Radiol123 Opublikowano 3 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Witam, mam problem z Live Security Platinium, otóż nie wiem jak go usunąć. Piszę z drugiego konta użytkownika Windows 7. Po skanowaniu wyskoczył mi błąd, screen: http://iv.pl/images/34146120840931126442.jpg OTL się zwiesił, ale Log jest, lecz bez Extras: OTL logfile created on: 2012-08-03 16:51:34 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\lol\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,55% Memory free 8,00 Gb Paging File | 6,56 Gb Available in Paging File | 81,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,65 Gb Total Space | 26,44 Gb Free Space | 27,07% Space Free | Partition Type: NTFS Drive D: | 488,28 Gb Total Space | 126,03 Gb Free Space | 25,81% Space Free | Partition Type: NTFS Drive E: | 345,57 Gb Total Space | 72,72 Gb Free Space | 21,04% Space Free | Partition Type: NTFS Computer Name: KOMPUTEREK | User Name: lol | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-08-03 16:13:18 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\lol\Downloads\OTL.exe PRC - [2012-07-18 10:48:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012-05-29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2012-04-27 12:32:13 | 000,467,064 | ---- | M] ("http://www.express-files.com/") -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe PRC - [2012-04-12 11:11:34 | 000,404,880 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe PRC - [2012-04-12 11:11:34 | 000,324,496 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v10\System\VC10Tray.exe PRC - [2012-02-26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2011-05-10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2009-04-02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe ========== Modules (No Company Name) ========== MOD - [2012-07-18 10:48:11 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012-02-20 09:52:41 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll MOD - [2012-02-20 09:52:41 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll MOD - [2012-02-20 09:52:41 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll MOD - [2012-02-20 09:52:41 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll MOD - [2011-12-30 15:08:18 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2008-08-18 16:11:24 | 001,237,504 | ---- | M] () -- C:\Program Files (x86)\Virtual CD v10\System\vorbis.dll MOD - [2008-08-18 16:08:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Virtual CD v10\System\ogg.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2009-08-18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-07-18 10:48:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-07-12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- D:\SMITE\HiPatchService.exe -- (HiPatchService) SRV - [2012-07-10 19:54:17 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2012-06-27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012-06-10 21:38:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012-05-31 14:53:00 | 000,008,704 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2012-04-12 11:11:30 | 000,145,296 | ---- | M] (H+H Software GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS) SRV - [2012-03-18 11:34:10 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012-03-16 13:20:49 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-02-23 00:51:09 | 000,111,632 | ---- | M] (TMRG, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge) SRV - [2011-07-01 11:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2011-04-25 05:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-04-07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-12-09 23:39:40 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011-07-01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011-05-13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011-05-13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2011-05-13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011-05-13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011-05-13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011-04-19 08:53:32 | 000,223,256 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vdrv1000.sys -- (vdrv1000) DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-02-11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2010-12-30 20:04:30 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010-12-30 20:04:30 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010-09-18 11:58:54 | 000,116,824 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EagleX64.sys -- (EagleX64) DRV:64bit: - [2010-05-29 12:06:44 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2010-02-03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009-08-18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-07-09 11:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009-03-27 15:25:10 | 000,027,160 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2008-12-26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) DRV:64bit: - [2008-09-26 18:02:36 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2008-06-17 09:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus) DRV:64bit: - [2007-09-17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2010-05-14 17:30:08 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009-03-31 10:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2005-01-01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://home.sweetim.com/?st=11&barid={2D02C390-9054-11E1-A447-00241DA391A1}" IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = "http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4" IE - HKLM\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817" IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "http://search.sweetim.com/search.asp?src=6&st=11&q={searchTerms}&barid={2D02C390-9054-11E1-A447-00241DA391A1}" IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\URLSearchHook: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\SearchScopes\{08719205-73D8-415C-B6F0-7B4A5B2BB1D8}: "URL" = "http://www.google.com/search?hl=pl&q={searchTerms}" IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817" IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-14 14:44:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012-06-14 23:25:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox [2012-07-05 10:06:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [2012-07-05 10:06:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-18 10:48:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-08-20 09:17:33 | 000,000,000 | ---D | M] [2011-08-24 20:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lol\AppData\Roaming\mozilla\Extensions [2012-04-30 12:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lol\AppData\Roaming\mozilla\Firefox\Profiles\x3a57x1u.default\extensions [2011-11-10 22:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011-12-04 00:21:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-08-20 09:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012-07-18 10:48:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010-11-30 16:11:52 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-10-18 18:07:30 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2011-10-18 18:07:30 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2011-05-21 09:45:24 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2011-10-18 18:07:30 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2011-10-18 18:07:30 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2011-10-18 18:07:30 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-10-18 18:07:30 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-05-14 13:14:55 | 000,000,874 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (SpeedBit Ltd.) O2 - BHO: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found. O2 - BHO: (YouTube To ALLPlayer) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\PROGRA~2\ALLPlayer\YouTubeToALLPlayer.dll (ALLPlayer.org) O2 - BHO: (no name) - {64182481-4F71-486b-A045-B233BD0DA8FC} - No CLSID value found. O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O2 - BHO: (mobilewitch Toolbar) - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.) O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll (SPEEDbit) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found. O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (mobilewitch Toolbar) - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {5C5B9468-D672-4EB7-B52F-B5AFABF28C5B} - No CLSID value found. O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (mobilewitch Toolbar) - {FCBF663E-8530-46F8-A880-AC5ABE9D2B23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ExpressFiles] C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe ("http://www.express-files.com/") O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NeroCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [Akamai NetSession Interface] C:\Users\Radiol\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [NCsoft] File not found O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [steam] D:\STEAM\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} "http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab" (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab" (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} "http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab" (Shockwave ActiveX Control) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} "https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab" (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" (Java Plug-in 10.4.1) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} "https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab (Battlefield Play4Free" Updater) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" (Java Plug-in 10.4.1) O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} "http://www.magic-kinder.com/totalimmersion/plugin/DFusionHomeWebPlugIn.Installer.exe" (CDFusionActiveXCtl Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABF1274E-CB55-4E77-961C-997D46012F5E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B32EF9A1-1C80-403A-B319-11CE23BC0063}: DhcpNameServer = 8.8.8.8 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-05-14 14:54:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0e465b8e-2edc-11e1-b2b7-00241da391a1}\Shell - "" = AutoRun O33 - MountPoints2\{0e465b8e-2edc-11e1-b2b7-00241da391a1}\Shell\AutoRun\command - "" = L:\autoplay.exe O33 - MountPoints2\{669ae7fc-5f70-11df-9b20-00241da391a1}\Shell - "" = AutoRun O33 - MountPoints2\{669ae7fc-5f70-11df-9b20-00241da391a1}\Shell\AutoRun\command - "" = K:\setup.exe O33 - MountPoints2\{6f329b72-2307-11e1-9d58-00241da391a1}\Shell - "" = AutoRun O33 - MountPoints2\{6f329b72-2307-11e1-9d58-00241da391a1}\Shell\AutoRun\command - "" = M:\Autorun.exe O33 - MountPoints2\{8df4bac0-5556-11e1-8f6f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8df4bac0-5556-11e1-8f6f-806e6f6e6963}\Shell\AutoRun\command - "" = N:\SETUP.EXE O33 - MountPoints2\{8df4bac0-5556-11e1-8f6f-806e6f6e6963}\Shell\crack\command - "" = N:\Crack.exe O33 - MountPoints2\{8df4bac0-5556-11e1-8f6f-806e6f6e6963}\Shell\patch\command - "" = Patch 1.11.exe O33 - MountPoints2\{c9df5408-64ca-11df-9ed6-00241da391a1}\Shell - "" = AutoRun O33 - MountPoints2\{c9df5408-64ca-11df-9ed6-00241da391a1}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a O33 - MountPoints2\{cb160df8-f245-11e0-94f1-00241da391a1}\Shell - "" = AutoRun O33 - MountPoints2\{cb160df8-f245-11e0-94f1-00241da391a1}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{cb160dfe-f245-11e0-94f1-00241da391a1}\Shell - "" = AutoRun O33 - MountPoints2\{cb160dfe-f245-11e0-94f1-00241da391a1}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-08-03 16:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge [2012-08-03 16:08:48 | 000,000,000 | ---D | C] -- C:\Users\lol\AppData\Roaming\Virtual CD v10 [2012-08-03 13:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D102FBAE0BA76C3C3FF875EF60 [2012-08-01 13:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012-07-24 11:27:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012-07-11 09:21:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012-07-11 09:21:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012-07-11 09:21:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012-07-11 09:21:13 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012-07-11 09:21:12 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012-07-10 21:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto IV - Episodes From Liberty City [2012-07-06 09:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast LLC [2012-07-05 10:06:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit [2012-07-05 10:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDbit Video Downloader [2012-07-05 10:06:07 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: "http://www.jcomsoft.com") -- C:\Windows\SysWow64\AniGIF.ocx [2012-07-05 10:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit [2012-07-05 10:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchPredict [2012-07-05 10:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SPEEDbit Video Downloader [9 C:\*.tmp files -> C:\*.tmp -> ] [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-08-03 16:31:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-03 16:31:09 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys [2012-08-03 16:12:34 | 000,025,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-03 16:12:34 | 000,025,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-02 19:16:22 | 000,000,572 | ---- | M] () -- C:\Users\Public\Desktop\Prototype 2.lnk [2012-07-29 14:35:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\{7586F853-E86F-482D-BC45-0A51ABC2C615}.job [2012-07-19 16:58:59 | 001,692,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-07-19 16:58:59 | 000,747,552 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-07-19 16:58:59 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-07-19 16:58:59 | 000,160,144 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-07-19 16:58:59 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-07-13 11:06:46 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW [2012-07-11 13:07:11 | 002,246,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-07-05 10:06:14 | 000,002,071 | ---- | M] () -- C:\Users\lol\Desktop\SPEEDbit Video Downloader.lnk [2012-07-05 10:06:14 | 000,001,456 | ---- | M] () -- C:\Users\lol\Desktop\My Video Downloads.lnk [9 C:\*.tmp files -> C:\*.tmp -> ] [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012-08-03 13:33:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89}\U\80000000.@ [2012-08-03 13:33:12 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89}\U\800000cb.@ [2012-08-03 13:33:12 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89}\U\00000001.@ [2012-08-02 19:16:22 | 000,000,572 | ---- | C] () -- C:\Users\Public\Desktop\Prototype 2.lnk [2012-07-29 14:35:21 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\{7586F853-E86F-482D-BC45-0A51ABC2C615}.job [2012-07-13 11:06:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW [2012-07-05 10:06:14 | 000,002,071 | ---- | C] () -- C:\Users\lol\Desktop\SPEEDbit Video Downloader.lnk [2012-07-05 10:06:14 | 000,001,456 | ---- | C] () -- C:\Users\lol\Desktop\My Video Downloads.lnk [2012-05-29 15:33:09 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012-05-29 15:33:09 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2012-05-02 11:08:06 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012-02-12 15:01:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2012-02-12 14:49:15 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012-02-12 14:49:15 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012-02-12 14:49:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012-01-11 16:54:51 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89}\@ [2012-01-11 16:54:51 | 000,002,048 | -HS- | C] () -- C:\Users\Radiol\AppData\Local\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89}\@ [2011-12-22 08:50:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011-08-19 14:34:06 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011-08-16 12:50:06 | 000,101,368 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011-05-30 17:04:35 | 000,029,696 | ---- | C] () -- C:\Windows\SysWow64\pthread.dll [2011-03-01 19:49:59 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011-02-13 20:05:21 | 000,166,912 | ---- | C] () -- C:\Windows\novc.exe [2011-02-11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2011-02-09 22:15:32 | 000,042,602 | ---- | C] () -- C:\Windows\War3Unin.dat [2011-01-06 19:32:13 | 001,667,314 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010-08-23 11:50:52 | 000,000,288 | ---- | C] () -- C:\Windows\game.ini [2010-06-13 11:22:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2011-08-24 20:26:09 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\DAEMON Tools Lite [2012-04-30 11:48:55 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\ExpressFiles [2011-08-23 20:09:12 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\Lionhead Studios [2012-04-30 13:11:14 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\SplitMediaLabs [2011-08-29 16:37:29 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\uTorrent [2012-08-03 16:08:50 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\Virtual CD v10 [2012-06-07 17:54:52 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\.minecraft [2011-05-04 19:23:15 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\AnvSoft [2012-08-03 13:50:19 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\ArcaVirMicroScan [2010-06-20 20:06:33 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Avnex [2010-05-20 20:24:36 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\DAEMON Tools Lite [2011-12-09 23:43:38 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\DAEMON Tools Pro [2011-09-04 14:20:49 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Dropbox [2012-04-27 12:31:23 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\ExpressFiles [2011-01-30 19:53:11 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\fizzy [2011-11-21 20:05:23 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\fltk.org [2011-07-24 12:42:40 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Gadu-Gadu 10 [2010-06-12 13:25:11 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Gearbox Software [2011-10-16 08:44:20 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\GetRightToGo [2011-01-22 20:34:21 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Gizmoz [2011-08-22 19:22:16 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\go [2012-07-04 21:29:05 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\gtk-2.0 [2010-08-06 12:55:51 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Leadertech [2011-08-05 12:43:51 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\LolClient [2012-05-25 06:55:20 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\LolClient2 [2010-12-17 20:42:31 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Mount&Blade Warband [2011-06-14 12:46:48 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Mount&Blade With Fire and Sword [2011-05-15 10:17:58 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Notepad++ [2011-07-28 21:58:00 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\OpenFM [2011-03-03 16:14:37 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Opera [2010-12-05 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\PC Suite [2011-12-10 14:18:01 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\PunkBuster [2012-01-20 16:09:20 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Samsung [2011-03-21 15:21:05 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Screaming Bee [2012-06-14 17:27:26 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Sony [2012-06-07 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Spirited Machine [2011-01-17 21:07:03 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\SPORE [2011-07-25 20:53:25 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Subversion [2010-06-17 14:20:45 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Touchstone [2011-12-09 19:45:51 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Trine2 [2012-01-06 15:45:39 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\TS3Client [2012-01-06 15:45:42 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\ts3overlay [2012-04-21 18:04:38 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Ubisoft [2012-08-02 19:40:07 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\uTorrent [2012-06-10 13:58:55 | 000,000,000 | --SD | M] -- C:\Users\Radiol\AppData\Roaming\Virtual CD v10 [2010-05-29 12:18:10 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Vso [2012-04-27 12:32:13 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\Express Files Updater.job [2010-07-10 16:32:55 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\Install.job [2011-08-05 12:35:20 | 000,000,526 | ---- | M] () -- C:\Windows\Tasks\One-Click Tweak.job [2011-06-07 16:42:10 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011-12-09 23:39:44 | 000,000,210 | ---- | M] () -- C:\Windows\Tasks\SidebarExecute.job [2012-03-28 10:02:56 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\{09D42DE5-CFBF-467B-9B8C-176E5837D8CA}.job [2011-08-22 22:10:05 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{2A413053-0BA1-4FE9-9727-81C5EECBAEF0}.job [2011-08-03 14:22:36 | 000,000,534 | ---- | M] () -- C:\Windows\Tasks\{3A867639-5E5C-4EA1-84ED-8A14D4D82026}.job [2011-12-04 00:21:34 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{612C77B7-B52E-4AE8-8429-4B13B68C6BAC}.job [2012-07-29 14:35:21 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\{7586F853-E86F-482D-BC45-0A51ABC2C615}.job [2011-08-24 14:33:28 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\{CD16E9C2-6D1F-4990-A41A-B4F590A5B3EA}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:862BDB1A @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA7D76BE < End of report > Proszę o pomoc! Odnośnik do komentarza
Landuss Opublikowano 3 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Najpierw uwaga - prosze wklejaj logi opcją załączniki na forum, nie do posta. A w systemie jest niestety infekcja ZeroAccess. Potrzebny log dodatkowy. Uruchom SystemLook x64 i do okna wklej: :reg HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s :filefind services.exe Klik w Look i przedstaw wynikowy raport. Odnośnik do komentarza
Radiol123 Opublikowano 3 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 SystemLook 30.07.11 by jpshortstuff Log created at 20:04 on 03/08/2012 by lol Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (Unable to open key - key not found) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="%systemroot%\system32\wbem\wbemess.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] @="MruPidlList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] @="%SystemRoot%\system32\shell32.dll" "ThreadingModel"="Apartment" ========== filefind ========== Searching for "services.exe" C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06 C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows.old\Windows\system32\services.exe --a---- 108544 bytes [12:00 02/03/2006] [12:00 02/03/2006] 3DA8D964D2CC12EF8E8C342471A37917 C:\Windows.old\Windows\system32\dllcache\services.exe --a--c- 108544 bytes [12:00 02/03/2006] [12:00 02/03/2006] 3DA8D964D2CC12EF8E8C342471A37917 -= EOF =- Odnośnik do komentarza
Landuss Opublikowano 3 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 1. Start > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator > wklej komendę: sfc /scanfile=C:\Windows\System32\services.exe Zresetuj system. 2. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://home.sweetim.com/?st=11&barid={2D02C390-9054-11E1-A447-00241DA391A1}" IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = "http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4" IE - HKLM\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817" IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "http://search.sweetim.com/search.asp?src=6&st=11&q={searchTerms}&barid={2D02C390-9054-11E1-A447-00241DA391A1}" IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817" IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 [2011-05-21 09:45:24 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O2 - BHO: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found. O2 - BHO: (no name) - {64182481-4F71-486b-A045-B233BD0DA8FC} - No CLSID value found. O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found. O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {5C5B9468-D672-4EB7-B52F-B5AFABF28C5B} - No CLSID value found. O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [NCsoft] File not found O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [PlayNC Launcher] File not found :Files C:\ProgramData\7531E8D102FBAE0BA76C3C3FF875EF60 C:\Windows\Installer\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89} C:\Users\Radiol\AppData\Local\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89} :Commands [emptytemp] Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. 3. Przez Panel sterowania odinstaluj: RelevantKnowledge / uTorrentControl2 Toolbar / mobilewitch Toolbar / SweetPacks Toolbar for Internet Explorer 4. Uruchom AdwCleaner z opcji Delete 5. Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowy log z OTL (bez extras), z SystemLook oraz z Farbar Service Scanner (zaznacz wszystko do skanowania) Odnośnik do komentarza
Radiol123 Opublikowano 3 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Logi: SystemLook 30.07.11 by jpshortstuff Log created at 21:25 on 03/08/2012 by lol Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (Unable to open key - key not found) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="%systemroot%\system32\wbem\wbemess.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] @="MruPidlList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] @="%SystemRoot%\system32\shell32.dll" "ThreadingModel"="Apartment" ========== filefind ========== Searching for "services.exe" C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows.old\Windows\system32\services.exe --a---- 108544 bytes [12:00 02/03/2006] [12:00 02/03/2006] 3DA8D964D2CC12EF8E8C342471A37917 C:\Windows.old\Windows\system32\dllcache\services.exe --a--c- 108544 bytes [12:00 02/03/2006] [12:00 02/03/2006] 3DA8D964D2CC12EF8E8C342471A37917 -= EOF =- FSS.txt OTL.Txt Odnośnik do komentarza
Landuss Opublikowano 3 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Infekcja sam w sobie usunięta ale musisz teraz naprawiać szkody. 1. Odbuduj skasowane usługi (w instrukcjach omiń sfc /scannow): Rekonstrukcja usług Zapory systemu Windows (MpSvc + Bfe + SharedAccess): KLIK. Rekonstrukcja usługi Centrum zabezpieczeń: KLIK. Rekonstrukcja usługi Windows Defender: KLIK. Rekonstrukcja usługi Aktualizacje automatyczne (wuauserv + BITS): Pobierz fixa i zaimportuj: KLIK 2. Po wykonaniu wszystkiego pokaż nowy log z FSS. Odnośnik do komentarza
Radiol123 Opublikowano 3 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Zrobione. FSS.txt Odnośnik do komentarza
Landuss Opublikowano 3 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Rejestry zaimportowałeś, ale wygląda na to, że nie zrobiłeś części z uprawnieniami i SetACL, która jest niżej w tym temacie o Zaporze Windows. Wykonaj więc to i jak zrobisz daj nowy log z FSS. W innym wypadku Zapora dalej nie będzie się uruchamiać. Odnośnik do komentarza
Radiol123 Opublikowano 3 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Mam problem z SetACL, otóż po pobraniu owego narzędzia i próbie odpalenia go wyskakuje na 0,1 sekundy czarne okienko(to do wpisywania komend)i znika, proszę o pomoc! Odnośnik do komentarza
Landuss Opublikowano 3 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Ty nie masz go odpalać. Ty masz go wstawić do C:\Windows i odpalając zwykłe systemowe cmd wklepywać dane komendy tak jak w temacie opisane. Odnośnik do komentarza
Radiol123 Opublikowano 3 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Okej, ogarnąłem w załączniku log po operacji z SetACL FSS.txt Odnośnik do komentarza
Landuss Opublikowano 3 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Nic podobnego. Dalej bez zmian zapora nie uruchomiona. Odnośnik do komentarza
Radiol123 Opublikowano 3 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Poprawka w załączniku FSS.txt Odnośnik do komentarza
Landuss Opublikowano 3 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Jesteś tutaj trochę za szybko moim zdaniem i wątpię być zrobił wszystko. Zrób restart systemu i sprawdź czy działa zapora. Odnośnik do komentarza
Radiol123 Opublikowano 3 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Po restarcie systemu zapora zaczęła działać, wirusa nie widać, dziękuję ci bardzo, z chęcią polecę to forum moim znajomym Pozdrawiam Odnośnik do komentarza
Landuss Opublikowano 3 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Świetnie. To teraz jeszcze sfinalizuj temat. 1. Użyj opcji Sprzątanie z OTL. 2. Opróżnij przywracanie systemu: KLIK 3. Zaktualizuj IE, Jave i Adobe Reader do najnowszych wersji. Szczegóły aktualizacyjne: KLIK 4. Dla bezpieczeństwa zmień hasła logowania do serwisów w sieci. Odnośnik do komentarza
Radiol123 Opublikowano 3 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 3 Sierpnia 2012 Okej wszystko zrobione, jeszcze raz dziękuję i pozdrawiam! Odnośnik do komentarza
Rekomendowane odpowiedzi