Weelsof - użycie ComboFix i dalsze instrukcje

[Tyska1120]

Witam, mój komputer zaatakował wczoraj wirus tzw. policjii,zainstalowałam wcześniej przegladarkę google chrome i może to przez to..no ale mniejsza z tym, w każdym razie podczas korzystania z internetu nagle wyskoczył mi komunikat, że "powinnam zapłacić grzywnę 500 zł inaczej mój komputer zostanie zablokowany". Domysliłam się, że to wirus i na innym komputerze trochę poszperałam w sieci. Według znalezionych porad próbowałam przywrócic system w trybie awaryjnym, jednak się nie udało. Spanikowałam i następnie użyłam ComboFixu- chociaż teraz wiem, że nie powinnam bez wcześniejszej konsultacji. Po skanowaniu programem komunikat policji już się więcej nie pojawił i komputer działa prawidłowo.  Teraz jednak nie wiem czy mogę już usunąć Combofix i przeskanować komputer programem antywirusowym. Proszę o dalsze instrukcje. Załączam raporty po skanowaniu ComboFixem, ( OTL, Extras, z proramu GMER oraz z ComboFix)dodam jeszcze,że odinstalowałam wirtualny napęd tylko do momentu dla poczatkujących. Niżej wklejam jeszcze raport uzupełniający, po kolorze domyślam się, że chyba powinnam pobrać aktualizacje programów.

 

 Results of screen317's Security Check version 0.99.63 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 6 Update 22 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 10.1.6 Adobe Reader out of Date! 
 Google Chrome 26.0.1410.64 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
 

 

OTL.Txt

Extras.Txt

GMER.txt

log.txt

[picasso]

Witam, mój komputer zaatakował wczoraj wirus tzw. policjii,zainstalowałam wcześniej przegladarkę google chrome i może to przez to..no ale mniejsza z tym, w każdym razie podczas korzystania z internetu nagle wyskoczył mi komunikat, że "powinnam zapłacić grzywnę 500 zł inaczej mój komputer zostanie zablokowany".

 

Typ przeglądarki per se nie jest przyczyną, za to zdeaktualizowane oprogramowanie ją wtyczkujące jak najbardziej. Tu Security Check pokazuje m.in. okropnie starą Java (niestety to dziurawa wersja instalowana w starawym OpenOffice.org 3.3)....

 

 

Spanikowałam i następnie użyłam ComboFixu- chociaż teraz wiem, że nie powinnam bez wcześniejszej konsultacji. Po skanowaniu programem komunikat policji już się więcej nie pojawił i komputer działa prawidłowo.  Teraz jednak nie wiem czy mogę już usunąć Combofix i przeskanować komputer programem antywirusowym. Proszę o dalsze instrukcje.

 

ComboFix sobie poradził z infekcją, choć napoczynał też i adware w mało elegancki sposób. Wymagane poprawki na szczątki i adware:

 

1. Odinstaluj adware i stare aplikacje:

 

- Przez Panel sterowania załatw adware AVG Security Toolbar, BabylonObjectInstaller, Bundled software uninstaller, Conduit Engine, Delta toolbar, Delta Chrome Toolbar, FoxTab PDF Reader, MyAshampoo Toolbar, Softonic-Polska_ Toolbar, Update for Video Converter.

Od razu też proponuję załatwić deinstalację wszystkich starych produktów Adobe + Java + Silverlight (najnowsze wersje zainstalujesz potem) oraz kiepskiego firewalla NVIDIA ForceWare Network Access Manager.

- W Google Chrome w rozszerzeniach powtórz deinstalację AVG Security Toolbar, Delta Toolbar.

 

2. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q=%7BsearchTerms%7D&SearchSource=4&ctid=CT2247187
IE - HKU\S-1-5-21-230849284-1701895467-2992816361-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q=%7BsearchTerms%7D&affID=119370&babsrc=SP_ss&mntrId=DC66F46D04D76152
IE - HKU\S-1-5-21-230849284-1701895467-2992816361-1000\..\SearchScopes\{41F5223A-C2B2-4465-ADD8-6B8F3FD0BB8B}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q=%7BsearchTerms%7D
IE - HKU\S-1-5-21-230849284-1701895467-2992816361-1000\..\SearchScopes\{8D6C73B4-BDA3-4A7E-A3A7-89BBA2BC085C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=kw&q=%7BsearchTerms%7D&locale=en_US&apn_ptnrs=8E&apn_dtid=YYYYYYM5PL&apn_uid=38044597-7540-443d-b7c1-99b738edea80&apn_sauid=3054EAAD-FAC7-416B-A83E-CB86D0EC5839
IE - HKU\S-1-5-21-230849284-1701895467-2992816361-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid=%7B1FBDA010-6A12-4901-805C-8BBE1646A83D%7D&mid=cfdfa9886dcd47d08a34105c7b480205-817ee24f0fd2c90662b024d02f2b8c28d2609891&lang=pl&ds=xn011&pr=sa&d=2012-12-01 13:58:57&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-230849284-1701895467-2992816361-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://home.myplaycity.com/results.php?category=web&s=%7BsearchTerms%7D
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-230849284-1701895467-2992816361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\cpu.sys -- (cpu)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\xxx\AppData\Local\Temp\catchme.sys -- (catchme)
 
:Files
C:\Users\xxx\AppData\Roaming\BabSolution
C:\Users\xxx\AppData\Roaming\DealPly
C:\Users\xxx\AppData\Roaming\Keax
C:\Users\xxx\AppData\Roaming\Saxa
C:\Users\xxx\AppData\Roaming\OpenCandy
C:\Program Files\Mozilla Firefox
 
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Klik w Wykonaj skrypt. Zatwierdź restart systemu.

 

3. Uruchom AdwCleaner i zastosuj Usuń. Na dysku C powstanie log z usuwania.

 

4. Zrób nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log z usuwania OTL z punktu 2 oraz utworzony przez AdwCleaner.

 

 

 

.

[Tyska1120]

Zastosowałam sie do instrukcji, załączam logi

# AdwCleaner v2.300 - Log utworzony 15/05/2013 o 14:57:15
# Aktualizacja 28/04/2013 przez Xplode
# System operacyjny : Windows 7 Enterprise Service Pack 1 (32 bits)
# Użytkownik : xxx - XXX-KOMPUTER
# Tryb uruchomienia : Normalny
# Ścieżka : C:\Users\xxx\Desktop\AdwCleaner.exe
# Opcja [usuń]

***** [usługi] *****

***** [Pliki / Foldery] *****

Folder Usunięto : C:\Program Files\Optimizer Pro
Folder Usunięto : C:\ProgramData\Babylon
Folder Usunięto : C:\ProgramData\Tarma Installer
Folder Usunięto : C:\Users\xxx\AppData\Local\Conduit
Folder Usunięto : C:\Users\xxx\AppData\Local\OpenCandy
Folder Usunięto : C:\Users\xxx\AppData\LocalLow\BabylonToolbar
Folder Usunięto : C:\Users\xxx\AppData\LocalLow\Conduit
Folder Usunięto : C:\Users\xxx\AppData\Roaming\Babylon
Plik Usunięto : C:\user.js

***** [Rejestr] *****

Klucz Usunięto : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Klucz Usunięto : HKCU\Software\BI
Klucz Usunięto : HKCU\Software\Conduit
Klucz Usunięto : HKCU\Software\DataMngr_Toolbar
Klucz Usunięto : HKCU\Software\DealPly
Klucz Usunięto : HKCU\Software\f55d8dfb138ba40
Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klucz Usunięto : HKCU\Software\Softonic
Klucz Usunięto : HKLM\Software\Babylon
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Conduit.Engine
Klucz Usunięto : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT1708250
Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT2247187
Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT3031818
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klucz Usunięto : HKLM\Software\Conduit
Klucz Usunięto : HKLM\Software\DealPly
Klucz Usunięto : HKLM\SOFTWARE\f55d8dfb138ba40
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Przeglądarki Internetowe] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Rejestr w porządku.

-\\ Google Chrome v26.0.1410.64

Plik : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Plik w porządku.

*************************

AdwCleaner[s1].txt - [3983 octets] - [15/05/2013 14:57:15]

########## EOF - C:\AdwCleaner[s1].txt - [4043 octets] ##########

 

 

log z punktu 2

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Microsoft\Internet Explorer\SearchScopes\{41F5223A-C2B2-4465-ADD8-6B8F3FD0BB8B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F5223A-C2B2-4465-ADD8-6B8F3FD0BB8B}\ not found.
Registry key HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8D6C73B4-BDA3-4A7E-A3A7-89BBA2BC085C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D6C73B4-BDA3-4A7E-A3A7-89BBA2BC085C}\ not found.
Registry key HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-230849284-1701895467-2992816361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Service cpu stopped successfully!
Service cpu deleted successfully!
File C:\cpu.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\xxx\AppData\Local\Temp\catchme.sys not found.
========== FILES ==========
File\Folder C:\Users\xxx\AppData\Roaming\BabSolution not found.
C:\Users\xxx\AppData\Roaming\DealPly\UpdateProc folder moved successfully.
C:\Users\xxx\AppData\Roaming\DealPly folder moved successfully.
C:\Users\xxx\AppData\Roaming\Keax folder moved successfully.
C:\Users\xxx\AppData\Roaming\Saxa folder moved successfully.
C:\Users\xxx\AppData\Roaming\OpenCandy\OpenCandy_E2385B0ADA5045DC9BFB76D33634C677 folder moved successfully.
C:\Users\xxx\AppData\Roaming\OpenCandy folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
C:\Program Files\Mozilla Firefox folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: xxx
->Temp folder emptied: 16899045 bytes
->Temporary Internet Files folder emptied: 24039334 bytes
->Java cache emptied: 8818229 bytes
->Google Chrome cache emptied: 32201995 bytes
->Flash cache emptied: 58761 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18102973 bytes
RecycleBin emptied: 24252696 bytes
 
Total Files Cleaned = 119,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05152013_144926

Files\Folders moved on Reboot...
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O720H4NF\xd_arbiter[1].htm moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZIAGS1I\xd_arbiter[1].htm moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OCQOI2G\17985-wirus-weelsof-użycie-combofix-dalsze-instrukcje[1].htm moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OCQOI2G\fastbutton[1].htm moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OCQOI2G\like[1].htm moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

i ostatni log OTL

 

OTL logfile created on: 2013-05-15 15:03:52 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop\combo
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,43% Memory free
6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 18,64 Gb Free Space | 19,09% Space Free | Partition Type: NTFS
Drive D: | 319,37 Gb Total Space | 209,15 Gb Free Space | 65,49% Space Free | Partition Type: NTFS
Drive E: | 514,39 Gb Total Space | 425,57 Gb Free Space | 82,73% Space Free | Partition Type: NTFS
 
Computer Name: XXX-KOMPUTER | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-05-15 10:52:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\combo\OTL.exe
PRC - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-05-09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-04-19 23:10:48 | 001,631,144 | ---- | M] (Valve Corporation) -- E:\Program Files\Steam\Steam.exe
PRC - [2011-08-02 17:40:34 | 000,862,208 | ---- | M] (Murray Hurps Corp Pty Ltd) -- C:\Program Files\Ad Muncher\AdMunch.exe
PRC - [2011-07-11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011-01-17 20:50:30 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011-01-17 20:50:30 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010-11-20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-11-20 23:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010-05-24 11:10:34 | 001,683,360 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2010-02-03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009-05-03 12:22:28 | 000,073,392 | ---- | M] (FSPro Labs) -- C:\Windows\System32\fsproflt.exe
PRC - [2009-03-13 21:29:10 | 004,413,952 | ---- | M] (AnyDATA.NET) -- C:\Program Files\Orange\EasyWirelessNet.exe
PRC - [2007-03-06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013-04-19 23:10:50 | 001,114,024 | ---- | M] () -- E:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013-03-27 02:16:40 | 020,341,672 | ---- | M] () -- E:\Program Files\Steam\bin\libcef.dll
MOD - [2013-03-26 00:23:34 | 000,651,776 | ---- | M] () -- E:\Program Files\Steam\SDL2.dll
MOD - [2012-12-11 19:51:10 | 001,100,800 | ---- | M] () -- E:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012-12-11 19:51:10 | 000,192,000 | ---- | M] () -- E:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012-12-11 19:51:10 | 000,124,416 | ---- | M] () -- E:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012-10-28 15:09:06 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010-05-24 11:10:38 | 000,098,720 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
MOD - [2010-05-24 11:10:32 | 064,661,408 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\skin.dll
MOD - [2010-05-24 11:10:30 | 000,078,240 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2010-05-24 11:10:28 | 000,111,008 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009-09-30 05:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\System32\AsIO.dll
MOD - [2009-03-25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009-03-19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009-03-19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009-01-15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\pngio.dll
MOD - [2007-04-24 14:04:34 | 000,106,496 | ---- | M] () -- C:\Program Files\Orange\UMI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013-05-15 14:32:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013-04-19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-05-03 12:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\System32\fsproflt.exe -- (fsproflt)
SRV - [2007-03-06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2013-05-09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013-05-09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013-05-09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013-05-09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013-05-09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013-05-09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013-05-09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013-05-09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011-10-03 17:27:19 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011-10-03 17:27:16 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011-06-17 22:28:18 | 000,240,736 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0151.sys -- (RsFx0151)
DRV - [2010-11-20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010-11-20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010-11-20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010-11-20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010-11-20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-11-20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010-11-20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-05-15 13:11:42 | 001,150,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010-04-08 20:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2010-03-04 12:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009-09-28 01:12:21 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-08-21 22:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009-08-13 09:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009-08-04 04:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009-07-16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009-07-14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009-07-14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008-06-05 19:37:54 | 000,043,792 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\System32\drivers\FSPFltd.sys -- (FSProFilter)
DRV - [2007-11-14 04:08:38 | 000,100,992 | ---- | M] (AnyDATA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
IE - HKCU\..\SearchScopes,DefaultScope = {E8ACC590-B07B-414F-A3DB-F30FF1BFE3E8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E8ACC590-B07B-414F-A3DB-F30FF1BFE3E8}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-23 20:59:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-23 20:59:04 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - Extension: Dokumenty Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013-05-14 22:42:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ALLYouTubeDownloader) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files\ALLYouTubeDownloader\ALLYouTubeDownloader.dll (ALLCinema Ltd.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe (ALLPlayer Group Ltd.)
O4 - HKCU..\Run: [steam] E:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O15 - HKCU\..Trusted Domains: allegro.pl ([]https in Zaufane witryny)
O16 - DPF: {112857FE-11D5-03FF-9A3F-0080C8D85044} http://cached.gamedesire.com/g_bin/pl/solitaire_2_0_0_32.cab (GameDesire Solitaires)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D0334C2-DCC5-4D4F-BBFE-579056971EE6}: NameServer = 217.116.100.65 79.163.127.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5535053-3DF2-4AA2-BCD3-9DAAEAF3748E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAAF58B7-0743-43F9-B3CA-73F06AF32837}: NameServer = 79.163.127.70 217.116.100.65
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-05-15 14:49:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-05-15 14:45:53 | 006,953,496 | ---- | C] (Microsoft Corporation) -- C:\Users\xxx\Desktop\Silverlight2.exe
[2013-05-15 14:32:31 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-05-15 14:32:31 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-05-15 14:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-05-15 14:24:36 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013-05-15 14:24:36 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-05-15 14:24:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-05-15 14:24:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-05-15 14:24:33 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-05-15 14:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013-05-15 14:19:22 | 000,903,072 | ---- | C] (Oracle Corporation) -- C:\Users\xxx\Desktop\JavaSetup7u21.exe
[2013-05-15 13:01:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\combo
[2013-05-15 10:39:29 | 000,663,128 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\xxx\Desktop\SPTDinst-v183-x86.exe
[2013-05-15 00:29:47 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013-05-15 00:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013-05-15 00:29:46 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013-05-15 00:29:45 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013-05-15 00:29:44 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013-05-15 00:29:44 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013-05-15 00:29:41 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013-05-15 00:29:41 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013-05-15 00:29:01 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-05-15 00:15:18 | 006,604,352 | ---- | C] (AVAST Software) -- C:\Users\xxx\Desktop\avast_free_antivirus_setup_online.exe
[2013-05-14 22:42:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013-05-14 22:38:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\temp
[2013-05-14 22:38:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013-05-14 22:32:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013-05-14 22:32:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013-05-14 22:32:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013-05-14 22:32:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013-05-14 22:32:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-05-14 22:31:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013-05-14 22:28:59 | 005,066,131 | R--- | C] (Swearware) -- C:\Users\xxx\Desktop\ComboFix.exe
[2013-05-14 15:27:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013-05-14 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Google
[2013-05-14 15:16:59 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\xxx\Desktop\chrome_installer.exe
[2013-05-14 00:05:17 | 861,572,958 | -H-- | C] (Games                                                       ) -- C:\Users\xxx\Desktop\Portal Evil Stolen Runes CE.exe
[2013-05-13 19:53:07 | 002,138,352 | ---- | C] (Solid State Networks) -- C:\Users\xxx\Desktop\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe
[2013-05-08 16:10:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\zdj Julci
[2013-04-27 12:07:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\uprawa ogródka
[2013-04-23 13:15:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Nowy folder (3)
[2013-04-21 17:32:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\claas
 
========== Files - Modified Within 30 Days ==========
 
[2013-05-15 15:06:06 | 000,805,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-05-15 15:06:06 | 000,719,666 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-05-15 15:06:06 | 000,179,428 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-05-15 15:06:06 | 000,145,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-05-15 15:00:51 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-05-15 14:59:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-05-15 14:59:34 | 2415,308,800 | -HS- | M] () -- C:\hiberfil.sys
[2013-05-15 14:58:56 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-05-15 14:58:56 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-05-15 14:56:44 | 000,628,743 | ---- | M] () -- C:\Users\xxx\Desktop\AdwCleaner.exe
[2013-05-15 14:46:32 | 006,953,496 | ---- | M] (Microsoft Corporation) -- C:\Users\xxx\Desktop\Silverlight2.exe
[2013-05-15 14:37:27 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013-05-15 14:32:31 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-05-15 14:32:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-05-15 14:27:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-230849284-1701895467-2992816361-1000UA.job
[2013-05-15 14:24:29 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-05-15 14:24:28 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013-05-15 14:24:28 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013-05-15 14:24:28 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-05-15 14:24:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-05-15 14:24:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-05-15 14:19:31 | 000,903,072 | ---- | M] (Oracle Corporation) -- C:\Users\xxx\Desktop\JavaSetup7u21.exe
[2013-05-15 14:12:01 | 000,001,200 | ---- | M] () -- C:\Users\xxx\Desktop\porady.rtf
[2013-05-15 14:05:21 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013-05-15 10:39:29 | 000,663,128 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\xxx\Desktop\SPTDinst-v183-x86.exe
[2013-05-15 00:29:47 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-05-15 00:29:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013-05-15 00:15:41 | 006,604,352 | ---- | M] (AVAST Software) -- C:\Users\xxx\Desktop\avast_free_antivirus_setup_online.exe
[2013-05-14 22:42:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013-05-14 16:27:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-230849284-1701895467-2992816361-1000Core.job
[2013-05-14 15:27:13 | 000,002,322 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2013-05-14 15:17:14 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Users\xxx\Desktop\chrome_installer.exe
[2013-05-14 13:37:44 | 000,074,051 | ---- | M] () -- C:\Users\xxx\.recently-used.xbel
[2013-05-14 10:19:30 | 000,001,391 | ---- | M] () -- C:\Users\xxx\Desktop\Secrets of the Dark Mystery of the Ancestral Estate Collectors .lnk
[2013-05-14 00:10:23 | 861,572,958 | -H-- | M] (Games                                                       ) -- C:\Users\xxx\Desktop\Portal Evil Stolen Runes CE.exe
[2013-05-13 19:54:03 | 002,138,352 | ---- | M] (Solid State Networks) -- C:\Users\xxx\Desktop\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe
[2013-05-11 21:49:26 | 000,001,215 | ---- | M] () -- C:\Users\xxx\Desktop\Grim Facade Cost of Jealousy Collectors.lnk
[2013-05-09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013-05-09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013-05-09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013-05-09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013-05-09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013-05-09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013-05-09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013-05-09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013-05-09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-05-09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013-05-08 00:15:52 | 203,126,784 | ---- | M] () -- C:\Users\xxx\Desktop\WIOSNA 2013.mpg
[2013-05-07 21:59:13 | 000,015,872 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-04-30 12:49:19 | 000,046,777 | ---- | M] () -- C:\Users\xxx\Desktop\3214588771.jpg
[2013-04-30 12:31:45 | 000,046,030 | ---- | M] () -- C:\Users\xxx\Desktop\3214588761.jpg
[2013-04-26 23:27:30 | 000,001,317 | ---- | M] () -- C:\Windows\APDFPRP.INI
 
========== Files Created - No Company Name ==========
 
[2013-05-15 14:56:42 | 000,628,743 | ---- | C] () -- C:\Users\xxx\Desktop\AdwCleaner.exe
[2013-05-15 14:32:33 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-05-15 14:12:01 | 000,001,200 | ---- | C] () -- C:\Users\xxx\Desktop\porady.rtf
[2013-05-15 14:05:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013-05-15 14:05:21 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013-05-15 00:29:47 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-05-15 00:29:43 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013-05-15 00:29:42 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013-05-14 22:32:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-05-14 22:32:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-05-14 22:32:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-05-14 22:32:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-05-14 22:32:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-05-14 15:27:03 | 000,002,322 | ---- | C] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2013-05-14 15:17:43 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-230849284-1701895467-2992816361-1000UA.job
[2013-05-14 15:17:43 | 000,000,998 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-230849284-1701895467-2992816361-1000Core.job
[2013-05-14 13:37:44 | 000,074,051 | ---- | C] () -- C:\Users\xxx\.recently-used.xbel
[2013-05-14 10:19:30 | 000,001,391 | ---- | C] () -- C:\Users\xxx\Desktop\Secrets of the Dark Mystery of the Ancestral Estate Collectors .lnk
[2013-05-11 21:49:26 | 000,001,215 | ---- | C] () -- C:\Users\xxx\Desktop\Grim Facade Cost of Jealousy Collectors.lnk
[2013-05-08 00:12:27 | 203,126,784 | ---- | C] () -- C:\Users\xxx\Desktop\WIOSNA 2013.mpg
[2013-04-30 12:49:24 | 000,046,777 | ---- | C] () -- C:\Users\xxx\Desktop\3214588771.jpg
[2013-04-30 12:45:19 | 000,046,030 | ---- | C] () -- C:\Users\xxx\Desktop\3214588761.jpg
[2013-04-01 19:57:30 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2013-02-22 20:18:20 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2013-02-22 20:18:20 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2013-02-22 20:18:20 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2013-02-22 20:18:20 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2013-02-22 20:18:20 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2013-02-22 20:18:20 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2013-02-21 21:30:44 | 000,015,872 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
[2012-06-14 21:27:52 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2012-06-14 21:27:47 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2012-06-04 15:52:49 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012-04-30 18:36:06 | 000,003,604 | ---- | C] () -- C:\Windows\jcbfnv.ini
[2012-04-30 18:36:06 | 000,001,431 | ---- | C] () -- C:\Windows\cmzt-x.ini
[2012-03-19 18:28:08 | 000,004,096 | -H-- | C] () -- C:\Users\xxx\AppData\Local\keyfile3.drm
[2012-01-17 18:29:28 | 000,000,040 | ---- | C] () -- C:\Users\xxx\DreamGame.cfg
[2012-01-14 11:51:08 | 000,006,053 | ---- | C] () -- C:\Users\xxx\AppData\Local\Tempgnurobborc
[2011-12-26 17:45:23 | 000,000,004 | ---- | C] () -- C:\Windows\System32\proc320736588.bin
[2011-10-03 17:27:19 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011-10-03 17:27:16 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011-10-03 10:42:21 | 000,000,121 | ---- | C] () -- C:\Windows\disney.ini
[2011-10-03 10:41:50 | 000,000,206 | ---- | C] () -- C:\Windows\disneysy.ini
[2011-09-23 20:24:41 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011-09-21 01:11:57 | 000,001,317 | ---- | C] () -- C:\Windows\APDFPRP.INI
[2011-09-21 01:08:52 | 000,001,024 | ---- | C] () -- C:\Windows\System32\pwdremover.dat
[2011-08-29 20:55:36 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011-08-23 20:54:27 | 000,229,838 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011-08-23 20:54:27 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011-08-19 17:23:49 | 000,119,657 | ---- | C] () -- C:\Windows\hpoins11.dat
[2011-08-11 18:13:36 | 000,139,152 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\PnkBstrK.sys
[2011-08-11 18:13:36 | 000,138,736 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011-08-11 18:13:24 | 000,281,392 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011-08-11 18:13:22 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011-08-03 12:28:41 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011-08-02 16:29:20 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2011-08-02 16:29:20 | 000,011,296 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011-08-02 16:29:15 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2011-08-02 16:29:15 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2011-08-02 16:16:44 | 000,010,084 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011-08-02 16:15:02 | 000,031,184 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011-08-02 16:14:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011-08-02 16:14:27 | 000,023,407 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-11-20 23:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:E0888117
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:639BB5E9
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AE289451
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F

< End of report >

[picasso]

Proszę korzystaj z opcji załączników do prezentacji raportów. Zadania wykonane i możemy kończyć:

 

1. Drobne poprawki. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]

 

Klik w Wykonaj skrypt. Tym razem nie będzie restartu.

 

2. Odinstaluj ComboFix. Klawisz z flagą Windows + R i w polu Uruchom wklej komendę:

 

C:\Users\xxx\Desktop\ComboFix.exe /uninstall

 

Gdy komenda skończy działanie: w AdwCleaner uruchom Odinstaluj, w OTL uruchom Sprzątanie, przez SHIFT+DEL skasuj folder C:\Windows\erdnt.

 

3. Była mowa o aktualizacjach. Widzę, że już zainstalowałaś najnowszy Adobe Reader, Java i Silverlight. Został jeszcze OpenOffice.org 3.3 do wymiany najnowszą wersją, która będzie potrafiła korzystać z najnowszej Javy: KLIK.

 

 

 

.

[Tyska1120]

zrobione, jeśli to już koniec to bardzo dziękuję za pomoc;)