Live Security Platinium - usuwanie

[Radiol123]

Witam, mam problem z Live Security Platinium, otóż nie wiem jak go usunąć.

Piszę z drugiego konta użytkownika Windows 7.

 

Po skanowaniu wyskoczył mi błąd, screen: http://iv.pl/images/34146120840931126442.jpg OTL się zwiesił, ale Log jest, lecz bez Extras:

 

 

OTL logfile created on: 2012-08-03 16:51:34 - Run 1

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\lol\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,55% Memory free

8,00 Gb Paging File | 6,56 Gb Available in Paging File | 81,97% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,65 Gb Total Space | 26,44 Gb Free Space | 27,07% Space Free | Partition Type: NTFS

Drive D: | 488,28 Gb Total Space | 126,03 Gb Free Space | 25,81% Space Free | Partition Type: NTFS

Drive E: | 345,57 Gb Total Space | 72,72 Gb Free Space | 21,04% Space Free | Partition Type: NTFS

 

Computer Name: KOMPUTEREK | User Name: lol | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012-08-03 16:13:18 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\lol\Downloads\OTL.exe

PRC - [2012-07-18 10:48:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012-05-29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

PRC - [2012-04-27 12:32:13 | 000,467,064 | ---- | M] ("http://www.express-files.com/") -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe

PRC - [2012-04-12 11:11:34 | 000,404,880 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe

PRC - [2012-04-12 11:11:34 | 000,324,496 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v10\System\VC10Tray.exe

PRC - [2012-02-26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

PRC - [2011-05-10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2009-04-02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012-07-18 10:48:11 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012-02-20 09:52:41 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll

MOD - [2012-02-20 09:52:41 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll

MOD - [2012-02-20 09:52:41 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll

MOD - [2012-02-20 09:52:41 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll

MOD - [2011-12-30 15:08:18 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2008-08-18 16:11:24 | 001,237,504 | ---- | M] () -- C:\Program Files (x86)\Virtual CD v10\System\vorbis.dll

MOD - [2008-08-18 16:08:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Virtual CD v10\System\ogg.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2009-08-18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012-07-18 10:48:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012-07-12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- D:\SMITE\HiPatchService.exe -- (HiPatchService)

SRV - [2012-07-10 19:54:17 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)

SRV - [2012-06-27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012-06-10 21:38:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012-05-31 14:53:00 | 000,008,704 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)

SRV - [2012-04-12 11:11:30 | 000,145,296 | ---- | M] (H+H Software GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)

SRV - [2012-03-18 11:34:10 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012-03-16 13:20:49 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012-02-23 00:51:09 | 000,111,632 | ---- | M] (TMRG, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)

SRV - [2011-07-01 11:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2011-04-25 05:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008-04-07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011-12-09 23:39:40 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2011-07-01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2011-05-13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011-05-13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)

DRV:64bit: - [2011-05-13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2011-05-13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011-05-13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2011-04-19 08:53:32 | 000,223,256 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vdrv1000.sys -- (vdrv1000)

DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011-02-11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2010-12-30 20:04:30 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)

DRV:64bit: - [2010-12-30 20:04:30 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010-09-18 11:58:54 | 000,116,824 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EagleX64.sys -- (EagleX64)

DRV:64bit: - [2010-05-29 12:06:44 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2010-02-03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009-08-18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-07-09 11:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys)

DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009-03-27 15:25:10 | 000,027,160 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)

DRV:64bit: - [2008-12-26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)

DRV:64bit: - [2008-09-26 18:02:36 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2008-06-17 09:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)

DRV:64bit: - [2007-09-17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV - [2010-05-14 17:30:08 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009-03-31 10:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)

DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)

DRV - [2005-01-01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://home.sweetim.com/?st=11&barid={2D02C390-9054-11E1-A447-00241DA391A1}"

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = "http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4"

IE - HKLM\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817"

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "http://search.sweetim.com/search.asp?src=6&st=11&q={searchTerms}&barid={2D02C390-9054-11E1-A447-00241DA391A1}"

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

 

IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found

IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found

IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\URLSearchHook: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\SearchScopes\{08719205-73D8-415C-B6F0-7B4A5B2BB1D8}: "URL" = "http://www.google.com/search?hl=pl&q={searchTerms}"

IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817"

IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

 

========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-14 14:44:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012-06-14 23:25:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox [2012-07-05 10:06:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [2012-07-05 10:06:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-18 10:48:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-08-20 09:17:33 | 000,000,000 | ---D | M]

 

[2011-08-24 20:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lol\AppData\Roaming\mozilla\Extensions

[2012-04-30 12:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lol\AppData\Roaming\mozilla\Firefox\Profiles\x3a57x1u.default\extensions

[2011-11-10 22:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011-12-04 00:21:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011-08-20 09:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2012-07-18 10:48:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010-11-30 16:11:52 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2011-10-18 18:07:30 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml

[2011-10-18 18:07:30 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml

[2011-05-21 09:45:24 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2011-10-18 18:07:30 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml

[2011-10-18 18:07:30 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml

[2011-10-18 18:07:30 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml

[2011-10-18 18:07:30 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

 

O1 HOSTS File: ([2011-05-14 13:14:55 | 000,000,874 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (SpeedBit Ltd.)

O2 - BHO: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found.

O2 - BHO: (YouTube To ALLPlayer) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\PROGRA~2\ALLPlayer\YouTubeToALLPlayer.dll (ALLPlayer.org)

O2 - BHO: (no name) - {64182481-4F71-486b-A045-B233BD0DA8FC} - No CLSID value found.

O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)

O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)

O2 - BHO: (mobilewitch Toolbar) - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.)

O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll (SPEEDbit)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found.

O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.

O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (mobilewitch Toolbar) - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {5C5B9468-D672-4EB7-B52F-B5AFABF28C5B} - No CLSID value found.

O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (mobilewitch Toolbar) - {FCBF663E-8530-46F8-A880-AC5ABE9D2B23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [ExpressFiles] C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe ("http://www.express-files.com/")

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NeroCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKLM..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [Akamai NetSession Interface] C:\Users\Radiol\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [NCsoft] File not found

O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [PlayNC Launcher] File not found

O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [steam] D:\STEAM\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..Trusted Domains: sony.com ([]* in Trusted sites)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} "http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab" (Java Plug-in 1.7.0_01)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab" (Reg Error: Key error.)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} "http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab" (Shockwave ActiveX Control)

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} "https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab" (Battlefield Heroes Updater)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" (Java Plug-in 10.4.1)

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} "https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab (Battlefield Play4Free" Updater)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" (Java Plug-in 10.4.1)

O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} "http://www.magic-kinder.com/totalimmersion/plugin/DFusionHomeWebPlugIn.Installer.exe" (CDFusionActiveXCtl Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABF1274E-CB55-4E77-961C-997D46012F5E}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B32EF9A1-1C80-403A-B319-11CE23BC0063}: DhcpNameServer = 8.8.8.8

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-05-14 14:54:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{0e465b8e-2edc-11e1-b2b7-00241da391a1}\Shell - "" = AutoRun

O33 - MountPoints2\{0e465b8e-2edc-11e1-b2b7-00241da391a1}\Shell\AutoRun\command - "" = L:\autoplay.exe

O33 - MountPoints2\{669ae7fc-5f70-11df-9b20-00241da391a1}\Shell - "" = AutoRun

O33 - MountPoints2\{669ae7fc-5f70-11df-9b20-00241da391a1}\Shell\AutoRun\command - "" = K:\setup.exe

O33 - MountPoints2\{6f329b72-2307-11e1-9d58-00241da391a1}\Shell - "" = AutoRun

O33 - MountPoints2\{6f329b72-2307-11e1-9d58-00241da391a1}\Shell\AutoRun\command - "" = M:\Autorun.exe

O33 - MountPoints2\{8df4bac0-5556-11e1-8f6f-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{8df4bac0-5556-11e1-8f6f-806e6f6e6963}\Shell\AutoRun\command - "" = N:\SETUP.EXE

O33 - MountPoints2\{8df4bac0-5556-11e1-8f6f-806e6f6e6963}\Shell\crack\command - "" = N:\Crack.exe

O33 - MountPoints2\{8df4bac0-5556-11e1-8f6f-806e6f6e6963}\Shell\patch\command - "" = Patch 1.11.exe

O33 - MountPoints2\{c9df5408-64ca-11df-9ed6-00241da391a1}\Shell - "" = AutoRun

O33 - MountPoints2\{c9df5408-64ca-11df-9ed6-00241da391a1}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a

O33 - MountPoints2\{cb160df8-f245-11e0-94f1-00241da391a1}\Shell - "" = AutoRun

O33 - MountPoints2\{cb160df8-f245-11e0-94f1-00241da391a1}\Shell\AutoRun\command - "" = M:\AutoRun.exe

O33 - MountPoints2\{cb160dfe-f245-11e0-94f1-00241da391a1}\Shell - "" = AutoRun

O33 - MountPoints2\{cb160dfe-f245-11e0-94f1-00241da391a1}\Shell\AutoRun\command - "" = M:\AutoRun.exe

O33 - MountPoints2\M\Shell - "" = AutoRun

O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012-08-03 16:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge

[2012-08-03 16:08:48 | 000,000,000 | ---D | C] -- C:\Users\lol\AppData\Roaming\Virtual CD v10

[2012-08-03 13:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D102FBAE0BA76C3C3FF875EF60

[2012-08-01 13:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

[2012-07-24 11:27:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012-07-11 09:21:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012-07-11 09:21:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012-07-11 09:21:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012-07-11 09:21:13 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012-07-11 09:21:12 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012-07-10 21:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto IV - Episodes From Liberty City

[2012-07-06 09:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast LLC

[2012-07-05 10:06:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit

[2012-07-05 10:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDbit Video Downloader

[2012-07-05 10:06:07 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: "http://www.jcomsoft.com") -- C:\Windows\SysWow64\AniGIF.ocx

[2012-07-05 10:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit

[2012-07-05 10:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchPredict

[2012-07-05 10:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SPEEDbit Video Downloader

[9 C:\*.tmp files -> C:\*.tmp -> ]

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012-08-03 16:31:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-08-03 16:31:09 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys

[2012-08-03 16:12:34 | 000,025,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-08-03 16:12:34 | 000,025,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-08-02 19:16:22 | 000,000,572 | ---- | M] () -- C:\Users\Public\Desktop\Prototype 2.lnk

[2012-07-29 14:35:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\{7586F853-E86F-482D-BC45-0A51ABC2C615}.job

[2012-07-19 16:58:59 | 001,692,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012-07-19 16:58:59 | 000,747,552 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat

[2012-07-19 16:58:59 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012-07-19 16:58:59 | 000,160,144 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat

[2012-07-19 16:58:59 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012-07-13 11:06:46 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW

[2012-07-11 13:07:11 | 002,246,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012-07-05 10:06:14 | 000,002,071 | ---- | M] () -- C:\Users\lol\Desktop\SPEEDbit Video Downloader.lnk

[2012-07-05 10:06:14 | 000,001,456 | ---- | M] () -- C:\Users\lol\Desktop\My Video Downloads.lnk

[9 C:\*.tmp files -> C:\*.tmp -> ]

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012-08-03 13:33:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89}\U\80000000.@

[2012-08-03 13:33:12 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89}\U\800000cb.@

[2012-08-03 13:33:12 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89}\U\00000001.@

[2012-08-02 19:16:22 | 000,000,572 | ---- | C] () -- C:\Users\Public\Desktop\Prototype 2.lnk

[2012-07-29 14:35:21 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\{7586F853-E86F-482D-BC45-0A51ABC2C615}.job

[2012-07-13 11:06:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW

[2012-07-05 10:06:14 | 000,002,071 | ---- | C] () -- C:\Users\lol\Desktop\SPEEDbit Video Downloader.lnk

[2012-07-05 10:06:14 | 000,001,456 | ---- | C] () -- C:\Users\lol\Desktop\My Video Downloads.lnk

[2012-05-29 15:33:09 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012-05-29 15:33:09 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll

[2012-05-02 11:08:06 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2012-02-12 15:01:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2012-02-12 14:49:15 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2012-02-12 14:49:15 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2012-02-12 14:49:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2012-01-11 16:54:51 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89}\@

[2012-01-11 16:54:51 | 000,002,048 | -HS- | C] () -- C:\Users\Radiol\AppData\Local\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89}\@

[2011-12-22 08:50:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011-08-19 14:34:06 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011-08-16 12:50:06 | 000,101,368 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011-05-30 17:04:35 | 000,029,696 | ---- | C] () -- C:\Windows\SysWow64\pthread.dll

[2011-03-01 19:49:59 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2011-02-13 20:05:21 | 000,166,912 | ---- | C] () -- C:\Windows\novc.exe

[2011-02-11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2011-02-09 22:15:32 | 000,042,602 | ---- | C] () -- C:\Windows\War3Unin.dat

[2011-01-06 19:32:13 | 001,667,314 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010-08-23 11:50:52 | 000,000,288 | ---- | C] () -- C:\Windows\game.ini

[2010-06-13 11:22:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

 

========== LOP Check ==========

 

[2011-08-24 20:26:09 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\DAEMON Tools Lite

[2012-04-30 11:48:55 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\ExpressFiles

[2011-08-23 20:09:12 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\Lionhead Studios

[2012-04-30 13:11:14 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\SplitMediaLabs

[2011-08-29 16:37:29 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\uTorrent

[2012-08-03 16:08:50 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\Virtual CD v10

[2012-06-07 17:54:52 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\.minecraft

[2011-05-04 19:23:15 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\AnvSoft

[2012-08-03 13:50:19 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\ArcaVirMicroScan

[2010-06-20 20:06:33 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Avnex

[2010-05-20 20:24:36 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\DAEMON Tools Lite

[2011-12-09 23:43:38 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\DAEMON Tools Pro

[2011-09-04 14:20:49 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Dropbox

[2012-04-27 12:31:23 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\ExpressFiles

[2011-01-30 19:53:11 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\fizzy

[2011-11-21 20:05:23 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\fltk.org

[2011-07-24 12:42:40 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Gadu-Gadu 10

[2010-06-12 13:25:11 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Gearbox Software

[2011-10-16 08:44:20 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\GetRightToGo

[2011-01-22 20:34:21 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Gizmoz

[2011-08-22 19:22:16 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\go

[2012-07-04 21:29:05 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\gtk-2.0

[2010-08-06 12:55:51 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Leadertech

[2011-08-05 12:43:51 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\LolClient

[2012-05-25 06:55:20 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\LolClient2

[2010-12-17 20:42:31 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Mount&Blade Warband

[2011-06-14 12:46:48 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Mount&Blade With Fire and Sword

[2011-05-15 10:17:58 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Notepad++

[2011-07-28 21:58:00 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\OpenFM

[2011-03-03 16:14:37 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Opera

[2010-12-05 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\PC Suite

[2011-12-10 14:18:01 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\PunkBuster

[2012-01-20 16:09:20 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Samsung

[2011-03-21 15:21:05 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Screaming Bee

[2012-06-14 17:27:26 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Sony

[2012-06-07 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Spirited Machine

[2011-01-17 21:07:03 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\SPORE

[2011-07-25 20:53:25 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Subversion

[2010-06-17 14:20:45 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Touchstone

[2011-12-09 19:45:51 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Trine2

[2012-01-06 15:45:39 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\TS3Client

[2012-01-06 15:45:42 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\ts3overlay

[2012-04-21 18:04:38 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Ubisoft

[2012-08-02 19:40:07 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\uTorrent

[2012-06-10 13:58:55 | 000,000,000 | --SD | M] -- C:\Users\Radiol\AppData\Roaming\Virtual CD v10

[2010-05-29 12:18:10 | 000,000,000 | ---D | M] -- C:\Users\Radiol\AppData\Roaming\Vso

[2012-04-27 12:32:13 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\Express Files Updater.job

[2010-07-10 16:32:55 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\Install.job

[2011-08-05 12:35:20 | 000,000,526 | ---- | M] () -- C:\Windows\Tasks\One-Click Tweak.job

[2011-06-07 16:42:10 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011-12-09 23:39:44 | 000,000,210 | ---- | M] () -- C:\Windows\Tasks\SidebarExecute.job

[2012-03-28 10:02:56 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\{09D42DE5-CFBF-467B-9B8C-176E5837D8CA}.job

[2011-08-22 22:10:05 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{2A413053-0BA1-4FE9-9727-81C5EECBAEF0}.job

[2011-08-03 14:22:36 | 000,000,534 | ---- | M] () -- C:\Windows\Tasks\{3A867639-5E5C-4EA1-84ED-8A14D4D82026}.job

[2011-12-04 00:21:34 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{612C77B7-B52E-4AE8-8429-4B13B68C6BAC}.job

[2012-07-29 14:35:21 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\{7586F853-E86F-482D-BC45-0A51ABC2C615}.job

[2011-08-24 14:33:28 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\{CD16E9C2-6D1F-4990-A41A-B4F590A5B3EA}.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:862BDB1A

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA7D76BE

< End of report >

 

 

Proszę o pomoc!

[Landuss]

Najpierw uwaga - prosze wklejaj logi opcją załączniki na forum, nie do posta.

 

A w systemie jest niestety infekcja ZeroAccess. Potrzebny log dodatkowy. Uruchom SystemLook x64 i do okna wklej:

 

:reg
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
 
:filefind
services.exe

 

Klik w Look i przedstaw wynikowy raport.

[Radiol123]

SystemLook 30.07.11 by jpshortstuff

Log created at 20:04 on 03/08/2012 by lol

Administrator - Elevation successful

 

========== reg ==========

 

[HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]

(Unable to open key - key not found)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}]

@="Microsoft WBEM New Event Subsystem"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]

@="%systemroot%\system32\wbem\wbemess.dll"

"ThreadingModel"="Both"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]

@="MruPidlList"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

@="%SystemRoot%\system32\shell32.dll"

"ThreadingModel"="Apartment"

 

 

========== filefind ==========

 

Searching for "services.exe"

C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows.old\Windows\system32\services.exe --a---- 108544 bytes [12:00 02/03/2006] [12:00 02/03/2006] 3DA8D964D2CC12EF8E8C342471A37917

C:\Windows.old\Windows\system32\dllcache\services.exe --a--c- 108544 bytes [12:00 02/03/2006] [12:00 02/03/2006] 3DA8D964D2CC12EF8E8C342471A37917

 

-= EOF =-

[Landuss]

1. Start > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator > wklej komendę:

 

sfc /scanfile=C:\Windows\System32\services.exe

 

Zresetuj system.

 

2. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

 

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://home.sweetim.com/?st=11&barid={2D02C390-9054-11E1-A447-00241DA391A1}"
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = "http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4"
IE - HKLM\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817"
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "http://search.sweetim.com/search.asp?src=6&st=11&q={searchTerms}&barid={2D02C390-9054-11E1-A447-00241DA391A1}"
IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found
IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817"
IE - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
[2011-05-21 09:45:24 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found.
O2 - BHO: (no name) - {64182481-4F71-486b-A045-B233BD0DA8FC} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {5C5B9468-D672-4EB7-B52F-B5AFABF28C5B} - No CLSID value found.
O3 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [NCsoft]  File not found
O4 - HKU\S-1-5-21-1191291876-1461769006-3954167337-1008..\Run: [PlayNC Launcher]  File not found
 
:Files
C:\ProgramData\7531E8D102FBAE0BA76C3C3FF875EF60
C:\Windows\Installer\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89}
C:\Users\Radiol\AppData\Local\{5ee0d102-e532-6ba7-8d09-4b1d1c25dd89}
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

 

3. Przez Panel sterowania odinstaluj: RelevantKnowledge / uTorrentControl2 Toolbar / mobilewitch Toolbar / SweetPacks Toolbar for Internet Explorer

 

4. Uruchom AdwCleaner z opcji Delete

 

5. Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowy log z OTL (bez extras), z SystemLook oraz z Farbar Service Scanner (zaznacz wszystko do skanowania)

[Radiol123]

Logi:

 

SystemLook 30.07.11 by jpshortstuff

Log created at 21:25 on 03/08/2012 by lol

Administrator - Elevation successful

 

========== reg ==========

 

[HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]

(Unable to open key - key not found)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}]

@="Microsoft WBEM New Event Subsystem"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]

@="%systemroot%\system32\wbem\wbemess.dll"

"ThreadingModel"="Both"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]

@="MruPidlList"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

@="%SystemRoot%\system32\shell32.dll"

"ThreadingModel"="Apartment"

 

 

========== filefind ==========

 

Searching for "services.exe"

C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows.old\Windows\system32\services.exe --a---- 108544 bytes [12:00 02/03/2006] [12:00 02/03/2006] 3DA8D964D2CC12EF8E8C342471A37917

C:\Windows.old\Windows\system32\dllcache\services.exe --a--c- 108544 bytes [12:00 02/03/2006] [12:00 02/03/2006] 3DA8D964D2CC12EF8E8C342471A37917

 

-= EOF =-

FSS.txt

OTL.Txt

[Landuss]

Infekcja sam w sobie usunięta ale musisz teraz naprawiać szkody.

 

1. Odbuduj skasowane usługi (w instrukcjach omiń sfc /scannow):

• Rekonstrukcja usług Zapory systemu Windows (MpSvc + Bfe + SharedAccess): KLIK.
  
• Rekonstrukcja usługi Centrum zabezpieczeń: KLIK.
  
• Rekonstrukcja usługi Windows Defender: KLIK.
  
• Rekonstrukcja usługi Aktualizacje automatyczne (wuauserv + BITS): Pobierz fixa i zaimportuj: KLIK
  

2. Po wykonaniu wszystkiego pokaż nowy log z FSS.

[Radiol123]

Zrobione.

FSS.txt

[Landuss]

Rejestry zaimportowałeś, ale wygląda na to, że nie zrobiłeś części z uprawnieniami i SetACL, która jest niżej w tym temacie o Zaporze Windows. Wykonaj więc to i jak zrobisz daj nowy log z FSS. W innym wypadku Zapora dalej nie będzie się uruchamiać.

[Radiol123]

Mam problem z SetACL, otóż po pobraniu owego narzędzia i próbie odpalenia go wyskakuje na 0,1 sekundy czarne okienko(to do wpisywania komend)i znika, proszę o pomoc!

[Landuss]

Ty nie masz go odpalać. Ty masz go wstawić do C:\Windows i odpalając zwykłe systemowe cmd wklepywać dane komendy tak jak w temacie opisane.

[Radiol123]

Okej, ogarnąłem w załączniku log po operacji z SetACL

FSS.txt

[Landuss]

Nic podobnego. Dalej bez zmian zapora nie uruchomiona.

[Radiol123]

Poprawka w załączniku

FSS.txt

[Landuss]

Jesteś tutaj trochę za szybko moim zdaniem i wątpię być zrobił wszystko. Zrób restart systemu i sprawdź czy działa zapora.

[Radiol123]

Po restarcie systemu zapora zaczęła działać, wirusa nie widać, dziękuję ci bardzo, z chęcią polecę to forum moim znajomym

 

Pozdrawiam

[Landuss]

Świetnie. To teraz jeszcze sfinalizuj temat.

 

1. Użyj opcji Sprzątanie z OTL.

 

2. Opróżnij przywracanie systemu: KLIK

 

3. Zaktualizuj IE, Jave i Adobe Reader do najnowszych wersji. Szczegóły aktualizacyjne: KLIK

 

4. Dla bezpieczeństwa zmień hasła logowania do serwisów w sieci.

[Radiol123]

Okej wszystko zrobione, jeszcze raz dziękuję i pozdrawiam!