Skocz do zawartości

Tyska1120

Użytkownicy
 Pokaż profil  Zobacz aktywność

  • Postów

    3

  • Dołączył

  • Ostatnia wizyta

 Typ zawartości 

Treść opublikowana przez Tyska1120

  1. Tyska1120
    zrobione, jeśli to już koniec to bardzo dziękuję za pomoc;)
  2. Tyska1120
    Zastosowałam sie do instrukcji, załączam logi # AdwCleaner v2.300 - Log utworzony 15/05/2013 o 14:57:15 # Aktualizacja 28/04/2013 przez Xplode # System operacyjny : Windows 7 Enterprise Service Pack 1 (32 bits) # Użytkownik : xxx - XXX-KOMPUTER # Tryb uruchomienia : Normalny # Ścieżka : C:\Users\xxx\Desktop\AdwCleaner.exe # Opcja [usuń] ***** [usługi] ***** ***** [Pliki / Foldery] ***** Folder Usunięto : C:\Program Files\Optimizer Pro Folder Usunięto : C:\ProgramData\Babylon Folder Usunięto : C:\ProgramData\Tarma Installer Folder Usunięto : C:\Users\xxx\AppData\Local\Conduit Folder Usunięto : C:\Users\xxx\AppData\Local\OpenCandy Folder Usunięto : C:\Users\xxx\AppData\LocalLow\BabylonToolbar Folder Usunięto : C:\Users\xxx\AppData\LocalLow\Conduit Folder Usunięto : C:\Users\xxx\AppData\Roaming\Babylon Plik Usunięto : C:\user.js ***** [Rejestr] ***** Klucz Usunięto : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Klucz Usunięto : HKCU\Software\BI Klucz Usunięto : HKCU\Software\Conduit Klucz Usunięto : HKCU\Software\DataMngr_Toolbar Klucz Usunięto : HKCU\Software\DealPly Klucz Usunięto : HKCU\Software\f55d8dfb138ba40 Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Klucz Usunięto : HKCU\Software\InstallCore Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKLM\Software\Babylon Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Klucz Usunięto : HKLM\SOFTWARE\Classes\Conduit.Engine Klucz Usunięto : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT1708250 Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT2247187 Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT2475029 Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT3031818 Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Klucz Usunięto : HKLM\Software\Conduit Klucz Usunięto : HKLM\Software\DealPly Klucz Usunięto : HKLM\SOFTWARE\f55d8dfb138ba40 Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Rejestr w porządku. -\\ Google Chrome v26.0.1410.64 Plik : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Plik w porządku. ************************* AdwCleaner[s1].txt - [3983 octets] - [15/05/2013 14:57:15] ########## EOF - C:\AdwCleaner[s1].txt - [4043 octets] ########## log z punktu 2 All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Microsoft\Internet Explorer\SearchScopes\{41F5223A-C2B2-4465-ADD8-6B8F3FD0BB8B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F5223A-C2B2-4465-ADD8-6B8F3FD0BB8B}\ not found. Registry key HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8D6C73B4-BDA3-4A7E-A3A7-89BBA2BC085C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D6C73B4-BDA3-4A7E-A3A7-89BBA2BC085C}\ not found. Registry key HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Registry key HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Service cpu stopped successfully! Service cpu deleted successfully! File C:\cpu.sys not found. Service catchme stopped successfully! Service catchme deleted successfully! File C:\Users\xxx\AppData\Local\Temp\catchme.sys not found. ========== FILES ========== File\Folder C:\Users\xxx\AppData\Roaming\BabSolution not found. C:\Users\xxx\AppData\Roaming\DealPly\UpdateProc folder moved successfully. C:\Users\xxx\AppData\Roaming\DealPly folder moved successfully. C:\Users\xxx\AppData\Roaming\Keax folder moved successfully. C:\Users\xxx\AppData\Roaming\Saxa folder moved successfully. C:\Users\xxx\AppData\Roaming\OpenCandy\OpenCandy_E2385B0ADA5045DC9BFB76D33634C677 folder moved successfully. C:\Users\xxx\AppData\Roaming\OpenCandy folder moved successfully. C:\Program Files\Mozilla Firefox\searchplugins folder moved successfully. C:\Program Files\Mozilla Firefox\extensions folder moved successfully. C:\Program Files\Mozilla Firefox folder moved successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 58264 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: xxx ->Temp folder emptied: 16899045 bytes ->Temporary Internet Files folder emptied: 24039334 bytes ->Java cache emptied: 8818229 bytes ->Google Chrome cache emptied: 32201995 bytes ->Flash cache emptied: 58761 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 18102973 bytes RecycleBin emptied: 24252696 bytes Total Files Cleaned = 119,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05152013_144926 Files\Folders moved on Reboot... C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O720H4NF\xd_arbiter[1].htm moved successfully. C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZIAGS1I\xd_arbiter[1].htm moved successfully. C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OCQOI2G\17985-wirus-weelsof-użycie-combofix-dalsze-instrukcje[1].htm moved successfully. C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OCQOI2G\fastbutton[1].htm moved successfully. C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OCQOI2G\like[1].htm moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... i ostatni log OTL OTL logfile created on: 2013-05-15 15:03:52 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop\combo Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,43% Memory free 6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 18,64 Gb Free Space | 19,09% Space Free | Partition Type: NTFS Drive D: | 319,37 Gb Total Space | 209,15 Gb Free Space | 65,49% Space Free | Partition Type: NTFS Drive E: | 514,39 Gb Total Space | 425,57 Gb Free Space | 82,73% Space Free | Partition Type: NTFS Computer Name: XXX-KOMPUTER | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-05-15 10:52:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\combo\OTL.exe PRC - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-05-09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013-04-19 23:10:48 | 001,631,144 | ---- | M] (Valve Corporation) -- E:\Program Files\Steam\Steam.exe PRC - [2011-08-02 17:40:34 | 000,862,208 | ---- | M] (Murray Hurps Corp Pty Ltd) -- C:\Program Files\Ad Muncher\AdMunch.exe PRC - [2011-07-11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2011-01-17 20:50:30 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011-01-17 20:50:30 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010-11-20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-11-20 23:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2010-05-24 11:10:34 | 001,683,360 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe PRC - [2010-02-03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe PRC - [2009-05-03 12:22:28 | 000,073,392 | ---- | M] (FSPro Labs) -- C:\Windows\System32\fsproflt.exe PRC - [2009-03-13 21:29:10 | 004,413,952 | ---- | M] (AnyDATA.NET) -- C:\Program Files\Orange\EasyWirelessNet.exe PRC - [2007-03-06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe ========== Modules (No Company Name) ========== MOD - [2013-04-19 23:10:50 | 001,114,024 | ---- | M] () -- E:\Program Files\Steam\bin\chromehtml.dll MOD - [2013-03-27 02:16:40 | 020,341,672 | ---- | M] () -- E:\Program Files\Steam\bin\libcef.dll MOD - [2013-03-26 00:23:34 | 000,651,776 | ---- | M] () -- E:\Program Files\Steam\SDL2.dll MOD - [2012-12-11 19:51:10 | 001,100,800 | ---- | M] () -- E:\Program Files\Steam\bin\avcodec-53.dll MOD - [2012-12-11 19:51:10 | 000,192,000 | ---- | M] () -- E:\Program Files\Steam\bin\avformat-53.dll MOD - [2012-12-11 19:51:10 | 000,124,416 | ---- | M] () -- E:\Program Files\Steam\bin\avutil-51.dll MOD - [2012-10-28 15:09:06 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2010-05-24 11:10:38 | 000,098,720 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll MOD - [2010-05-24 11:10:32 | 064,661,408 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\skin.dll MOD - [2010-05-24 11:10:30 | 000,078,240 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll MOD - [2010-05-24 11:10:28 | 000,111,008 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll MOD - [2009-09-30 05:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\System32\AsIO.dll MOD - [2009-03-25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\AsSpindownTimeout.dll MOD - [2009-03-19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\AiNap.dll MOD - [2009-03-19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\vvc.dll MOD - [2009-01-15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\pngio.dll MOD - [2007-04-24 14:04:34 | 000,106,496 | ---- | M] () -- C:\Program Files\Orange\UMI.dll ========== Services (SafeList) ========== SRV - [2013-05-15 14:32:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013-04-19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-05-03 12:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\System32\fsproflt.exe -- (fsproflt) SRV - [2007-03-06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2013-05-09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013-05-09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013-05-09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013-05-09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2013-05-09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013-05-09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013-05-09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013-05-09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011-10-03 17:27:19 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011-10-03 17:27:16 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011-06-17 22:28:18 | 000,240,736 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0151.sys -- (RsFx0151) DRV - [2010-11-20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010-11-20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010-11-20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010-11-20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010-11-20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010-11-20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010-11-20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-05-15 13:11:42 | 001,150,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2010-04-08 20:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2010-03-04 12:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2009-09-28 01:12:21 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-08-21 22:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009-08-13 09:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2009-08-04 04:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2009-07-16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009-07-14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009-07-14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2008-06-05 19:37:54 | 000,043,792 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\System32\drivers\FSPFltd.sys -- (FSProFilter) DRV - [2007-11-14 04:08:38 | 000,100,992 | ---- | M] (AnyDATA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ IE - HKCU\..\SearchScopes,DefaultScope = {E8ACC590-B07B-414F-A3DB-F30FF1BFE3E8} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{E8ACC590-B07B-414F-A3DB-F30FF1BFE3E8}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-23 20:59:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-23 20:59:04 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: Google Update (Enabled) = C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - Extension: Dokumenty Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Dysk Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013-05-14 22:42:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ALLYouTubeDownloader) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files\ALLYouTubeDownloader\ALLYouTubeDownloader.dll (ALLCinema Ltd.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe (ALLPlayer Group Ltd.) O4 - HKCU..\Run: [steam] E:\Program Files\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O15 - HKCU\..Trusted Domains: allegro.pl ([]https in Zaufane witryny) O16 - DPF: {112857FE-11D5-03FF-9A3F-0080C8D85044} http://cached.gamedesire.com/g_bin/pl/solitaire_2_0_0_32.cab (GameDesire Solitaires) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D0334C2-DCC5-4D4F-BBFE-579056971EE6}: NameServer = 217.116.100.65 79.163.127.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5535053-3DF2-4AA2-BCD3-9DAAEAF3748E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAAF58B7-0743-43F9-B3CA-73F06AF32837}: NameServer = 79.163.127.70 217.116.100.65 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-05-15 14:49:26 | 000,000,000 | ---D | C] -- C:\_OTL [2013-05-15 14:45:53 | 006,953,496 | ---- | C] (Microsoft Corporation) -- C:\Users\xxx\Desktop\Silverlight2.exe [2013-05-15 14:32:31 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-05-15 14:32:31 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013-05-15 14:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013-05-15 14:24:36 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013-05-15 14:24:36 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013-05-15 14:24:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013-05-15 14:24:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013-05-15 14:24:33 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013-05-15 14:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013-05-15 14:19:22 | 000,903,072 | ---- | C] (Oracle Corporation) -- C:\Users\xxx\Desktop\JavaSetup7u21.exe [2013-05-15 13:01:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\combo [2013-05-15 10:39:29 | 000,663,128 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\xxx\Desktop\SPTDinst-v183-x86.exe [2013-05-15 00:29:47 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013-05-15 00:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013-05-15 00:29:46 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013-05-15 00:29:45 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013-05-15 00:29:44 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013-05-15 00:29:44 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013-05-15 00:29:41 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013-05-15 00:29:41 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013-05-15 00:29:01 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013-05-15 00:15:18 | 006,604,352 | ---- | C] (AVAST Software) -- C:\Users\xxx\Desktop\avast_free_antivirus_setup_online.exe [2013-05-14 22:42:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013-05-14 22:38:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\temp [2013-05-14 22:38:52 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013-05-14 22:32:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013-05-14 22:32:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013-05-14 22:32:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013-05-14 22:32:10 | 000,000,000 | ---D | C] -- C:\ComboFix [2013-05-14 22:32:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2013-05-14 22:31:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013-05-14 22:28:59 | 005,066,131 | R--- | C] (Swearware) -- C:\Users\xxx\Desktop\ComboFix.exe [2013-05-14 15:27:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013-05-14 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Google [2013-05-14 15:16:59 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\xxx\Desktop\chrome_installer.exe [2013-05-14 00:05:17 | 861,572,958 | -H-- | C] (Games ) -- C:\Users\xxx\Desktop\Portal Evil Stolen Runes CE.exe [2013-05-13 19:53:07 | 002,138,352 | ---- | C] (Solid State Networks) -- C:\Users\xxx\Desktop\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe [2013-05-08 16:10:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\zdj Julci [2013-04-27 12:07:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\uprawa ogródka [2013-04-23 13:15:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Nowy folder (3) [2013-04-21 17:32:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\claas ========== Files - Modified Within 30 Days ========== [2013-05-15 15:06:06 | 000,805,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-05-15 15:06:06 | 000,719,666 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-05-15 15:06:06 | 000,179,428 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-05-15 15:06:06 | 000,145,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-05-15 15:00:51 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-05-15 14:59:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-05-15 14:59:34 | 2415,308,800 | -HS- | M] () -- C:\hiberfil.sys [2013-05-15 14:58:56 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-05-15 14:58:56 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-05-15 14:56:44 | 000,628,743 | ---- | M] () -- C:\Users\xxx\Desktop\AdwCleaner.exe [2013-05-15 14:46:32 | 006,953,496 | ---- | M] (Microsoft Corporation) -- C:\Users\xxx\Desktop\Silverlight2.exe [2013-05-15 14:37:27 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2013-05-15 14:32:31 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-05-15 14:32:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013-05-15 14:27:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-230849284-1701895467-2992816361-1000UA.job [2013-05-15 14:24:29 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013-05-15 14:24:28 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013-05-15 14:24:28 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013-05-15 14:24:28 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013-05-15 14:24:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013-05-15 14:24:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013-05-15 14:19:31 | 000,903,072 | ---- | M] (Oracle Corporation) -- C:\Users\xxx\Desktop\JavaSetup7u21.exe [2013-05-15 14:12:01 | 000,001,200 | ---- | M] () -- C:\Users\xxx\Desktop\porady.rtf [2013-05-15 14:05:21 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013-05-15 10:39:29 | 000,663,128 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\xxx\Desktop\SPTDinst-v183-x86.exe [2013-05-15 00:29:47 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013-05-15 00:29:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013-05-15 00:15:41 | 006,604,352 | ---- | M] (AVAST Software) -- C:\Users\xxx\Desktop\avast_free_antivirus_setup_online.exe [2013-05-14 22:42:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013-05-14 16:27:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-230849284-1701895467-2992816361-1000Core.job [2013-05-14 15:27:13 | 000,002,322 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk [2013-05-14 15:17:14 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Users\xxx\Desktop\chrome_installer.exe [2013-05-14 13:37:44 | 000,074,051 | ---- | M] () -- C:\Users\xxx\.recently-used.xbel [2013-05-14 10:19:30 | 000,001,391 | ---- | M] () -- C:\Users\xxx\Desktop\Secrets of the Dark Mystery of the Ancestral Estate Collectors .lnk [2013-05-14 00:10:23 | 861,572,958 | -H-- | M] (Games ) -- C:\Users\xxx\Desktop\Portal Evil Stolen Runes CE.exe [2013-05-13 19:54:03 | 002,138,352 | ---- | M] (Solid State Networks) -- C:\Users\xxx\Desktop\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe [2013-05-11 21:49:26 | 000,001,215 | ---- | M] () -- C:\Users\xxx\Desktop\Grim Facade Cost of Jealousy Collectors.lnk [2013-05-09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013-05-09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013-05-09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013-05-09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013-05-09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013-05-09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013-05-09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013-05-09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013-05-09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013-05-09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013-05-08 00:15:52 | 203,126,784 | ---- | M] () -- C:\Users\xxx\Desktop\WIOSNA 2013.mpg [2013-05-07 21:59:13 | 000,015,872 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-04-30 12:49:19 | 000,046,777 | ---- | M] () -- C:\Users\xxx\Desktop\3214588771.jpg [2013-04-30 12:31:45 | 000,046,030 | ---- | M] () -- C:\Users\xxx\Desktop\3214588761.jpg [2013-04-26 23:27:30 | 000,001,317 | ---- | M] () -- C:\Windows\APDFPRP.INI ========== Files Created - No Company Name ========== [2013-05-15 14:56:42 | 000,628,743 | ---- | C] () -- C:\Users\xxx\Desktop\AdwCleaner.exe [2013-05-15 14:32:33 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-05-15 14:12:01 | 000,001,200 | ---- | C] () -- C:\Users\xxx\Desktop\porady.rtf [2013-05-15 14:05:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013-05-15 14:05:21 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013-05-15 00:29:47 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013-05-15 00:29:43 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013-05-15 00:29:42 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013-05-14 22:32:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013-05-14 22:32:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013-05-14 22:32:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013-05-14 22:32:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013-05-14 22:32:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013-05-14 15:27:03 | 000,002,322 | ---- | C] () -- C:\Users\xxx\Desktop\Google Chrome.lnk [2013-05-14 15:17:43 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-230849284-1701895467-2992816361-1000UA.job [2013-05-14 15:17:43 | 000,000,998 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-230849284-1701895467-2992816361-1000Core.job [2013-05-14 13:37:44 | 000,074,051 | ---- | C] () -- C:\Users\xxx\.recently-used.xbel [2013-05-14 10:19:30 | 000,001,391 | ---- | C] () -- C:\Users\xxx\Desktop\Secrets of the Dark Mystery of the Ancestral Estate Collectors .lnk [2013-05-11 21:49:26 | 000,001,215 | ---- | C] () -- C:\Users\xxx\Desktop\Grim Facade Cost of Jealousy Collectors.lnk [2013-05-08 00:12:27 | 203,126,784 | ---- | C] () -- C:\Users\xxx\Desktop\WIOSNA 2013.mpg [2013-04-30 12:49:24 | 000,046,777 | ---- | C] () -- C:\Users\xxx\Desktop\3214588771.jpg [2013-04-30 12:45:19 | 000,046,030 | ---- | C] () -- C:\Users\xxx\Desktop\3214588761.jpg [2013-04-01 19:57:30 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2013-02-22 20:18:20 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2013-02-22 20:18:20 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2013-02-22 20:18:20 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2013-02-22 20:18:20 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2013-02-22 20:18:20 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2013-02-22 20:18:20 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2013-02-21 21:30:44 | 000,015,872 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-06-19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe [2012-06-14 21:27:52 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2012-06-14 21:27:47 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2012-06-04 15:52:49 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012-04-30 18:36:06 | 000,003,604 | ---- | C] () -- C:\Windows\jcbfnv.ini [2012-04-30 18:36:06 | 000,001,431 | ---- | C] () -- C:\Windows\cmzt-x.ini [2012-03-19 18:28:08 | 000,004,096 | -H-- | C] () -- C:\Users\xxx\AppData\Local\keyfile3.drm [2012-01-17 18:29:28 | 000,000,040 | ---- | C] () -- C:\Users\xxx\DreamGame.cfg [2012-01-14 11:51:08 | 000,006,053 | ---- | C] () -- C:\Users\xxx\AppData\Local\Tempgnurobborc [2011-12-26 17:45:23 | 000,000,004 | ---- | C] () -- C:\Windows\System32\proc320736588.bin [2011-10-03 17:27:19 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011-10-03 17:27:16 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011-10-03 10:42:21 | 000,000,121 | ---- | C] () -- C:\Windows\disney.ini [2011-10-03 10:41:50 | 000,000,206 | ---- | C] () -- C:\Windows\disneysy.ini [2011-09-23 20:24:41 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2011-09-21 01:11:57 | 000,001,317 | ---- | C] () -- C:\Windows\APDFPRP.INI [2011-09-21 01:08:52 | 000,001,024 | ---- | C] () -- C:\Windows\System32\pwdremover.dat [2011-08-29 20:55:36 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2011-08-23 20:54:27 | 000,229,838 | ---- | C] () -- C:\Windows\hpoins19.dat [2011-08-23 20:54:27 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011-08-19 17:23:49 | 000,119,657 | ---- | C] () -- C:\Windows\hpoins11.dat [2011-08-11 18:13:36 | 000,139,152 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\PnkBstrK.sys [2011-08-11 18:13:36 | 000,138,736 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-08-11 18:13:24 | 000,281,392 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011-08-11 18:13:22 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011-08-03 12:28:41 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2011-08-02 16:29:20 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll [2011-08-02 16:29:20 | 000,011,296 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2011-08-02 16:29:15 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2011-08-02 16:29:15 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2011-08-02 16:16:44 | 000,010,084 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011-08-02 16:15:02 | 000,031,184 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011-08-02 16:14:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011-08-02 16:14:27 | 000,023,407 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010-11-20 23:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:A4E7D25F @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:0CE7F3C9 @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:E0888117 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:639BB5E9 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AE289451 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F < End of report >
  3. Tyska1120
    Witam, mój komputer zaatakował wczoraj wirus tzw. policjii,zainstalowałam wcześniej przegladarkę google chrome i może to przez to..no ale mniejsza z tym, w każdym razie podczas korzystania z internetu nagle wyskoczył mi komunikat, że "powinnam zapłacić grzywnę 500 zł inaczej mój komputer zostanie zablokowany". Domysliłam się, że to wirus i na innym komputerze trochę poszperałam w sieci. Według znalezionych porad próbowałam przywrócic system w trybie awaryjnym, jednak się nie udało. Spanikowałam i następnie użyłam ComboFixu- chociaż teraz wiem, że nie powinnam bez wcześniejszej konsultacji. Po skanowaniu programem komunikat policji już się więcej nie pojawił i komputer działa prawidłowo. Teraz jednak nie wiem czy mogę już usunąć Combofix i przeskanować komputer programem antywirusowym. Proszę o dalsze instrukcje. Załączam raporty po skanowaniu ComboFixem, ( OTL, Extras, z proramu GMER oraz z ComboFix)dodam jeszcze,że odinstalowałam wirtualny napęd tylko do momentu dla poczatkujących. Niżej wklejam jeszcze raport uzupełniający, po kolorze domyślam się, że chyba powinnam pobrać aktualizacje programów. Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 22 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 10.1.6 Adobe Reader out of Date! Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` OTL.Txt Extras.Txt GMER.txt log.txt
×
×
  • Dodaj nową pozycję...