ComboFix 17-04-16.01 - Lareco 2017-04-17 18:59:54.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4015.2004 [GMT 2:00] Uruchomiony z: c:\users\Lareco\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189} SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Lareco\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8579CB2A-82B3-42A8-9567-4F9E0FEEBDE8}.xps c:\users\Lareco\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC3CBB16-4C0E-46BB-B069-342CA1A89972}.xps c:\users\Lareco\AppData\Local\unins000.exe c:\users\Lareco\AppData\Roaming\Dan-Ity.bin c:\users\Lareco\AppData\Roaming\Truefix.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2017-03-17 do 2017-04-17 ))))))))))))))))))))))))))))))) . . 2017-04-17 17:06 . 2017-04-17 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-04-17 16:43 . 2017-04-17 16:43 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C453CE86-FAB0-4C8F-9A10-3F562ABF17BB}\offreg.924.dll 2017-04-17 16:43 . 2017-04-17 16:45 -------- d-----w- C:\AdwCleaner 2017-04-14 10:08 . 2017-03-10 16:55 12774864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C453CE86-FAB0-4C8F-9A10-3F562ABF17BB}\mpengine.dll 2017-04-13 08:04 . 2017-03-10 16:55 12774864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2017-04-12 06:36 . 2017-04-12 06:36 -------- d-----w- c:\users\Lareco\AppData\Roaming\SSMgre 2017-03-28 11:34 . 2017-03-28 11:41 -------- dc-h--w- c:\programdata\{80C178DA-FDAF-4B4C-8924-0BC948A14EA2} 2017-03-23 12:30 . 2017-04-10 08:34 527816 ----a-w- c:\program files (x86)\Mozilla Firefox\minidump-analyzer.exe 2017-03-22 02:16 . 2016-05-11 06:02 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67903D70-E9A3-4B9F-99D8-9FCB7F7A4A5F}\gapaengine.dll 2017-03-19 22:48 . 2017-03-19 22:48 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll 2017-03-19 22:48 . 2017-03-19 22:48 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll 2017-03-19 22:48 . 2017-03-19 22:48 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll 2017-03-19 22:48 . 2017-03-19 22:48 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll 2017-03-19 22:41 . 2017-03-19 22:41 30400 ----a-w- c:\windows\system32\aspnet_counters.dll 2017-03-19 22:41 . 2017-03-19 22:41 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll 2017-03-19 22:41 . 2017-03-19 22:41 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll 2017-03-19 22:41 . 2017-03-19 22:41 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-04-12 13:54 . 2015-12-19 17:28 148601744 -c--a-w- c:\windows\system32\MRT.exe 2017-04-12 05:59 . 2015-10-14 11:42 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2017-04-12 05:59 . 2015-10-14 11:42 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2017-04-07 22:06 . 2010-11-21 03:27 532136 ------w- c:\windows\system32\MpSigStub.exe 2017-03-08 04:21 . 2017-04-12 05:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2017-02-22 23:42 . 2017-03-15 02:23 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe 2017-02-22 23:37 . 2017-03-15 02:23 1285632 ----a-w- c:\windows\system32\aeinv.dll 2017-02-18 14:05 . 2017-03-15 02:23 646656 ----a-w- c:\windows\system32\generaltel.dll 2017-02-18 14:05 . 2017-03-15 02:23 1609216 ----a-w- c:\windows\system32\appraiser.dll 2017-02-11 15:58 . 2017-03-15 02:24 462848 ----a-w- c:\windows\system32\drivers\srv.sys 2017-02-11 15:58 . 2017-03-15 02:24 405504 ----a-w- c:\windows\system32\drivers\srv2.sys 2017-02-11 15:58 . 2017-03-15 02:24 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys 2017-02-10 16:32 . 2017-03-15 02:24 803328 ----a-w- c:\windows\system32\usp10.dll 2017-02-10 16:17 . 2017-03-15 02:24 628736 ----a-w- c:\windows\SysWow64\usp10.dll 2017-02-10 14:33 . 2017-03-15 02:24 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll 2017-02-09 16:32 . 2017-03-15 02:24 40960 ----a-w- c:\windows\system32\WcsPlugInService.dll 2017-02-09 16:31 . 2017-03-15 02:24 625664 ----a-w- c:\windows\system32\mscms.dll 2017-02-09 16:31 . 2017-03-15 02:24 250880 ----a-w- c:\windows\system32\icm32.dll 2017-02-09 16:14 . 2017-03-15 02:24 481792 ----a-w- c:\windows\SysWow64\mscms.dll 2017-02-09 16:14 . 2017-03-15 02:24 215040 ----a-w- c:\windows\SysWow64\icm32.dll 2017-02-09 15:51 . 2017-03-15 02:24 32768 ----a-w- c:\windows\SysWow64\WcsPlugInService.dll 2017-02-09 14:06 . 2017-03-15 02:24 1648128 ----a-w- c:\windows\system32\DWrite.dll 2017-02-09 14:06 . 2017-03-15 02:24 1180160 ----a-w- c:\windows\system32\FntCache.dll 2017-02-06 16:14 . 2017-03-15 02:24 733696 ----a-w- c:\windows\HelpPane.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1}"= "c:\program files (x86)\PDF Architect 4\creator-ie-plugin.dll" [2016-01-15 547040] . [HKEY_CLASSES_ROOT\clsid\{23fd9c33-a9e1-48a1-8404-e5925cf1c8e1}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1] [HKEY_CLASSES_ROOT\TypeLib\{EF01C440-4847-4D80-8461-51E292875772}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-04-10 292848] "CryptoCard Suite Cert Monitor"="c:\program files (x86)\CryptoTech\CryptoCard\CCMonitor.exe" [2015-07-27 947440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AktualizujPP;Aktualizacja Programu Płatnik;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Dell Foundation Services;Dell Foundation Services;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe [x] R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x] R2 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe;c:\program files (x86)\Dell Update\DellUpService.exe [x] R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x] R2 PDF Architect 4 Manager;PDF Architect 4 Manager;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [x] R3 ComarchAutomatSynchronizacji;Comarch ERP Serwis Operacji Automatycznych;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x] R3 InvProtectSvc;Invincea FreeSpace Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 PDF Architect 4 CrashHandler;PDF Architect 4 CrashHandler;c:\program files\PDF Architect 4\crash-handler-ws.exe;c:\program files\PDF Architect 4\crash-handler-ws.exe [x] R3 PDF Architect 4;PDF Architect 4;c:\program files\PDF Architect 4\ws.exe;c:\program files\PDF Architect 4\ws.exe [x] R3 RBMS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Mobile;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe [x] R3 RBSS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Subskrypcji;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe [x] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x] R3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x] R3 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 ClickToRunSvc;Usługa Szybka instalacja pakietu Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x] S2 IB24Service;iBard24;c:\program files (x86)\iBard24\iBard24Service.exe;c:\program files (x86)\iBard24\iBard24Service.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;c:\program files\Intel\BCA\pabeSvc64.exe;c:\program files\Intel\BCA\pabeSvc64.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 PDF Architect 4 Creator;PDF Architect 4 Creator;c:\program files\PDF Architect 4\creator-ws.exe;c:\program files\PDF Architect 4\creator-ws.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 SSSvc;SSSvc;c:\program files (x86)\ScreenShot\SSSvc.exe;c:\program files (x86)\ScreenShot\SSSvc.exe [x] S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x] S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x] S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2017-04-04 06:04 1319256 ----a-w- c:\program files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2017-01-31 12:34 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2017-01-31 12:34 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2017-01-31 12:34 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayBackupFile] @="{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}" [HKEY_CLASSES_ROOT\CLSID\{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}] 2014-12-30 13:26 831728 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayModifiedBackupFile] @="{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}" [HKEY_CLASSES_ROOT\CLSID\{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}] 2014-12-30 13:26 832240 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-04-08 8464600] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2015-03-21 1392856] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680] "tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2014-09-08 464608] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{628A3891-12E7-4576-B4E3-31C71F5C3500}: NameServer = 10.0.0.1,8.8.8.8 FF - ProfilePath - c:\users\Lareco\AppData\Roaming\Mozilla\Firefox\Profiles\aapvg8jl.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{08ad9864-e486-4cdb-8781-d507026cf5d6} - c:\program files (x86)\iBard24\\2.9.10.18637\IB24VirtualDrive.dll ShellIconOverlayIdentifiers-{08ad9864-e486-4cdb-8781-d507026cf5d7} - c:\program files (x86)\iBard24\\2.9.10.18637\IB24VirtualDrive.dll Toolbar-Locked - (no file) AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Lareco\AppData\Local\unins000.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_148_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_148_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_148_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_148_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_148.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.25" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_148.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_148.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_148.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2017-04-17 19:08:25 ComboFix-quarantined-files.txt 2017-04-17 17:08 . Przed: 238 929 293 312 bajtów wolnych Po: 366 374 547 456 bajtów wolnych . - - End Of File - - 1FFFF86A9C1275766C397EB2E5CC6B23 5C616939100B85E558DA92B899A0FC36 ComboFix 17-05-09.01 - Lareco 2017-05-12 9:40.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4015.2031 [GMT 2:00] Uruchomiony z: c:\users\Lareco\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189} SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Lareco\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98B03860-F254-4825-B798-FA78A82878CB}.xps c:\users\Lareco\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FA8700B5-D85A-4A39-85F1-902B53781DE2}.xps . . ((((((((((((((((((((((((( Pliki utworzone od 2017-04-12 do 2017-05-12 ))))))))))))))))))))))))))))))) . . 2017-05-12 07:46 . 2017-05-12 07:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-05-12 07:27 . 2017-05-12 07:27 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324C2CB5-EA5F-47D9-A7FE-9822BCE6D436}\gapaengine.dll 2017-05-12 07:27 . 2017-05-12 07:27 12994104 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8A3BCFB-7A8D-498B-8190-2C211FDD716A}\mpengine.dll 2017-05-11 13:11 . 2017-05-11 13:11 -------- d-----w- c:\users\Lareco\AppData\Local\Bagsarah 2017-05-11 13:10 . 2017-05-11 13:10 -------- d-----w- c:\programdata\Microsoft OneDrive 2017-05-11 13:10 . 2017-05-11 13:10 -------- d-----w- c:\program files (x86)\Bagsarah 2017-05-11 13:10 . 2017-05-12 07:19 -------- d-----w- c:\windows\system32\log 2017-05-11 13:04 . 2017-05-11 13:08 -------- d-----w- c:\program files (x86)\BiaoJi 2017-05-10 13:48 . 2017-05-10 13:48 -------- d-----w- C:\wyniki skanowania 2017-05-10 11:56 . 2017-05-10 11:56 -------- d-----w- c:\program files (x86)\ESET 2017-05-10 11:37 . 2017-05-10 17:42 -------- d-----w- c:\program files (x86)\TeamViewer 2017-04-18 13:24 . 2017-04-18 13:24 -------- d-----w- c:\users\Lareco\AppData\Local\Diagnostics 2017-04-17 16:43 . 2017-05-12 07:19 -------- d-----w- C:\AdwCleaner . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-05-11 01:04 . 2015-12-19 17:28 156335152 -c--a-w- c:\windows\system32\MRT.exe 2017-05-09 11:52 . 2015-10-14 11:42 803320 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2017-05-09 11:52 . 2015-10-14 11:42 144888 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2017-04-28 00:32 . 2017-05-10 16:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2017-04-07 22:06 . 2010-11-21 03:27 532136 ------w- c:\windows\system32\MpSigStub.exe 2017-03-26 18:33 . 2017-03-26 18:33 28344 ----a-w- c:\windows\SysWow64\aspnet_counters.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 30400 ----a-w- c:\windows\system32\aspnet_counters.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll 2017-03-22 15:32 . 2017-04-12 05:40 3165184 ----a-w- c:\windows\system32\wucltux.dll 2017-03-22 15:32 . 2017-04-12 05:40 192512 ----a-w- c:\windows\system32\wuwebv.dll 2017-03-22 15:32 . 2017-04-12 05:40 98816 ----a-w- c:\windows\system32\wudriver.dll 2017-03-22 15:30 . 2017-04-12 05:40 91136 ----a-w- c:\windows\system32\WinSetupUI.dll 2017-03-22 15:24 . 2017-04-12 05:40 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll 2017-03-22 15:17 . 2017-04-12 05:40 2651136 ----a-w- c:\windows\system32\wuaueng.dll 2017-03-22 15:15 . 2017-04-12 05:40 709120 ----a-w- c:\windows\system32\wuapi.dll 2017-03-22 15:15 . 2017-04-12 05:40 37888 ----a-w- c:\windows\system32\wuapp.exe 2017-03-22 15:15 . 2017-04-12 05:40 140288 ----a-w- c:\windows\system32\wuauclt.exe 2017-03-22 15:15 . 2017-04-12 05:40 36864 ----a-w- c:\windows\system32\wups.dll 2017-03-22 15:15 . 2017-04-12 05:40 37888 ----a-w- c:\windows\system32\wups2.dll 2017-03-22 15:15 . 2017-04-12 05:40 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2017-03-22 15:05 . 2017-04-12 05:40 573440 ----a-w- c:\windows\SysWow64\wuapi.dll 2017-03-22 15:05 . 2017-04-12 05:40 35328 ----a-w- c:\windows\SysWow64\wuapp.exe 2017-03-22 15:05 . 2017-04-12 05:40 30208 ----a-w- c:\windows\SysWow64\wups.dll 2017-03-22 15:05 . 2017-04-12 05:40 93696 ----a-w- c:\windows\SysWow64\wudriver.dll 2017-03-14 09:49 . 2015-12-20 09:00 651040 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2017-03-10 16:35 . 2017-04-12 05:40 382696 ----a-w- c:\windows\system32\atmfd.dll 2017-03-10 16:31 . 2017-04-12 05:40 41472 ----a-w- c:\windows\system32\lpk.dll 2017-03-10 16:31 . 2017-04-12 05:40 100864 ----a-w- c:\windows\system32\fontsub.dll 2017-03-10 16:31 . 2017-04-12 05:40 14336 ----a-w- c:\windows\system32\dciman32.dll 2017-03-10 16:31 . 2017-04-12 05:40 46080 ----a-w- c:\windows\system32\atmlib.dll 2017-03-10 16:27 . 2017-04-12 05:40 308456 ----a-w- c:\windows\SysWow64\atmfd.dll 2017-03-10 16:20 . 2017-04-12 05:40 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2017-03-10 16:19 . 2017-04-12 05:40 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2017-03-10 16:19 . 2017-04-12 05:40 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2017-03-10 15:53 . 2017-04-12 05:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2017-03-07 16:30 . 2017-04-12 05:40 85504 ----a-w- c:\windows\system32\asycfilt.dll 2017-03-07 16:17 . 2017-04-12 05:40 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll 2017-03-04 01:27 . 2017-04-12 05:40 1574912 ----a-w- c:\windows\system32\quartz.dll 2017-03-04 01:27 . 2017-04-12 05:40 93696 ----a-w- c:\windows\system32\mfmjpegdec.dll 2017-03-04 01:14 . 2017-04-12 05:40 1329664 ----a-w- c:\windows\SysWow64\quartz.dll 2017-03-04 01:14 . 2017-04-12 05:40 77312 ----a-w- c:\windows\SysWow64\mfmjpegdec.dll 2017-02-22 23:42 . 2017-03-15 02:23 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe 2017-02-22 23:37 . 2017-03-15 02:23 1285632 ----a-w- c:\windows\system32\aeinv.dll 2017-02-18 14:05 . 2017-03-15 02:23 646656 ----a-w- c:\windows\system32\generaltel.dll 2017-02-18 14:05 . 2017-03-15 02:23 1609216 ----a-w- c:\windows\system32\appraiser.dll 2017-02-14 16:33 . 2017-04-12 05:40 757248 ----a-w- c:\windows\system32\win32spl.dll 2017-02-14 16:19 . 2017-04-12 05:40 497664 ----a-w- c:\windows\SysWow64\win32spl.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1}"= "c:\program files (x86)\PDF Architect 4\creator-ie-plugin.dll" [2016-01-15 547040] . [HKEY_CLASSES_ROOT\clsid\{23fd9c33-a9e1-48a1-8404-e5925cf1c8e1}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1] [HKEY_CLASSES_ROOT\TypeLib\{EF01C440-4847-4D80-8461-51E292875772}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-04-10 292848] "CryptoCard Suite Cert Monitor"="c:\program files (x86)\CryptoTech\CryptoCard\CCMonitor.exe" [2015-07-27 947440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AktualizujPP;Aktualizacja Programu Płatnik;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x] R2 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe;c:\program files (x86)\Dell Update\DellUpService.exe [x] R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x] R2 OneDirveSrv;OneDirve Sync Services;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R2 PDF Architect 4 Manager;PDF Architect 4 Manager;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [x] R3 ComarchAutomatSynchronizacji;Comarch ERP Serwis Operacji Automatycznych;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x] R3 InvProtectSvc;Invincea FreeSpace Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 PDF Architect 4 CrashHandler;PDF Architect 4 CrashHandler;c:\program files\PDF Architect 4\crash-handler-ws.exe;c:\program files\PDF Architect 4\crash-handler-ws.exe [x] R3 PDF Architect 4;PDF Architect 4;c:\program files\PDF Architect 4\ws.exe;c:\program files\PDF Architect 4\ws.exe [x] R3 RBMS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Mobile;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe [x] R3 RBSS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Subskrypcji;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe [x] R3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x] R3 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 ClickToRunSvc;Usługa Szybka instalacja pakietu Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 Dell Foundation Services;Dell Foundation Services;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x] S2 IB24Service;iBard24;c:\program files (x86)\iBard24\iBard24Service.exe;c:\program files (x86)\iBard24\iBard24Service.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;c:\program files\Intel\BCA\pabeSvc64.exe;c:\program files\Intel\BCA\pabeSvc64.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 PDF Architect 4 Creator;PDF Architect 4 Creator;c:\program files\PDF Architect 4\creator-ws.exe;c:\program files\PDF Architect 4\creator-ws.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x] S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x] S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc wxsappx REG_MULTI_SZ OneDirveSrv . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayBackupFile] @="{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}" [HKEY_CLASSES_ROOT\CLSID\{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}] 2014-12-30 13:26 831728 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayModifiedBackupFile] @="{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}" [HKEY_CLASSES_ROOT\CLSID\{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}] 2014-12-30 13:26 832240 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-04-08 8464600] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2015-03-21 1392856] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680] "tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2014-09-08 464608] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:Tabs mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: Interfaces\{628A3891-12E7-4576-B4E3-31C71F5C3500}: NameServer = 10.0.0.1,8.8.8.8 FF - ProfilePath - c:\users\Lareco\AppData\Roaming\Mozilla\Firefox\Profiles\aapvg8jl.default\ # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ FF - user.js: browser.search.defaultenginename - luck FF - user.js: browser.search.order.1 - luck FF - user.js: browser.search.searchengine.alias - FF - user.js: browser.search.searchengine.name - luck FF - user.js: browser.search.searchengine.ref - FF - user.js: browser.search.searchengine.ts - 1494508479 FF - user.js: browser.search.searchengine.type - FF - user.js: browser.search.searchengine.uid - wdcxwd5000aakx-75u6aa0_wd-wcc2e0jlatjulatju FF - user.js: browser.search.selectedEngine - luck FF - user.js: browser.search.useDBForOrder - true FF - user.js: browser.sessionstore.max_tabs_undo - 0 FF - user.js: browser.sessionstore.max_windows_undo - 0 FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: browser.sessionstore.resume_session_once - false . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Lareco\AppData\Local\unins000.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.25" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2017-05-12 09:48:31 ComboFix-quarantined-files.txt 2017-05-12 07:48 ComboFix2.txt 2017-04-17 17:08 . Przed: 344 195 940 352 bajtów wolnych Po: 362 763 419 648 bajtów wolnych . - - End Of File - - BDD896A0780D5FF9AEB3E3E560D43FAD 5C616939100B85E558DA92B899A0FC36 ComboFix 17-05-09.01 - Lareco 2017-05-20 15:33:07.3.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4015.2233 [GMT 2:00] Uruchomiony z: c:\users\Lareco\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\logs\scecomp.log . . ((((((((((((((((((((((((( Pliki utworzone od 2017-04-20 do 2017-05-20 ))))))))))))))))))))))))))))))) . . 2017-05-20 13:36 . 2017-05-20 13:36 -------- d-----w- c:\users\Public\AppData\Local\temp 2017-05-20 13:36 . 2017-05-20 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-05-11 13:11 . 2017-05-11 13:11 -------- d-----w- c:\users\Lareco\AppData\Local\Bagsarah 2017-05-11 13:10 . 2017-05-11 13:10 -------- d-----w- c:\programdata\Microsoft OneDrive 2017-05-11 13:10 . 2017-05-11 13:10 -------- d-----w- c:\program files (x86)\Bagsarah 2017-05-11 13:10 . 2017-05-12 07:19 -------- d-----w- c:\windows\system32\log 2017-05-11 13:04 . 2017-05-18 07:08 -------- d-----w- c:\program files (x86)\BiaoJi 2017-05-10 13:48 . 2017-05-10 13:48 -------- d-----w- C:\wyniki skanowania 2017-05-10 11:56 . 2017-05-10 11:56 -------- d-----w- c:\program files (x86)\ESET 2017-05-10 11:37 . 2017-05-10 17:42 -------- d-----w- c:\program files (x86)\TeamViewer . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-05-11 01:04 . 2015-12-19 17:28 156335152 -c--a-w- c:\windows\system32\MRT.exe 2017-05-09 11:52 . 2015-10-14 11:42 803320 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2017-05-09 11:52 . 2015-10-14 11:42 144888 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2017-04-28 00:32 . 2017-05-10 16:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2017-04-07 22:06 . 2010-11-21 03:27 532136 ------w- c:\windows\system32\MpSigStub.exe 2017-03-26 18:33 . 2017-03-26 18:33 28344 ----a-w- c:\windows\SysWow64\aspnet_counters.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 30400 ----a-w- c:\windows\system32\aspnet_counters.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll 2017-03-22 15:32 . 2017-04-12 05:40 3165184 ----a-w- c:\windows\system32\wucltux.dll 2017-03-22 15:32 . 2017-04-12 05:40 192512 ----a-w- c:\windows\system32\wuwebv.dll 2017-03-22 15:32 . 2017-04-12 05:40 98816 ----a-w- c:\windows\system32\wudriver.dll 2017-03-22 15:30 . 2017-04-12 05:40 91136 ----a-w- c:\windows\system32\WinSetupUI.dll 2017-03-22 15:24 . 2017-04-12 05:40 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll 2017-03-22 15:17 . 2017-04-12 05:40 2651136 ----a-w- c:\windows\system32\wuaueng.dll 2017-03-22 15:15 . 2017-04-12 05:40 709120 ----a-w- c:\windows\system32\wuapi.dll 2017-03-22 15:15 . 2017-04-12 05:40 37888 ----a-w- c:\windows\system32\wuapp.exe 2017-03-22 15:15 . 2017-04-12 05:40 140288 ----a-w- c:\windows\system32\wuauclt.exe 2017-03-22 15:15 . 2017-04-12 05:40 36864 ----a-w- c:\windows\system32\wups.dll 2017-03-22 15:15 . 2017-04-12 05:40 37888 ----a-w- c:\windows\system32\wups2.dll 2017-03-22 15:15 . 2017-04-12 05:40 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2017-03-22 15:05 . 2017-04-12 05:40 573440 ----a-w- c:\windows\SysWow64\wuapi.dll 2017-03-22 15:05 . 2017-04-12 05:40 35328 ----a-w- c:\windows\SysWow64\wuapp.exe 2017-03-22 15:05 . 2017-04-12 05:40 30208 ----a-w- c:\windows\SysWow64\wups.dll 2017-03-22 15:05 . 2017-04-12 05:40 93696 ----a-w- c:\windows\SysWow64\wudriver.dll 2017-03-14 09:49 . 2015-12-20 09:00 651040 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2017-03-10 16:35 . 2017-04-12 05:40 382696 ----a-w- c:\windows\system32\atmfd.dll 2017-03-10 16:31 . 2017-04-12 05:40 41472 ----a-w- c:\windows\system32\lpk.dll 2017-03-10 16:31 . 2017-04-12 05:40 100864 ----a-w- c:\windows\system32\fontsub.dll 2017-03-10 16:31 . 2017-04-12 05:40 14336 ----a-w- c:\windows\system32\dciman32.dll 2017-03-10 16:31 . 2017-04-12 05:40 46080 ----a-w- c:\windows\system32\atmlib.dll 2017-03-10 16:27 . 2017-04-12 05:40 308456 ----a-w- c:\windows\SysWow64\atmfd.dll 2017-03-10 16:20 . 2017-04-12 05:40 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2017-03-10 16:19 . 2017-04-12 05:40 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2017-03-10 16:19 . 2017-04-12 05:40 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2017-03-10 15:53 . 2017-04-12 05:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2017-03-07 16:30 . 2017-04-12 05:40 85504 ----a-w- c:\windows\system32\asycfilt.dll 2017-03-07 16:17 . 2017-04-12 05:40 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll 2017-03-04 01:27 . 2017-04-12 05:40 1574912 ----a-w- c:\windows\system32\quartz.dll 2017-03-04 01:27 . 2017-04-12 05:40 93696 ----a-w- c:\windows\system32\mfmjpegdec.dll 2017-03-04 01:14 . 2017-04-12 05:40 1329664 ----a-w- c:\windows\SysWow64\quartz.dll 2017-03-04 01:14 . 2017-04-12 05:40 77312 ----a-w- c:\windows\SysWow64\mfmjpegdec.dll 2017-02-22 23:42 . 2017-03-15 02:23 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe 2017-02-22 23:37 . 2017-03-15 02:23 1285632 ----a-w- c:\windows\system32\aeinv.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1}"= "c:\program files (x86)\PDF Architect 4\creator-ie-plugin.dll" [2016-01-15 547040] . [HKEY_CLASSES_ROOT\clsid\{23fd9c33-a9e1-48a1-8404-e5925cf1c8e1}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1] [HKEY_CLASSES_ROOT\TypeLib\{EF01C440-4847-4D80-8461-51E292875772}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-04-10 292848] "CryptoCard Suite Cert Monitor"="c:\program files (x86)\CryptoTech\CryptoCard\CCMonitor.exe" [2015-07-27 947440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter . R2 AktualizujPP;Aktualizacja Programu Płatnik;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x] R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x] R2 OneDirveSrv;OneDirve Sync Services;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R2 PDF Architect 4 Manager;PDF Architect 4 Manager;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [x] R3 ComarchAutomatSynchronizacji;Comarch ERP Serwis Operacji Automatycznych;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x] R3 InvProtectSvc;Invincea FreeSpace Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 PDF Architect 4 CrashHandler;PDF Architect 4 CrashHandler;c:\program files\PDF Architect 4\crash-handler-ws.exe;c:\program files\PDF Architect 4\crash-handler-ws.exe [x] R3 PDF Architect 4;PDF Architect 4;c:\program files\PDF Architect 4\ws.exe;c:\program files\PDF Architect 4\ws.exe [x] R3 RBMS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Mobile;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe [x] R3 RBSS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Subskrypcji;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe [x] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x] R3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x] R3 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 ClickToRunSvc;Usługa Szybka instalacja pakietu Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 Dell Foundation Services;Dell Foundation Services;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe [x] S2 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe;c:\program files (x86)\Dell Update\DellUpService.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x] S2 IB24Service;iBard24;c:\program files (x86)\iBard24\iBard24Service.exe;c:\program files (x86)\iBard24\iBard24Service.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;c:\program files\Intel\BCA\pabeSvc64.exe;c:\program files\Intel\BCA\pabeSvc64.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 PDF Architect 4 Creator;PDF Architect 4 Creator;c:\program files\PDF Architect 4\creator-ws.exe;c:\program files\PDF Architect 4\creator-ws.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x] S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x] S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc wxsappx REG_MULTI_SZ OneDirveSrv . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayBackupFile] @="{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}" [HKEY_CLASSES_ROOT\CLSID\{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}] 2014-12-30 13:26 831728 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayModifiedBackupFile] @="{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}" [HKEY_CLASSES_ROOT\CLSID\{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}] 2014-12-30 13:26 832240 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-04-08 8464600] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2015-03-21 1392856] "tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2014-09-08 464608] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:Tabs mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: Interfaces\{628A3891-12E7-4576-B4E3-31C71F5C3500}: NameServer = 10.0.0.1,8.8.8.8 . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Lareco\AppData\Local\unins000.exe . . . Czas ukończenia: 2017-05-20 15:38:46 ComboFix-quarantined-files.txt 2017-05-20 13:38 ComboFix2.txt 2017-05-12 07:48 ComboFix3.txt 2017-04-17 17:08 . Przed: 360 272 154 624 bajtów wolnych Po: 365 731 954 688 bajtów wolnych . - - End Of File - - DB208515D816D18FA3FE24A26E1D5DCF 5C616939100B85E558DA92B899A0FC36 ComboFix 17-05-09.01 - Lareco 2017-05-20 15:39:53.4.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4015.2085 [GMT 2:00] Uruchomiony z: c:\users\Lareco\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2017-04-20 do 2017-05-20 ))))))))))))))))))))))))))))))) . . 2017-05-20 13:41 . 2017-05-20 13:41 -------- d-----w- c:\users\Public\AppData\Local\temp 2017-05-20 13:41 . 2017-05-20 13:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-05-11 13:11 . 2017-05-11 13:11 -------- d-----w- c:\users\Lareco\AppData\Local\Bagsarah 2017-05-11 13:10 . 2017-05-11 13:10 -------- d-----w- c:\programdata\Microsoft OneDrive 2017-05-11 13:10 . 2017-05-11 13:10 -------- d-----w- c:\program files (x86)\Bagsarah 2017-05-11 13:10 . 2017-05-12 07:19 -------- d-----w- c:\windows\system32\log 2017-05-11 13:04 . 2017-05-18 07:08 -------- d-----w- c:\program files (x86)\BiaoJi 2017-05-10 13:48 . 2017-05-10 13:48 -------- d-----w- C:\wyniki skanowania 2017-05-10 11:56 . 2017-05-10 11:56 -------- d-----w- c:\program files (x86)\ESET 2017-05-10 11:37 . 2017-05-10 17:42 -------- d-----w- c:\program files (x86)\TeamViewer . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-05-11 01:04 . 2015-12-19 17:28 156335152 -c--a-w- c:\windows\system32\MRT.exe 2017-05-09 11:52 . 2015-10-14 11:42 803320 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2017-05-09 11:52 . 2015-10-14 11:42 144888 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2017-04-28 00:32 . 2017-05-10 16:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2017-04-07 22:06 . 2010-11-21 03:27 532136 ------w- c:\windows\system32\MpSigStub.exe 2017-03-26 18:33 . 2017-03-26 18:33 28344 ----a-w- c:\windows\SysWow64\aspnet_counters.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 30400 ----a-w- c:\windows\system32\aspnet_counters.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll 2017-03-22 15:32 . 2017-04-12 05:40 3165184 ----a-w- c:\windows\system32\wucltux.dll 2017-03-22 15:32 . 2017-04-12 05:40 192512 ----a-w- c:\windows\system32\wuwebv.dll 2017-03-22 15:32 . 2017-04-12 05:40 98816 ----a-w- c:\windows\system32\wudriver.dll 2017-03-22 15:30 . 2017-04-12 05:40 91136 ----a-w- c:\windows\system32\WinSetupUI.dll 2017-03-22 15:24 . 2017-04-12 05:40 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll 2017-03-22 15:17 . 2017-04-12 05:40 2651136 ----a-w- c:\windows\system32\wuaueng.dll 2017-03-22 15:15 . 2017-04-12 05:40 709120 ----a-w- c:\windows\system32\wuapi.dll 2017-03-22 15:15 . 2017-04-12 05:40 37888 ----a-w- c:\windows\system32\wuapp.exe 2017-03-22 15:15 . 2017-04-12 05:40 140288 ----a-w- c:\windows\system32\wuauclt.exe 2017-03-22 15:15 . 2017-04-12 05:40 36864 ----a-w- c:\windows\system32\wups.dll 2017-03-22 15:15 . 2017-04-12 05:40 37888 ----a-w- c:\windows\system32\wups2.dll 2017-03-22 15:15 . 2017-04-12 05:40 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2017-03-22 15:05 . 2017-04-12 05:40 573440 ----a-w- c:\windows\SysWow64\wuapi.dll 2017-03-22 15:05 . 2017-04-12 05:40 35328 ----a-w- c:\windows\SysWow64\wuapp.exe 2017-03-22 15:05 . 2017-04-12 05:40 30208 ----a-w- c:\windows\SysWow64\wups.dll 2017-03-22 15:05 . 2017-04-12 05:40 93696 ----a-w- c:\windows\SysWow64\wudriver.dll 2017-03-14 09:49 . 2015-12-20 09:00 651040 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2017-03-10 16:35 . 2017-04-12 05:40 382696 ----a-w- c:\windows\system32\atmfd.dll 2017-03-10 16:31 . 2017-04-12 05:40 41472 ----a-w- c:\windows\system32\lpk.dll 2017-03-10 16:31 . 2017-04-12 05:40 100864 ----a-w- c:\windows\system32\fontsub.dll 2017-03-10 16:31 . 2017-04-12 05:40 14336 ----a-w- c:\windows\system32\dciman32.dll 2017-03-10 16:31 . 2017-04-12 05:40 46080 ----a-w- c:\windows\system32\atmlib.dll 2017-03-10 16:27 . 2017-04-12 05:40 308456 ----a-w- c:\windows\SysWow64\atmfd.dll 2017-03-10 16:20 . 2017-04-12 05:40 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2017-03-10 16:19 . 2017-04-12 05:40 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2017-03-10 16:19 . 2017-04-12 05:40 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2017-03-10 15:53 . 2017-04-12 05:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2017-03-07 16:30 . 2017-04-12 05:40 85504 ----a-w- c:\windows\system32\asycfilt.dll 2017-03-07 16:17 . 2017-04-12 05:40 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll 2017-03-04 01:27 . 2017-04-12 05:40 1574912 ----a-w- c:\windows\system32\quartz.dll 2017-03-04 01:27 . 2017-04-12 05:40 93696 ----a-w- c:\windows\system32\mfmjpegdec.dll 2017-03-04 01:14 . 2017-04-12 05:40 1329664 ----a-w- c:\windows\SysWow64\quartz.dll 2017-03-04 01:14 . 2017-04-12 05:40 77312 ----a-w- c:\windows\SysWow64\mfmjpegdec.dll 2017-02-22 23:42 . 2017-03-15 02:23 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe 2017-02-22 23:37 . 2017-03-15 02:23 1285632 ----a-w- c:\windows\system32\aeinv.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1}"= "c:\program files (x86)\PDF Architect 4\creator-ie-plugin.dll" [2016-01-15 547040] . [HKEY_CLASSES_ROOT\clsid\{23fd9c33-a9e1-48a1-8404-e5925cf1c8e1}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1] [HKEY_CLASSES_ROOT\TypeLib\{EF01C440-4847-4D80-8461-51E292875772}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-04-10 292848] "CryptoCard Suite Cert Monitor"="c:\program files (x86)\CryptoTech\CryptoCard\CCMonitor.exe" [2015-07-27 947440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter . R2 AktualizujPP;Aktualizacja Programu Płatnik;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x] R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x] R2 OneDirveSrv;OneDirve Sync Services;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R2 PDF Architect 4 Manager;PDF Architect 4 Manager;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [x] R3 ComarchAutomatSynchronizacji;Comarch ERP Serwis Operacji Automatycznych;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x] R3 InvProtectSvc;Invincea FreeSpace Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 PDF Architect 4 CrashHandler;PDF Architect 4 CrashHandler;c:\program files\PDF Architect 4\crash-handler-ws.exe;c:\program files\PDF Architect 4\crash-handler-ws.exe [x] R3 PDF Architect 4;PDF Architect 4;c:\program files\PDF Architect 4\ws.exe;c:\program files\PDF Architect 4\ws.exe [x] R3 RBMS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Mobile;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe [x] R3 RBSS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Subskrypcji;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe [x] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x] R3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x] R3 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 ClickToRunSvc;Usługa Szybka instalacja pakietu Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 Dell Foundation Services;Dell Foundation Services;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe [x] S2 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe;c:\program files (x86)\Dell Update\DellUpService.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x] S2 IB24Service;iBard24;c:\program files (x86)\iBard24\iBard24Service.exe;c:\program files (x86)\iBard24\iBard24Service.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;c:\program files\Intel\BCA\pabeSvc64.exe;c:\program files\Intel\BCA\pabeSvc64.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 PDF Architect 4 Creator;PDF Architect 4 Creator;c:\program files\PDF Architect 4\creator-ws.exe;c:\program files\PDF Architect 4\creator-ws.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x] S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x] S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc wxsappx REG_MULTI_SZ OneDirveSrv . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayBackupFile] @="{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}" [HKEY_CLASSES_ROOT\CLSID\{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}] 2014-12-30 13:26 831728 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayModifiedBackupFile] @="{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}" [HKEY_CLASSES_ROOT\CLSID\{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}] 2014-12-30 13:26 832240 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-04-08 8464600] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2015-03-21 1392856] "tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2014-09-08 464608] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:Tabs mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: Interfaces\{628A3891-12E7-4576-B4E3-31C71F5C3500}: NameServer = 10.0.0.1,8.8.8.8 . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Lareco\AppData\Local\unins000.exe . . . Czas ukończenia: 2017-05-20 15:51:54 ComboFix-quarantined-files.txt 2017-05-20 13:51 ComboFix2.txt 2017-05-20 13:38 ComboFix3.txt 2017-05-12 07:48 ComboFix4.txt 2017-04-17 17:08 . Przed: 365 700 521 984 bajtów wolnych Po: 366 576 205 824 bajtów wolnych . - - End Of File - - 857F02160C21F6E439DA19A8FB13FCC8 5C616939100B85E558DA92B899A0FC36 ComboFix 17-05-09.01 - Lareco 2017-05-20 16:10:27.5.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4015.2441 [GMT 2:00] Uruchomiony z: c:\users\Lareco\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2017-04-20 do 2017-05-20 ))))))))))))))))))))))))))))))) . . 2017-05-20 14:14 . 2017-05-20 14:14 -------- d-----w- c:\users\Public\AppData\Local\temp 2017-05-20 14:14 . 2017-05-20 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-05-11 13:11 . 2017-05-11 13:11 -------- d-----w- c:\users\Lareco\AppData\Local\Bagsarah 2017-05-11 13:10 . 2017-05-11 13:10 -------- d-----w- c:\programdata\Microsoft OneDrive 2017-05-11 13:10 . 2017-05-11 13:10 -------- d-----w- c:\program files (x86)\Bagsarah 2017-05-11 13:10 . 2017-05-12 07:19 -------- d-----w- c:\windows\system32\log 2017-05-11 13:04 . 2017-05-18 07:08 -------- d-----w- c:\program files (x86)\BiaoJi 2017-05-10 13:48 . 2017-05-10 13:48 -------- d-----w- C:\wyniki skanowania 2017-05-10 11:37 . 2017-05-10 17:42 -------- d-----w- c:\program files (x86)\TeamViewer . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-05-11 01:04 . 2015-12-19 17:28 156335152 -c--a-w- c:\windows\system32\MRT.exe 2017-05-09 11:52 . 2015-10-14 11:42 803320 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2017-05-09 11:52 . 2015-10-14 11:42 144888 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2017-04-28 00:32 . 2017-05-10 16:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2017-04-07 22:06 . 2010-11-21 03:27 532136 ------w- c:\windows\system32\MpSigStub.exe 2017-03-26 18:33 . 2017-03-26 18:33 28344 ----a-w- c:\windows\SysWow64\aspnet_counters.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 30400 ----a-w- c:\windows\system32\aspnet_counters.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll 2017-03-22 15:32 . 2017-04-12 05:40 3165184 ----a-w- c:\windows\system32\wucltux.dll 2017-03-22 15:32 . 2017-04-12 05:40 192512 ----a-w- c:\windows\system32\wuwebv.dll 2017-03-22 15:32 . 2017-04-12 05:40 98816 ----a-w- c:\windows\system32\wudriver.dll 2017-03-22 15:30 . 2017-04-12 05:40 91136 ----a-w- c:\windows\system32\WinSetupUI.dll 2017-03-22 15:24 . 2017-04-12 05:40 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll 2017-03-22 15:17 . 2017-04-12 05:40 2651136 ----a-w- c:\windows\system32\wuaueng.dll 2017-03-22 15:15 . 2017-04-12 05:40 709120 ----a-w- c:\windows\system32\wuapi.dll 2017-03-22 15:15 . 2017-04-12 05:40 37888 ----a-w- c:\windows\system32\wuapp.exe 2017-03-22 15:15 . 2017-04-12 05:40 140288 ----a-w- c:\windows\system32\wuauclt.exe 2017-03-22 15:15 . 2017-04-12 05:40 36864 ----a-w- c:\windows\system32\wups.dll 2017-03-22 15:15 . 2017-04-12 05:40 37888 ----a-w- c:\windows\system32\wups2.dll 2017-03-22 15:15 . 2017-04-12 05:40 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2017-03-22 15:05 . 2017-04-12 05:40 573440 ----a-w- c:\windows\SysWow64\wuapi.dll 2017-03-22 15:05 . 2017-04-12 05:40 35328 ----a-w- c:\windows\SysWow64\wuapp.exe 2017-03-22 15:05 . 2017-04-12 05:40 30208 ----a-w- c:\windows\SysWow64\wups.dll 2017-03-22 15:05 . 2017-04-12 05:40 93696 ----a-w- c:\windows\SysWow64\wudriver.dll 2017-03-14 09:49 . 2015-12-20 09:00 651040 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2017-03-10 16:35 . 2017-04-12 05:40 382696 ----a-w- c:\windows\system32\atmfd.dll 2017-03-10 16:31 . 2017-04-12 05:40 41472 ----a-w- c:\windows\system32\lpk.dll 2017-03-10 16:31 . 2017-04-12 05:40 100864 ----a-w- c:\windows\system32\fontsub.dll 2017-03-10 16:31 . 2017-04-12 05:40 14336 ----a-w- c:\windows\system32\dciman32.dll 2017-03-10 16:31 . 2017-04-12 05:40 46080 ----a-w- c:\windows\system32\atmlib.dll 2017-03-10 16:27 . 2017-04-12 05:40 308456 ----a-w- c:\windows\SysWow64\atmfd.dll 2017-03-10 16:20 . 2017-04-12 05:40 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2017-03-10 16:19 . 2017-04-12 05:40 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2017-03-10 16:19 . 2017-04-12 05:40 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2017-03-10 15:53 . 2017-04-12 05:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2017-03-07 16:30 . 2017-04-12 05:40 85504 ----a-w- c:\windows\system32\asycfilt.dll 2017-03-07 16:17 . 2017-04-12 05:40 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll 2017-03-04 01:27 . 2017-04-12 05:40 1574912 ----a-w- c:\windows\system32\quartz.dll 2017-03-04 01:27 . 2017-04-12 05:40 93696 ----a-w- c:\windows\system32\mfmjpegdec.dll 2017-03-04 01:14 . 2017-04-12 05:40 1329664 ----a-w- c:\windows\SysWow64\quartz.dll 2017-03-04 01:14 . 2017-04-12 05:40 77312 ----a-w- c:\windows\SysWow64\mfmjpegdec.dll 2017-02-22 23:42 . 2017-03-15 02:23 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe 2017-02-22 23:37 . 2017-03-15 02:23 1285632 ----a-w- c:\windows\system32\aeinv.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1}"= "c:\program files (x86)\PDF Architect 4\creator-ie-plugin.dll" [2016-01-15 547040] . [HKEY_CLASSES_ROOT\clsid\{23fd9c33-a9e1-48a1-8404-e5925cf1c8e1}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1] [HKEY_CLASSES_ROOT\TypeLib\{EF01C440-4847-4D80-8461-51E292875772}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-04-10 292848] "CryptoCard Suite Cert Monitor"="c:\program files (x86)\CryptoTech\CryptoCard\CCMonitor.exe" [2015-07-27 947440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter . R2 AktualizujPP;Aktualizacja Programu Płatnik;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x] R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x] R2 OneDirveSrv;OneDirve Sync Services;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R2 PDF Architect 4 Manager;PDF Architect 4 Manager;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [x] R3 ComarchAutomatSynchronizacji;Comarch ERP Serwis Operacji Automatycznych;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x] R3 InvProtectSvc;Invincea FreeSpace Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 PDF Architect 4 CrashHandler;PDF Architect 4 CrashHandler;c:\program files\PDF Architect 4\crash-handler-ws.exe;c:\program files\PDF Architect 4\crash-handler-ws.exe [x] R3 PDF Architect 4;PDF Architect 4;c:\program files\PDF Architect 4\ws.exe;c:\program files\PDF Architect 4\ws.exe [x] R3 RBMS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Mobile;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe [x] R3 RBSS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Subskrypcji;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe [x] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x] R3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x] R3 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 ClickToRunSvc;Usługa Szybka instalacja pakietu Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 Dell Foundation Services;Dell Foundation Services;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe [x] S2 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe;c:\program files (x86)\Dell Update\DellUpService.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x] S2 IB24Service;iBard24;c:\program files (x86)\iBard24\iBard24Service.exe;c:\program files (x86)\iBard24\iBard24Service.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;c:\program files\Intel\BCA\pabeSvc64.exe;c:\program files\Intel\BCA\pabeSvc64.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 PDF Architect 4 Creator;PDF Architect 4 Creator;c:\program files\PDF Architect 4\creator-ws.exe;c:\program files\PDF Architect 4\creator-ws.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x] S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x] S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc wxsappx REG_MULTI_SZ OneDirveSrv . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayBackupFile] @="{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}" [HKEY_CLASSES_ROOT\CLSID\{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}] 2014-12-30 13:26 831728 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayModifiedBackupFile] @="{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}" [HKEY_CLASSES_ROOT\CLSID\{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}] 2014-12-30 13:26 832240 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-04-08 8464600] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2015-03-21 1392856] "tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2014-09-08 464608] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:Tabs mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: Interfaces\{628A3891-12E7-4576-B4E3-31C71F5C3500}: NameServer = 10.0.0.1,8.8.8.8 . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Lareco\AppData\Local\unins000.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.25" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2017-05-20 16:15:33 ComboFix-quarantined-files.txt 2017-05-20 14:15 ComboFix2.txt 2017-05-20 13:51 ComboFix3.txt 2017-05-20 13:38 ComboFix4.txt 2017-05-12 07:48 ComboFix5.txt 2017-05-20 14:09 . Przed: 366 163 890 176 bajtów wolnych Po: 365 989 605 376 bajtów wolnych . - - End Of File - - B50B01F24D2BCC5B19464AA77CA51959 5C616939100B85E558DA92B899A0FC36 ComboFix 17-05-09.01 - Lareco 2017-05-20 16:30:37.6.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4015.2548 [GMT 2:00] Uruchomiony z: c:\users\Lareco\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2017-04-20 do 2017-05-20 ))))))))))))))))))))))))))))))) . . 2017-05-20 14:38 . 2017-05-20 14:38 -------- d-----w- c:\users\Public\AppData\Local\temp 2017-05-20 14:38 . 2017-05-20 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-05-11 13:11 . 2017-05-11 13:11 -------- d-----w- c:\users\Lareco\AppData\Local\Bagsarah 2017-05-11 13:10 . 2017-05-11 13:10 -------- d-----w- c:\programdata\Microsoft OneDrive 2017-05-11 13:10 . 2017-05-11 13:10 -------- d-----w- c:\program files (x86)\Bagsarah 2017-05-11 13:10 . 2017-05-12 07:19 -------- d-----w- c:\windows\system32\log 2017-05-11 13:04 . 2017-05-18 07:08 -------- d-----w- c:\program files (x86)\BiaoJi 2017-05-10 13:48 . 2017-05-10 13:48 -------- d-----w- C:\wyniki skanowania 2017-05-10 11:37 . 2017-05-10 17:42 -------- d-----w- c:\program files (x86)\TeamViewer . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-05-11 01:04 . 2015-12-19 17:28 156335152 -c--a-w- c:\windows\system32\MRT.exe 2017-05-09 11:52 . 2015-10-14 11:42 803320 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2017-05-09 11:52 . 2015-10-14 11:42 144888 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2017-04-28 00:32 . 2017-05-10 16:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2017-04-07 22:06 . 2010-11-21 03:27 532136 ------w- c:\windows\system32\MpSigStub.exe 2017-03-26 18:33 . 2017-03-26 18:33 28344 ----a-w- c:\windows\SysWow64\aspnet_counters.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 30400 ----a-w- c:\windows\system32\aspnet_counters.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll 2017-03-22 15:32 . 2017-04-12 05:40 3165184 ----a-w- c:\windows\system32\wucltux.dll 2017-03-22 15:32 . 2017-04-12 05:40 192512 ----a-w- c:\windows\system32\wuwebv.dll 2017-03-22 15:32 . 2017-04-12 05:40 98816 ----a-w- c:\windows\system32\wudriver.dll 2017-03-22 15:30 . 2017-04-12 05:40 91136 ----a-w- c:\windows\system32\WinSetupUI.dll 2017-03-22 15:24 . 2017-04-12 05:40 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll 2017-03-22 15:17 . 2017-04-12 05:40 2651136 ----a-w- c:\windows\system32\wuaueng.dll 2017-03-22 15:15 . 2017-04-12 05:40 709120 ----a-w- c:\windows\system32\wuapi.dll 2017-03-22 15:15 . 2017-04-12 05:40 37888 ----a-w- c:\windows\system32\wuapp.exe 2017-03-22 15:15 . 2017-04-12 05:40 140288 ----a-w- c:\windows\system32\wuauclt.exe 2017-03-22 15:15 . 2017-04-12 05:40 36864 ----a-w- c:\windows\system32\wups.dll 2017-03-22 15:15 . 2017-04-12 05:40 37888 ----a-w- c:\windows\system32\wups2.dll 2017-03-22 15:15 . 2017-04-12 05:40 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2017-03-22 15:05 . 2017-04-12 05:40 573440 ----a-w- c:\windows\SysWow64\wuapi.dll 2017-03-22 15:05 . 2017-04-12 05:40 35328 ----a-w- c:\windows\SysWow64\wuapp.exe 2017-03-22 15:05 . 2017-04-12 05:40 30208 ----a-w- c:\windows\SysWow64\wups.dll 2017-03-22 15:05 . 2017-04-12 05:40 93696 ----a-w- c:\windows\SysWow64\wudriver.dll 2017-03-14 09:49 . 2015-12-20 09:00 651040 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2017-03-10 16:35 . 2017-04-12 05:40 382696 ----a-w- c:\windows\system32\atmfd.dll 2017-03-10 16:31 . 2017-04-12 05:40 41472 ----a-w- c:\windows\system32\lpk.dll 2017-03-10 16:31 . 2017-04-12 05:40 100864 ----a-w- c:\windows\system32\fontsub.dll 2017-03-10 16:31 . 2017-04-12 05:40 14336 ----a-w- c:\windows\system32\dciman32.dll 2017-03-10 16:31 . 2017-04-12 05:40 46080 ----a-w- c:\windows\system32\atmlib.dll 2017-03-10 16:27 . 2017-04-12 05:40 308456 ----a-w- c:\windows\SysWow64\atmfd.dll 2017-03-10 16:20 . 2017-04-12 05:40 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2017-03-10 16:19 . 2017-04-12 05:40 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2017-03-10 16:19 . 2017-04-12 05:40 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2017-03-10 15:53 . 2017-04-12 05:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2017-03-07 16:30 . 2017-04-12 05:40 85504 ----a-w- c:\windows\system32\asycfilt.dll 2017-03-07 16:17 . 2017-04-12 05:40 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll 2017-03-04 01:27 . 2017-04-12 05:40 1574912 ----a-w- c:\windows\system32\quartz.dll 2017-03-04 01:27 . 2017-04-12 05:40 93696 ----a-w- c:\windows\system32\mfmjpegdec.dll 2017-03-04 01:14 . 2017-04-12 05:40 1329664 ----a-w- c:\windows\SysWow64\quartz.dll 2017-03-04 01:14 . 2017-04-12 05:40 77312 ----a-w- c:\windows\SysWow64\mfmjpegdec.dll 2017-02-22 23:42 . 2017-03-15 02:23 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe 2017-02-22 23:37 . 2017-03-15 02:23 1285632 ----a-w- c:\windows\system32\aeinv.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1}"= "c:\program files (x86)\PDF Architect 4\creator-ie-plugin.dll" [2016-01-15 547040] . [HKEY_CLASSES_ROOT\clsid\{23fd9c33-a9e1-48a1-8404-e5925cf1c8e1}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1] [HKEY_CLASSES_ROOT\TypeLib\{EF01C440-4847-4D80-8461-51E292875772}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-04-10 292848] "CryptoCard Suite Cert Monitor"="c:\program files (x86)\CryptoTech\CryptoCard\CCMonitor.exe" [2015-07-27 947440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter . R2 AktualizujPP;Aktualizacja Programu Płatnik;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x] R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x] R2 OneDirveSrv;OneDirve Sync Services;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R2 PDF Architect 4 Manager;PDF Architect 4 Manager;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [x] R3 ComarchAutomatSynchronizacji;Comarch ERP Serwis Operacji Automatycznych;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x] R3 InvProtectSvc;Invincea FreeSpace Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 PDF Architect 4 CrashHandler;PDF Architect 4 CrashHandler;c:\program files\PDF Architect 4\crash-handler-ws.exe;c:\program files\PDF Architect 4\crash-handler-ws.exe [x] R3 PDF Architect 4;PDF Architect 4;c:\program files\PDF Architect 4\ws.exe;c:\program files\PDF Architect 4\ws.exe [x] R3 RBMS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Mobile;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe [x] R3 RBSS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Subskrypcji;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe [x] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x] R3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x] R3 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 ClickToRunSvc;Usługa Szybka instalacja pakietu Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 Dell Foundation Services;Dell Foundation Services;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe [x] S2 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe;c:\program files (x86)\Dell Update\DellUpService.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x] S2 IB24Service;iBard24;c:\program files (x86)\iBard24\iBard24Service.exe;c:\program files (x86)\iBard24\iBard24Service.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;c:\program files\Intel\BCA\pabeSvc64.exe;c:\program files\Intel\BCA\pabeSvc64.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 PDF Architect 4 Creator;PDF Architect 4 Creator;c:\program files\PDF Architect 4\creator-ws.exe;c:\program files\PDF Architect 4\creator-ws.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x] S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x] S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc wxsappx REG_MULTI_SZ OneDirveSrv . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayBackupFile] @="{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}" [HKEY_CLASSES_ROOT\CLSID\{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}] 2014-12-30 13:26 831728 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayModifiedBackupFile] @="{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}" [HKEY_CLASSES_ROOT\CLSID\{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}] 2014-12-30 13:26 832240 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-04-08 8464600] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2015-03-21 1392856] "tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2014-09-08 464608] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:Tabs mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: Interfaces\{628A3891-12E7-4576-B4E3-31C71F5C3500}: NameServer = 10.0.0.1,8.8.8.8 . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Lareco\AppData\Local\unins000.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.25" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2017-05-20 16:40:33 ComboFix-quarantined-files.txt 2017-05-20 14:40 ComboFix2.txt 2017-05-20 14:15 ComboFix3.txt 2017-05-20 13:51 ComboFix4.txt 2017-05-20 13:38 ComboFix5.txt 2017-05-20 14:30 . Przed: 365 831 204 864 bajtów wolnych Po: 365 715 578 880 bajtów wolnych . - - End Of File - - 3AC4CFBD5941FF9F541E8B0264D6F466 5C616939100B85E558DA92B899A0FC36 ComboFix 17-05-16.01 - Lareco 2017-05-20 20:30:02.7.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4015.2082 [GMT 2:00] Uruchomiony z: c:\users\Lareco\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2017-04-20 do 2017-05-20 ))))))))))))))))))))))))))))))) . . 2017-05-20 18:32 . 2017-05-20 18:32 -------- d-----w- c:\users\Public\AppData\Local\temp 2017-05-20 18:32 . 2017-05-20 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-05-20 14:47 . 2017-05-20 14:47 -------- d-----w- c:\users\Lareco\AppData\Local\ESET 2017-05-20 14:45 . 2017-05-20 14:45 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2017-05-11 13:11 . 2017-05-11 13:11 -------- d-----w- c:\users\Lareco\AppData\Local\Bagsarah 2017-05-11 13:10 . 2017-05-11 13:10 -------- d-----w- c:\programdata\Microsoft OneDrive 2017-05-11 13:10 . 2017-05-11 13:10 -------- d-----w- c:\program files (x86)\Bagsarah 2017-05-11 13:10 . 2017-05-12 07:19 -------- d-----w- c:\windows\system32\log 2017-05-11 13:04 . 2017-05-18 07:08 -------- d-----w- c:\program files (x86)\BiaoJi 2017-05-10 13:48 . 2017-05-10 13:48 -------- d-----w- C:\wyniki skanowania 2017-05-10 11:37 . 2017-05-10 17:42 -------- d-----w- c:\program files (x86)\TeamViewer . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-05-11 01:04 . 2015-12-19 17:28 156335152 -c--a-w- c:\windows\system32\MRT.exe 2017-05-09 11:52 . 2015-10-14 11:42 803320 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2017-05-09 11:52 . 2015-10-14 11:42 144888 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2017-04-28 00:32 . 2017-05-10 16:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2017-04-07 22:06 . 2010-11-21 03:27 532136 ------w- c:\windows\system32\MpSigStub.exe 2017-03-26 18:33 . 2017-03-26 18:33 28344 ----a-w- c:\windows\SysWow64\aspnet_counters.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 30400 ----a-w- c:\windows\system32\aspnet_counters.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll 2017-03-22 15:32 . 2017-04-12 05:40 3165184 ----a-w- c:\windows\system32\wucltux.dll 2017-03-22 15:32 . 2017-04-12 05:40 192512 ----a-w- c:\windows\system32\wuwebv.dll 2017-03-22 15:32 . 2017-04-12 05:40 98816 ----a-w- c:\windows\system32\wudriver.dll 2017-03-22 15:30 . 2017-04-12 05:40 91136 ----a-w- c:\windows\system32\WinSetupUI.dll 2017-03-22 15:24 . 2017-04-12 05:40 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll 2017-03-22 15:17 . 2017-04-12 05:40 2651136 ----a-w- c:\windows\system32\wuaueng.dll 2017-03-22 15:15 . 2017-04-12 05:40 709120 ----a-w- c:\windows\system32\wuapi.dll 2017-03-22 15:15 . 2017-04-12 05:40 37888 ----a-w- c:\windows\system32\wuapp.exe 2017-03-22 15:15 . 2017-04-12 05:40 140288 ----a-w- c:\windows\system32\wuauclt.exe 2017-03-22 15:15 . 2017-04-12 05:40 36864 ----a-w- c:\windows\system32\wups.dll 2017-03-22 15:15 . 2017-04-12 05:40 37888 ----a-w- c:\windows\system32\wups2.dll 2017-03-22 15:15 . 2017-04-12 05:40 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2017-03-22 15:05 . 2017-04-12 05:40 573440 ----a-w- c:\windows\SysWow64\wuapi.dll 2017-03-22 15:05 . 2017-04-12 05:40 35328 ----a-w- c:\windows\SysWow64\wuapp.exe 2017-03-22 15:05 . 2017-04-12 05:40 30208 ----a-w- c:\windows\SysWow64\wups.dll 2017-03-22 15:05 . 2017-04-12 05:40 93696 ----a-w- c:\windows\SysWow64\wudriver.dll 2017-03-14 09:49 . 2015-12-20 09:00 651040 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2017-03-10 16:35 . 2017-04-12 05:40 382696 ----a-w- c:\windows\system32\atmfd.dll 2017-03-10 16:31 . 2017-04-12 05:40 41472 ----a-w- c:\windows\system32\lpk.dll 2017-03-10 16:31 . 2017-04-12 05:40 100864 ----a-w- c:\windows\system32\fontsub.dll 2017-03-10 16:31 . 2017-04-12 05:40 14336 ----a-w- c:\windows\system32\dciman32.dll 2017-03-10 16:31 . 2017-04-12 05:40 46080 ----a-w- c:\windows\system32\atmlib.dll 2017-03-10 16:27 . 2017-04-12 05:40 308456 ----a-w- c:\windows\SysWow64\atmfd.dll 2017-03-10 16:20 . 2017-04-12 05:40 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2017-03-10 16:19 . 2017-04-12 05:40 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2017-03-10 16:19 . 2017-04-12 05:40 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2017-03-10 15:53 . 2017-04-12 05:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2017-03-07 16:30 . 2017-04-12 05:40 85504 ----a-w- c:\windows\system32\asycfilt.dll 2017-03-07 16:17 . 2017-04-12 05:40 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll 2017-03-04 01:27 . 2017-04-12 05:40 1574912 ----a-w- c:\windows\system32\quartz.dll 2017-03-04 01:27 . 2017-04-12 05:40 93696 ----a-w- c:\windows\system32\mfmjpegdec.dll 2017-03-04 01:14 . 2017-04-12 05:40 1329664 ----a-w- c:\windows\SysWow64\quartz.dll 2017-03-04 01:14 . 2017-04-12 05:40 77312 ----a-w- c:\windows\SysWow64\mfmjpegdec.dll 2017-02-22 23:42 . 2017-03-15 02:23 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe 2017-02-22 23:37 . 2017-03-15 02:23 1285632 ----a-w- c:\windows\system32\aeinv.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1}"= "c:\program files (x86)\PDF Architect 4\creator-ie-plugin.dll" [2016-01-15 547040] . [HKEY_CLASSES_ROOT\clsid\{23fd9c33-a9e1-48a1-8404-e5925cf1c8e1}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1] [HKEY_CLASSES_ROOT\TypeLib\{EF01C440-4847-4D80-8461-51E292875772}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 220632 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-04-10 292848] "CryptoCard Suite Cert Monitor"="c:\program files (x86)\CryptoTech\CryptoCard\CCMonitor.exe" [2015-07-27 947440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter . R2 AktualizujPP;Aktualizacja Programu Płatnik;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe;c:\program files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x] R2 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe;c:\program files (x86)\Dell Update\DellUpService.exe [x] R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x] R2 OneDirveSrv;OneDirve Sync Services;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R2 PDF Architect 4 Manager;PDF Architect 4 Manager;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe;c:\programdata\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [x] R3 ComarchAutomatSynchronizacji;Comarch ERP Serwis Operacji Automatycznych;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe;c:\program files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x] R3 InvProtectSvc;Invincea FreeSpace Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 PDF Architect 4 CrashHandler;PDF Architect 4 CrashHandler;c:\program files\PDF Architect 4\crash-handler-ws.exe;c:\program files\PDF Architect 4\crash-handler-ws.exe [x] R3 PDF Architect 4;PDF Architect 4;c:\program files\PDF Architect 4\ws.exe;c:\program files\PDF Architect 4\ws.exe [x] R3 RBMS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Mobile;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe [x] R3 RBSS_OptimaBI;Comarch ERP Optima Analizy BI Serwis Subskrypcji;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe;c:\program files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe [x] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x] R3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x] R3 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 ClickToRunSvc;Usługa Szybka instalacja pakietu Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 Dell Foundation Services;Dell Foundation Services;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x] S2 IB24Service;iBard24;c:\program files (x86)\iBard24\iBard24Service.exe;c:\program files (x86)\iBard24\iBard24Service.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;c:\program files\Intel\BCA\pabeSvc64.exe;c:\program files\Intel\BCA\pabeSvc64.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 PDF Architect 4 Creator;PDF Architect 4 Creator;c:\program files\PDF Architect 4\creator-ws.exe;c:\program files\PDF Architect 4\creator-ws.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x] S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x] S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] S3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc wxsappx REG_MULTI_SZ OneDirveSrv . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-20 09:03 244696 ----a-w- c:\users\Lareco\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2017-03-14 11:12 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayBackupFile] @="{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}" [HKEY_CLASSES_ROOT\CLSID\{831CEBDD-6BAF-4432-BE76-9E0989C14AEF}] 2014-12-30 13:26 831728 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBRShellOverlayModifiedBackupFile] @="{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}" [HKEY_CLASSES_ROOT\CLSID\{275E4FD7-21EF-45CF-A836-832E5D2CC1B3}] 2014-12-30 13:26 832240 ------w- c:\program files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-04-08 8464600] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2015-03-21 1392856] "tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2014-09-08 464608] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:Tabs mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Lareco\AppData\Local\unins000.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.25" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2017-05-20 20:34:04 ComboFix-quarantined-files.txt 2017-05-20 18:34 ComboFix2.txt 2017-05-20 14:40 ComboFix3.txt 2017-05-20 14:15 ComboFix4.txt 2017-05-20 13:51 ComboFix5.txt 2017-05-20 18:29 . Przed: 362 046 889 984 bajtów wolnych Po: 362 260 545 536 bajtów wolnych . - - End Of File - - 4E2683CD04B4697E10541D2B3CE42C44 5C616939100B85E558DA92B899A0FC36