Draakhan Opublikowano 6 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 6 Sierpnia 2012 Cześć, Dzisiaj avast podczas uruchamiania systemu rzucił mi komunikatem o infekcji pliku E:\Program Files\Steam\steamclient.dll przez WIN32:MALWARE-gen. Plik został przeniesiony do kwarantanny i zostało zaproponowane ponowne uruchomienie komputera wraz ze skanowaniem wszystkich dysków. Zrobiłem to i podczas skanowania wyszły następujące rzeczy: - C:\Program Files (x86)\Browsers Protector\regmon32.exe zainfekowany win32:PUP-gen - wybrałem opcję usunięcia pliku, poszło OK. - Plik instalacyjny instalowanego przeze mnie już jakiś czas temu pluginu vShare (instalacja mogła mieć miejsce nawet dalej niż 30 dni, które są domyślną wartością w ustawieniach OLT) - infekcja jak wyżej, wybrałem usunięcie pliku, nie udało się - pojawił się komunikat o braku pliku do skasowania, po uruchomieniu systemu po skanowaniu usunąłem plik ręcznie - Ponownie wykryty E:\Program Files\Steam\steamclient.dll przez WIN32:MALWARE-gen - pominąłem, gdyż doczytałem się w międzyczasie w sieci, że to jest akurat problem z avastem Po tym wszystkim z panelu sterowania zdezinstalowałem oprogramowanie Browsers Protector oraz startsearch. To ostatnie skojarzyło mi się, z adresem startsear.ch, który zaczął obsługiwać wyszukiwanie w Google Chrome, więc w tej przeglądarce usunąłem w opcjach wpis dotyczący tej wyszukiwarki i jako domyślną ustawiłem z powrotem wyszukiwarkę Google. Proszę o sprawdzenie, czy wszystko jest już ok, a jak nie, to porady, co dalej z tym fantem zrobić ==== Logi ===== ---- OLT.txt ---- OTL logfile created on: 2012-08-06 20:22:54 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = F:\installs\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 43,23% Memory free 4,00 Gb Paging File | 2,52 Gb Available in Paging File | 63,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 70,92 Gb Total Space | 40,69 Gb Free Space | 57,37% Space Free | Partition Type: NTFS Drive E: | 200,00 Gb Total Space | 191,59 Gb Free Space | 95,80% Space Free | Partition Type: NTFS Drive F: | 731,51 Gb Total Space | 552,34 Gb Free Space | 75,51% Space Free | Partition Type: NTFS Computer Name: KRYPTA | User Name: Draakhan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-08-06 20:20:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\installs\OTL\OTL.exe PRC - [2012-08-06 19:00:54 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012-08-04 12:37:36 | 001,353,080 | ---- | M] (Valve Corporation) -- E:\Program Files\Steam\Steam.exe PRC - [2012-07-21 16:47:24 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\Draakhan\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012-07-03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- E:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012-07-03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- E:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2010-10-27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010-08-25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009-12-17 19:50:18 | 000,976,832 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2009-05-14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe ========== Modules (No Company Name) ========== MOD - [2012-08-06 19:00:54 | 020,316,496 | ---- | M] () -- E:\Program Files\Steam\bin\libcef.dll MOD - [2012-08-06 19:00:53 | 001,099,576 | ---- | M] () -- E:\Program Files\Steam\bin\avcodec-53.dll MOD - [2012-08-06 19:00:53 | 000,900,944 | ---- | M] () -- E:\Program Files\Steam\bin\chromehtml.dll MOD - [2012-08-06 19:00:53 | 000,190,776 | ---- | M] () -- E:\Program Files\Steam\bin\avformat-53.dll MOD - [2012-08-06 19:00:53 | 000,123,192 | ---- | M] () -- E:\Program Files\Steam\bin\avutil-51.dll MOD - [2012-07-31 07:36:14 | 000,442,392 | ---- | M] () -- C:\Users\Draakhan\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll MOD - [2012-07-31 07:36:13 | 012,235,288 | ---- | M] () -- C:\Users\Draakhan\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll MOD - [2012-07-31 07:36:12 | 003,997,720 | ---- | M] () -- C:\Users\Draakhan\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll MOD - [2012-07-31 07:34:57 | 000,526,872 | ---- | M] () -- C:\Users\Draakhan\AppData\Local\Google\Chrome\Application\21.0.1180.60\libglesv2.dll MOD - [2012-07-31 07:34:55 | 000,104,984 | ---- | M] () -- C:\Users\Draakhan\AppData\Local\Google\Chrome\Application\21.0.1180.60\libegl.dll MOD - [2012-07-31 07:34:45 | 000,144,424 | ---- | M] () -- C:\Users\Draakhan\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll MOD - [2012-07-31 07:34:43 | 000,266,792 | ---- | M] () -- C:\Users\Draakhan\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll MOD - [2012-07-31 07:34:42 | 002,480,680 | ---- | M] () -- C:\Users\Draakhan\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012-08-06 19:00:54 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-08-04 13:07:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-07-03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-05-14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-07-03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012-07-03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012-07-03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012-07-03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012-07-03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012-07-03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-03-21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2005-03-29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/...77-001d6074a777 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{69978CC7-7E2F-4547-8D78-27D6561001ED}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-636950858-1996297073-3455559059-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/...77-001d6074a777 IE - HKU\S-1-5-21-636950858-1996297073-3455559059-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-636950858-1996297073-3455559059-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/...q={searchTerms} IE - HKU\S-1-5-21-636950858-1996297073-3455559059-1001\..\SearchScopes\{69978CC7-7E2F-4547-8D78-27D6561001ED}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC IE - HKU\S-1-5-21-636950858-1996297073-3455559059-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1&cf=423822e0-c928-11e1-9177-001d6074a777" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=423822e0-c928-11e1-9177-001d6074a777&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Draakhan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Draakhan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: E:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-07 08:42:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011-06-05 07:51:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2012-08-06 19:08:48 | 000,000,000 | ---D | M] [2011-06-05 07:52:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Draakhan\AppData\Roaming\mozilla\Extensions [2012-07-08 20:11:32 | 000,000,792 | ---- | M] () -- C:\Users\Draakhan\AppData\Roaming\Mozilla\Firefox\Profiles\h8v9smmo.default\searchplugins\startsear.xml [2012-07-07 08:42:47 | 000,000,000 | ---D | M] (avast! WebRep) -- E:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Draakhan\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Draakhan\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Draakhan\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Draakhan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = E:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\Draakhan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Draakhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\Draakhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Draakhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avast] E:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-636950858-1996297073-3455559059-1001..\Run: [steam] E:\Program Files\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F535178-2134-40BE-9855-89694316DC49}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-07-15 10:19:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-07-15 10:19:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-07-15 10:19:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-07-15 10:19:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-07-15 10:19:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-07-15 10:19:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-07-15 10:19:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012-07-15 10:19:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012-07-15 10:19:03 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012-07-15 10:19:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012-07-15 10:19:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012-07-15 10:19:02 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012-07-15 10:19:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012-07-14 07:46:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012-07-14 07:46:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012-07-14 07:45:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012-07-14 07:45:46 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012-07-14 07:45:42 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012-07-08 18:32:11 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe ========== Files - Modified Within 30 Days ========== [2012-08-06 20:29:34 | 001,310,720 | -HS- | M] () -- C:\Users\Draakhan\NTUSER.DAT [2012-08-06 20:07:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-08-06 19:52:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-636950858-1996297073-3455559059-1001UA.job [2012-08-06 19:32:17 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-06 19:32:17 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-06 19:05:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012-08-06 18:34:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-08-06 18:33:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-06 15:16:35 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys [2012-08-06 15:15:47 | 002,408,976 | -H-- | M] () -- C:\Users\Draakhan\AppData\Local\IconCache.db [2012-08-06 10:44:11 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-08-06 10:44:11 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-08-06 10:44:11 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-08-06 10:44:11 | 000,134,784 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-08-06 10:44:11 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-08-04 13:07:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012-08-04 13:07:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-08-02 18:58:39 | 000,002,474 | ---- | M] () -- C:\Users\Draakhan\Desktop\Google Chrome.lnk [2012-07-21 16:52:00 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-636950858-1996297073-3455559059-1001Core.job [2012-07-15 10:26:57 | 000,274,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-07-08 22:02:29 | 000,000,600 | ---- | M] () -- C:\Users\Draakhan\AppData\Local\PUTTY.RND ========== Files Created - No Company Name ========== [2012-07-08 18:32:15 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-04-10 14:28:29 | 002,408,976 | -H-- | C] () -- C:\Users\Draakhan\AppData\Local\IconCache.db [2011-06-18 19:49:25 | 000,000,600 | ---- | C] () -- C:\Users\Draakhan\AppData\Roaming\winscp.rnd [2011-06-04 13:58:29 | 000,000,600 | ---- | C] () -- C:\Users\Draakhan\AppData\Local\PUTTY.RND [2011-05-29 17:02:07 | 000,057,560 | ---- | C] () -- C:\Users\Draakhan\AppData\Local\GDIPFONTCACHEV1.DAT [2011-05-29 16:55:07 | 000,000,020 | -HS- | C] () -- C:\Users\Draakhan\ntuser.ini [2011-05-29 16:55:06 | 001,310,720 | -HS- | C] () -- C:\Users\Draakhan\NTUSER.DAT [2011-05-29 16:55:06 | 000,524,288 | -HS- | C] () -- C:\Users\Draakhan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011-05-29 16:55:06 | 000,524,288 | -HS- | C] () -- C:\Users\Draakhan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011-05-29 16:55:06 | 000,065,536 | -HS- | C] () -- C:\Users\Draakhan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2011-12-25 19:08:49 | 000,000,000 | ---D | M] -- C:\Users\Draakhan\AppData\Roaming\Braid [2012-03-11 16:04:13 | 000,000,000 | ---D | M] -- C:\Users\Draakhan\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2012-05-24 12:11:00 | 000,000,000 | ---D | M] -- C:\Users\Draakhan\AppData\Roaming\EPSON [2011-05-29 21:31:11 | 000,000,000 | ---D | M] -- C:\Users\Draakhan\AppData\Roaming\HDRsoft [2011-12-14 13:35:25 | 000,000,000 | ---D | M] -- C:\Users\Draakhan\AppData\Roaming\Nicalis [2012-07-01 11:25:19 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > ---- Extras.txt z OLT ---- OTL Extras logfile created on: 2012-08-06 20:22:54 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = F:\installs\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 43,23% Memory free 4,00 Gb Paging File | 2,52 Gb Available in Paging File | 63,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 70,92 Gb Total Space | 40,69 Gb Free Space | 57,37% Space Free | Partition Type: NTFS Drive E: | 200,00 Gb Total Space | 191,59 Gb Free Space | 95,80% Space Free | Partition Type: NTFS Drive F: | 731,51 Gb Total Space | 552,34 Gb Free Space | 75,51% Space Free | Partition Type: NTFS Computer Name: KRYPTA | User Name: Draakhan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E9A8451-219A-476A-ACE6-3266F0C1D6B9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0F074A7F-4714-43BB-80D9-746590C851B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{19D4789C-D992-4ABA-AEAD-1BB0971EC9AA}" = rport=138 | protocol=17 | dir=out | app=system | "{1E0E672D-6DA3-477C-BB95-4CF10573BDE7}" = lport=445 | protocol=6 | dir=in | app=system | "{2250F51A-DF19-4AC7-BA80-B2F8F91ADD13}" = rport=139 | protocol=6 | dir=out | app=system | "{22A10FCF-E709-4DAD-AA94-8038FCDF8E6E}" = lport=138 | protocol=17 | dir=in | app=system | "{274C5145-3B1C-4082-8FC2-150F12501979}" = lport=139 | protocol=6 | dir=in | app=system | "{3700D7B4-94C6-4C7E-B6A8-1452AA96FF19}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{37D582A1-FDC0-4303-95B5-AED7E63DC81B}" = rport=137 | protocol=17 | dir=out | app=system | "{4472A02B-5C6B-48D8-87B1-41C882CB5090}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{512979F8-7EAB-4ED0-AD94-4C980B4DD478}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{901851AA-05F9-4392-8A50-7C0B22717F15}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{913234A0-CD84-425E-8CC1-F39867794F95}" = rport=10243 | protocol=6 | dir=out | app=system | "{9149CFA7-47A1-4AED-AD48-857369D28D42}" = lport=2869 | protocol=6 | dir=in | app=system | "{9719CC60-4183-4386-B1B1-1CFABECD44E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B02C0365-5D79-4F1E-8F49-C5F4556B5C9A}" = rport=445 | protocol=6 | dir=out | app=system | "{BF2EFCA8-A48D-4C75-9CC5-03717C6A2C0B}" = lport=137 | protocol=17 | dir=in | app=system | "{C6554F5C-FABD-4532-8A77-A81AE14E080C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C6C4CABD-F09A-4006-B78C-DD9BCB23B85D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D7F4B18F-B587-4088-B136-683ADB3ED32C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E219385A-CB3D-4DFD-A3FD-996D8EEDA5D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E4328478-CB30-4CFF-A549-20A35B5082C5}" = lport=10243 | protocol=6 | dir=in | app=system | "{F34B01DC-1449-4079-B950-487BAB9D3A9A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05A496EA-4500-42BA-88C2-F3AADF661BF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{07FD71F1-1C55-479F-AA4F-4AB49675B4FA}" = protocol=6 | dir=out | app=system | "{0C7397F5-519D-4E2F-8B04-D40A65ACBF0D}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe | "{19DA93CC-E364-434F-AF85-E7243A301B7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{251CFD2D-B9E7-4EC1-8B3B-A3C0FF7A80D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{26DB0CD5-5326-4307-82A3-FDFDD2C60FD3}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\poxnora\launchpad.exe | "{34F36A61-F5DE-4C0E-B4F2-6B528B3DE342}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{43DBA189-8D68-4BBB-8258-EF7ADC3B40FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4418E55C-AF20-4E9C-98EA-51674A230856}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\aquaria\aquaria.exe | "{4FC7734D-B310-4F04-BCC7-D41F31720438}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\machinarium\machinarium.exe | "{51254145-1AA6-4BB5-A916-46E31E19D4C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5331BD95-560D-4476-94B4-F74AE834B87F}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe | "{5403AEE5-BD94-4FC0-8ADB-810533474473}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{54851C1B-B60E-4EC5-A8A0-E435B290986E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{58E1FD07-E915-4607-9BAA-9C4A566D2B9C}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\hammerfight\hammerfight.exe | "{5D3869E1-7267-4344-B938-CC09F86F147F}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\nightsky\nightsky.exe | "{5F81B7C4-469B-4D06-9E9A-7884D029D691}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\aquaria\aquaria.exe | "{665DA06F-CA11-45A2-899C-8B720D4B0C35}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6781D967-317A-4DE4-AEF8-14EB7A5A2948}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\hammerfight\hammerfight.exe | "{6AB575A6-96D3-4ACF-8B4E-D631C37BBE18}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\nightsky\nightsky.exe | "{6C0418AC-7F0C-4710-B339-7434F0BFC88A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{72B996FE-86E3-4FDB-BC27-25C0F19C4920}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{75E713C7-B334-4709-983B-204CF6C2E548}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\samorost 2\samorost2.exe | "{770B70D4-D3C8-4868-BD59-01C603A635DE}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\cogs\cogs.exe | "{853DBE09-65B5-4822-BAD0-A5E4DFA4D1AB}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\samorost 2\samorost2.exe | "{8A434CBA-D310-4303-8116-4373E9E3135D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8ACAFA05-767A-4166-B30A-464D1B8EC468}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\osmos\osmos.exe | "{8F5C1F71-0D17-4CF1-BCC9-531A209446B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{90FCFD0C-0E27-4611-9F47-3A3DA2EE53A3}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\world of goo\worldofgoo.exe | "{A4DBD368-A6D7-4D5C-B03C-4583986EE7F9}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\poxnora\launchpad.exe | "{A834158E-7088-4E90-8286-B057D4B1A914}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\osmos\osmos.exe | "{B3893639-B150-4210-88CD-C1CB5F26BFEA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B6E4AC96-3FD2-4D7E-9C5F-3582E38B3549}" = protocol=17 | dir=in | app=e:\program files\steam\steam.exe | "{C824F5F7-4714-4D90-A876-C455FFB566C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C93A8238-7495-489E-939B-5C8F89D89981}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C981FD12-A27F-417C-B86B-AA5A6C30FB2F}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\cogs\cogs.exe | "{CB315E50-4EF0-42F8-B5F3-C4490EDC1D3D}" = protocol=6 | dir=in | app=e:\program files\steam\steam.exe | "{D7D98327-668D-4A1B-993A-8DE133EC1DCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D9D86E1F-07C8-4577-86CF-4CD9AF185F6A}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\world of goo\worldofgoo.exe | "{EB0E355E-D36C-4FCA-BC45-2402E60D6CD4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EDF81106-3D4F-45AF-9CDD-2907FBEC20C7}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\machinarium\machinarium.exe | "TCP Query User{496C60FE-B19A-4D58-8D09-6EA1DD132846}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{E93EFA15-E10B-45FF-9B77-487A78BBD45A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 267.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 267.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{79F1FD32-00C5-8BD1-7F53-1513B6E05437}" = e-Deklaracje Desktop "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5 "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FB46F473-333E-4A06-A777-31C54188593E}" = ArcSoft MediaImpression 2 "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FE5ED0AC-BCC8-482A-8B08-AA11D5F00152}" = Epson Event Manager "{FF8455A9-21E8-457D-AC64-510A705D53B3}" = ArcSoft Scan-n-Stitch Deluxe "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "avast" = avast! Free Antivirus "e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1" = e-Deklaracje Desktop "EPSON Perfection V33_V330 Manual" = EPSON Perfection V33/V330 Manual "EPSON Scanner" = EPSON Scan "Mozilla Firefox 4.0.1 (x86 pl)" = Mozilla Firefox 4.0.1 (x86 pl) "Steam App 18700" = And Yet It Moves "Steam App 201210" = PoxNora "Steam App 22000" = World of Goo "Steam App 24420" = Aquaria "Steam App 26500" = Cogs "Steam App 26800" = Braid "Steam App 26900" = Crayon Physics Deluxe "Steam App 29180" = Osmos "Steam App 40700" = Machinarium "Steam App 40720" = Samorost 2 "Steam App 41100" = Hammerfight "Steam App 48000" = LIMBO "Steam App 99700" = NightSky "winscp3_is1" = WinSCP 4.3.3 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-636950858-1996297073-3455559059-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2012-06-16 10:29:41 | Computer Name = Krypta | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2012-06-16 10:29:41 | Computer Name = Krypta | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2012-06-16 10:29:41 | Computer Name = Krypta | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2012-06-16 10:29:41 | Computer Name = Krypta | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2012-06-16 10:29:41 | Computer Name = Krypta | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2012-06-16 10:29:41 | Computer Name = Krypta | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2012-07-01 05:26:12 | Computer Name = Krypta | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "E:\Program Files\AVAST Software\Avast\asOutExt64.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2012-07-07 05:05:55 | Computer Name = Krypta | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "E:\Program Files\AVAST Software\Avast\asOutExt64.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2012-07-22 05:27:55 | Computer Name = Krypta | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: lightroom.exe, wersja: 3.6.0.10, sygnatura czasowa: 0x4edc3f82 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000775c000a Identyfikator procesu powodującego błąd: 0xfbc Godzina uruchomienia aplikacji powodującej błąd: 0x01cd67dfc9154f2c Ścieżka aplikacji powodującej błąd: E:\Program Files\Adobe\Adobe Photoshop Lightroom 3.6\lightroom.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 8448a8a3-d3df-11e1-a760-001d6074a777 Error - 2012-07-22 05:36:02 | Computer Name = Krypta | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: lightroom.exe, wersja: 3.6.0.10, sygnatura czasowa: 0x4edc3f82 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7601.17725, sygnatura czasowa: 0x4ec4aa8e Kod wyjątku: 0xc0000374 Przesunięcie błędu: 0x00000000000c40f2 Identyfikator procesu powodującego błąd: 0x1140 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd67ecce974df5 Ścieżka aplikacji powodującej błąd: E:\Program Files\Adobe\Adobe Photoshop Lightroom 3.6\lightroom.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: a6801918-d3e0-11e1-a760-001d6074a777 [ System Events ] Error - 2012-06-21 02:01:19 | Computer Name = Krypta | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 17:01:48 na ?2012-?06-?16 było nieoczekiwane. Error - 2012-06-21 04:18:25 | Computer Name = Krypta | Source = DCOM | ID = 10010 Description = Error - 2012-06-30 05:35:57 | Computer Name = Krypta | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Steam Client Service. Error - 2012-06-30 05:35:57 | Computer Name = Krypta | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Steam Client Service z powodu następującego błędu: %%1053 Error - 2012-06-30 17:23:11 | Computer Name = Krypta | Source = DCOM | ID = 10010 Description = Error - 2012-07-21 07:06:03 | Computer Name = Krypta | Source = DCOM | ID = 10010 Description = Error - 2012-08-02 12:10:37 | Computer Name = Krypta | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Steam Client Service. Error - 2012-08-02 12:10:37 | Computer Name = Krypta | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Steam Client Service z powodu następującego błędu: %%1053 Error - 2012-08-06 13:01:04 | Computer Name = Krypta | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Steam Client Service. Error - 2012-08-06 13:01:04 | Computer Name = Krypta | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Steam Client Service z powodu następującego błędu: %%1053 < End of report > ---- checkup.txt z SecurityCheck ---- Results of screen317's Security Check version 0.99.43 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (4.0.1) Google Chrome 20.0.1132.57 Google Chrome 21.0.1180.60 Google Chrome VisualElementsManifest.xml.. ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Odnośnik do komentarza
Landuss Opublikowano 6 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 6 Sierpnia 2012 Logi wstawiaj na forum opcją załączniki a nie wlepiaj do posta. Przejedź system za pomocą AdwCleaner z opcji Delete. Następnie wykonaj nowy log z OTL ze skanowania i załącz na forum. Odnośnik do komentarza
Draakhan Opublikowano 6 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 6 Sierpnia 2012 Logi wstawiaj na forum opcją załączniki a nie wlepiaj do posta. Ok, nie ma problemu. Nadmienię tylko, że kierowałem się instrukcją, która mówi, że opcją załączniki wstawiać należy logi, które nie mieszczą się do posta, a te które się mieszczą, należy wklejać bezpośrednio . Przejedź system za pomocą AdwCleaner z opcji Delete. Następnie wykonaj nowy log z OTL ze skanowania i załącz na forum. Zrobione, logi w załączniku. OTL.Txt Extras.Txt Odnośnik do komentarza
Landuss Opublikowano 6 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 6 Sierpnia 2012 Jest w porządku i to by było na tyle. Mała uwaga na koniec - masz nieaktualne te programy: "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish "Mozilla Firefox 4.0.1 (x86 pl)" = Mozilla Firefox 4.0.1 (x86 pl) Zaktualizuj do najnowszych wersji: KLIK Odnośnik do komentarza
Draakhan Opublikowano 7 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 7 Sierpnia 2012 Ok, Adobe Reader i Firefox zaktualizowane. Jedna rzecz się jeszcze ostała. W ostatnim OTL.txt jest coś takiego: ========== Internet Explorer ========== IE - HKU\S-1-5-21-636950858-1996297073-3455559059-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://startsear.ch/?aff=1&src=sp&cf=423822e0-c928-11e1-9177-001d6074a777&q={searchTerms}" Włączyłem sobie przed chwilą IE i jak wyszukuję coś z użyciem paska adresowego, to zostaję przekierowany np. na "http://startpins.com/search.php?type=Web+Search&q=test" Odnośnik do komentarza
Landuss Opublikowano 8 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 8 Sierpnia 2012 Po prostu wejdź w start > w polu szukania wpisz Uruchom > regedit i usuń ten klucz: HKEY_USERS\S-1-5-21-636950858-1996297073-3455559059-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Odnośnik do komentarza
Draakhan Opublikowano 8 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 8 Sierpnia 2012 Ok, zrobione, dzięki wielkie za pomoc . Temat do zamknięcia. Odnośnik do komentarza
Rekomendowane odpowiedzi