>REGEDIT4</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"HijackThis startup scan"="c:\users\Mariusz\Desktop\HijackThis\HijackThis.exe" [2011-04-11 1306624]</p><p>"SUPERAntiSpyware"="c:\users\Mariusz\Desktop\SuperAntiSpyware\PROGRAM64.COM" [2011-10-17 5500800]</p><p>"HW_OPENEYE_OUC_blueconnect"="c:\program files (x86)\blueconnect\UpdateDog\ouc.exe" [2011-03-26 116064]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-12-04 2558776]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]</p><p>"LoadAppInit_DLLs"=1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]</p><p>@="Service"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]</p><p>@="Service"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]</p><p>@="Service"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]</p><p>@="Service"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]</p><p>@="Service"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]</p><p>@="Service"</p><p>.</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]</p><p>R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]</p><p>R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]</p><p>R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]</p><p>R4 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe [x]</p><p>R4 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]</p><p>R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]</p><p>R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]</p><p>S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]</p><p>S1 gwdrv;GlassWire Driver;c:\windows\system32\DRIVERS\gwdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gwdrv.sys [x]</p><p>S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]</p><p>S1 SASDIFSV;SASDIFSV;c:\users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS;c:\users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS [x]</p><p>S1 SASKUTIL;SASKUTIL;c:\users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS;c:\users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS [x]</p><p>S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]</p><p>S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]</p><p>S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]</p><p>S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]</p><p>S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]</p><p>S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]</p><p>S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]</p><p>S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]</p><p>.</p><p>.</p><p>--- Inne Usługi/Sterowniki w Pamięci ---</p><p>.</p><p>*NewlyCreated* - MBAMSWISSARMY</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]</p><p>.</p><p>------- Skan uzupełniający -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>uStart Page = hxxp://<a href="http://www.msn.com" target="_blank">www.msn.com</a></p><p>mLocal Page = c:\windows\SYSTEM32\blank.htm</p><p>FF - ProfilePath - c:\users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\</p><p>.</p><p>- - - - USUNIĘTO PUSTE WPISY - - - -</p><p>.</p><p>SafeBoot-41186125.sys</p><p>.</p><p>.</p><p>.</p><p>Czas ukończenia: 2014-12-07 11:55:17</p><p>ComboFix-quarantined-files.txt 2014-12-07 10:55</p><p>.</p><p>Przed: 476 243 406 848 bajtów wolnych</p><p>Po: 476 322 066 432 bajtów wolnych</p><p>.</p><p>- - End Of File - - 5D4B5A8100FE671EBB2AA40024FF2FCE</p><p>A36C5E4F47E84449FF07ED3517B43A31</p></blockquote><p></p>
[QUOTE="mario81, post: 311123, member: 31549"] ComboFix 14-12-07.01 - Mariusz 2014-12-07 11:47:42.2.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4095.2067 [GMT 1:00] Uruchomiony z: c:\users\Mariusz\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Recycler . . ((((((((((((((((((((((((( Pliki utworzone od 2014-11-07 do 2014-12-07 ))))))))))))))))))))))))))))))) . . 2014-12-07 10:53 . 2014-12-07 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-12-07 10:41 . 2014-10-01 10:20 93400 ----a-w- c:\windows\system32\drivers\is-GJ4SP.tmp 2014-12-07 10:41 . 2014-12-07 10:41 -------- d-----w- C:\Program Files ) 2014-12-07 10:41 . 2014-10-01 10:20 25816 ----a-w- c:\windows\system32\drivers\is-HRU1D.tmp 2014-12-07 08:01 . 2014-12-07 08:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2014-12-07 07:48 . 2014-12-07 08:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2014-12-07 07:44 . 2014-12-07 07:44 -------- d-----w- c:\programdata\HitmanPro 2014-12-07 03:23 . 2014-12-07 03:23 -------- d-----w- c:\program files\WinRAR 2014-12-06 19:43 . 2014-12-06 19:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2014-12-06 19:43 . 2014-12-06 19:43 -------- d-----w- c:\program files\Nightly 2014-12-06 17:44 . 2014-12-06 17:44 -------- d-----w- c:\programdata\GlassWire 2014-12-06 17:44 . 2014-11-05 05:41 33296 ----a-w- c:\windows\system32\drivers\gwdrv.sys 2014-12-06 17:44 . 2014-12-06 17:44 -------- d-----w- c:\program files (x86)\GlassWire 2014-12-06 17:33 . 2014-11-17 01:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9840109A-ACB0-46A3-8ED1-C7A31D26BED5}\mpengine.dll 2014-12-06 17:15 . 2014-12-06 17:18 -------- d-----w- c:\windows\system32\catroot2 2014-12-06 16:26 . 2014-12-06 17:05 -------- d-----w- c:\windows\SysWow64\wbem\Performance 2014-12-06 16:18 . 2014-12-06 16:18 -------- d-----w- C:\RegBackup 2014-12-06 15:58 . 2014-12-06 15:58 -------- d-----w- c:\program files (x86)\WinDirStat 2014-12-06 15:49 . 2014-12-06 15:49 -------- d-----w- c:\program files (x86)\Secunia 2014-12-06 15:48 . 2014-12-06 15:48 -------- d-----w- c:\program files (x86)\Tweaking.com 2014-12-06 15:44 . 2014-12-07 10:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-12-06 15:36 . 2014-12-06 15:36 -------- d-----w- c:\program files (x86)\Zemana AntiLogger Free 2014-12-06 15:36 . 2014-12-06 15:36 -------- d-----w- c:\program files (x86)\KeyCryptSDK 2014-12-06 15:36 . 2014-11-28 11:15 71400 ----a-w- c:\windows\system32\drivers\KeyCrypt64.sys 2014-12-06 15:32 . 2014-12-06 15:32 -------- d-----w- c:\programdata\InstallMate 2014-12-06 15:32 . 2014-12-06 15:32 -------- d-----w- c:\program files (x86)\Ruiware 2014-12-06 15:21 . 2014-12-07 10:29 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit 2014-12-06 15:21 . 2014-12-06 15:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit 2014-12-06 12:50 . 2014-12-06 12:50 129752 ----a-w- c:\windows\system32\drivers\06E03FF8.sys 2014-12-05 19:08 . 2014-12-06 17:21 -------- d-----w- c:\programdata\Skype 2014-11-28 12:02 . 2014-11-28 12:02 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys 2014-11-25 18:39 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll 2014-11-25 18:39 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe 2014-11-25 18:39 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll 2014-11-25 18:39 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll 2014-11-25 18:39 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll 2014-11-25 18:39 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll 2014-11-25 18:39 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll 2014-11-25 18:39 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll 2014-11-25 18:39 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll 2014-11-25 18:39 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll 2014-11-25 18:38 . 2014-05-14 08:23 198600 ----a-w- c:\windows\system32\wuwebv.dll 2014-11-25 18:38 . 2014-05-14 08:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll 2014-11-25 18:38 . 2014-05-14 08:20 36864 ----a-w- c:\windows\system32\wuapp.exe 2014-11-25 18:38 . 2014-05-14 08:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2014-11-25 14:22 . 2014-11-25 14:22 -------- d-----w- c:\programdata\Package Cache 2014-11-25 14:21 . 2014-11-25 14:21 -------- d-----w- c:\program files (x86)\Seagate 2014-11-25 14:17 . 2014-11-25 14:17 -------- d-----w- c:\program files (x86)\Microsoft.NET 2014-11-25 14:08 . 2014-10-31 22:26 103374192 ----a-w- c:\windows\system32\MRT.exe 2014-11-25 13:51 . 2014-11-25 13:51 -------- d-----w- C:\TDSSKiller_Quarantine 2014-11-25 13:45 . 2014-12-06 20:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-11-25 13:45 . 2014-12-06 20:11 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-11-25 13:45 . 2014-11-25 13:45 -------- d-----w- c:\windows\SysWow64\Macromed 2014-11-25 13:45 . 2014-11-25 13:45 -------- d-----w- c:\windows\system32\Macromed 2014-11-25 13:26 . 2014-12-07 10:39 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-25 13:26 . 2014-12-07 07:27 -------- d-----w- c:\programdata\Malwarebytes 2014-11-25 13:26 . 2014-12-06 17:29 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-25 13:26 . 2014-12-06 15:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-11-25 13:26 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-25 13:26 . 2014-10-01 10:20 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-25 13:19 . 2014-12-06 13:21 -------- d-----w- c:\program files (x86)\Opera 2014-11-25 13:16 . 2009-06-25 23:38 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys 2014-11-25 13:16 . 2007-07-25 19:48 172032 ----a-w- c:\windows\system32\rixdicon.dll 2014-11-25 13:16 . 2009-06-26 00:04 67584 ----a-w- c:\windows\system32\drivers\rimmpx64.sys 2014-11-25 13:16 . 2009-06-25 23:13 55296 ----a-w- c:\windows\system32\drivers\rimspx64.sys 2014-11-25 13:16 . 2004-09-04 10:00 90112 ----a-w- c:\windows\system32\snymsico.dll 2014-11-25 13:13 . 2014-11-25 13:14 -------- d-----w- c:\programdata\NVIDIA 2014-11-25 13:12 . 2009-05-11 10:49 81952 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2014-11-25 13:12 . 2009-05-11 10:49 62976 ----a-w- c:\windows\system32\nvapo64v.dll 2014-11-25 13:12 . 2009-05-11 10:48 22528 ----a-w- c:\windows\system32\nvhdap64.dll 2014-11-25 13:12 . 2009-05-08 14:50 159232 ----a-w- c:\windows\system32\nvcohda6.dll 2014-11-25 13:12 . 2009-05-08 14:50 506400 ----a-w- c:\windows\system32\nvuhda6.exe 2014-11-25 13:11 . 2009-06-11 09:09 508448 ----a-w- c:\windows\system32\nvudisp.exe 2014-11-25 13:11 . 2009-06-22 11:28 539168 ----a-w- c:\windows\system32\NVUNINST.EXE 2014-11-25 13:06 . 2009-07-20 16:29 15416 ----a-w- c:\windows\system32\drivers\kbfiltr.sys 2014-11-25 13:05 . 2009-08-23 04:24 5435904 ----a-w- c:\windows\system32\drivers\NETw5v64.sys 2014-11-25 13:04 . 2014-11-25 13:53 -------- d-----w- c:\program files\ATKGFNEX 2014-11-25 13:04 . 2014-11-25 13:04 -------- d-----w- c:\program files (x86)\InstallShield Installation Information 2014-11-25 13:03 . 2014-11-25 13:04 -------- d-----w- c:\program files (x86)\ASUS 2014-11-25 13:02 . 2014-12-05 19:08 -------- d-sh--w- c:\windows\Installer 2014-11-25 12:56 . 2014-11-25 12:57 -------- d-----w- c:\users\Mariusz 2014-11-25 12:49 . 2014-11-25 12:56 -------- d-----w- c:\windows\Panther . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-24 13:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HijackThis startup scan"="c:\users\Mariusz\Desktop\HijackThis\HijackThis.exe" [2011-04-11 1306624] "SUPERAntiSpyware"="c:\users\Mariusz\Desktop\SuperAntiSpyware\PROGRAM64.COM" [2011-10-17 5500800] "HW_OPENEYE_OUC_blueconnect"="c:\program files (x86)\blueconnect\UpdateDog\ouc.exe" [2011-03-26 116064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-12-04 2558776] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R4 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe [x] R4 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x] R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x] S1 gwdrv;GlassWire Driver;c:\windows\system32\DRIVERS\gwdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gwdrv.sys [x] S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] S1 SASDIFSV;SASDIFSV;c:\users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS;c:\users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS;c:\users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS [x] S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x] S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x] S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x] S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - MBAMSWISSARMY . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://[url="http://www.msn.com"]www.msn.com[/url] mLocal Page = c:\windows\SYSTEM32\blank.htm FF - ProfilePath - c:\users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . SafeBoot-41186125.sys . . . Czas ukończenia: 2014-12-07 11:55:17 ComboFix-quarantined-files.txt 2014-12-07 10:55 . Przed: 476 243 406 848 bajtów wolnych Po: 476 322 066 432 bajtów wolnych . - - End Of File - - 5D4B5A8100FE671EBB2AA40024FF2FCE A36C5E4F47E84449FF07ED3517B43A31 [/QUOTE]
Insert quotes…
Verification
Post reply
Top