ComboFix 12-01-04.02 - Kuba 2012-01-04 18:03:48.1.8 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.8097.6838 [GMT 1:00] Uruchomiony z: c:\users\Kuba\Desktop\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\RelevantKnowledge c:\program files (x86)\RelevantKnowledge\asmcf.dat c:\program files (x86)\RelevantKnowledge\chrome.manifest c:\program files (x86)\RelevantKnowledge\install.rdf c:\program files (x86)\RelevantKnowledge\ncncf.dat c:\program files (x86)\RelevantKnowledge\nscf.dat c:\program files (x86)\RelevantKnowledge\rloci.bin c:\programdata\FullRemove.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk c:\users\Kuba\AppData\Roaming\DTite.exe c:\users\Kuba\AppData\Roaming\Microsoft\DTlite.exe c:\users\Kuba\AppData\Roaming\Microsoft\jusched.exe c:\users\Kuba\AppData\Roaming\Microsoft\update.exe c:\users\Kuba\AppData\Roaming\system.dat c:\users\Kuba\AppData\Roaming\windows.dat c:\windows\IsUn0415.exe c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Pliki utworzone od 2011-12-04 do 2012-01-04 ))))))))))))))))))))))))))))))) . . 2012-01-04 15:03 . 2012-01-04 15:03 -------- d-----w- c:\users\Kuba\AppData\Local\Norman Malware Cleaner 2011-12-24 15:21 . 2011-10-25 12:44 40408 ----a-w- c:\windows\system32\CleanMFT64.exe 2011-12-24 15:21 . 2008-04-02 15:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx 2011-12-24 15:21 . 2008-04-02 15:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx 2011-12-24 15:21 . 2008-04-02 15:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx 2011-12-24 15:21 . 2011-10-25 12:44 512472 ----a-w- c:\windows\SysWow64\msxml.dll 2011-12-24 15:21 . 2011-12-24 15:21 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2011-12-24 15:21 . 2011-12-24 20:21 -------- d-----w- c:\program files (x86)\PC Tools Registry Mechanic 2011-12-14 22:16 . 2011-12-14 22:16 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-12-14 02:42 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-12-14 02:42 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll 2011-12-14 02:42 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-12-14 02:42 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-14 02:42 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-12-14 02:42 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-11 20:32 . 2008-06-27 10:00 16896 ----a-w- c:\windows\system32\drivers\Wibukey2_64.sys 2011-12-11 20:32 . 2008-06-27 10:00 107008 ----a-w- c:\windows\system32\drivers\WibuKey64.sys 2011-12-11 20:32 . 2008-06-27 10:00 195072 ----a-w- c:\windows\system32\WkWin64.dll 2011-12-11 20:32 . 2008-06-27 10:00 159744 ----a-w- c:\windows\SysWow64\WkWin32.dll 2011-12-11 20:32 . 2011-12-11 20:32 -------- d-----w- c:\program files\WIBU-SYSTEMS 2011-12-11 20:32 . 2011-12-11 20:32 -------- d-----w- c:\program files (x86)\WIBUKEY 2011-12-11 20:32 . 2011-12-11 20:32 -------- d-----w- c:\program files (x86)\WIBU-SYSTEMS 2011-12-11 20:30 . 2011-12-11 20:30 -------- d-----w- c:\windows\IXP000.TMP 2011-12-09 17:07 . 2011-12-09 17:07 -------- d-----w- c:\users\Kuba\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-05 11:18 . 2011-12-05 11:18 724888 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{4FF6A18E-1C17-4C48-8371-09C40B7ABFE9}\IconTmpl6.1992E333_D17A_448B_8484_ED047109D182.exe 2011-12-05 11:18 . 2011-12-05 11:18 212480 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{4FF6A18E-1C17-4C48-8371-09C40B7ABFE9}\IconTmpl2.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe 2011-12-05 11:18 . 2011-12-05 11:18 2078096 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{4FF6A18E-1C17-4C48-8371-09C40B7ABFE9}\IconTmpl4.1992E333_D17A_448B_8484_ED047109D182.exe 2011-11-28 23:04 . 2011-11-28 23:04 720792 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{C0C33054-2D24-4971-8913-B89E32D7A7D3}\IconTmpl6.1992E333_D17A_448B_8484_ED047109D182.exe 2011-11-28 23:04 . 2011-11-28 23:04 212480 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{C0C33054-2D24-4971-8913-B89E32D7A7D3}\IconTmpl2.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe 2011-11-28 23:04 . 2011-11-28 23:04 2065296 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{C0C33054-2D24-4971-8913-B89E32D7A7D3}\IconTmpl4.1992E333_D17A_448B_8484_ED047109D182.exe 2011-11-16 19:09 . 2011-06-03 01:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-26 15:58 . 2011-10-26 15:58 75776 ----a-w- c:\windows\cadkasdeinst01e.exe 2011-10-16 01:39 . 2011-10-16 01:39 3584 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2011-10-15 08:53 . 2011-12-02 22:51 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll 2011-10-15 08:53 . 2011-12-02 22:51 539456 ----a-w- c:\windows\system32\nvhotkey.dll 2011-10-15 08:53 . 2011-12-02 22:51 137536 ----a-w- c:\windows\system32\nvshext.dll 2011-10-15 08:53 . 2011-12-02 22:51 1349440 ----a-w- c:\windows\system32\nv3dappshext.dll 2011-10-15 08:53 . 2011-12-02 22:51 5067584 ----a-w- c:\windows\system32\nvsvc64.dll 2011-10-15 08:53 . 2011-12-02 22:51 3074368 ----a-w- c:\windows\system32\nvsvcr.dll 2011-10-15 08:53 . 2011-12-02 22:51 1985841 ----a-w- c:\windows\system32\nvcoproc.bin 2011-10-15 08:53 . 2011-12-02 22:51 1640768 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2011-12-02 22:51 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll 2011-10-15 08:53 . 2011-12-02 22:51 222528 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-12-02 22:51 10406208 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-12-02 22:44 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-10-15 08:53 . 2011-12-02 22:44 860992 ----a-w- c:\windows\system32\nvumdshimx.dll 2011-10-15 08:53 . 2011-12-02 22:44 716608 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2011-10-15 08:53 . 2011-12-02 22:44 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-10-15 08:53 . 2011-12-02 22:44 68928 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-15 08:53 . 2011-12-02 22:44 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-10-15 08:53 . 2011-12-02 22:44 371520 ----a-w- c:\windows\system32\nvoptimusmft.dll 2011-10-15 08:53 . 2011-12-02 22:44 330560 ----a-w- c:\windows\SysWow64\nvoptimusmft.dll 2011-10-15 08:53 . 2011-12-02 22:44 28992 ----a-w- c:\windows\system32\drivers\nvpciflt.sys 2011-10-15 08:53 . 2011-12-02 22:44 24742720 ----a-w- c:\windows\system32\nvoglv64.dll 2011-10-15 08:53 . 2011-12-02 22:44 241984 ----a-w- c:\windows\system32\nvinitx.dll 2011-10-15 08:53 . 2011-12-02 22:44 203072 ----a-w- c:\windows\SysWow64\nvinit.dll 2011-10-15 08:53 . 2011-12-02 22:44 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2011-10-15 08:53 . 2011-12-02 22:44 1533248 ----a-w- c:\windows\system32\nvdispco64.dll 2011-10-15 08:53 . 2011-12-02 22:44 1454400 ----a-w- c:\windows\system32\nvgenco64.dll 2011-10-15 08:53 . 2011-12-02 22:44 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-15 08:53 . 2011-12-02 22:44 7581504 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-15 08:53 . 2011-12-02 22:44 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll 2011-10-15 08:53 . 2011-12-02 22:44 364352 ----a-w- c:\windows\system32\nvdecodemft.dll 2011-10-15 08:53 . 2011-12-02 22:44 301888 ----a-w- c:\windows\SysWow64\nvdecodemft.dll 2011-10-15 08:53 . 2011-12-02 22:44 2808128 ----a-w- c:\windows\system32\nvapi64.dll 2011-10-15 08:53 . 2011-12-02 22:44 2542912 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-15 08:53 . 2011-12-02 22:44 24796992 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-15 08:53 . 2011-12-02 22:44 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-10-15 08:53 . 2011-12-02 22:44 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2011-10-15 08:53 . 2011-12-02 22:44 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-15 08:53 . 2011-12-02 22:44 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2011-10-15 08:53 . 2011-12-02 22:44 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2011-10-15 08:53 . 2011-12-02 22:44 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll 2011-10-15 08:53 . 2011-12-02 22:44 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{90eee664-34b1-422a-a782-779af65cdf6d}"= "c:\program files (x86)\IncrediMail_MediaBar_4\tbIncr.dll" [2010-11-29 3908192] . [HKEY_CLASSES_ROOT\clsid\{90eee664-34b1-422a-a782-779af65cdf6d}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-11-29 14:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90eee664-34b1-422a-a782-779af65cdf6d}] 2010-11-29 14:26 3908192 ----a-w- c:\program files (x86)\IncrediMail_MediaBar_4\tbIncr.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{90eee664-34b1-422a-a782-779af65cdf6d}"= "c:\program files (x86)\IncrediMail_MediaBar_4\tbIncr.dll" [2010-11-29 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192] . [HKEY_CLASSES_ROOT\clsid\{90eee664-34b1-422a-a782-779af65cdf6d}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-20 37888] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-11-14 1156216] R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111228.001\IDSvia64.sys [2011-08-10 488568] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x] R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x] R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x] R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552] R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896] R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-01-19 2078096] R2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2011-11-09 1677072] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 135664] R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016] R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016] R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-10-25 793048] R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064] R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280] R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928] R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-29 1431888] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 135664] R3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' . 2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 04:27] . 2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 04:27] . 2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250770824-1004743116-4000070828-1002Core.job - c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 21:50] . 2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250770824-1004743116-4000070828-1002UA.job - c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 21:50] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856] "AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536] "AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 379040] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-11 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-11 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-11 416024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://mystart.incredimail.com/mb59?u=92823323938986506 uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &P&obierz &za pomocą BitComet - c:\program files (x86)\BitComet\BitComet_x64.exe/AddLink.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Pobierz wszystko za pomocą BitComet - c:\program files (x86)\BitComet\BitComet_x64.exe/AddAllLink.htm TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{AF6D3094-702E-4D86-A713-675A2F25B53F}: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{AF6D3094-702E-4D86-A713-675A2F25B53F}\1462D4: DhcpNameServer = 79.173.40.13 79.173.40.16 TCP: Interfaces\{AF6D3094-702E-4D86-A713-675A2F25B53F}\3547162797F52427F6771627: DhcpNameServer = 195.114.161.61 TCP: Interfaces\{AF6D3094-702E-4D86-A713-675A2F25B53F}\4586F6D6F54403035303836323: DhcpNameServer = 62.21.99.95 TCP: Interfaces\{AF6D3094-702E-4D86-A713-675A2F25B53F}\E4544594143505F445D2531444039303: DhcpNameServer = 192.168.1.254 . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKCU-Run-DTlite - c:\users\Kuba\AppData\Roaming\Microsoft\DTlite.exe Wow6432Node-HKCU-Run-Java - c:\users\Kuba\AppData\Roaming\Microsoft\jusched.exe Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr AddRemove-Heroes of Might and Magic® III - c:\windows\IsUn0415.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:d0,58,d9,f8,5b,db,a4,7f,29,b2,81,ef,56,ab,1d,65,bb,71,15,51,f4, ea,71,fe,52,7f,5e,73,43,af,c6,a3,3f,67,db,4f,2c,a7,fe,58,01,8e,93,13,a7,03,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:d0,58,d9,f8,5b,db,a4,7f,29,b2,81,ef,56,ab,1d,65,bb,71,15,51,f4, ea,71,fe,52,7f,5e,73,43,af,c6,a3,3f,67,db,4f,2c,a7,fe,58,01,8e,93,13,a7,03,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-01-04 18:15:09 ComboFix-quarantined-files.txt 2012-01-04 17:15 . Przed: 21 237 153 792 bajtów wolnych Po: 22 753 828 864 bajtów wolnych . - - End Of File - - E69E2A5D95A90E4EA5B30F5FBBF98C06