Win32:Trojan-gen Win32:Malware-gen i Win32:Sirefef-AOO[Trj]

[kewson]

Witam to mój pierwszy post ...

 

Od pewnego czasu AVAST co chwię informuje :

 

Zablokowane złośliwe oprogramowanie ! Osłona systemu plików avast! zablokowała zagrożenie.

Nie są wymagane dalsze działania.

 

Obiekt: C:\Windows\Installer\...\80000000,@

Zarażenie Win32:Trojan-gen

Proces: C:\Windows\System32\services.exe

 

Obiekt: C:\Windows\Installer\...\00000004,~

Zarażenie Win32:Malware-gen

Proces: C:\Windows\System32\services.exe

 

Obiekt: C:\Windows\Installer\...\00000004,@

Zarażenie Win32:Malware-gen

Proces: C:\Windows\System32\services.exe

 

Obiekt: C:\Windows\Installer\...\000000cb,@

Zarażenie Win32:Malware-gen

Proces: C:\Windows\System32\services.exe

 

 

Obiekt: C:\Windows\Installer\...\80000064,@

Zarażenie Win32:Trojan-gen

Proces: C:\Windows\System32\services.exe

 

Obiekt: C:\Windows\Installer\...\80000032,@

Zarażenie Win32:Sirefef-AOO[Trj]

Proces: C:\Windows\System32\services.exe

 

 

Mam 64 bitowy system operacyjny Windows 7

Nigdy nie miałem z tym do czyniena więc zwracam sie z prośbą o pomoc.

PS: Proszę o jak najszybszą pomoc, byłbym bardzo wdzięczny

 

 

 

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Driver Cleaner 3

Java™ 6 Update 37

Java version out of Date!

Adobe Flash Player 11.4.402.287 Flash Player out of Date!

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox 16.0.2 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

OTL.Txt

Extras.Txt

[picasso]

W systemie rezyduje trojan ZeroAccess. Wymagane dodatkowe skany:

 

1. Uruchom SystemLook x64 i do skanu wklej:

 

:filefind
services.exe

 

Klik w Look.

 

2. Zrób raport z Farbar Service Scanner.

 

 

 

.

[kewson]

Dziękuje za odpowiedź

 

 

SystemLook 30.07.11 by jpshortstuff

Log created at 10:51 on 27/11/2012 by Kewson

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "services.exe"

C:\Windows\ERDNT\cache64\services.exe --a---- 328704 bytes [16:25 08/05/2012] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe --a---- 329216 bytes [23:19 13/07/2009] [01:39 14/07/2009] 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

 

-= EOF =-

 

 

 

 

 

 

 

Farbar Service Scanner Version: 09-11-2012

Ran by Kewson (administrator) on 27-11-2012 at 10:58:27

Running from "C:\Users\Kewson\Desktop"

Windows 7 Ultimate Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

WAN connected

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

 

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

 

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

 

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Action Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

 

 

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-11-14 10:25] - [2012-10-03 18:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

 

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

[picasso]

Plik services.exe zainfekowany, usługi Windows uszkodzone przez trojana.

 

1. Start > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator > wklej komendę:

 

sfc /scanfile=C:\Windows\system32\services.exe

 

Jeśli komunikat poprosi o restart w celu ukończenia leczenia pliku, zatwierdź. Jeśli jednak pojawi się tu jakiś błąd, STOP, przerwij działania i natychmiast zgłoś się na forum.

 

2. Start > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator > wklej komendę:

 

netsh winsock reset

 

Zresetuj system w celu ukończenia resetu Winsock.

 

3. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:Files
C:\Windows\Installer\{862863c8-15c3-a266-3a55-f0de0c6eae78}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Kewson\AppData\Local\Temp*.html
 
:OTL
IE - HKLM\..\SearchScopes\{86E1BFB1-9D1F-40CB-A81C-39CCD13058FF}: "URL" = "http://startsear.ch/?aff=1&q={searchTerms}"
IE - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\..\SearchScopes\{745D4693-A539-4FFF-9ACA-DAA1B3DFCB54}: "URL" = "http://www.daemon-search.com/search?q={searchTerms}"
IE - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\..\SearchScopes\{75990109-C61E-48D1-8C2E-EDB14807DDFE}: "URL" = "http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=49E4921C-9BA5-42B0-ACF1-961A7CB42772&apn_sauid=72346E68-96E7-49D6-A1E5-68C0F2B149FE"
IE - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\..\SearchScopes\{86E1BFB1-9D1F-40CB-A81C-39CCD13058FF}: "URL" = "http://startsear.ch/?aff=1&q={searchTerms}"
IE - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = "http://startsear.ch/?aff=2&src=sp&cf=fe1125f0-d0be-11e0-ab00-90e6bacb71d0&q={searchTerms}"
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKU\S-1-5-21-718234804-2918928186-3380187424-1000..\Run: [smplai] C:\Users\Kewson\AppData\Roaming\smplai.dll (Broadcom Corporation)
 
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Klik w Wykonaj skrypt. Zatwierdź restart systemu.

 

4. Odbuduj usunięte przez trojana usługi za pomocą ServicesRepair.

 

5. Odbuduj brakujący plik HOSTS. Włącz pokazywanie rozszerzeń: w Windows Explorer > Organizuj > Opcje folderów i wyszukiwania > Widok > odznacz Ukrywaj rozszerzenia znanych typów. Otwórz Notatnik i wklej w nim:

 

#	127.0.0.1       localhost

#	::1             localhost

 

Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz pod nazwą hosts bez żadnego rozszerzenia

 

Plik wstaw do folderu C:\Windows\system32\drivers\etc.

 

6. Przez Panel sterowania odinstaluj adware LiveVDO plugin 1.3, QuickStores-Toolbar 1.1.0.

 

7. Wyczyść Firefox z adware: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox.

 

8. Uruchom AdwCleaner i zastosuj Delete. Na dysku C powstanie log z usuwania.

 

9. Zrób nowe logi: OTL z opcji Skanuj (już bez Extras), Farbar Service Scanner i SystemLook na ten sam warunek co poprzednio. Dołącz log utworzony przez AdwCleaner.

 

 

 

.

[kewson]

Wszystko wykonane

 

SystemLook 30.07.11 by jpshortstuff

Log created at 12:30 on 27/11/2012 by Kewson

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "services.exe"

C:\Windows\ERDNT\cache64\services.exe --a---- 328704 bytes [16:25 08/05/2012] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

 

-= EOF =-

OTL.Txt

AdwCleanerS1.txt

FSS.txt

[picasso]

Interesuje mnie tylko jeden log z AdwCleaner, ten z usuwania, resztę usuwam. Wszystko wykonane zgodnie z planem. Tylko poprawki zostały:

 

1. Nie odtworzyłeś pliku HOSTS, nadal w logu:

 

Hosts file not found

 

Powtarzaj:

 

5. Odbuduj brakujący plik HOSTS. Włącz pokazywanie rozszerzeń: w Windows Explorer > Organizuj > Opcje folderów i wyszukiwania > Widok > odznacz Ukrywaj rozszerzenia znanych typów. Otwórz Notatnik i wklej w nim:

 

#	127.0.0.1       localhost
#	::1             localhost

 

Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz pod nazwą hosts bez żadnego rozszerzenia

 

Plik wstaw do folderu C:\Windows\system32\drivers\etc.

 

2. Korekta domyślnych wyszukiwarek Internet Explorer po użyciu AdwCleaner. Otwórz Notatnik i wklej w nim to:

 

Windows Registry Editor Version 5.00

 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
 
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
 
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
 
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]

 

Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG

 

Kliknij prawym na plik i z menu wybierz opcję Scal. Potwierdź import do rejestru.

 

3. Zrób nowy log z OTL, ale go ogranicz: tylko opcję Rejestr ustaw na Użyj filtrowania, wszystkie inne opcje na Brak + szukanie plików na Żadne i klik w Skanuj.

 

 

.

[kewson]

Hmm ja już odtwarzałem ten plik hosts może coś nie tak robię? zrobiłem drugi raz...

 

OTL logfile created on: 2012-11-27 13:34:34 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kewson\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

4,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 57,95% Memory free

8,00 Gb Paging File | 6,13 Gb Available in Paging File | 76,67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 355,24 Gb Total Space | 152,51 Gb Free Space | 42,93% Space Free | Partition Type: NTFS

Drive D: | 576,17 Gb Total Space | 177,95 Gb Free Space | 30,89% Space Free | Partition Type: NTFS

 

Computer Name: KEWSON-PC | User Name: Kewson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

IE - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/firefox"

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-26 19:32:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-05 23:33:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-27 13:25:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-11-27 12:12:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-26 19:32:23 | 000,000,000 | ---D | M]

 

[2012-02-03 12:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kewson\AppData\Roaming\mozilla\Extensions

[2012-11-27 12:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012-10-12 21:13:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012-10-12 21:13:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2012-10-12 21:13:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012-11-25 21:30:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2012-10-27 13:25:38 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-06-27 19:00:15 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml

[2012-06-27 19:00:15 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml

[2012-06-27 19:00:15 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml

[2012-06-27 19:00:15 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml

[2012-06-27 19:00:15 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-06-27 19:00:15 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

 

Hosts file not found

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [adiras] C:\Windows\adirasx64.exe ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab" (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab" (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab" (Reg Error: Key error.)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} "http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab" (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab" (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab" (Java Plug-in 1.6.0_37)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D05C772-CDF2-49D2-805A-598BFDE7592D}: NameServer = 194.204.152.34 194.204.159.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76CC2BA4-1BAB-4503-A05D-BC84778E431E}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

< End of report >

[picasso]

Jest bez zmian:

 

Hosts file not found

 

Mówię ponownie: musisz widzieć rozszerzenia (odznaczone Ukrywaj rozszerzenia znanych typów), a plik nie może mieć żadnego, czyli nazwa to hosts a nie hosts.txt.

 

 

 

.

[kewson]

Ok zrozumiałem już poprawione

 

OTL logfile created on: 2012-11-27 13:44:52 - Run 4

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kewson\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,52% Memory free

8,00 Gb Paging File | 6,15 Gb Available in Paging File | 76,91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 355,24 Gb Total Space | 152,29 Gb Free Space | 42,87% Space Free | Partition Type: NTFS

Drive D: | 576,17 Gb Total Space | 177,95 Gb Free Space | 30,89% Space Free | Partition Type: NTFS

 

Computer Name: KEWSON-PC | User Name: Kewson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

IE - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/firefox"

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-26 19:32:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-05 23:33:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-27 13:25:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-11-27 12:12:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-26 19:32:23 | 000,000,000 | ---D | M]

 

[2012-02-03 12:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kewson\AppData\Roaming\mozilla\Extensions

[2012-11-27 12:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012-10-12 21:13:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012-10-12 21:13:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2012-10-12 21:13:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012-11-25 21:30:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2012-10-27 13:25:38 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-06-27 19:00:15 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml

[2012-06-27 19:00:15 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml

[2012-06-27 19:00:15 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml

[2012-06-27 19:00:15 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml

[2012-06-27 19:00:15 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-06-27 19:00:15 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

 

O1 HOSTS File: ([2012-11-27 13:28:30 | 000,000,060 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [adiras] C:\Windows\adirasx64.exe ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-718234804-2918928186-3380187424-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab" (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab" (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab" (Reg Error: Key error.)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} "http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab" (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab" (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab" (Java Plug-in 1.6.0_37)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D05C772-CDF2-49D2-805A-598BFDE7592D}: NameServer = 194.204.152.34 194.204.159.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76CC2BA4-1BAB-4503-A05D-BC84778E431E}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

< End of report >

[picasso]

Plik prawidłowo odtworzony. Przejdź do wykończeń:

 

1. Mini poprawka na pusty wpis Unlocker. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" File not found

 

Klik w Wykonaj skrypt.

 

2. Wyczyść po narzędziach: w AdwCleaner uruchom Uninstall, w OTL uruchom Sprzątanie, resztę używanych ręcznie skasuj.

 

3. Wyczyść foldery Przywracania systemu: KLIK.

 

4. Na wszelki wypadek zrób pełóny skan w Malwarebytes Anti-Malware (przy pytaniu o typ wersji wybierz darmową). Jeżeli coś zostanie wykryte, przedstaw raport.

 

 

 

.

[kewson]

Skanowanie zrobione niestety coś wykryło...

 

Malwarebytes Anti-Malware (Okres testowy) 1.65.1.1000

www.malwarebytes.org

 

Wersja bazy: v2012.11.27.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kewson :: KEWSON-PC [administrator]

 

Ochrona: Włączona

 

2012-11-27 14:48:33

mbam-log-2012-11-27 (14-48-33).txt

 

Typ skanowania: Pełne skanowanie (C:\|D:\|)

Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM

Odznaczone opcje skanowania: P2P

Przeskanowano obiektów: 434891

Upłynęło: 1 godzin(y), 29 minut(y), 42 sekund(y)

 

Wykrytych procesów w pamięci: 0

(Nie znaleziono zagrożeń)

 

Wykrytych modułów w pamięci: 0

(Nie znaleziono zagrożeń)

 

Wykrytych kluczy rejestru: 6

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Nie wykonano akcji.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Nie wykonano akcji.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Nie wykonano akcji.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Nie wykonano akcji.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Nie wykonano akcji.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Nie wykonano akcji.

 

Wykrytych wartości rejestru: 0

(Nie znaleziono zagrożeń)

 

Wykryte wpisy rejestru systemowego: 0

(Nie znaleziono zagrożeń)

 

wykrytych folderów: 0

(Nie znaleziono zagrożeń)

 

Wykrytych plików: 3

C:\Users\Kewson\AppData\Roaming\Thinstall\eGames GameButler\200000001c00002i\gbrowser.exe (Trojan.IRCBot) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.

C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cdcc8a26cae0c9.0000 (Rootkit.0Access) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.

D:\Norton 360 6.0.0.145 PL\NTR2011.exe (RiskWare.Tool.CK) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.

 

(zakończone)

[picasso]

1. Wyniki MBAM: to już nic szkodliwego w Trybie rzeczywistym. Rootkit.0Access to szczątek naszego "przyjaciela" ZeroAccess, PUP.VShareRedir to odpadki po wtyczkach LiveVDO/vShare, crack Nortona przemilczę, zaś Trojan.IRCBot z katalogu Thinstall to fałszywy alarm na komponentach wirtualizowanych aplikacji jakoby "portable". Pominąłeś wyniki PUP.VShareRedir i te załącz do usuwania, natomiast ten cały katalog Thinstall możesz ręcznie przez SHIFT+DEL skasować z dysku.

 

2. Zaktualizuj wyliczone poniżej programy: KLIK. Wg raportu masz zainstalowane:

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java™ 6 Update 37
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX (wtyczka dla IE)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin (wtyczka dla Firefox)
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Mozilla Firefox 16.0.2 (x86 pl)" = Mozilla Firefox 16.0.2 (x86 pl)
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

 

W podsumowaniu: odinstaluj starsze Java i wszystkie Adobe, zastąp najnowszymi wersjami, zaktualizuj Firefox, a Spybot - Search & Destroy do grobu (program jadący na opinii, starawy).

 

3. Prewencyjnie zmień hasła logowania w serwisach.

 

 

PS. Dodatkowe uwagi na temat zainstalowanych programów, a kysz:

- Driver Cleaner 3: przestarzały program z roku 2004 (sic!) niezgodny z Windows 7 x64, więcej szkód niż pożytku. Do czyszczenia sterowników aktualnie: Driver Sweeper (starsza wersja, ostatnia z czystych bez adware) lub Treexy Driver Fusion (dawny Driver Sweeper, adware w instalatorze, nie zaznaczać nic!)

- Gadu-Gadu 10: pamięciożerny potwór zainteresowany zasobami systemowymi i dręczeniem reklamami. Polecam alternatywne programy z obsługą sieci Gadu, a pogrubiony jest szczególnie polecany: WTW, Kadu, Miranda, AQQ. Opisy: KLIK.

 

 

 

.

[kewson]

Hmm jak usunąć teraz wyniki PUP.VShareRedir ? Bo nie mam ich z pozycji programu już. Jeszcze raz robić skanowanie?

[picasso]

Tak, jeszcze raz zrób skan.

[kewson]

Ok zrobione i usunięte... To chyba wszystko? zostawić tego anti malware czy wywalić? Jeśli to wszystko to dziękuje po sto kroć, jestem bardzo wdzięczny

[picasso]

Malwarebytes Anti-Malware możesz zostawić, przyda się do skanów ręcznych na żądanie. Ale mówiłam byś zatwierdzał wersję darmową, wybrałeś trial.

 

Tak, to wszystko. Temat rozwiązany. Zamykam.

 

 

.