UKASH komputer zablokowany

[Mocias]

WITAM WSZYSTKICH

Bardzo potrzebuje pomocy specjalistów . Niestety mój komputer został zablokowany przez paskudnego wirusa UKASH .OTL i Extras daje w załączniku . Pomożecie ? Z góry wielkie dzięki.

Extras.Txt

OTL.Txt

[picasso]

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
O4 - HKCU..\Run: [RpcPing] C:\Users\Mateusz\AppData\Local\Microsoft\Windows\1395\RpcPing.exe ()
O4 - Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rejestracja .lnk =  File not found
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\ipswuio.sys -- (ipswuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\I386\AsProcOb.sys -- (ASUSProcObsrv)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
 
:Files
C:\Users\Mateusz\AppData\Local\Microsoft\Windows\1395
C:\Users\Mateusz\AppData\Roaming\hellomoto
 
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2]
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Klik w Wykonaj skrypt. System zostanie zrestartowany (i odblokowany), otworzy się log z wynikami usuwania.

 

2. Wygeneruj nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log z usuwania OTL z punktu 1.

 

 

 

.

[Mocias]

Dziękuje mam pytanie co do punktu 2. Co zrobić z tym nowym log OTL też mam tu na forum wkleić razem z log usuwania z punktu 1 ?? Czy gdzieś tam wkleić . I czy musze wykonać to sprzątanie

[picasso]

Co to za pytania. Masz wygenerować log z opcji Skanuj i wraz z logiem z usuwania doczepić tu do oceny jako załączniki posta. I o jakim "sprzątaniu" mowa? Na razie są zadane określone czynności.

 

 

[Mocias]

Ok to jest log z OTL z usuwania

 

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RpcPing deleted successfully.

C:\Users\Mateusz\AppData\Local\Microsoft\Windows\1395\RpcPing.exe moved successfully.

C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rejestracja .lnk moved successfully.

Service upperdev stopped successfully!

Service upperdev deleted successfully!

File system32\DRIVERS\usbser_lowerflt.sys not found.

Service nmwcdnsuc stopped successfully!

Service nmwcdnsuc deleted successfully!

File system32\drivers\nmwcdnsuc.sys not found.

Service nmwcdnsu stopped successfully!

Service nmwcdnsu deleted successfully!

File system32\drivers\nmwcdnsu.sys not found.

Service ipswuio stopped successfully!

Service ipswuio deleted successfully!

File System32\DRIVERS\ipswuio.sys not found.

Service ASUSProcObsrv stopped successfully!

Service ASUSProcObsrv deleted successfully!

File F:\I386\AsProcOb.sys not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

========== FILES ==========

C:\Users\Mateusz\AppData\Local\Microsoft\Windows\1395 folder moved successfully.

C:\Users\Mateusz\AppData\Roaming\hellomoto folder moved successfully.

========== REGISTRY ==========

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully!

Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

 

User: Mateusz

->Temp folder emptied: 166913480 bytes

->Temporary Internet Files folder emptied: 346802775 bytes

->Java cache emptied: 6161748 bytes

->FireFox cache emptied: 96168288 bytes

->Google Chrome cache emptied: 31759621 bytes

->Flash cache emptied: 78594 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 169095644 bytes

RecycleBin emptied: 15954187320 bytes

 

Total Files Cleaned = 15 994,00 mb

 

 

OTL by OldTimer - Version 3.2.53.1 log created on 07082012_101206

 

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\MpCmdRun-BC-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock not found!

C:\Windows\temp\MpCmdRun.log moved successfully.

C:\Windows\temp\TMP000000013EA1C2781AD7FC9C moved successfully.

C:\Windows\temp\TMP0000000717A9A96BAF9EE5B4 moved successfully.

 

PendingFileRenameOperations files...

File C:\Windows\temp\MpCmdRun-BC-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock not found!

File C:\Windows\temp\MpCmdRun.log not found!

File C:\Windows\temp\TMP000000013EA1C2781AD7FC9C not found!

File C:\Windows\temp\TMP0000000717A9A96BAF9EE5B4 not found!

 

Registry entries deleted on Reboot...

 

 

A tu nowo wygenerowany log OTL

 

OTL logfile created on: 2012-07-08 10:34:02 - Run 2

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Mateusz\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,97 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 55,46% Memory free

6,13 Gb Paging File | 4,70 Gb Available in Paging File | 76,72% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,44 Gb Total Space | 37,69 Gb Free Space | 32,37% Space Free | Partition Type: NTFS

Drive D: | 104,73 Gb Total Space | 47,02 Gb Free Space | 44,90% Space Free | Partition Type: NTFS

Drive F: | 3,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: MATEUSZ-PC | User Name: Mateusz | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012-07-07 12:14:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mateusz\Downloads\OTL.exe

PRC - [2012-07-01 09:06:40 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012-02-20 13:25:14 | 000,218,624 | ---- | M] () -- C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe

PRC - [2010-11-16 15:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe

PRC - [2010-11-16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe

PRC - [2009-12-10 20:46:01 | 002,752,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup

PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-07-01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

PRC - [2009-04-11 08:27:36 | 003,483,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009-04-08 19:37:10 | 000,158,264 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe

PRC - [2009-04-02 20:49:12 | 000,211,512 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe

PRC - [2009-03-30 06:06:15 | 000,424,864 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe

PRC - [2009-03-27 18:52:28 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe

PRC - [2009-03-21 05:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe

PRC - [2009-03-04 19:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe

PRC - [2009-02-26 05:15:29 | 002,742,840 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe

PRC - [2009-02-07 01:13:16 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe

PRC - [2008-12-23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe

PRC - [2008-12-10 00:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

PRC - [2008-10-01 08:02:48 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe

PRC - [2008-08-18 20:27:32 | 000,117,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe

PRC - [2008-08-18 19:56:22 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe

PRC - [2008-08-14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe

PRC - [2008-08-14 05:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe

PRC - [2008-08-14 01:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe

PRC - [2008-07-30 02:34:34 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2008-07-19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2008-04-01 08:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe

PRC - [2008-03-31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

PRC - [2008-01-21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2008-01-21 04:32:50 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe

PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

PRC - [2007-11-20 13:44:30 | 001,145,400 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

PRC - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007-08-03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2005-07-07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

PRC - [2002-12-17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012-07-01 09:06:39 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2009-07-01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

MOD - [2009-02-04 18:44:20 | 000,023,040 | ---- | M] () -- C:\Program Files\P4G\OvrClk.dll

MOD - [2008-08-21 00:49:56 | 000,016,384 | ---- | M] () -- C:\Program Files\P4G\DevMng.dll

MOD - [2008-07-30 02:27:20 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

MOD - [2008-07-19 04:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2008-06-09 18:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

MOD - [2007-11-19 13:54:20 | 000,188,416 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll

MOD - [2007-11-19 11:11:58 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswcore.dll

MOD - [2007-11-13 00:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll

MOD - [2007-09-06 14:05:00 | 000,081,920 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswobj.dll

MOD - [2007-08-02 09:53:06 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll

MOD - [2007-07-24 14:41:10 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ResItf.dll

MOD - [2007-06-19 11:38:08 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswui.dll

MOD - [2007-06-15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll

MOD - [2007-06-02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

MOD - [2007-05-14 14:07:14 | 000,009,728 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\LogonStartup.dll

MOD - [2007-05-14 11:10:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswgblset.dll

MOD - [2007-03-10 01:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll

MOD - [2006-12-09 09:34:36 | 000,139,264 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll

MOD - [2006-12-07 09:29:06 | 000,007,168 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\iphelper.dll

MOD - [2006-12-06 16:55:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswhlp.dll

MOD - [2006-12-06 16:55:22 | 000,086,016 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswds.dll

MOD - [2006-12-06 16:42:26 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\cxcmrt.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2012-07-01 09:06:39 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012-02-20 13:25:14 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Multimedia mobilNET\UpdateDog\ouc.exe -- (Multimedia mobilNET. RunOuc)

SRV - [2010-11-16 15:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)

SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2008-08-14 05:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2008-03-31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

SRV - [2008-01-21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008-01-21 04:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008-01-21 04:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007-08-03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

SRV - [2002-12-17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)

SRV - [2002-12-17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a419jqep)

DRV - [2012-02-20 13:25:15 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2012-02-20 13:25:15 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2012-02-20 13:25:15 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2011-08-17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009-11-25 01:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2009-09-25 12:19:49 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2009-09-05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009-05-09 05:34:08 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)

DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2009-04-02 02:46:42 | 000,015,416 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)

DRV - [2009-04-01 23:12:48 | 000,233,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)

DRV - [2009-03-17 13:17:05 | 000,140,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2009-02-09 15:47:11 | 000,456,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2008-12-24 10:39:43 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2008-11-03 09:03:27 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2008-09-21 23:49:35 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008-08-11 04:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2008-05-24 02:25:42 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2007-08-03 06:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

DRV - [2007-07-24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)

DRV - [2006-11-02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=ASUS&bmod=ASUS

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUS

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUS

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"

FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Mateusz\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mateusz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-01 09:06:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-05 16:44:03 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-01 09:06:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-05 16:44:03 | 000,000,000 | ---D | M]

 

[2009-10-03 02:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Extensions

[2012-07-02 09:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\ru6hffom.default\extensions

[2010-07-29 16:13:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\ru6hffom.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-05-31 13:41:07 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\ru6hffom.default\extensions\illimitux@illimitux.net

[2012-07-02 09:36:48 | 000,000,000 | ---D | M] (BPH Sign Plugin) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\ru6hffom.default\extensions\SignPlugin@bph.pl

[2009-10-04 18:01:17 | 000,000,000 | ---D | M] (Zrzuta) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\ru6hffom.default\extensions\zrzuta.eu@gmail.com

[2010-06-23 20:23:50 | 000,001,979 | ---- | M] () -- C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\ru6hffom.default\searchplugins\wrzuta.xml

[2012-07-01 09:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012-07-01 09:06:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009-07-17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2012-07-01 09:06:36 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2012-07-01 09:06:36 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2012-07-01 09:06:36 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2012-07-01 09:06:36 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2012-07-01 09:06:36 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-07-01 09:06:36 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Mateusz\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)

O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.)

O4 - HKLM..\Run: [updatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe ()

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Facebook Update] C:\Users\Mateusz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 89.231.1.206

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{438EF4D0-DA57-4CDF-9685-2DE74438DC96}: DhcpNameServer = 217.172.224.160 89.231.1.206

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD0D7791-2CCA-41DB-85E6-9A66D88771A8}: DhcpNameServer = 89.108.195.20 217.17.34.10

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2007-08-13 18:30:58 | 000,402,696 | R--- | M] (Electronic Arts) - F:\AutoRun.exe -- [ UDF ]

O32 - AutoRun File - [2007-09-02 02:30:29 | 000,000,000 | R--D | M] - F:\Autorun -- [ UDF ]

O32 - AutoRun File - [2007-09-02 02:31:16 | 005,085,696 | R--- | M] () - F:\autorun.dat -- [ UDF ]

O32 - AutoRun File - [2007-09-02 02:23:25 | 000,000,136 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012-07-08 10:12:06 | 000,000,000 | ---D | C] -- C:\_OTL

[2012-07-06 15:05:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012-06-21 14:30:11 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012-06-21 14:30:11 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012-06-21 14:29:49 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012-06-21 14:29:49 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012-06-21 14:29:48 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012-06-21 14:29:33 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012-06-21 14:29:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012-06-13 22:07:10 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012-06-13 22:07:08 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012-06-13 22:07:08 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2012-06-13 22:07:08 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2012-06-13 22:07:08 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2012-06-13 22:07:08 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012-06-13 22:07:08 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012-06-13 22:07:08 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012-06-13 22:07:07 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2012-06-13 21:59:37 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[1 C:\Users\Mateusz\AppData\Local\*.tmp files -> C:\Users\Mateusz\AppData\Local\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012-07-08 10:31:01 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe

[2012-07-08 10:30:59 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012-07-08 10:30:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012-07-08 10:30:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012-07-08 10:30:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-07-08 10:29:30 | 3184,644,096 | -HS- | M] () -- C:\hiberfil.sys

[2012-07-08 10:11:41 | 000,001,356 | ---- | M] () -- C:\Users\Mateusz\AppData\Local\d3d9caps.dat

[2012-07-06 14:43:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-326665045-3689166324-2203608081-1000UA.job

[2012-07-05 22:17:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012-07-05 22:06:01 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012-07-05 14:48:57 | 000,690,220 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2012-07-05 14:48:57 | 000,614,076 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012-07-05 14:48:57 | 000,138,450 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2012-07-05 14:48:57 | 000,112,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012-07-01 17:43:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-326665045-3689166324-2203608081-1000Core.job

[2012-06-25 21:11:30 | 000,696,293 | ---- | M] () -- C:\Users\Mateusz\Desktop\2012-06-25-069.jpg

[2012-06-14 05:43:11 | 000,379,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012-06-13 17:55:23 | 000,003,424 | ---- | M] () -- C:\Users\Mateusz\Desktop\Jack Daniels Label avatar.jpg

[2012-06-13 17:53:52 | 000,033,260 | ---- | M] () -- C:\Users\Mateusz\Desktop\Jack Daniels Label.jpg

[2012-06-13 17:12:56 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[1 C:\Users\Mateusz\AppData\Local\*.tmp files -> C:\Users\Mateusz\AppData\Local\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012-07-08 10:29:30 | 3184,644,096 | -HS- | C] () -- C:\hiberfil.sys

[2012-06-25 21:11:30 | 000,696,293 | ---- | C] () -- C:\Users\Mateusz\Desktop\2012-06-25-069.jpg

[2012-06-13 17:55:23 | 000,003,424 | ---- | C] () -- C:\Users\Mateusz\Desktop\Jack Daniels Label avatar.jpg

[2012-06-13 17:53:50 | 000,033,260 | ---- | C] () -- C:\Users\Mateusz\Desktop\Jack Daniels Label.jpg

[2011-04-08 23:57:22 | 000,001,356 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\d3d9caps.dat

[2011-02-11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2010-08-25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2010-08-25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2010-08-25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2010-08-25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2009-10-02 11:14:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009-09-25 16:52:01 | 000,139,152 | ---- | C] () -- C:\Users\Mateusz\AppData\Roaming\PnkBstrK.sys

[2009-09-13 14:10:49 | 000,013,312 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-04-08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll

[2008-05-22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg

[2002-08-08 06:11:30 | 000,319,488 | R--- | C] () -- C:\Users\Mateusz\AppData\Roaming\MafiaSetup.exe

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 64 bytes -> C:\Users\Mateusz\Desktop\Kac Vegas w Bangkoku.2011.PL.DVDRip.XviD-BiDA.mp4:TOC.WMV

 

< End of report >

[picasso]

Mówiłam = proszę stosować załączniki a nie wklejać do posta ... Zamknięcie czyszczenia:

 

1. W OTL uruchom Sprzątanie kasujące kwarantannę i OTL.

 

2. Wyczyść foldery Przywracania systemu: KLIK.

 

3. Wykonaj pełne (nie ekspresowe) skanowanie w Malwarebytes Anti-Malware. Jeśli coś wykryje, przedstaw raport.

 

 

.

[Mocias]

Wszystko zrobione punkt po punkcie . Stare przywrócenie systemu usunięte . Dyski przeskanowane tym programem , znalazło jednego trojana . To raport

mbam-log-2012-07-08 (19-18-37).txt

[picasso]

Owszem, ten wynik wygląda podejrzanie i usuń to. I wykonaj podstawowe aktualizacje: KLIK. Wyciąg wersji z Twojego systemu:

 

Internet Explorer (Version = 7.0.6002.18005)
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast!" = avast! Antivirus
"Gadu-Gadu 10" = Gadu-Gadu 10
"Google Chrome" = Google Chrome ----> wg głównego OTL stara wersja 15.0.874.121
"Tlen.pl" = Tlen.pl

 

1. Jest tu zakreślony Avast, gdyż w systemie rezyduje przestarzała wersja z roku 2009. Odinstaluj program, następnie z poziomu Trybu awaryjnego popraw specjalizowanym usuwaczem Avast Uninstall Utility, na koniec zainstaluj najnowszą wersję.

 

2. Punktuję także kombinację GG10 + Tlen.pl, gdyż uważam ją za bezsensowną. Pierwszy jest potworem skoncentrowanym na jedzeniu zasobów systemu i reklamowaniu a nie komunikacji zasadniczej. Drugi to kulawa alternatywa, program nierozwijany i porzucony przez firmę. Zamiast tych dwóch można mieć jeden program alternatywny. Propozycja to WTW = obsługuje obie sieci (GG i Tlen), jest lekki, nie ma reklam, tryb portable, dobra obsługa protokołu GG10. Opis znajdziesz w artykule Darmowe komunikatory.

 

 

 

.

[Mocias]

Zastosowałem sie do poleceń , bardzo dziękuje za tak cenne porady.