korski 13 Napisano 29 Grudnia 2016 Udostępnij Napisano 29 Grudnia 2016 (edytowane) Witajcie. Mam problem z wirusem. Ściągnałem go pewnie z piracką plague inc( o ironio). Wyczytałem że ukrywa się w rejestrze i tworzy pliki.exe Jak się go pozbyć? malwarebytes antimalware usuwa ciągle ten sam plik i zmiany rejestru. Przeleciałem wczoraj kompa jakimś programem do naprawy rejestru, lecz dziś pojawił się znowu. Używam ccleaner. Po usunieciu gvvi.exe pojawia sie ono znowu. Wirus psuje mi gry na originie, ryje w bibliotekach c++, usuwa pliki unistal programów. [spoiler]Malwarebytes Anti-Malware www.malwarebytes.org Data skanowania: 2016-12-29 Czas skanowania: 15:34 Raport: Administrator: Tak Wersja: 2.2.1.1043 Baza szkodliwego oprogramowania: v2016.12.29.05 Baza danych rootkitów: v2016.11.20.01 Licencja: Darmowa Ochrona przed złośliwym oprogramowaniem: Wyłączony Ochrona przed szkodliwymi stronami: Wyłączony Samoobrona: Wyłączony System operacyjny: Windows 7 Service Pack 1 Procesor: x64 System plików: NTFS Użytkownik: Admin Typ skanowania: Dokładne skanowanie Wynik: Zakończono Obiekty przeskanowane: 307828 Czas, który upłynął: 2 min, 7 s Pamięć: Włączony Autostart: Włączony System plików: Włączony Archiwa: Włączony Rootkity: Wyłączony Heurystyka: Włączony PUP: Włączony PUM: Włączony Procesy: 0 (Nie wykryto zagrożeń) Moduły: 0 (Nie wykryto zagrożeń) Klucze rejestru: 0 (Nie wykryto zagrożeń) Wartości rejestru: 0 (Nie wykryto zagrożeń) Dane rejestru: 3 PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Dobry: (0), Zły: (1),,[c158d914039772c413f98a5531d2837d] PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Dobry: (0), Zły: (1),,[90891ad3e0ba49edea23508fd03324dc] PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Dobry: (0), Zły: (1),,[dc3d3cb1bdddd95dc648d20d4bb8a25e] Foldery: 0 (Nie wykryto zagrożeń) Pliki: 1 Trojan.MalPack.Gen, C:\gvvi.exe, , [6bae84692278102681178a019071c937], Sektory fizyczne: 0 (Nie wykryto zagrożeń) (end)[/spoiler]ccleaner [spoiler]Nieprawidłowe rozszerzenia plików SoftGrid.Unavailable HKCR\SoftGrid.Unavailable Brakujące odniesienie MUI Q:\140066.plk\Office14\MSOUC.EXE HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\%systemDrive%\oasys\shared\ClrTestHost.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\%systemDrive%\oasys\shared\ClrTestHost_x86.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\%windir%\system32\Control.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\140066.plk\Office14\MSTORE.EXE HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\140066.plk\Office14\EXCELC.EXE HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\140066.plk\Office14\OIS.EXE HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\140066.plk\Office14\MOMM.EXE HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\140066.plk\Office14\WINWORDC.EXE HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\%commonprogramfiles%\microsoft shared\virtualization handler\OfficeVirt.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\%commonprogramfiles%\microsoft shared\virtualization handler\MapiServer.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\%windir%\system32\cmd.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\%commonprogramfiles%\microsoft shared\virtualization handler\VirtualOWSSuppManager.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\%commonprogramfiles%\microsoft shared\virtualization handler\VirtualSearchHost.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Brakujące odniesienie MUI Q:\%systemroot%\system32\rundll32.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Nie wiem czym jest dysk Q. Pojawił się na początku użytkowania komputera i to taki pusty odnośnik do którego nie mam praw. Poleciałem teraz ADWcleaner oraz wise disc cleaner + wise registry cleaner. Makwarevytes wciaz wykrywa trojana. Użyłem też programu combofix : omboFix 16-12-15.01 - Admin 2016-12-29 16:11:46.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.16344.12771 [GMT 1:00]Uruchomiony z: c:\users\Admin\Downloads\ComboFix.exeSP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\ntuser.polc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidomc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ar\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\bg\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ca\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\cs\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\da\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\de\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\el\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\en\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\es\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\fi\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\fr\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\gu\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\he\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\hr\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\hu\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\id\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\it\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ja\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ko\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\nb\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\nl\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pl\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pt_BR\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pt_PT\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ro\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ru\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sk\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sl\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sr\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sv\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\tr\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\uk\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\vi\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\zh_CN\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\zh_TW\messages.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_metadata\computed_hashes.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_metadata\verified_contents.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_safari_beforeload.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_safari_contentblocking.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_start_chrome.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_start_common.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\background.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\bandaids.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.cssc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.htmlc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\CHANGELOG.txtc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\checkupdates.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\chrome_oauth_receiver.htmlc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\chrome_oauth_receiver.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\datacollection.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\dropbox-datastores.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\declarativewebrequest.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\domainset.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filternormalizer.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filteroptions.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filterset.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filtertypes.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\myfilters.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\functions.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\gab_question.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\idlehandler.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\delete.gifc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox1.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox2.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox3.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\facebook-sprite.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\gplus-sprite.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon128.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16_grayscale.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16_grayscale@2x.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19-grayscale.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19-whitelisted.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon24.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon32.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38-grayscale.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38-whitelisted.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon48.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\loader.gifc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\logo.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\check.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\magnifying_glass.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-engine-card_no-shadow.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-engine-icons.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-omnibox-card_no-shadow.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search_engine_select_arrow.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\twitter-sprite.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_flat_55_999999_40x100.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-icons_056b93_256x240.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-icons_d8e7f3_256x240.pngc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\jquery-ui.custom.cssc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\override-page.cssc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery-ui.custom.min.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery.cookie.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery.min.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\LICENSEc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\manifest.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\notificationoverlay.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\bug-report.htmlc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\bug-report.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\customize.htmlc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\customize.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\filters.htmlc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\filters.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\general.htmlc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\general.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\index.htmlc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\index.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\options.cssc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\support.htmlc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\support.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\adreport.htmlc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\adreport.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.cssc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.htmlc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.cssc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.htmlc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\port.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\punycode.min.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\README.markdownc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\stats.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\survey.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\translators.jsonc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\blacklistui.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\clickwatcher.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\elementchain.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\overlay.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\rightclick_hook.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\load_jquery_ui.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\send_content_to_back.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\top_open_blacklist_ui.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\top_open_whitelist_ui.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\ytchannel.jsc:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstoragec:\users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesH:\tmefj.pif..((((((((((((((((((((((((( Pliki utworzone od 2016-11-28 do 2016-12-29 )))))))))))))))))))))))))))))))..2016-12-29 15:13 . 2016-12-29 15:13 -------- d-----w- c:\users\Default\AppData\Local\temp2016-12-29 15:05 . 2016-12-29 15:05 79064 ----a-w- c:\windows\system32\drivers\xfftv.sys2016-12-29 15:02 . 2016-12-29 15:05 -------- d-----w- c:\users\Admin\AppData\Roaming\Wise Registry Cleaner2016-12-29 14:58 . 2016-12-29 15:02 -------- d-----w- c:\users\Admin\AppData\Roaming\Wise Disk Cleaner2016-12-29 14:58 . 2016-12-29 15:05 103140 ----a-w- C:\gvvi.exe2016-12-29 14:56 . 2016-12-29 14:57 -------- d-----w- C:\AdwCleaner2016-12-28 20:14 . 2016-12-28 20:15 -------- d-----w- c:\users\Admin\AppData\Roaming\Wise Euask2016-12-28 20:14 . 2016-12-29 15:02 -------- d-----w- c:\program files (x86)\Wise2016-12-28 20:10 . 2016-12-28 20:10 -------- d-----w- c:\program files\BDServices2016-12-26 00:32 . 2016-12-26 00:32 -------- d-----w- c:\users\Admin\AppData\Local\Ndemic Creations2016-12-26 00:30 . 2016-12-26 00:32 -------- d-----w- c:\program files (x86)\Plague Inc Evolved2016-12-25 13:30 . 2016-12-25 15:48 -------- d-----w- c:\users\Admin\AppData\Local\Origin2016-12-17 05:59 . 2016-12-17 05:59 -------- d-----w- c:\users\Admin\AppData\Local\Chromium2016-12-17 05:59 . 2016-12-12 14:36 1951 ----a-w- c:\windows\NvTelemetryContainerRecovery.bat2016-12-17 05:58 . 2016-12-12 23:36 46016 ----a-w- c:\windows\system32\drivers\nvvad64v.sys2016-12-17 05:58 . 2016-12-12 23:36 156096 ----a-w- c:\windows\system32\nvaudcap64v.dll2016-12-17 05:58 . 2016-12-12 23:36 123840 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll2016-12-14 12:13 . 2016-12-14 12:13 -------- d-----w- c:\users\Admin\AppData\Local\Electronic Arts2016-12-13 23:21 . 2009-09-04 16:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll2016-12-12 17:42 . 2016-12-12 17:42 485512 ----a-w- c:\windows\system32\drivers\Trufos.sys2016-12-05 23:00 . 2016-12-05 23:00 -------- d-----w- c:\program files\Shining Rock Software LLC2016-12-05 21:58 . 2016-12-13 14:43 -------- d-----w- c:\program files (x86)\R.G. Mechanics2016-12-05 18:38 . 2016-12-29 15:12 -------- d-----w- c:\users\Admin\AppData\Local\JDownloader v2.0...(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2016-12-29 15:02 . 2016-05-27 14:49 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2016-12-28 19:16 . 2016-07-10 16:37 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2016-12-28 19:16 . 2016-07-10 16:37 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02016-12-15 15:22 . 2016-07-10 16:37 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2016-12-13 13:16 . 2016-02-12 10:06 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2016-12-13 13:16 . 2016-02-12 10:06 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2016-12-12 23:37 . 2016-10-02 16:41 1853376 ----a-w- c:\windows\system32\nvspcap64.dll2016-12-12 23:37 . 2016-10-02 16:41 1452480 ----a-w- c:\windows\SysWow64\nvspcap.dll2016-12-12 23:37 . 2016-10-02 16:41 1755072 ----a-w- c:\windows\system32\nvspbridge64.dll2016-12-12 23:37 . 2016-10-02 16:41 1317312 ----a-w- c:\windows\SysWow64\nvspbridge.dll2016-12-12 23:37 . 2016-10-02 16:41 120256 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll2016-12-12 14:37 . 2016-11-16 21:08 1951 ----a-w- c:\windows\NvContainerRecovery.bat2016-10-19 17:08 . 2016-02-12 10:06 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2016-10-16 09:02 . 2016-10-16 09:03 115712 ----a-w- c:\windows\system32\libScePad.dll..((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazaneREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-04-04 4289728]"Bloody2"="c:\program files (x86)\Bloody5\Bloody5\Bloody5.exe" [2015-06-16 18923008]"EADM"="i:\program files (x86)\ORIGIN\Origin.exe" [2016-12-25 3639280]"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-02-12 8641240].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-06-15 296216]"Fast Boot"="c:\program files (x86)\MSI\Fast Boot\StartFastBoot.exe" [2015-04-22 836944]"Command Center"="c:\program files (x86)\MSI\Command Center\StartCommandCenter.exe" [2016-07-21 905312]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2016-03-10 55264].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"AntiVirusDisableNotify"=dword:00000001"FirewallDisableNotify"=dword:00000001"FirewallOverride"=dword:00000001"UpdatesDisableNotify"=dword:00000001"UacDisableNotify"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]"AntiVirusOverride"=dword:00000001"AntiVirusDisableNotify"=dword:00000001"FirewallDisableNotify"=dword:00000001"FirewallOverride"=dword:00000001"UpdatesDisableNotify"=dword:00000001"UacDisableNotify"=dword:00000001.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 ATLOISAService;ATLOISAService;c:\windows\system\ATLOISAService.exe;c:\windows\system\ATLOISAService.exe [x]R3 dtproscsibus;DAEMON Tools Pro Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtproscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtproscsibus.sys [x]R3 GalaxyClientService;GalaxyClientService;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe [x]R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]R3 MSIClock_CC;MSI Command Center Clock Service;c:\program files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe;c:\program files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [x]R3 MSICOMM_CC;MSI Command Center Comm Service;c:\program files (x86)\MSI\Command Center\MSICommService.exe;c:\program files (x86)\MSI\Command Center\MSICommService.exe [x]R3 MSICPU_CC;MSI Command Center CPU Service;c:\program files (x86)\MSI\Command Center\CPU\MSICPUService.exe;c:\program files (x86)\MSI\Command Center\CPU\MSICPUService.exe [x]R3 MSISMB_CC;MSI Command Center SMBus Service;c:\program files (x86)\MSI\Command Center\SMBus\MSISMBService.exe;c:\program files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [x]R3 MSISuperIO_CC;MSI Command Center SuperIO Service;c:\program files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe;c:\program files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [x]R3 netw5v64;Sterownik karty Intel® Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 64-bitowej;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]R3 NTIOLib_MB;NTIOLib_MB;c:\program files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys;c:\program files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys [x]R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]R3 Origin Client Service;Origin Client Service;i:\program files (x86)\ORIGIN\OriginClientService.exe;i:\program files (x86)\ORIGIN\OriginClientService.exe [x]R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 ssdevfactory;SteelSeries Device Factory Service;c:\windows\system32\DRIVERS\ssdevfactory.sys;c:\windows\SYSNATIVE\DRIVERS\ssdevfactory.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 file_tracker;file_tracker;c:\windows\system32\DRIVERS\file_tracker.sys;c:\windows\SYSNATIVE\DRIVERS\file_tracker.sys [x]S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]S1 BfLwf;Killer Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]S2 BitDefenderCOM;BitDefenderCOM;c:\program files\BDServices\BitDefenderCom.exe;c:\program files\BDServices\BitDefenderCom.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 GamingApp_Service;GamingApp_Service;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [x]S2 GamingHotkey_Service;GamingHotkey_Service;c:\program files (x86)\MSI\MSI Gaming APP\GamingHotkey_Service.exe;c:\program files (x86)\MSI\MSI Gaming APP\GamingHotkey_Service.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 iocbios2;iocbios2;c:\program files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys;c:\program files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 Killer Service V2;Killer Service V2;c:\program files\Killer Networking\Network Manager\KillerService.exe;c:\program files\Killer Networking\Network Manager\KillerService.exe [x]S2 MSI_Cloud_Service;MSI_Cloud_Service;c:\program files (x86)\MSI\MSI M-Cloud\MSI_Cloud_Service.exe;c:\program files (x86)\MSI\MSI M-Cloud\MSI_Cloud_Service.exe [x]S2 MSI_FastBoot;MSI_FastBoot;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe [x]S2 MSI_LiveUpdate_Service;MSI Live Update Service;i:\program files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe;i:\program files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [x]S2 MSI_RAMDisk_Service;MSI_RAMDisk_Service;c:\program files (x86)\MSI\MSI RAMDisk\MSI_RAMDisk_Service.exe;c:\program files (x86)\MSI\MSI RAMDisk\MSI_RAMDisk_Service.exe [x]S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]S2 MSICTL_CC;MSI Command Center control Service;c:\program files (x86)\MSI\Command Center\MSIControlService.exe;c:\program files (x86)\MSI\Command Center\MSIControlService.exe [x]S2 MSIDDR_CC;MSI Command Center DDR Service;c:\program files (x86)\MSI\Command Center\DDR\MSIDDRService.exe;c:\program files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [x]S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]S2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [x]S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]S2 RAMDriv;MSI RAMDrive;c:\windows\system32\DRIVERS\ramdriv.sys;c:\windows\SYSNATIVE\DRIVERS\ramdriv.sys [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]S2 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]S2 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]S2 XTU3SERVICE;Intel® Extreme Tuning Utility Service;c:\program files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe;c:\program files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]S3 FMHdAudAddService;C-Media Function Driver for High Definition Audio Service (SC808);c:\windows\system32\DRIVERS\SC808HDV64.sys;c:\windows\SYSNATIVE\DRIVERS\SC808HDV64.sys [x]S3 I2cHkBurn;I2cHkBurn;c:\windows\system32\drivers\I2cHkBurn.sys;c:\windows\SYSNATIVE\drivers\I2cHkBurn.sys [x]S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]S3 iusb3hub;Sterownik koncentratora Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Sterownik kontrolera hosta Intel® USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 KillerEth;NDIS Miniport Driver for Killer e2400 PCI-E Ehternet Controller;c:\windows\system32\DRIVERS\e24w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e24w7x64.sys [x]S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys [x]S3 NTIOLib_FastBoot;NTIOLib_FastBoot;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [x]S3 NTIOLib_MSIDDR_CC;NTIOLib_MSIDDR_CC;c:\program files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys;c:\program files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [x]S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]..--- Inne Usługi/Sterowniki w Pamięci ---.*NewlyCreated* - GENERICDRV*NewlyCreated* - NTIOLIB_1_0_3*NewlyCreated* - NTIOLIB_FASTBOOT*Deregistered* - GENERICDRV.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc.Zawartość folderu 'Zaplanowane zadania'.2016-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12 13:16]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]2014-09-09 09:00 2825312 ----a-w- c:\program files (x86)\Seagate\DiscWizard\tishell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]2014-09-09 09:00 2825312 ----a-w- c:\program files (x86)\Seagate\DiscWizard\tishell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]2014-09-09 09:00 2825312 ----a-w- c:\program files (x86)\Seagate\DiscWizard\tishell64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2016-01-29 8843520]"GFS64"="c:\windows\system\GfsMgr64.exe" [2013-04-25 286720]"GFS"="c:\windows\syswow64\GfsMgr.exe" [2013-04-25 204800]"SC808HDEX"="c:\windows\syswow64\ExMgr.exe" [2011-02-25 204800]"SC808HDSound"="c:\program files\HD Audio PCI-e Audio Device\CPL\FaceLift_x64.exe" [2013-10-24 2325504]"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-12-12 1853376].------- Skan uzupełniający -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = https://search.yahoo.com/?fr=vmn&type=auslog_ya_hpmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\27vwm2gx.default\.- - - - USUNIĘTO PUSTE WPISY - - - -.HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start...--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------.[HKEY_USERS\S-1-5-21-3288582324-313567072-2727661118-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-3288582324-313567072-2727661118-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Czas ukończenia: 2016-12-29 16:14:34ComboFix-quarantined-files.txt 2016-12-29 15:14.Przed: 20 472 111 104 bajtów wolnychPo: 20 172 218 368 bajtów wolnych.- - End Of File - - 66F499BD737495A4F42A52F9FE952E4CA36C5E4F47E84449FF07ED3517B43A31 Edytowane 29 Grudnia 2016 przez korski Link to post Share on other sites
Recommended Posts