dawidex utworzono 7 lipca 2018 utworzono 7 lipca 2018 witam log z combofix prosze o analize ComboFix 18-06-17.01 - Edyta 2018-06-29 20:10:15.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.2030.1106 [GMT 2:00] Uruchomiony z: c:\users\Edyta\Downloads\ComboFix.exe AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\data_0 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\data_1 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\data_2 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\data_3 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000001 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000002 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000003 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000004 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000005 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000006 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000007 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000008 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000009 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\index c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cookies-journal c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cookies c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\GPUCache\data_0 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\GPUCache\data_1 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\GPUCache\data_2 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\GPUCache\data_3 c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\GPUCache\index c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Preferences c:\users\Edyta\AppData\Roaming\Microsoft\Windows\Recent\help_recover_instructions+mgv.html c:\users\Edyta\AppData\Roaming\Microsoft\Windows\Recent\help_recover_instructions+mgv.txt c:\users\Edyta\Favorites\help_recover_instructions+mgv.html c:\users\Edyta\trzE619.tmp c:\users\Public\Favorites\help_recover_instructions+ctj.html c:\users\Public\Favorites\help_recover_instructions+jid.html c:\users\Public\Favorites\help_recover_instructions+mgv.html . . ((((((((((((((((((((((((( Pliki utworzone od 2018-05-28 do 2018-06-29 ))))))))))))))))))))))))))))))) . . 2018-06-23 18:54 . 2018-06-23 09:56 383016 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe 2018-06-23 11:58 . 2018-06-23 11:58 -------- d-----w- c:\program files\WinRAR 2018-06-20 13:41 . 2018-06-20 13:41 -------- d-----w- c:\users\Edyta\AppData\Local\FireAlpaca 2018-06-20 13:40 . 2018-02-19 09:43 689664 ----a-w- c:\windows\system32\MdpThumb64.dll 2018-06-20 13:40 . 2018-06-20 13:40 -------- d-----w- c:\program files\FireAlpaca 2018-06-20 13:24 . 2018-06-20 13:24 -------- d-----w- c:\users\Edyta\AppData\Roaming\WTablet 2018-06-20 13:24 . 2018-06-20 13:24 -------- d-----w- c:\program files (x86)\TabletPlugins 2018-06-20 13:23 . 2014-08-06 18:15 15160 ----a-w- c:\windows\system32\drivers\wacomrouterfilter.sys 2018-06-20 13:22 . 2014-08-06 18:15 14136 ----a-w- c:\windows\system32\drivers\hidkmdf.sys 2018-06-20 13:22 . 2014-08-06 18:15 102200 ----a-w- c:\windows\system32\drivers\wachidrouter.sys 2018-06-20 13:22 . 2012-04-11 22:34 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll 2018-06-20 13:22 . 2012-04-11 22:34 1721576 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01009.dll 2018-06-20 13:21 . 2014-08-19 19:12 1607448 ------w- c:\windows\SysWow64\Pen_Touch_Tablet.dll 2018-06-20 13:21 . 2014-08-19 19:12 1984792 ------w- c:\windows\system32\Pen_Touch_Tablet.dll 2018-06-20 13:21 . 2014-08-19 19:12 1610008 ------w- c:\windows\SysWow64\WacomMT.dll 2018-06-20 13:21 . 2014-08-19 19:12 2006808 ------w- c:\windows\system32\WacomMT.dll 2018-06-20 13:21 . 2014-08-19 19:12 1493784 ------w- c:\windows\SysWow64\Wintab32.dll 2018-06-20 13:21 . 2014-08-19 19:12 1858328 ------w- c:\windows\system32\Wintab32.dll 2018-06-20 13:21 . 2014-08-19 19:12 1614104 ------w- c:\windows\SysWow64\Pen_Tablet.dll 2018-06-20 13:21 . 2014-08-19 19:12 1991448 ------w- c:\windows\system32\Pen_Tablet.dll 2018-06-20 13:20 . 2018-06-20 13:23 -------- d-----w- c:\program files\Tablet 2018-06-14 18:17 . 2018-06-23 08:29 -------- d-----w- c:\programdata\boost_interprocess 2018-06-14 18:16 . 2018-06-14 18:16 -------- d-----w- c:\users\Edyta\AppData\Roaming\Wargaming.net 2018-06-14 18:08 . 2018-06-14 18:08 -------- d-----w- c:\programdata\Wargaming.net 2018-06-08 12:28 . 2018-06-08 12:28 -------- d-----w- c:\users\Edyta\AppData\Roaming\Artweaver Free 2018-06-08 12:28 . 2018-06-08 12:28 -------- d-----w- c:\programdata\Artweaver Free 2018-06-08 12:28 . 2018-06-08 12:28 -------- d-----w- c:\program files (x86)\Artweaver Free 6 2018-06-02 17:02 . 2018-06-02 17:02 -------- d-----w- c:\users\Edyta\AppData\Local\HirezLauncherUI 2018-06-02 17:01 . 2018-06-02 17:01 -------- d-----w- c:\programdata\Hi-Rez Studios 2018-06-02 17:01 . 2018-06-29 18:22 -------- d-----w- c:\program files (x86)\Hi-Rez Studios . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2018-06-08 17:18 . 2015-07-01 15:22 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2018-06-08 17:18 . 2015-07-01 15:22 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2018-05-17 17:08 . 2015-06-30 19:20 205976 ----a-w- c:\windows\system32\drivers\aswStm.sys 2018-05-17 17:08 . 2015-06-30 19:20 460520 ----a-w- c:\windows\system32\drivers\aswSP.sys 2018-05-17 17:08 . 2015-06-30 19:20 381552 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2018-05-17 17:08 . 2018-05-17 17:08 376536 ----a-w- c:\windows\system32\aswBoot.exe 2018-05-17 17:08 . 2017-11-16 17:40 196640 ----a-w- c:\windows\system32\drivers\aswArPot.sys 2018-05-17 17:08 . 2015-06-30 19:20 85968 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2018-05-17 17:08 . 2015-06-30 19:20 46968 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2018-05-17 17:08 . 2015-06-30 19:20 159120 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2018-05-17 17:07 . 2015-06-30 19:20 111360 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2018-05-17 17:06 . 2015-06-30 19:20 1027720 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2018-05-17 17:06 . 2018-01-05 15:48 234560 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2018-03-06 17074688] "Wargaming.net Game Center"="c:\programdata\Wargaming.net\GameCenter\wgc.exe" [2018-06-13 2124152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . R2 avast;Usługa %1!s! Update (avast);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x] R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] R3 avastm;Usługa %1!s! Update (avastm);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x] S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x] S0 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x] S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x] S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x] S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x] S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x] S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x] S1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 Huawei E3372;Huawei E3372;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x] S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x] S3 mfesapsn;McAfee Process Start Notification Service;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] 2018-03-24 08:50 1919000 ----a-w- c:\program files (x86)\AVAST Software\Browser\Application\64.0.387.186\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2018-06-26 07:41 1648472 ----a-w- c:\program files (x86)\Google\Chrome\Application\67.0.3396.99\Installer\chrmstp.exe . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw] @="{472083B0-C522-11CF-8763-00608CC02F24}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2018-05-17 17:07 1773784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw] @="{472083B0-C522-11CF-8763-00608CC02F24}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2018-05-17 17:07 1773784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-05-17 242904] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.pl/ mStart Page = https://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w23 mLocal Page = c:\windows\SysWOW64\blank.htm IE: {{48A61126-9A19-4C50-A214-FF08CB94995C}\Lang0411 IE: {{48A61126-9A19-4C50-A214-FF08CB94995C}\Lang0412 IE: {{48A61126-9A19-4C50-A214-FF08CB94995C}\Lang0804 IE: {{48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\progra~2\mcafee\SITEAD~1\mcieplg.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Edyta\AppData\Roaming\Mozilla\Firefox\Profiles\ixj075gn.default\ FF - prefs.js: browser.startup.homepage - hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ff&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w23 . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-uTorrent - c:\users\Edyta\AppData\Roaming\uTorrent\uTorrent.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000\@*r*] @Allowed: (Read) (RestrictedCode) "cl"=dword:00000003 . [HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000\@*%r*] @Allowed: (Read) (RestrictedCode) "cl"=dword:00000003 . [HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000\@*Xr*] @Allowed: (Read) (RestrictedCode) "cl"=dword:00000003 . [HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000\@*Pu*] @Allowed: (Read) (RestrictedCode) "cl"=dword:00000003 . [HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000\neutral*\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST] @Allowed: (Read) (RestrictedCode) "cl"=dword:00000003 . [HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000\com.avast.alpha.licensedealer.api.AvailableTrialOffersRequest*] @Allowed: (Read) (RestrictedCode) "cl"=dword:00000003 . [HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32] @Denied: (C D 2 3 6) (CreatorAuthority-4) @Denied: (C D 2 3 6) (Everyone) @Allowed: (Read) (S-1-5-21-136181810-3123181519-308955837-1000) "ThreadingModel"="Apartment" @="c:\\ProgramData\\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\\ListSvc.dll" . [HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000_Classes\Drive\ShellEx\FolderExtensions\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}] @Denied: (C D 2 3 6) (CreatorAuthority-4) @Denied: (C D 2 3 6) (Everyone) @Allowed: (Read) (S-1-5-21-136181810-3123181519-308955837-1000) "DriveMask"=dword:ffffffff . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32] @Denied: (C D 2 3 6) (CreatorAuthority-4) @Denied: (C D 2 3 6) (Everyone) @SACL=(02 0001) @Ace=(0x11) (1 3) (S-1-16-12288) "ThreadingModel"="Apartment" @="c:\\ProgramData\\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\\ListSvc.dll" . [HKEY_LOCAL_MACHINE\software\Classes\Drive\shellex\FolderExtensions\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}] @Denied: (C D 2 3 6) (CreatorAuthority-4) @Denied: (C D 2 3 6) (Everyone) @SACL=(02 0001) @Ace=(0x11) (1 3) (S-1-16-12288) "DriveMask"=dword:ffffffff . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.30" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe c:\program files\Tablet\Pen\WacomHost.exe c:\program files (x86)\McAfee\SiteAdvisor\saUI.exe . ************************************************************************** . Czas ukończenia: 2018-06-29 20:28:33 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2018-06-29 18:28 . Przed: 36 496 855 040 bajtów wolnych Po: 36 359 303 168 bajtów wolnych . - - End Of File - - 7AE180B83EB33AB2CC98C902F987A2FE A36C5E4F47E84449FF07ED3517B43A31
Twój_Anioł_Stróż komentarz 7 lipca 2018 komentarz 7 lipca 2018 (edytowane) Cytuj c:\programdata\boost_interprocess usuń ten folder ręcznie. nic więcej podejrzanego nie ma. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.