ComboFix 17-02-24.01 - Renia 2017-03-02 12:36:12.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.8064.5598 [GMT 1:00] Uruchomiony z: c:\users\Renia\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189} SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Renia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E15A28E-7D02-469C-88BA-A7C718EC7409}.xps c:\users\Renia\AppData\Roaming\Jaycom.bin c:\users\Renia\AppData\Roaming\Villanix.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2017-02-02 do 2017-03-02 ))))))))))))))))))))))))))))))) . . 2017-03-02 11:40 . 2017-03-02 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-03-02 09:19 . 2017-03-02 09:19 -------- d-----w- c:\programdata\cable-95 2017-03-02 09:17 . 2017-03-02 09:17 -------- d-----w- c:\programdata\kelvin-17 2017-03-02 09:05 . 2017-03-02 09:05 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F262C9F4-74E9-4342-B5E2-F7A1678E281E}\offreg.1020.dll 2017-03-02 07:39 . 2017-02-09 23:54 12654400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F262C9F4-74E9-4342-B5E2-F7A1678E281E}\mpengine.dll 2017-03-02 07:38 . 2017-03-02 07:38 -------- d-----w- c:\users\Renia\AppData\Roaming\ammeter-3 2017-03-01 14:11 . 2017-03-01 14:11 -------- d-----w- c:\users\Renia\AppData\Roaming\robotics-78 2017-03-01 14:11 . 2017-03-02 07:41 -------- d-----w- c:\programdata\tqf 2017-02-28 10:05 . 2017-02-09 23:54 12654400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2017-02-27 15:19 . 2017-02-27 15:19 -------- d-----w- c:\users\Renia\AppData\Roaming\Comarch S.A 2017-02-27 15:19 . 2017-02-27 15:19 -------- d-----w- c:\users\Renia\AppData\Local\Comarch S.A 2017-02-16 09:23 . 2017-02-16 09:23 -------- d-----w- c:\users\Renia\AppData\Roaming\com.efile.epity 2017-02-16 09:23 . 2017-02-16 09:23 -------- d-----w- c:\users\Renia\AppData\Roaming\fillUp 2017-02-16 09:23 . 2017-02-16 09:23 -------- d-----w- c:\program files (x86)\e-file 2017-02-16 09:23 . 2017-02-16 09:23 -------- d-----w- c:\users\Renia\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-02-23 15:06 . 2015-05-15 18:16 138020592 -c--a-w- c:\windows\system32\MRT.exe 2017-01-26 08:48 . 2016-04-19 08:57 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2017-01-05 18:55 . 2017-01-12 08:34 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2017-01-05 18:55 . 2017-01-12 08:34 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2017-01-05 18:52 . 2017-01-12 08:34 210432 ----a-w- c:\windows\system32\wdigest.dll 2017-01-05 18:52 . 2017-01-12 08:34 86528 ----a-w- c:\windows\system32\TSpkg.dll 2017-01-05 18:52 . 2017-01-12 08:34 28672 ----a-w- c:\windows\system32\sspisrv.dll 2017-01-05 18:52 . 2017-01-12 08:34 135680 ----a-w- c:\windows\system32\sspicli.dll 2017-01-05 18:52 . 2017-01-12 08:34 345600 ----a-w- c:\windows\system32\schannel.dll 2017-01-05 18:52 . 2017-01-12 08:34 28160 ----a-w- c:\windows\system32\secur32.dll 2017-01-05 18:52 . 2017-01-12 08:34 190464 ----a-w- c:\windows\system32\rpchttp.dll 2017-01-05 18:52 . 2017-01-12 08:34 1212928 ----a-w- c:\windows\system32\rpcrt4.dll 2017-01-05 18:52 . 2017-01-12 08:34 312320 ----a-w- c:\windows\system32\ncrypt.dll 2017-01-05 18:52 . 2017-01-12 08:34 60416 ----a-w- c:\windows\system32\msobjs.dll 2017-01-05 18:52 . 2017-01-12 08:34 316928 ----a-w- c:\windows\system32\msv1_0.dll 2017-01-05 18:52 . 2017-01-12 08:34 146432 ----a-w- c:\windows\system32\msaudite.dll 2017-01-05 18:52 . 2017-01-12 08:34 730624 ----a-w- c:\windows\system32\kerberos.dll 2017-01-05 18:52 . 2017-01-12 08:34 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2017-01-05 18:52 . 2017-01-12 08:34 43520 ----a-w- c:\windows\system32\cryptbase.dll 2017-01-05 18:52 . 2017-01-12 08:34 22016 ----a-w- c:\windows\system32\credssp.dll 2017-01-05 18:52 . 2017-01-12 08:34 690688 ----a-w- c:\windows\system32\adtschema.dll 2017-01-05 18:52 . 2017-01-12 08:34 463872 ----a-w- c:\windows\system32\certcli.dll 2017-01-05 18:52 . 2017-01-12 08:34 123904 ----a-w- c:\windows\system32\bcrypt.dll 2017-01-05 17:43 . 2017-01-12 08:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2017-01-05 17:43 . 2017-01-12 08:34 82944 ----a-w- c:\windows\SysWow64\bcrypt.dll 2017-01-05 17:43 . 2017-01-12 08:34 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2017-01-05 17:43 . 2017-01-12 08:34 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2017-01-05 17:43 . 2017-01-12 08:34 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2017-01-05 17:43 . 2017-01-12 08:34 254464 ----a-w- c:\windows\SysWow64\schannel.dll 2017-01-05 17:43 . 2017-01-12 08:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2017-01-05 17:43 . 2017-01-12 08:34 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll 2017-01-05 17:43 . 2017-01-12 08:34 60416 ----a-w- c:\windows\SysWow64\msobjs.dll 2017-01-05 17:43 . 2017-01-12 08:34 261120 ----a-w- c:\windows\SysWow64\msv1_0.dll 2017-01-05 17:43 . 2017-01-12 08:34 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll 2017-01-05 17:43 . 2017-01-12 08:34 146432 ----a-w- c:\windows\SysWow64\msaudite.dll 2017-01-05 17:43 . 2017-01-12 08:34 553472 ----a-w- c:\windows\SysWow64\kerberos.dll 2017-01-05 17:43 . 2017-01-12 08:34 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2017-01-05 17:43 . 2017-01-12 08:34 342528 ----a-w- c:\windows\SysWow64\certcli.dll 2017-01-05 17:42 . 2017-01-12 08:34 690688 ----a-w- c:\windows\SysWow64\adtschema.dll 2017-01-05 17:32 . 2017-01-12 08:34 64000 ----a-w- c:\windows\system32\auditpol.exe 2017-01-05 17:25 . 2017-01-12 08:34 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2017-01-05 17:24 . 2017-01-12 08:34 291328 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2017-01-05 17:24 . 2017-01-12 08:34 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2017-01-05 17:24 . 2017-01-12 08:34 30720 ----a-w- c:\windows\system32\lsass.exe 2017-01-05 17:23 . 2017-01-12 08:34 50176 ----a-w- c:\windows\SysWow64\auditpol.exe 2017-01-05 17:19 . 2017-01-12 08:34 36352 ----a-w- c:\windows\SysWow64\cryptbase.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2016-11-15 14:26 1743664 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2016-11-15 14:26 1743664 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2016-11-15 14:26 1743664 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576] "kelvin-90"="c:\programdata\kelvin-17\kelvin-38.exe" [2017-03-02 656384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AccelerometerSysTrayApplet"="c:\program files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" [2014-04-01 126240] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-04-17 293872] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-04-10 767176] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056] "AutoRegisterCerts"="c:\program files (x86)\Certum\proCertum CardManager\cryptoCertumScanner.exe" [2016-04-11 160168] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-12-12 587288] . c:\users\Renia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ammeter-82.lnk - c:\users\Renia\AppData\Roaming\ammeter-3\ammeter-7.exe [2017-3-2 738304] Wysyłanie do programu OneNote.lnk - c:\program files\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2015-12-8 222384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 backlh;Background Logic Handler;c:\programdata\Logic Handler\set.exe;c:\programdata\Logic Handler\set.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 ACR39U;ACR39U ICC Reader;c:\windows\system32\DRIVERS\acr39u.sys;c:\windows\SYSNATIVE\DRIVERS\acr39u.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 IntcDAud;Audio dla wyświetlaczy Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x] S0 iusb3hcs;Sterownik przełącznika kontrolera hosta Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AvrcpService;AvrcpService;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [x] S2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 RtkBleServ;RtkBleServ;c:\program files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [x] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x] S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x] S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x] S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x] S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x] S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Sterownik kontrolera hosta Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rtsuvc;HP HD Webcam [Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x] S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x] S3 WSDScan;Obsługa skanowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2017-02-08 08:07 1368920 ----a-w- c:\program files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14 13:22] . 2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14 13:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2016-11-15 14:22 2351920 ----a-w- c:\progra~1\MICROS~4\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2016-11-15 14:22 2351920 ----a-w- c:\progra~1\MICROS~4\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2016-11-15 14:22 2351920 ----a-w- c:\progra~1\MICROS~4\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtsCM"="RTSCM64.EXE" [2014-07-21 167128] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-04-18 7659224] "BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2014-07-03 226008] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~4\Office15\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~4\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKLM-Run- - (no file) Wow6432Node-HKLM-Run-NPSStartup - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{904822F1-6C7D-4B91-B936-6A1C0810544C} - c:\program files (x86)\InstallShield Installation Information\{904822F1-6C7D-4B91-B936-6A1C0810544C}\setup.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2017-03-02 12:42:39 ComboFix-quarantined-files.txt 2017-03-02 11:42 . Przed: 266 251 993 088 bajtów wolnych Po: 267 241 635 840 bajtów wolnych . - - End Of File - - 9C04443D4529797DE635DFB172BB3C99 A36C5E4F47E84449FF07ED3517B43A31