. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0 Run by Oleñka at 0:31:09 on 2012-01-06 . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\WLANExt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\ProgramData\DatacardService\DCService.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\consent.exe C:\Windows\system32\consent.exe C:\Windows\system32\consent.exe C:\Windows\system32\consent.exe C:\Windows\system32\consent.exe C:\Windows\system32\consent.exe C:\Windows\system32\consent.exe C:\Windows\system32\consent.exe C:\Windows\system32\consent.exe C:\Program Files\Panda USB Vaccine\USBVaccine.exe C:\Windows\system32\consent.exe C:\Windows\explorer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe C:\Program Files\TeamViewer\Version7\TeamViewer.exe C:\Program Files\TeamViewer\Version7\tv_w32.exe C:\Users\Oleñka\Downloads\HitmanPro36.exe C:\Windows\system32\ctfmon.exe c:\program files\teamviewer\version7\TeamViewer_Desktop.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\msfeedssync.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Oleñka\Downloads\dds.com C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=106 uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} - c:\program files\livebox\searchurlhook\SearchPageURL.dll BHO: AutorunsDisabled - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: IplexToALLPlayer: {df925ef3-7a87-44e4-9caf-8d7b280bf616} - c:\progra~1\allpla~1\iplex\IPLEXT~1.DLL TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep" uRun: [TOSCDSPD] TOSCDSPD.EXE uRun: [Facebook Update] "c:\users\oleñka\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [ChomikBox] c:\program files\chomikbox\ChomikBox.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [cfFncEnabler.exe] cfFncEnabler.exe mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Skytel] Skytel.exe mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [ORAHSSSessionManager] "c:\program files\livebox\sessionmanager\SessionManager.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Funkcja Google Sidewiki - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Wyœlij &do programu OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab TCP: DhcpNameServer = 62.179.1.62 62.179.1.63 TCP: Interfaces\{49873AAB-AAF1-490D-9011-BA92E3D60DC6} : DhcpNameServer = 89.108.195.20 217.17.34.10 TCP: Interfaces\{A6128A5C-EC23-4048-897A-4A5597F4A9FE} : DhcpNameServer = 62.179.1.62 62.179.1.63 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect . ================= FIREFOX =================== . FF - ProfilePath - c:\users\oleñka\appdata\roaming\mozilla\firefox\profiles\f40qlvqf.default\ . ============= SERVICES / DRIVERS =============== . R? avast! Antivirus;avast! Antivirus R? avast! Firewall;avast! Firewall R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? cpuz134;cpuz134 R? ew_hwusbdev;Huawei MobileBroadband USB PNP Device R? ewusbnet;HUAWEI USB-NDIS miniport R? FsUsbExDisk;FsUsbExDisk R? GoogleDesktopManager-051210-111108;Mened¾er Google Desktop 5.9.1005.12335 R? gupdate;Usˆuga Google Update (gupdate) R? gupdatem;Usˆuga Google Update (gupdatem) R? HsfXAudioService;HsfXAudioService R? jswpsapi;Jumpstart Wifi Protected Setup R? lxdx_device;lxdx_device R? MBAMSwissArmy;MBAMSwissArmy R? osppsvc;Office Software Protection Platform R? PCAMp50;PCAMp50 NDIS Protocol Driver R? SmartFaceVWatchSrv;SmartFaceVWatchSrv R? TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO) R? WinRing0_1_2_0;WinRing0_1_2_0 R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? AdobeARMservice;Adobe Acrobat Update Service S? aswFsBlk;aswFsBlk S? aswFW;avast! TDI Firewall driver S? aswMonFlt;aswMonFlt S? aswNdis;avast! Firewall NDIS Filter Service S? aswNdis2;avast! Firewall Core Firewall Service S? aswSnx;aswSnx S? aswSP;aswSP S? ConfigFree Service;ConfigFree Service S? DCService.exe;DCService.exe S? FontCache;Usˆug systemu Windows buforowania czcionek S? FwLnk;FwLnk Driver S? hitmanpro35;Hitman Pro 3.5 Support Driver S? jswpslwf;JumpStart Wireless Filter Driver S? LMIGuardianSvc;LMIGuardianSvc S? LMIInfo;LogMeIn Kernel Information Provider S? LMIRfsDriver;LogMeIn Remote File System Driver S? TeamViewer7;TeamViewer 7 S? TOSHIBA SMART Log Service;TOSHIBA SMART Log Service . =============== Created Last 30 ================ . 2012-01-05 23:21:36 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-05 23:09:00 -------- d-----w- c:\program files\HitmanPro 2012-01-05 22:55:58 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2012-01-05 22:55:58 30592 ----a-w- c:\windows\system32\LMIport.dll 2012-01-05 22:55:57 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-01-05 22:55:57 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2012-01-05 22:55:52 87424 ----a-w- c:\windows\system32\LMIinit.dll 2012-01-05 22:55:45 -------- d-----w- c:\programdata\LogMeIn 2012-01-05 22:55:13 -------- d-----w- c:\program files\LogMeIn 2012-01-05 22:23:27 -------- d-----w- c:\program files\TeamViewer 2012-01-05 12:00:26 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{92c179f9-14c9-43a3-84a4-361be2ad705a}\offreg.dll 2012-01-04 08:23:05 -------- d-----w- c:\users\oleñka\appdata\roaming\Apple Computer 2012-01-03 09:43:50 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{92c179f9-14c9-43a3-84a4-361be2ad705a}\mpengine.dll 2011-12-14 20:19:55 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-12-14 20:19:54 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-12-14 20:19:53 429056 ----a-w- c:\windows\system32\EncDec.dll 2011-12-14 20:19:51 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-12-14 20:19:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2011-12-14 20:19:48 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-14 20:19:41 2048 ----a-w- c:\windows\system32\tzres.dll . ==================== Find3M ==================== . 2012-01-05 23:09:11 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 17:54:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53:22 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-11-15 10:16:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll 2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 0:33:06,31 ===============