Skocz do zawartości

Wirus w rejestrze

korski

dodany przez korski,
w Internet, sieci komputerowe, bezpieczeństwo

 Udostępnij Obserwujący 0

Recommended Posts

korski

korski 13

Napisano
Napisano (edytowane)

Witajcie.

Mam problem z wirusem. Ściągnałem go pewnie z piracką plague inc( o ironio). Wyczytałem że ukrywa się w rejestrze i tworzy pliki.exe

Jak się go pozbyć? malwarebytes antimalware usuwa ciągle ten sam plik i zmiany rejestru. Przeleciałem wczoraj kompa jakimś programem do naprawy rejestru, lecz dziś pojawił się znowu. Używam ccleaner.

Po usunieciu gvvi.exe pojawia sie ono znowu. Wirus psuje mi gry na originie, ryje w bibliotekach c++, usuwa pliki unistal programów.

 

 

[spoiler]Malwarebytes Anti-Malware
www.malwarebytes.org

Data skanowania: 2016-12-29
Czas skanowania: 15:34
Raport:
Administrator: Tak

Wersja: 2.2.1.1043
Baza szkodliwego oprogramowania: v2016.12.29.05
Baza danych rootkitów: v2016.11.20.01
Licencja: Darmowa
Ochrona przed złośliwym oprogramowaniem: Wyłączony
Ochrona przed szkodliwymi stronami: Wyłączony
Samoobrona: Wyłączony

System operacyjny: Windows 7 Service Pack 1
Procesor: x64
System plików: NTFS
Użytkownik: Admin

Typ skanowania: Dokładne skanowanie
Wynik: Zakończono
Obiekty przeskanowane: 307828
Czas, który upłynął: 2 min, 7 s

Pamięć: Włączony
Autostart: Włączony
System plików: Włączony
Archiwa: Włączony
Rootkity: Wyłączony
Heurystyka: Włączony
PUP: Włączony
PUM: Włączony

Procesy: 0
(Nie wykryto zagrożeń)

Moduły: 0
(Nie wykryto zagrożeń)

Klucze rejestru: 0
(Nie wykryto zagrożeń)

Wartości rejestru: 0
(Nie wykryto zagrożeń)

Dane rejestru: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Dobry: (0), Zły: (1),,[c158d914039772c413f98a5531d2837d]
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Dobry: (0), Zły: (1),,[90891ad3e0ba49edea23508fd03324dc]
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Dobry: (0), Zły: (1),,[dc3d3cb1bdddd95dc648d20d4bb8a25e]

Foldery: 0
(Nie wykryto zagrożeń)

Pliki: 1
Trojan.MalPack.Gen, C:\gvvi.exe, , [6bae84692278102681178a019071c937],

Sektory fizyczne: 0
(Nie wykryto zagrożeń)


(end)[/spoiler]ccleaner

[spoiler]Nieprawidłowe rozszerzenia plików    SoftGrid.Unavailable    HKCR\SoftGrid.Unavailable
Brakujące odniesienie MUI    Q:\140066.plk\Office14\MSOUC.EXE    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\%systemDrive%\oasys\shared\ClrTestHost.exe    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\%systemDrive%\oasys\shared\ClrTestHost_x86.exe    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\%windir%\system32\Control.exe    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\140066.plk\Office14\MSTORE.EXE    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\140066.plk\Office14\EXCELC.EXE    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\140066.plk\Office14\OIS.EXE    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\140066.plk\Office14\MOMM.EXE    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\140066.plk\Office14\WINWORDC.EXE    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\%commonprogramfiles%\microsoft shared\virtualization handler\OfficeVirt.exe    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\%commonprogramfiles%\microsoft shared\virtualization handler\MapiServer.exe    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\%windir%\system32\cmd.exe    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\%commonprogramfiles%\microsoft shared\virtualization handler\VirtualOWSSuppManager.exe    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\%commonprogramfiles%\microsoft shared\virtualization handler\VirtualSearchHost.exe    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Brakujące odniesienie MUI    Q:\%systemroot%\system32\rundll32.exe    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

 

 

 

 

Nie wiem czym jest dysk Q. Pojawił się na początku użytkowania komputera i to taki pusty odnośnik do którego nie mam praw.

Poleciałem teraz ADWcleaner oraz wise disc cleaner + wise registry cleaner. Makwarevytes wciaz wykrywa trojana.

Użyłem też programu combofix :

 

 

omboFix 16-12-15.01 - Admin 2016-12-29 16:11:46.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.16344.12771 [GMT 1:00]
Uruchomiony z: c:\users\Admin\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ar\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\bg\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ca\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\cs\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\da\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\de\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\el\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\en\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\es\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\fi\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\fr\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\gu\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\he\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\hr\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\hu\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\id\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\it\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ja\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ko\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\nb\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\nl\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pl\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pt_BR\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pt_PT\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ro\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ru\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sk\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sl\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sr\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sv\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\tr\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\uk\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\vi\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\zh_CN\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\zh_TW\messages.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_metadata\computed_hashes.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_metadata\verified_contents.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_safari_beforeload.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_safari_contentblocking.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_start_chrome.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_start_common.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\background.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\bandaids.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.css
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.html
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\CHANGELOG.txt
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\checkupdates.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\chrome_oauth_receiver.html
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\chrome_oauth_receiver.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\datacollection.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\dropbox-datastores.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\declarativewebrequest.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\domainset.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filternormalizer.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filteroptions.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filterset.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filtertypes.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\myfilters.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\functions.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\gab_question.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\idlehandler.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\delete.gif
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox1.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox2.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox3.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\facebook-sprite.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\gplus-sprite.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon128.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16_grayscale.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\[email protected]
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19-grayscale.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19-whitelisted.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon24.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon32.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38-grayscale.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38-whitelisted.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon48.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\loader.gif
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\logo.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\check.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\magnifying_glass.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-engine-card_no-shadow.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-engine-icons.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-omnibox-card_no-shadow.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search_engine_select_arrow.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\twitter-sprite.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-icons_056b93_256x240.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\jquery-ui.custom.css
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\override-page.css
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery-ui.custom.min.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery.cookie.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery.min.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\LICENSE
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\manifest.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\notificationoverlay.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\bug-report.html
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\bug-report.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\customize.html
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\customize.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\filters.html
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\filters.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\general.html
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\general.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\index.html
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\index.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\options.css
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\support.html
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\support.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\adreport.html
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\adreport.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.css
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.html
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.css
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.html
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\port.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\punycode.min.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\README.markdown
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\stats.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\survey.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\translators.json
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\blacklistui.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\clickwatcher.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\elementchain.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\overlay.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\rightclick_hook.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\load_jquery_ui.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\send_content_to_back.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\top_open_blacklist_ui.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\top_open_whitelist_ui.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\ytchannel.js
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
c:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
H:\tmefj.pif
.
.
((((((((((((((((((((((((( Pliki utworzone od 2016-11-28 do 2016-12-29 )))))))))))))))))))))))))))))))
.
.
2016-12-29 15:13 . 2016-12-29 15:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-12-29 15:05 . 2016-12-29 15:05 79064 ----a-w- c:\windows\system32\drivers\xfftv.sys
2016-12-29 15:02 . 2016-12-29 15:05 -------- d-----w- c:\users\Admin\AppData\Roaming\Wise Registry Cleaner
2016-12-29 14:58 . 2016-12-29 15:02 -------- d-----w- c:\users\Admin\AppData\Roaming\Wise Disk Cleaner
2016-12-29 14:58 . 2016-12-29 15:05 103140 ----a-w- C:\gvvi.exe
2016-12-29 14:56 . 2016-12-29 14:57 -------- d-----w- C:\AdwCleaner
2016-12-28 20:14 . 2016-12-28 20:15 -------- d-----w- c:\users\Admin\AppData\Roaming\Wise Euask
2016-12-28 20:14 . 2016-12-29 15:02 -------- d-----w- c:\program files (x86)\Wise
2016-12-28 20:10 . 2016-12-28 20:10 -------- d-----w- c:\program files\BDServices
2016-12-26 00:32 . 2016-12-26 00:32 -------- d-----w- c:\users\Admin\AppData\Local\Ndemic Creations
2016-12-26 00:30 . 2016-12-26 00:32 -------- d-----w- c:\program files (x86)\Plague Inc Evolved
2016-12-25 13:30 . 2016-12-25 15:48 -------- d-----w- c:\users\Admin\AppData\Local\Origin
2016-12-17 05:59 . 2016-12-17 05:59 -------- d-----w- c:\users\Admin\AppData\Local\Chromium
2016-12-17 05:59 . 2016-12-12 14:36 1951 ----a-w- c:\windows\NvTelemetryContainerRecovery.bat
2016-12-17 05:58 . 2016-12-12 23:36 46016 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2016-12-17 05:58 . 2016-12-12 23:36 156096 ----a-w- c:\windows\system32\nvaudcap64v.dll
2016-12-17 05:58 . 2016-12-12 23:36 123840 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2016-12-14 12:13 . 2016-12-14 12:13 -------- d-----w- c:\users\Admin\AppData\Local\Electronic Arts
2016-12-13 23:21 . 2009-09-04 16:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2016-12-12 17:42 . 2016-12-12 17:42 485512 ----a-w- c:\windows\system32\drivers\Trufos.sys
2016-12-05 23:00 . 2016-12-05 23:00 -------- d-----w- c:\program files\Shining Rock Software LLC
2016-12-05 21:58 . 2016-12-13 14:43 -------- d-----w- c:\program files (x86)\R.G. Mechanics
2016-12-05 18:38 . 2016-12-29 15:12 -------- d-----w- c:\users\Admin\AppData\Local\JDownloader v2.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-29 15:02 . 2016-05-27 14:49 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-12-28 19:16 . 2016-07-10 16:37 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-12-28 19:16 . 2016-07-10 16:37 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-12-15 15:22 . 2016-07-10 16:37 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2016-12-13 13:16 . 2016-02-12 10:06 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-12-13 13:16 . 2016-02-12 10:06 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-12-12 23:37 . 2016-10-02 16:41 1853376 ----a-w- c:\windows\system32\nvspcap64.dll
2016-12-12 23:37 . 2016-10-02 16:41 1452480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2016-12-12 23:37 . 2016-10-02 16:41 1755072 ----a-w- c:\windows\system32\nvspbridge64.dll
2016-12-12 23:37 . 2016-10-02 16:41 1317312 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2016-12-12 23:37 . 2016-10-02 16:41 120256 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2016-12-12 14:37 . 2016-11-16 21:08 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2016-10-19 17:08 . 2016-02-12 10:06 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-10-16 09:02 . 2016-10-16 09:03 115712 ----a-w- c:\windows\system32\libScePad.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-04-04 4289728]
"Bloody2"="c:\program files (x86)\Bloody5\Bloody5\Bloody5.exe" [2015-06-16 18923008]
"EADM"="i:\program files (x86)\ORIGIN\Origin.exe" [2016-12-25 3639280]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-02-12 8641240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-06-15 296216]
"Fast Boot"="c:\program files (x86)\MSI\Fast Boot\StartFastBoot.exe" [2015-04-22 836944]
"Command Center"="c:\program files (x86)\MSI\Command Center\StartCommandCenter.exe" [2016-07-21 905312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2016-03-10 55264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ATLOISAService;ATLOISAService;c:\windows\system\ATLOISAService.exe;c:\windows\system\ATLOISAService.exe [x]
R3 dtproscsibus;DAEMON Tools Pro Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtproscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtproscsibus.sys [x]
R3 GalaxyClientService;GalaxyClientService;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe [x]
R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MSIClock_CC;MSI Command Center Clock Service;c:\program files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe;c:\program files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [x]
R3 MSICOMM_CC;MSI Command Center Comm Service;c:\program files (x86)\MSI\Command Center\MSICommService.exe;c:\program files (x86)\MSI\Command Center\MSICommService.exe [x]
R3 MSICPU_CC;MSI Command Center CPU Service;c:\program files (x86)\MSI\Command Center\CPU\MSICPUService.exe;c:\program files (x86)\MSI\Command Center\CPU\MSICPUService.exe [x]
R3 MSISMB_CC;MSI Command Center SMBus Service;c:\program files (x86)\MSI\Command Center\SMBus\MSISMBService.exe;c:\program files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [x]
R3 MSISuperIO_CC;MSI Command Center SuperIO Service;c:\program files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe;c:\program files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [x]
R3 netw5v64;Sterownik karty Intel® Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 64-bitowej;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NTIOLib_MB;NTIOLib_MB;c:\program files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys;c:\program files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 Origin Client Service;Origin Client Service;i:\program files (x86)\ORIGIN\OriginClientService.exe;i:\program files (x86)\ORIGIN\OriginClientService.exe [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssdevfactory;SteelSeries Device Factory Service;c:\windows\system32\DRIVERS\ssdevfactory.sys;c:\windows\SYSNATIVE\DRIVERS\ssdevfactory.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 file_tracker;file_tracker;c:\windows\system32\DRIVERS\file_tracker.sys;c:\windows\SYSNATIVE\DRIVERS\file_tracker.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 BfLwf;Killer Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 BitDefenderCOM;BitDefenderCOM;c:\program files\BDServices\BitDefenderCom.exe;c:\program files\BDServices\BitDefenderCom.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GamingApp_Service;GamingApp_Service;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [x]
S2 GamingHotkey_Service;GamingHotkey_Service;c:\program files (x86)\MSI\MSI Gaming APP\GamingHotkey_Service.exe;c:\program files (x86)\MSI\MSI Gaming APP\GamingHotkey_Service.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 iocbios2;iocbios2;c:\program files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys;c:\program files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Killer Service V2;Killer Service V2;c:\program files\Killer Networking\Network Manager\KillerService.exe;c:\program files\Killer Networking\Network Manager\KillerService.exe [x]
S2 MSI_Cloud_Service;MSI_Cloud_Service;c:\program files (x86)\MSI\MSI M-Cloud\MSI_Cloud_Service.exe;c:\program files (x86)\MSI\MSI M-Cloud\MSI_Cloud_Service.exe [x]
S2 MSI_FastBoot;MSI_FastBoot;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe [x]
S2 MSI_LiveUpdate_Service;MSI Live Update Service;i:\program files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe;i:\program files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [x]
S2 MSI_RAMDisk_Service;MSI_RAMDisk_Service;c:\program files (x86)\MSI\MSI RAMDisk\MSI_RAMDisk_Service.exe;c:\program files (x86)\MSI\MSI RAMDisk\MSI_RAMDisk_Service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 MSICTL_CC;MSI Command Center control Service;c:\program files (x86)\MSI\Command Center\MSIControlService.exe;c:\program files (x86)\MSI\Command Center\MSIControlService.exe [x]
S2 MSIDDR_CC;MSI Command Center DDR Service;c:\program files (x86)\MSI\Command Center\DDR\MSIDDRService.exe;c:\program files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 RAMDriv;MSI RAMDrive;c:\windows\system32\DRIVERS\ramdriv.sys;c:\windows\SYSNATIVE\DRIVERS\ramdriv.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]
S2 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S2 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S2 XTU3SERVICE;Intel® Extreme Tuning Utility Service;c:\program files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe;c:\program files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 FMHdAudAddService;C-Media Function Driver for High Definition Audio Service (SC808);c:\windows\system32\DRIVERS\SC808HDV64.sys;c:\windows\SYSNATIVE\DRIVERS\SC808HDV64.sys [x]
S3 I2cHkBurn;I2cHkBurn;c:\windows\system32\drivers\I2cHkBurn.sys;c:\windows\SYSNATIVE\drivers\I2cHkBurn.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 iusb3hub;Sterownik koncentratora Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Sterownik kontrolera hosta Intel® USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 KillerEth;NDIS Miniport Driver for Killer e2400 PCI-E Ehternet Controller;c:\windows\system32\DRIVERS\e24w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e24w7x64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_FastBoot;NTIOLib_FastBoot;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [x]
S3 NTIOLib_MSIDDR_CC;NTIOLib_MSIDDR_CC;c:\program files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys;c:\program files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - GENERICDRV
*NewlyCreated* - NTIOLIB_1_0_3
*NewlyCreated* - NTIOLIB_FASTBOOT
*Deregistered* - GENERICDRV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2016-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12 13:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2014-09-09 09:00 2825312 ----a-w- c:\program files (x86)\Seagate\DiscWizard\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2014-09-09 09:00 2825312 ----a-w- c:\program files (x86)\Seagate\DiscWizard\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2014-09-09 09:00 2825312 ----a-w- c:\program files (x86)\Seagate\DiscWizard\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2016-01-29 8843520]
"GFS64"="c:\windows\system\GfsMgr64.exe" [2013-04-25 286720]
"GFS"="c:\windows\syswow64\GfsMgr.exe" [2013-04-25 204800]
"SC808HDEX"="c:\windows\syswow64\ExMgr.exe" [2011-02-25 204800]
"SC808HDSound"="c:\program files\HD Audio PCI-e Audio Device\CPL\FaceLift_x64.exe" [2013-10-24 2325504]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-12-12 1853376]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\27vwm2gx.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3288582324-313567072-2727661118-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3288582324-313567072-2727661118-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2016-12-29 16:14:34
ComboFix-quarantined-files.txt 2016-12-29 15:14
.
Przed: 20 472 111 104 bajtów wolnych
Po: 20 172 218 368 bajtów wolnych
.
- - End Of File - - 66F499BD737495A4F42A52F9FE952E4C
A36C5E4F47E84449FF07ED3517B43A31

 

Edytowane przez korski
Link to post
Share on other sites
Gość
This topic is now closed to further replies.
 Udostępnij
Obserwujący 0
Wróć do listy tematów

  • Ostatnio przeglądający   0 użytkowników

    Brak zarejestrowanych użytkowników przeglądających tę stronę.

×
×
  • Dodaj nową pozycję...