x-kom hosting

Log Combofix

dawidex
utworzono
utworzono

witam log z combofix prosze o analize 

ComboFix 18-06-17.01 - Edyta 2018-06-29  20:10:15.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1045.18.2030.1106 [GMT 2:00]
Uruchomiony z: c:\users\Edyta\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\data_0
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\data_1
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\data_2
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\data_3
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000001
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000002
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000003
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000004
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000005
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000006
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000007
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000008
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\f_000009
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cache\index
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cookies-journal
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Cookies
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\GPUCache\data_0
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\GPUCache\data_1
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\GPUCache\data_2
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\GPUCache\data_3
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\GPUCache\index
c:\users\Edyta\AppData\Roaming\facebook-nativefier-f52d2f\Preferences
c:\users\Edyta\AppData\Roaming\Microsoft\Windows\Recent\help_recover_instructions+mgv.html
c:\users\Edyta\AppData\Roaming\Microsoft\Windows\Recent\help_recover_instructions+mgv.txt
c:\users\Edyta\Favorites\help_recover_instructions+mgv.html
c:\users\Edyta\trzE619.tmp
c:\users\Public\Favorites\help_recover_instructions+ctj.html
c:\users\Public\Favorites\help_recover_instructions+jid.html
c:\users\Public\Favorites\help_recover_instructions+mgv.html
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2018-05-28 do 2018-06-29  )))))))))))))))))))))))))))))))
.
.
2018-06-23 18:54 . 2018-06-23 09:56	383016	----a-w-	c:\windows\SysWow64\EasyAntiCheat.exe
2018-06-23 11:58 . 2018-06-23 11:58	--------	d-----w-	c:\program files\WinRAR
2018-06-20 13:41 . 2018-06-20 13:41	--------	d-----w-	c:\users\Edyta\AppData\Local\FireAlpaca
2018-06-20 13:40 . 2018-02-19 09:43	689664	----a-w-	c:\windows\system32\MdpThumb64.dll
2018-06-20 13:40 . 2018-06-20 13:40	--------	d-----w-	c:\program files\FireAlpaca
2018-06-20 13:24 . 2018-06-20 13:24	--------	d-----w-	c:\users\Edyta\AppData\Roaming\WTablet
2018-06-20 13:24 . 2018-06-20 13:24	--------	d-----w-	c:\program files (x86)\TabletPlugins
2018-06-20 13:23 . 2014-08-06 18:15	15160	----a-w-	c:\windows\system32\drivers\wacomrouterfilter.sys
2018-06-20 13:22 . 2014-08-06 18:15	14136	----a-w-	c:\windows\system32\drivers\hidkmdf.sys
2018-06-20 13:22 . 2014-08-06 18:15	102200	----a-w-	c:\windows\system32\drivers\wachidrouter.sys
2018-06-20 13:22 . 2012-04-11 22:34	1721576	----a-w-	c:\windows\system32\wdfcoinstaller01009.dll
2018-06-20 13:22 . 2012-04-11 22:34	1721576	----a-w-	c:\windows\system32\drivers\wdfcoinstaller01009.dll
2018-06-20 13:21 . 2014-08-19 19:12	1607448	------w-	c:\windows\SysWow64\Pen_Touch_Tablet.dll
2018-06-20 13:21 . 2014-08-19 19:12	1984792	------w-	c:\windows\system32\Pen_Touch_Tablet.dll
2018-06-20 13:21 . 2014-08-19 19:12	1610008	------w-	c:\windows\SysWow64\WacomMT.dll
2018-06-20 13:21 . 2014-08-19 19:12	2006808	------w-	c:\windows\system32\WacomMT.dll
2018-06-20 13:21 . 2014-08-19 19:12	1493784	------w-	c:\windows\SysWow64\Wintab32.dll
2018-06-20 13:21 . 2014-08-19 19:12	1858328	------w-	c:\windows\system32\Wintab32.dll
2018-06-20 13:21 . 2014-08-19 19:12	1614104	------w-	c:\windows\SysWow64\Pen_Tablet.dll
2018-06-20 13:21 . 2014-08-19 19:12	1991448	------w-	c:\windows\system32\Pen_Tablet.dll
2018-06-20 13:20 . 2018-06-20 13:23	--------	d-----w-	c:\program files\Tablet
2018-06-14 18:17 . 2018-06-23 08:29	--------	d-----w-	c:\programdata\boost_interprocess
2018-06-14 18:16 . 2018-06-14 18:16	--------	d-----w-	c:\users\Edyta\AppData\Roaming\Wargaming.net
2018-06-14 18:08 . 2018-06-14 18:08	--------	d-----w-	c:\programdata\Wargaming.net
2018-06-08 12:28 . 2018-06-08 12:28	--------	d-----w-	c:\users\Edyta\AppData\Roaming\Artweaver Free
2018-06-08 12:28 . 2018-06-08 12:28	--------	d-----w-	c:\programdata\Artweaver Free
2018-06-08 12:28 . 2018-06-08 12:28	--------	d-----w-	c:\program files (x86)\Artweaver Free 6
2018-06-02 17:02 . 2018-06-02 17:02	--------	d-----w-	c:\users\Edyta\AppData\Local\HirezLauncherUI
2018-06-02 17:01 . 2018-06-02 17:01	--------	d-----w-	c:\programdata\Hi-Rez Studios
2018-06-02 17:01 . 2018-06-29 18:22	--------	d-----w-	c:\program files (x86)\Hi-Rez Studios
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-06-08 17:18 . 2015-07-01 15:22	842240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2018-06-08 17:18 . 2015-07-01 15:22	175104	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-05-17 17:08 . 2015-06-30 19:20	205976	----a-w-	c:\windows\system32\drivers\aswStm.sys
2018-05-17 17:08 . 2015-06-30 19:20	460520	----a-w-	c:\windows\system32\drivers\aswSP.sys
2018-05-17 17:08 . 2015-06-30 19:20	381552	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2018-05-17 17:08 . 2018-05-17 17:08	376536	----a-w-	c:\windows\system32\aswBoot.exe
2018-05-17 17:08 . 2017-11-16 17:40	196640	----a-w-	c:\windows\system32\drivers\aswArPot.sys
2018-05-17 17:08 . 2015-06-30 19:20	85968	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2018-05-17 17:08 . 2015-06-30 19:20	46968	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2018-05-17 17:08 . 2015-06-30 19:20	159120	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2018-05-17 17:07 . 2015-06-30 19:20	111360	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2018-05-17 17:06 . 2015-06-30 19:20	1027720	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2018-05-17 17:06 . 2018-01-05 15:48	234560	----a-w-	c:\windows\system32\drivers\aswHdsKe.sys
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2018-03-06 17074688]
"Wargaming.net Game Center"="c:\programdata\Wargaming.net\GameCenter\wgc.exe" [2018-06-13 2124152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 avast;Usługa %1!s! Update (avast);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 avastm;Usługa %1!s! Update (avastm);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Huawei E3372;Huawei E3372;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 mfesapsn;McAfee Process Start Notification Service;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}]
2018-03-24 08:50	1919000	----a-w-	c:\program files (x86)\AVAST Software\Browser\Application\64.0.387.186\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2018-06-26 07:41	1648472	----a-w-	c:\program files (x86)\Google\Chrome\Application\67.0.3396.99\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-05-17 17:07	1773784	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-05-17 17:07	1773784	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-05-17 242904]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.pl/
mStart Page = https://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w23
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{48A61126-9A19-4C50-A214-FF08CB94995C}\Lang0411
IE: {{48A61126-9A19-4C50-A214-FF08CB94995C}\Lang0412
IE: {{48A61126-9A19-4C50-A214-FF08CB94995C}\Lang0804
IE: {{48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\progra~2\mcafee\SITEAD~1\mcieplg.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Edyta\AppData\Roaming\Mozilla\Firefox\Profiles\ixj075gn.default\
FF - prefs.js: browser.startup.homepage - hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ff&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w23
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-uTorrent - c:\users\Edyta\AppData\Roaming\uTorrent\uTorrent.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000\@*r*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000\@*%r*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000\@*Xr*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000\@*Pu*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000\neutral*\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000\com.avast.alpha.licensedealer.api.AvailableTrialOffersRequest*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-136181810-3123181519-308955837-1000)
"ThreadingModel"="Apartment"
@="c:\\ProgramData\\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\\ListSvc.dll"
.
[HKEY_USERS\S-1-5-21-136181810-3123181519-308955837-1000_Classes\Drive\ShellEx\FolderExtensions\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-136181810-3123181519-308955837-1000)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"ThreadingModel"="Apartment"
@="c:\\ProgramData\\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\software\Classes\Drive\shellex\FolderExtensions\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.30"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
c:\program files\Tablet\Pen\WacomHost.exe
c:\program files (x86)\McAfee\SiteAdvisor\saUI.exe
.
**************************************************************************
.
Czas ukończenia: 2018-06-29  20:28:33 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2018-06-29 18:28
.
Przed: 36 496 855 040 bajtów wolnych
Po: 36 359 303 168 bajtów wolnych
.
- - End Of File - - 7AE180B83EB33AB2CC98C902F987A2FE
A36C5E4F47E84449FF07ED3517B43A31

 

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)
Cytuj

c:\programdata\boost_interprocess

usuń ten folder ręcznie.

 

nic więcej podejrzanego nie ma.

.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.