ComboFix 14-08-12.01 - Agnieszka 2014-08-12 11:15:50.4.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.8099.5030 [GMT 2:00] Uruchomiony z: c:\users\Agnieszka\Downloads\ComboFix.exe AV: G Data TotalProtection *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0} FW: G Data Personal Firewall *Enabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B} SP: G Data TotalProtection *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\459449F1D1.sys . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Pliki utworzone od 2014-07-12 do 2014-08-12 ))))))))))))))))))))))))))))))) . . 2014-08-12 09:30 . 2014-08-12 09:30 8 --sh--r- c:\programdata\459449F1D1.sys 2014-08-12 09:25 . 2014-08-12 09:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-08-12 09:25 . 2014-08-12 09:25 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-08-12 09:25 . 2014-08-12 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-12 09:25 . 2014-08-12 09:25 -------- d-----w- c:\users\Damian\AppData\Local\temp 2014-08-06 10:13 . 2014-08-12 06:22 -------- d-----w- c:\users\Agnieszka\AppData\Local\Adobe 2014-08-01 06:38 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll 2014-08-01 06:38 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe 2014-08-01 06:38 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll 2014-08-01 06:38 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll 2014-08-01 06:37 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll 2014-08-01 06:37 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll 2014-08-01 06:37 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll 2014-08-01 06:36 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll 2014-08-01 06:36 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe 2014-07-28 10:47 . 2014-07-28 10:47 -------- d-----w- c:\program files (x86)\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-12 09:30 . 2011-06-10 22:22 1890 --sha-w- c:\programdata\KGyGaAvL.sys 2014-08-12 08:47 . 2014-06-20 12:43 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-07-23 08:52 . 2011-06-12 19:35 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-07-11 01:02 . 2014-07-28 10:46 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-07-09 14:13 . 2011-06-13 09:44 96441528 ----a-w- c:\windows\system32\MRT.exe 2014-07-09 09:01 . 2012-03-30 06:15 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-07-09 09:01 . 2011-06-25 06:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-02 07:50 . 2014-07-02 07:50 18160 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys 2014-07-02 07:50 . 2014-07-02 07:50 106272 ----a-w- c:\windows\system32\drivers\GRD.sys 2014-06-30 07:14 . 2014-06-29 18:55 98760 ----a-w- c:\windows\system32\drivers\TS4nt.sys 2014-06-30 07:14 . 2014-06-29 18:55 22016 ----a-w- c:\windows\system32\drivers\GDKBFlt64.sys 2014-06-30 07:14 . 2014-06-29 18:55 64000 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys 2014-06-30 02:09 . 2014-07-09 07:29 519168 ----a-w- c:\windows\system32\aepdu.dll 2014-06-30 02:04 . 2014-07-09 07:28 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-06-29 18:55 . 2014-06-29 18:55 68608 ----a-w- c:\windows\system32\drivers\PktIcpt.sys 2014-06-29 18:55 . 2014-06-29 18:55 58880 ----a-w- c:\windows\system32\drivers\gddcv64.sys 2014-06-29 18:55 . 2014-06-29 18:55 78848 ----a-w- c:\windows\system32\drivers\gddcd64.sys 2014-06-29 18:55 . 2014-06-29 18:55 65024 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2014-06-29 18:55 . 2014-06-29 18:55 57344 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2014-06-29 18:55 . 2014-06-29 18:55 135168 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2014-06-23 07:46 . 2014-06-23 07:46 12872 ----a-w- c:\windows\system32\bootdelete.exe 2014-06-20 20:14 . 2014-07-09 07:27 266424 ----a-w- c:\windows\system32\iedkcs32.dll 2014-06-19 01:39 . 2014-07-09 07:27 23464448 ----a-w- c:\windows\system32\mshtml.dll 2014-06-19 01:06 . 2014-07-09 07:27 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-06-19 01:06 . 2014-07-09 07:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-06-19 00:48 . 2014-07-09 07:27 2768384 ----a-w- c:\windows\system32\iertutil.dll 2014-06-19 00:42 . 2014-07-09 07:27 548352 ----a-w- c:\windows\system32\vbscript.dll 2014-06-19 00:42 . 2014-07-09 07:27 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-06-19 00:41 . 2014-07-09 07:27 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-06-19 00:41 . 2014-07-09 07:27 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-06-19 00:32 . 2014-07-09 07:27 51200 ----a-w- c:\windows\system32\jsproxy.dll 2014-06-19 00:31 . 2014-07-09 07:27 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-06-19 00:26 . 2014-07-09 07:27 598016 ----a-w- c:\windows\system32\ieui.dll 2014-06-19 00:24 . 2014-07-09 07:27 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2014-06-19 00:24 . 2014-07-09 07:27 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-06-19 00:23 . 2014-07-09 07:27 752640 ----a-w- c:\windows\system32\jscript9diag.dll 2014-06-19 00:14 . 2014-07-09 07:27 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-06-19 00:09 . 2014-07-09 07:27 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2014-06-18 23:59 . 2014-07-09 07:27 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-06-18 23:56 . 2014-07-09 07:27 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-06-18 23:53 . 2014-07-09 07:27 195584 ----a-w- c:\windows\system32\msrating.dll 2014-06-18 23:51 . 2014-07-09 07:27 5721088 ----a-w- c:\windows\system32\jscript9.dll 2014-06-18 23:50 . 2014-07-09 07:27 85504 ----a-w- c:\windows\system32\mshtmled.dll 2014-06-18 23:48 . 2014-07-09 07:27 292864 ----a-w- c:\windows\system32\dxtrans.dll 2014-06-18 23:39 . 2014-07-09 07:27 608768 ----a-w- c:\windows\system32\ie4uinit.exe 2014-06-18 23:38 . 2014-07-09 07:27 455168 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-06-18 23:37 . 2014-07-09 07:27 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-06-18 23:36 . 2014-07-09 07:27 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-06-18 23:35 . 2014-07-09 07:27 62464 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-06-18 23:33 . 2014-07-09 07:27 631808 ----a-w- c:\windows\system32\msfeeds.dll 2014-06-18 23:27 . 2014-07-09 07:27 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-06-18 23:27 . 2014-07-09 07:27 2040832 ----a-w- c:\windows\system32\inetcpl.cpl 2014-06-18 23:23 . 2014-07-09 07:27 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-06-18 23:22 . 2014-07-09 07:27 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-06-18 23:06 . 2014-07-09 07:27 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-06-18 22:58 . 2014-07-09 07:27 2266112 ----a-w- c:\windows\system32\wininet.dll 2014-06-18 22:52 . 2014-07-09 07:27 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-06-18 22:51 . 2014-07-09 07:27 13527040 ----a-w- c:\windows\system32\ieframe.dll 2014-06-18 22:46 . 2014-07-09 07:27 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-06-18 22:45 . 2014-07-09 07:27 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-06-18 22:34 . 2014-07-09 07:27 1393664 ----a-w- c:\windows\system32\urlmon.dll 2014-06-18 22:15 . 2014-07-09 07:27 846336 ----a-w- c:\windows\system32\ieapfltr.dll 2014-06-18 22:13 . 2014-07-09 07:27 1791488 ----a-w- c:\windows\SysWow64\wininet.dll 2014-06-18 02:18 . 2014-07-09 07:28 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-09 07:28 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-18 01:10 . 2014-07-09 07:28 3157504 ----a-w- c:\windows\system32\win32k.sys 2014-06-06 10:10 . 2014-07-09 07:28 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-09 07:28 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-09 07:26 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-09 07:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-09 07:26 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-05-30 08:08 . 2014-07-09 07:28 210944 ----a-w- c:\windows\system32\wdigest.dll 2014-05-30 08:08 . 2014-07-09 07:28 86528 ----a-w- c:\windows\system32\TSpkg.dll 2014-05-30 08:08 . 2014-07-09 07:28 340992 ----a-w- c:\windows\system32\schannel.dll 2014-05-30 08:08 . 2014-07-09 07:28 314880 ----a-w- c:\windows\system32\msv1_0.dll 2014-05-30 08:08 . 2014-07-09 07:28 307200 ----a-w- c:\windows\system32\ncrypt.dll 2014-05-30 08:08 . 2014-07-09 07:28 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-05-30 08:08 . 2014-07-09 07:28 22016 ----a-w- c:\windows\system32\credssp.dll 2014-05-30 07:52 . 2014-07-09 07:28 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2014-05-30 07:52 . 2014-07-09 07:28 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2014-05-30 07:52 . 2014-07-09 07:28 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2014-05-30 07:52 . 2014-07-09 07:28 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2014-05-30 07:52 . 2014-07-09 07:28 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2014-05-30 07:52 . 2014-07-09 07:28 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-05-30 07:52 . 2014-07-09 07:28 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2014-05-30 06:45 . 2014-07-09 07:29 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2014-05-14 16:23 . 2014-08-01 06:37 36320 ----a-w- c:\windows\SysWow64\wups.dll 2014-05-14 16:23 . 2014-08-01 06:37 581600 ----a-w- c:\windows\SysWow64\wuapi.dll 2014-05-14 16:17 . 2014-08-01 06:37 92672 ----a-w- c:\windows\SysWow64\wudriver.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "LG LinkAir"="c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe" [2010-04-13 2362216] "LinkMagic for magicolor 1690MF"="c:\program files (x86)\KONICA MINOLTA\magicolor 1690MF\LinkMagic for magicolor 1690MF\lmmc1690.exe" [2008-08-26 5005312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2011-02-16 17920] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2010-11-11 337224] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "HFS Activator"="c:\program files (x86)\Paragon Software\HFS+ for Windows 9.0\activation\hfsactivator.exe" [2011-05-11 246064] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "GDFirewallTray"="c:\program files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" [2013-12-19 1724728] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Synchronizacja Sage ACT! Outlook.lnk - c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe D [2010-11-11 91136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "LocalAccountTokenFilterPolicy"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R2 M4-Service;M4-Service;c:\users\Agnieszka\Downloads\M4-Service.exe;c:\users\Agnieszka\Downloads\M4-Service.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x] R3 GDTunerSvc;G Data Tuner Service;c:\program files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe;c:\program files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [x] R3 Hfsplus;Hfsplus;c:\windows\system32\DRIVERS\hfsplus.sys;c:\windows\SYSNATIVE\DRIVERS\hfsplus.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TSNxGService;G Data Datensafe Service;c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe;c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x] R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 apmwin;apmwin;c:\windows\system32\DRIVERS\apmwin.sys;c:\windows\SYSNATIVE\DRIVERS\apmwin.sys [x] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x] S0 gpt_loader;GUID Partition table support driver;c:\windows\system32\DRIVERS\gpt_loader.sys;c:\windows\SYSNATIVE\DRIVERS\gpt_loader.sys [x] S0 mounthlp;Mounter helper driver for HFS volumes;c:\windows\system32\DRIVERS\mounthlp.sys;c:\windows\SYSNATIVE\DRIVERS\mounthlp.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 TS4NT;TS4nt driver;c:\windows\System32\Drivers\TS4nt.sys;c:\windows\SYSNATIVE\Drivers\TS4nt.sys [x] S1 gddcv;G Data DCV Driver;c:\windows\system32\drivers\gddcv64.sys;c:\windows\SYSNATIVE\drivers\gddcv64.sys [x] S1 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt64.sys;c:\windows\SYSNATIVE\drivers\GDKBFlt64.sys [x] S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x] S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x] S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x] S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x] S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x] S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\TotalProtection\AVK\AVKService.exe;c:\program files (x86)\G Data\TotalProtection\AVK\AVKService.exe [x] S2 AVKWCtl;G Data Strażnik systemu plików;c:\program files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe;c:\program files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe [x] S2 AxDBSrvrA;Axence DB Server (AXDBSRVRA);c:\program files (x86)\Axence\nVision Agent 2\AxDBSrvrA.exe;c:\program files (x86)\Axence\nVision Agent 2\AxDBSrvrA.exe [x] S2 Axence nVision Agent 2;Axence nVision Agent 2;c:\program files (x86)\Axence\nVision Agent 2\nVisionA.exe;c:\program files (x86)\Axence\nVision Agent 2\nVisionA.exe [x] S2 Axence nVision;Axence nVision;c:\program files (x86)\Axence\nVision\nVision.exe;c:\program files (x86)\Axence\nVision\nVision.exe [x] S2 AxenceNVisionHelper;Axence nVision Helper;c:\program files (x86)\Axence\nVision\nVisionHelper.exe;c:\program files (x86)\Axence\nVision\nVisionHelper.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] S2 FBSServer;Ferro Backup System - Server;c:\program files (x86)\FERRO Software\Ferro Backup System\FBSServer.exe;c:\program files (x86)\FERRO Software\Ferro Backup System\FBSServer.exe [x] S2 FBSWorker;Ferro Backup System - Worker;c:\program files (x86)\FERRO Software\Ferro Backup System\FBSWorker.exe;c:\program files (x86)\FERRO Software\Ferro Backup System\FBSWorker.exe [x] S2 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe;c:\program files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [x] S2 HfsplusRec;HfsplusRec;c:\windows\system32\DRIVERS\hfsplusrec.sys;c:\windows\SYSNATIVE\DRIVERS\hfsplusrec.sys [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [x] S2 MSSQL$ELISOFT;SQL Server (ELISOFT);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 AxDBSrvr;Axence DB Server (AxDBSrvr);c:\program files (x86)\Axence\nVision\AxDBSrvr.exe;c:\program files (x86)\Axence\nVision\AxDBSrvr.exe [x] S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] S3 gddcd;G Data DCD Driver;c:\windows\system32\drivers\gddcd64.sys;c:\windows\SYSNATIVE\drivers\gddcd64.sys [x] S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [x] S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x] S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x] S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x] S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x] S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys;c:\windows\SYSNATIVE\drivers\NPF.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - NPF . Zawartość folderu 'Zaplanowane zadania' . 2014-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 09:01] . 2014-08-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2951126315-1238260954-813688894-1001Core.job - c:\users\Agnieszka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 07:26] . 2014-08-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2951126315-1238260954-813688894-1001UA.job - c:\users\Agnieszka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 07:26] . 2014-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce80787378a788.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 07:55] . 2014-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf8a20245ad70c.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 07:55] . 2014-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2951126315-1238260954-813688894-1001Core1cf6ab95d2c204.job - c:\users\Agnieszka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 09:42] . 2014-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2951126315-1238260954-813688894-1001UA1cf6ab9615232d.job - c:\users\Agnieszka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 09:42] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-20 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-20 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-20 418328] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-21 525312] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-12-08 592240] "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904] "apmwinapp"="c:\program files (x86)\Paragon Software\HFS+ for Windows 9.0\apmwinsrv.exe" [2011-05-11 67376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Skan uzupełniający ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Dołącz do istniejącego pliku PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Dołącz obiekt docelowy łącza do istniejącego pliku PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Konwertuj do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj obiekt docelowy łącza na plik Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: LG Link Air Option - c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209 IE: LG Link Air Save to Mobile Document Folder - c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210 IE: LG Link Air Save to Mobile Memo - c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208 IE: LG Link Air Save to Mobile Photo Album - c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206 IE: LG Link Air Set as Mobile Wallpaper - c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205 IE: Wyślij &do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 194.204.159.1 194.204.152.34 192.168.10.1 FF - ProfilePath - c:\users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\uz8o4jxm.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&p= FF - prefs.js: network.proxy.ftp - w3cache.pl FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.http - w3cache.pl FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - w3cache.pl FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - w3cache.pl FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKLM-Run- - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Axence nVision] "ImagePath"="\"c:\program files (x86)\Axence\nVision\nVision.exe\" /startedbyscm:095BC718-40E30993-NetVisionNTService" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Axence nVision Agent 2] "ImagePath"="\"c:\program files (x86)\Axence\nVision Agent 2\nVisionA.exe\" /startedbyscm:3C6AEED3-40E36551-AgentNTService" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AxenceNVisionHelper] "ImagePath"="\"c:\program files (x86)\Axence\nVision\nVisionHelper.exe\" /startedbyscm:F9C3B684-40E384CF-svcNTService" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Axence\nVision\PostgreSQL\9.3\bin\postgres.exe c:\program files (x86)\Axence\nVision\PostgreSQL\9.3\bin\postgres.exe c:\program files (x86)\Axence\nVision\PostgreSQL\9.3\bin\postgres.exe c:\program files (x86)\Axence\nVision\PostgreSQL\9.3\bin\postgres.exe c:\program files (x86)\Axence\nVision\PostgreSQL\9.3\bin\postgres.exe c:\program files (x86)\Axence\nVision\PostgreSQL\9.3\bin\postgres.exe c:\program files (x86)\Axence\nVision\PostgreSQL\9.3\bin\postgres.exe c:\progra~2\COMMON~1\MICROW~1\Agent\MWASER.EXE c:\progra~2\COMMON~1\MICROW~1\Agent\MWAgent.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\Axence\nVision Agent 2\AxenceSvcGuard.exe c:\program files (x86)\Axence\nVision\PostgreSQL\9.3\bin\postgres.exe c:\program files (x86)\Axence\nVision\PostgreSQL\9.3\bin\postgres.exe c:\program files (x86)\Axence\nVision\PostgreSQL\9.3\bin\postgres.exe c:\program files (x86)\Axence\nVision Agent 2\nVisionA_Session.exe c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe c:\program files (x86)\Axence\nVision\nvWMIProvider.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe c:\program files (x86)\Axence\nVision\PostgreSQL\9.3\bin\postgres.exe c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe . ************************************************************************** . Czas ukończenia: 2014-08-12 11:40:11 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2014-08-12 09:40 ComboFix2.txt 2014-06-23 07:15 . Przed: 1 364 156 416 bajtów wolnych Po: 1 274 494 976 bajtów wolnych . - - End Of File - - 3FCCE20EDB438C438D4D3304DF305637