ComboFix 13-12-06.01 - weronika 2013-12-06 22:12:45.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.8106.5796 [GMT 1:00] Uruchomiony z: c:\users\weronika\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\RelevantKnowledge c:\program files (x86)\RelevantKnowledge\asmcf.dat c:\program files (x86)\RelevantKnowledge\chrome.manifest c:\program files (x86)\RelevantKnowledge\components\rlxg.dll c:\program files (x86)\RelevantKnowledge\egdcf.dat c:\program files (x86)\RelevantKnowledge\firefox\bootstrap.js c:\program files (x86)\RelevantKnowledge\firefox\defaults\preferences\prefs.js c:\program files (x86)\RelevantKnowledge\firefox\harness-options.json c:\program files (x86)\RelevantKnowledge\firefox\install.rdf c:\program files (x86)\RelevantKnowledge\firefox\locale\en-GB.json c:\program files (x86)\RelevantKnowledge\firefox\locale\eo.json c:\program files (x86)\RelevantKnowledge\firefox\locale\fr-FR.json c:\program files (x86)\RelevantKnowledge\firefox\locales.json c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\addon\runner.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\base64.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\console\plain-text.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\console\traceback.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\content-proxy.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\content-worker.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\loader.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\thumbnail.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\worker.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\heritage.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\namespace.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\promise.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\api-utils.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\cortex.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\errors.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\events.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\events\assembler.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\light-traits.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\list.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\memory.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\observer-service.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\traits.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\traits\core.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\window-utils.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\dom\events.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\event\core.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\event\target.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\byte-streams.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\data.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\file.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\text-streams.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\core.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\html.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\loader.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\locale.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\prefs.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\lang\functional.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\loader\cuddlefish.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\loader\sandbox.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\net\url.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\page-mod.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\page-mod\match-pattern.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\platform\xpcom.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\preferences\service.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing\utils.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing\window\utils.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\self.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\environment.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\events.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\globals.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\runtime.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\unload.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\xul-app.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\common.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\events.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\helpers.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\namespace.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\observer.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab-fennec.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab-firefox.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tabs-firefox.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tabs.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\utils.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\worker.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\timers.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\url.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\array.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\deprecate.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\list.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\object.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\registry.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\uuid.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\browser.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\namespace.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\utils.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\dom.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\fennec.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\firefox.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\loader.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\observer.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\tabs-fennec.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\tabs-firefox.js c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\toolkit\loader.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\file.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\list.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\process.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\system.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\url.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js c:\program files (x86)\RelevantKnowledge\firefox\resources\chrome.manifest c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\content.js c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\main.js c:\program files (x86)\RelevantKnowledge\firefox\rlnx.dll c:\program files (x86)\RelevantKnowledge\install.rdf c:\program files (x86)\RelevantKnowledge\ncncf.dat c:\program files (x86)\RelevantKnowledge\nscf.dat c:\program files (x86)\RelevantKnowledge\readme.txt c:\program files (x86)\RelevantKnowledge\rlcm.crx c:\program files (x86)\RelevantKnowledge\rlcm.txt c:\program files (x86)\RelevantKnowledge\rlls.dll c:\program files (x86)\RelevantKnowledge\rlls64.dll c:\program files (x86)\RelevantKnowledge\rloci.bin c:\program files (x86)\RelevantKnowledge\rlph.dll c:\program files (x86)\RelevantKnowledge\rlservice.exe c:\program files (x86)\RelevantKnowledge\rlvknlg.exe c:\program files (x86)\RelevantKnowledge\rlvknlg32.exe c:\program files (x86)\RelevantKnowledge\rlvknlg64.exe c:\program files (x86)\RelevantKnowledge\rlxf.dll c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk c:\windows\SysWow64\rlls.dll . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_RelevantKnowledge . . ((((((((((((((((((((((((( Pliki utworzone od 2013-11-06 do 2013-12-06 ))))))))))))))))))))))))))))))) . . 2013-12-06 21:28 . 2013-12-06 21:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-12-06 21:28 . 2013-12-06 21:28 -------- d-----w- c:\users\Gość\AppData\Local\temp 2013-12-06 21:28 . 2013-12-06 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-12-06 14:42 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42E7F58A-C01C-4C16-A09C-94C469855299}\mpengine.dll 2013-11-22 21:37 . 2013-11-22 21:37 -------- d-----w- c:\program files (x86)\CTS 2013-11-13 12:45 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll 2013-11-13 12:45 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-11-13 12:45 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2013-11-13 12:45 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll 2013-11-13 12:45 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll 2013-11-13 12:45 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll 2013-11-13 12:45 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-11-13 12:45 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll 2013-11-13 12:45 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-17 10:51 . 2011-10-25 19:58 82896128 ----a-w- c:\windows\system32\MRT.exe 2013-11-11 04:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe 2013-09-08 02:30 . 2013-10-10 14:18 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-10 14:18 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-10 14:18 231424 ----a-w- c:\windows\SysWow64\mswsock.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AMPPALP;Protokół Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] R4 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x] R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S3 AMPPAL;Karta wirtualna Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-05 19:32 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2013-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-31 16:28] . 2013-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-31 16:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.gazeta.pl/0,0.html?p=128 uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &P&obierz &za pomocą BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Pobierz wszystko za pomocą BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\weronika\AppData\Roaming\Mozilla\Firefox\Profiles\d040zdcw.default-1353435140715\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.pl/ FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 169c5c16000000000000dca9712eeb3c FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15812 FF - user.js: extensions.delta.vrsn - 1.8.16.16 FF - user.js: extensions.delta.vrsni - 1.8.16.16 FF - user.js: extensions.delta.vrsnTs - 1.8.16.1616:27 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files (x86)\RelevantKnowledge\rlvknlg.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe . ************************************************************************** . Czas ukończenia: 2013-12-06 22:42:04 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2013-12-06 21:42 . Przed: 125 238 915 072 bajtów wolnych Po: 126 988 541 952 bajtów wolnych . - - End Of File - - BAC664BC3D291BB08D16FDC6535EF4DD