Cyberpolicja wirus, błagam o pomoc

Dla specjalistów Bezpieczeństwo
#1

Jak w temacie komputer mój został zainfekowany tym paskudnym wirusem. Bardzo proszę o pomoc bo już nie wiem co mam zrobić.

Oto log z OTL:

OTL logfile created on: 2013-01-24 16:44:31 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = F:\

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,35% Memory free

7,99 Gb Paging File | 7,01 Gb Available in Paging File | 87,71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 453,89 Gb Total Space | 125,02 Gb Free Space | 27,54% Space Free | Partition Type: NTFS

Drive D: | 11,86 Gb Total Space | 1,91 Gb Free Space | 16,11% Space Free | Partition Type: NTFS

Drive F: | 1,95 Gb Total Space | 1,71 Gb Free Space | 87,54% Space Free | Partition Type: FAT


Computer Name: OLA-KOMPUTER | User Name: Ola | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2013-01-24 16:06:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe

PRC - [2012-12-20 18:50:28 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]



[color=#E56717]========== Services (SafeList) ==========[/color]


SRV:[b]64bit:[/b] - [2012-11-02 09:40:40 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:[b]64bit:[/b] - [2011-12-06 04:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:[b]64bit:[/b] - [2011-11-02 08:23:46 | 000,341,280 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)

SRV:[b]64bit:[/b] - [2011-09-15 01:19:54 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)

SRV:[b]64bit:[/b] - [2011-05-13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:[b]64bit:[/b] - [2009-05-26 14:30:04 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\stacsv64.exe -- (STacSV)

SRV:[b]64bit:[/b] - [2009-05-26 14:29:56 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\AESTSr64.exe -- (AESTFilters)

SRV - [2013-01-09 13:09:48 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012-10-27 09:16:01 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe -- (PLAY ONLINE. RunOuc)

SRV - [2012-06-16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)

SRV - [2012-02-17 19:46:16 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012-01-31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)

SRV - [2011-11-02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009-05-26 14:30:04 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\STacSV64.exe -- (STacSV)

SRV - [2009-05-26 14:29:56 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\AESTSr64.exe -- (AESTFilters)

SRV - [2009-05-14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)

SRV - [2006-12-19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

SRV - [2006-12-19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV:[b]64bit:[/b] - [2012-12-15 13:04:12 | 000,095,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR311.SYS -- (SMR311)

DRV:[b]64bit:[/b] - [2012-10-27 09:16:05 | 000,229,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)

DRV:[b]64bit:[/b] - [2012-10-27 09:16:05 | 000,030,720 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)

DRV:[b]64bit:[/b] - [2012-10-27 09:16:05 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)

DRV:[b]64bit:[/b] - [2012-10-27 09:16:04 | 000,225,920 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:[b]64bit:[/b] - [2012-10-27 09:16:04 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV:[b]64bit:[/b] - [2012-10-27 09:16:04 | 000,104,448 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)

DRV:[b]64bit:[/b] - [2012-10-27 09:16:04 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV:[b]64bit:[/b] - [2012-09-20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd)

DRV:[b]64bit:[/b] - [2012-09-20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)

DRV:[b]64bit:[/b] - [2012-09-20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)

DRV:[b]64bit:[/b] - [2012-07-06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX)

DRV:[b]64bit:[/b] - [2012-07-06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP)

DRV:[b]64bit:[/b] - [2012-06-07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS)

DRV:[b]64bit:[/b] - [2012-05-22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)

DRV:[b]64bit:[/b] - [2012-04-18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS)

DRV:[b]64bit:[/b] - [2012-04-18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON)

DRV:[b]64bit:[/b] - [2012-03-28 08:55:02 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:[b]64bit:[/b] - [2012-02-15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:[b]64bit:[/b] - [2012-02-09 07:06:36 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:[b]64bit:[/b] - [2011-12-06 04:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:[b]64bit:[/b] - [2011-12-06 04:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:[b]64bit:[/b] - [2011-12-06 03:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:[b]64bit:[/b] - [2011-12-05 20:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:[b]64bit:[/b] - [2011-08-15 23:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)

DRV:[b]64bit:[/b] - [2011-05-13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:[b]64bit:[/b] - [2011-05-13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:[b]64bit:[/b] - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:[b]64bit:[/b] - [2010-11-20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:[b]64bit:[/b] - [2010-11-20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:[b]64bit:[/b] - [2010-07-14 04:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

DRV:[b]64bit:[/b] - [2010-03-18 17:20:00 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:[b]64bit:[/b] - [2010-01-13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)

DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:[b]64bit:[/b] - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:[b]64bit:[/b] - [2009-06-10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:[b]64bit:[/b] - [2009-05-26 14:30:10 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV - [2013-01-19 10:42:18 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130123.005\ex64.sys -- (NAVEX15)

DRV - [2013-01-19 10:42:18 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130123.005\eng64.sys -- (NAVENG)

DRV - [2013-01-16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012-12-13 12:08:40 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012-09-01 01:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130122.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012-08-09 16:52:19 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2006-07-24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



[color=#E56717]========== FireFox ==========[/color]


FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@graphisoft.com/GDL Web Plug-in: C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ola\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ola\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012-03-28 09:00:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2013-01-24 16:35:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon


[2013-01-18 20:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ola\AppData\Roaming\mozilla\Extensions

[2012-07-07 13:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions


[color=#E56717]========== Chrome ==========[/color]


CHR - homepage: 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: 

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Ola\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ola\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ola\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Ola\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: Fast save = C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\allfiamamchdkoncojkpbdelddebnepa\1.1_0\

CHR - Extension: Szukaj w Google = C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: Yulia Brodskaya = C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko\2_0\

CHR - Extension: Norton Identity Protection = C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\

CHR - Extension: Gmail = C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\


O1 HOSTS File: ([2010-04-30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobe.activate.com

O1 - Hosts: 127.0.0.1 adobeereg.com                        

O1 - Hosts: 127.0.0.1 www.adobeereg.com                    

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com           

O1 - Hosts: 127.0.0.1 125.252.224.90                       

O1 - Hosts: 127.0.0.1 125.252.224.91

O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com

O2:[b]64bit:[/b] - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)

O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files (x86)\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = 

O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O13[b]64bit:[/b] - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.7.0_09)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{591BABA0-2E2A-43F9-A528-EAC41758CAA6}: NameServer = 89.108.195.21 89.108.202.21

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C025193-3B3D-476F-90EC-BF632E67094F}: NameServer = 89.108.202.21 89.108.195.21

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED7AF2EE-9316-4088-BA63-FD0901635640}: NameServer = 89.108.202.21 89.108.195.21

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFD38D7C-B59D-4DEB-8D6C-51B02CA1D01C}: DhcpNameServer = 192.168.4.1

O18 - Protocol\Handler\ms-help - No CLSID value found

O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012-11-09 16:12:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [NTFS]

O32 - AutoRun File - [2012-11-30 15:41:08 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [FAT]

O33 - MountPoints2\{333f4405-c72f-11e1-a62a-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{333f4405-c72f-11e1-a62a-00247e57e5a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{3520604f-544f-11e2-b676-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{3520604f-544f-11e2-b676-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{3a011a9a-0bab-11e2-a039-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{3a011a9a-0bab-11e2-a039-00247e57e5a5}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{542b3a0f-0def-11e2-ad50-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{542b3a0f-0def-11e2-ad50-00247e57e5a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{542b3a25-0def-11e2-ad50-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{542b3a25-0def-11e2-ad50-00247e57e5a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{542b3a3b-0def-11e2-ad50-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{542b3a3b-0def-11e2-ad50-00247e57e5a5}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{65d9b93a-200c-11e2-ad7b-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{65d9b93a-200c-11e2-ad7b-00247e57e5a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{65d9b948-200c-11e2-ad7b-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{65d9b948-200c-11e2-ad7b-00247e57e5a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6c9622d6-1641-11e2-a60f-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{6c9622d6-1641-11e2-a60f-00247e57e5a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6d3f0b67-2da8-11e2-9701-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{6d3f0b67-2da8-11e2-9701-00247e57e5a5}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{9a5ec0ee-afe8-11e1-a0f3-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{9a5ec0ee-afe8-11e1-a0f3-00247e57e5a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{9a5ec108-afe8-11e1-a0f3-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{9a5ec108-afe8-11e1-a0f3-00247e57e5a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{b2b90ec7-c66e-11e1-a009-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{b2b90ec7-c66e-11e1-a009-00247e57e5a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{b2b90edb-c66e-11e1-a009-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{b2b90edb-c66e-11e1-a009-00247e57e5a5}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{b6f45473-07a5-11e2-a042-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{b6f45473-07a5-11e2-a042-00247e57e5a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{c69f2cc9-194e-11e2-9f7b-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{c69f2cc9-194e-11e2-9f7b-00247e57e5a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{f9fb0b83-27d6-11e2-a6be-00247e57e5a5}\Shell - "" = AutoRun

O33 - MountPoints2\{f9fb0b83-27d6-11e2-a6be-00247e57e5a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE

O33 - MountPoints2\H\Shell\configure\command - "" = H:\SETUP.EXE

O33 - MountPoints2\H\Shell\install\command - "" = H:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*

O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*

O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2013-01-24 01:13:13 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Users\Ola\8059053.dll

[2013-01-23 14:50:00 | 000,000,000 | ---D | C] -- C:\Users\Ola\Desktop\wykład historia

[2013-01-19 19:01:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump

[2013-01-18 20:08:08 | 000,000,000 | ---D | C] -- C:\Users\Ola\AppData\Roaming\Mozilla

[2013-01-18 20:07:33 | 000,000,000 | ---D | C] -- C:\Users\Ola\AppData\Roaming\GG

[2013-01-18 20:07:31 | 000,000,000 | ---D | C] -- C:\Users\Ola\AppData\Local\GG

[2013-01-17 13:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013-01-17 13:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

[2013-01-17 13:28:54 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe

[2013-01-17 13:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2

[2013-01-17 13:28:15 | 000,000,000 | ---D | C] -- C:\Users\Ola\AppData\Local\Programs

[2013-01-16 21:53:54 | 000,000,000 | ---D | C] -- C:\Users\Ola\AppData\Local\GS-LW-Temp

[2013-01-13 14:52:36 | 000,000,000 | ---D | C] -- C:\Users\Ola\Desktop\Domowe melodie

[2013-01-11 09:44:31 | 000,000,000 | ---D | C] -- C:\Users\Ola\Desktop\allegro

[2013-01-09 23:41:25 | 000,000,000 | ---D | C] -- C:\Users\Ola\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2013-01-24 16:40:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013-01-24 16:40:10 | 3219,017,728 | -HS- | M] () -- C:\hiberfil.sys

[2013-01-24 16:35:52 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job

[2013-01-24 16:35:39 | 095,023,320 | ---- | M] () -- C:\ProgramData\3509508.pad

[2013-01-24 16:17:44 | 001,672,328 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013-01-24 16:17:44 | 000,741,344 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat

[2013-01-24 16:17:44 | 000,655,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013-01-24 16:17:44 | 000,155,940 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat

[2013-01-24 16:17:44 | 000,121,980 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013-01-24 11:09:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013-01-24 11:06:52 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013-01-24 11:06:52 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013-01-24 02:31:56 | 000,101,086 | ---- | M] () -- C:\Users\Ola\Desktop\Rysunek1-Modelpf.pdf

[2013-01-24 02:30:44 | 000,306,159 | ---- | M] () -- C:\Users\Ola\Desktop\Rysunek1-Modelpf3.pdf

[2013-01-24 02:29:39 | 000,127,693 | ---- | M] () -- C:\Users\Ola\Desktop\Rysunek1-Modelpf2.pdf

[2013-01-24 02:00:52 | 000,124,240 | ---- | M] () -- C:\Users\Ola\Desktop\Rysunek1-Model2.pdf

[2013-01-24 01:59:54 | 136,782,514 | ---- | M] () -- C:\Users\Ola\Desktop\sc-tsv17706.rar

[2013-01-24 01:55:01 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3319240603-2227073723-3565724536-1000UA.job

[2013-01-24 01:44:21 | 008,404,877 | ---- | M] () -- C:\Users\Ola\Desktop\wizualizacja2.psd

[2013-01-24 01:39:39 | 000,098,443 | ---- | M] () -- C:\Users\Ola\Desktop\Rysunek1-Model.pdf

[2013-01-24 01:13:17 | 000,002,682 | ---- | M] () -- C:\ProgramData\3509508.js

[2013-01-24 01:13:17 | 000,001,033 | ---- | M] () -- C:\Users\Ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

[2013-01-24 01:13:17 | 000,000,153 | ---- | M] () -- C:\ProgramData\3509508.reg

[2013-01-24 01:13:17 | 000,000,058 | ---- | M] () -- C:\ProgramData\3509508.bat

[2013-01-24 01:13:14 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Users\Ola\8059053.dll

[2013-01-24 01:04:55 | 001,014,836 | ---- | M] () -- C:\Users\Ola\Desktop\wizualizacja.jpg

[2013-01-24 00:57:17 | 008,206,250 | ---- | M] () -- C:\Users\Ola\Desktop\wizualizacja.psd

[2013-01-24 00:01:16 | 000,130,659 | ---- | M] () -- C:\Users\Ola\Desktop\kermesina.jpg

[2013-01-24 00:00:47 | 000,245,545 | ---- | M] () -- C:\Users\Ola\Desktop\13050010-wschodnia-tui-krzew-na-bialym-tle.jpg

[2013-01-23 23:59:32 | 000,166,211 | ---- | M] () -- C:\Users\Ola\Desktop\imgp7420-forsythia-x-intermedia-fiesta-forsycja-posrednia.jpg

[2013-01-23 23:58:21 | 000,067,297 | ---- | M] () -- C:\Users\Ola\Desktop\dyptam-krzew-mojzesza-dictamnus-fraxinella_891.jpg

[2013-01-23 22:45:30 | 005,017,182 | ---- | M] () -- C:\Users\Ola\Desktop\The_Neighbourhood_-Female_Robbery.mp3

[2013-01-23 22:44:50 | 003,181,504 | ---- | M] () -- C:\Users\Ola\Desktop\Let it go - the neighbourhood.mp3

[2013-01-23 22:44:05 | 001,653,394 | ---- | M] () -- C:\Users\Ola\Desktop\The Neighbourhood - Let It Go.mp3

[2013-01-23 22:43:36 | 009,661,159 | ---- | M] () -- C:\Users\Ola\Desktop\The-Neighbourhood-Sweater-Weather.mp3

[2013-01-23 22:20:54 | 005,424,848 | ---- | M] () -- C:\Users\Ola\Desktop\hist P.zip

[2013-01-21 21:36:55 | 001,665,031 | ---- | M] () -- C:\Users\Ola\Desktop\IE-1.pdf

[2013-01-21 16:11:41 | 000,031,292 | ---- | M] () -- C:\Users\Ola\Desktop\e7661e1dd8359ab118d743b942359294,14,1.jpg

[2013-01-21 15:57:24 | 000,070,115 | ---- | M] () -- C:\Users\Ola\Desktop\tumblr_ljwu2jWcXi1qd249ho1_500.jpg

[2013-01-21 14:03:56 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3319240603-2227073723-3565724536-1000Core.job

[2013-01-19 19:54:25 | 003,142,676 | ---- | M] () -- C:\Users\Ola\Desktop\model2.bmp

[2013-01-18 19:44:21 | 000,007,910 | ---- | M] () -- C:\Windows\vpd.properties

[2013-01-16 22:47:34 | 001,876,752 | ---- | M] () -- C:\Users\Ola\Desktop\BEZ TYTUŁU.pln

[2013-01-16 20:09:31 | 000,088,818 | ---- | M] () -- C:\Users\Ola\Desktop\Rysunek1.dwg

[2013-01-09 18:22:12 | 000,071,534 | ---- | M] () -- C:\Users\Ola\Desktop\Rysunek1.bak

[2013-01-09 13:09:48 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013-01-09 13:09:48 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012-12-31 19:03:05 | 000,000,627 | ---- | M] () -- C:\Users\Ola\Desktop\Assassins Creed Brotherhood.lnk

[2012-12-29 12:41:16 | 000,075,663 | ---- | M] () -- C:\Users\Ola\Desktop\Druk-przelewu.pdf

[2012-12-29 00:37:34 | 000,096,984 | ---- | M] () -- C:\Users\Ola\Desktop\christian-bale-eyes-wallpaper.jpg


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2013-01-24 02:31:56 | 000,101,086 | ---- | C] () -- C:\Users\Ola\Desktop\Rysunek1-Modelpf.pdf

[2013-01-24 02:30:43 | 000,306,159 | ---- | C] () -- C:\Users\Ola\Desktop\Rysunek1-Modelpf3.pdf

[2013-01-24 02:29:39 | 000,127,693 | ---- | C] () -- C:\Users\Ola\Desktop\Rysunek1-Modelpf2.pdf

[2013-01-24 02:00:51 | 000,124,240 | ---- | C] () -- C:\Users\Ola\Desktop\Rysunek1-Model2.pdf

[2013-01-24 01:44:20 | 008,404,877 | ---- | C] () -- C:\Users\Ola\Desktop\wizualizacja2.psd

[2013-01-24 01:34:58 | 000,098,443 | ---- | C] () -- C:\Users\Ola\Desktop\Rysunek1-Model.pdf

[2013-01-24 01:15:24 | 136,782,514 | ---- | C] () -- C:\Users\Ola\Desktop\sc-tsv17706.rar

[2013-01-24 01:13:17 | 000,002,682 | ---- | C] () -- C:\ProgramData\3509508.js

[2013-01-24 01:13:17 | 000,001,033 | ---- | C] () -- C:\Users\Ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

[2013-01-24 01:13:17 | 000,000,153 | ---- | C] () -- C:\ProgramData\3509508.reg

[2013-01-24 01:13:17 | 000,000,058 | ---- | C] () -- C:\ProgramData\3509508.bat

[2013-01-24 01:13:15 | 095,023,320 | ---- | C] () -- C:\ProgramData\3509508.pad

[2013-01-24 00:57:24 | 001,014,836 | ---- | C] () -- C:\Users\Ola\Desktop\wizualizacja.jpg

[2013-01-24 00:01:16 | 000,130,659 | ---- | C] () -- C:\Users\Ola\Desktop\kermesina.jpg

[2013-01-24 00:00:47 | 000,245,545 | ---- | C] () -- C:\Users\Ola\Desktop\13050010-wschodnia-tui-krzew-na-bialym-tle.jpg

[2013-01-23 23:59:32 | 000,166,211 | ---- | C] () -- C:\Users\Ola\Desktop\imgp7420-forsythia-x-intermedia-fiesta-forsycja-posrednia.jpg

[2013-01-23 23:58:21 | 000,067,297 | ---- | C] () -- C:\Users\Ola\Desktop\dyptam-krzew-mojzesza-dictamnus-fraxinella_891.jpg

[2013-01-23 22:45:27 | 005,017,182 | ---- | C] () -- C:\Users\Ola\Desktop\The_Neighbourhood_-Female_Robbery.mp3

[2013-01-23 22:44:50 | 003,181,504 | ---- | C] () -- C:\Users\Ola\Desktop\Let it go - the neighbourhood.mp3

[2013-01-23 22:44:02 | 001,653,394 | ---- | C] () -- C:\Users\Ola\Desktop\The Neighbourhood - Let It Go.mp3

[2013-01-23 22:43:30 | 009,661,159 | ---- | C] () -- C:\Users\Ola\Desktop\The-Neighbourhood-Sweater-Weather.mp3

[2013-01-23 22:19:29 | 005,424,848 | ---- | C] () -- C:\Users\Ola\Desktop\hist P.zip

[2013-01-21 21:36:55 | 001,665,031 | ---- | C] () -- C:\Users\Ola\Desktop\IE-1.pdf

[2013-01-21 16:11:41 | 000,031,292 | ---- | C] () -- C:\Users\Ola\Desktop\e7661e1dd8359ab118d743b942359294,14,1.jpg

[2013-01-21 15:57:24 | 000,070,115 | ---- | C] () -- C:\Users\Ola\Desktop\tumblr_ljwu2jWcXi1qd249ho1_500.jpg

[2013-01-19 19:54:48 | 008,206,250 | ---- | C] () -- C:\Users\Ola\Desktop\wizualizacja.psd

[2013-01-19 19:21:10 | 003,142,676 | ---- | C] () -- C:\Users\Ola\Desktop\model2.bmp

[2013-01-18 20:07:32 | 000,001,147 | ---- | C] () -- C:\Users\Ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk

[2013-01-17 13:29:01 | 000,002,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

[2013-01-16 22:47:33 | 001,876,752 | ---- | C] () -- C:\Users\Ola\Desktop\BEZ TYTUŁU.pln

[2012-12-31 19:03:05 | 000,000,627 | ---- | C] () -- C:\Users\Ola\Desktop\Assassins Creed Brotherhood.lnk

[2012-12-29 12:41:16 | 000,075,663 | ---- | C] () -- C:\Users\Ola\Desktop\Druk-przelewu.pdf

[2012-12-29 00:37:34 | 000,096,984 | ---- | C] () -- C:\Users\Ola\Desktop\christian-bale-eyes-wallpaper.jpg

[2012-11-09 17:11:45 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2012-07-07 13:16:58 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2012-06-27 17:50:59 | 000,004,608 | ---- | C] () -- C:\Users\Ola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012-06-24 11:50:08 | 001,648,466 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012-06-24 11:49:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2012-06-24 11:39:49 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2012-05-23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012-05-23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012-05-23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2012-05-23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2012-05-23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2012-04-13 15:07:29 | 000,000,132 | ---- | C] () -- C:\Users\Ola\AppData\Roaming\Adobe IllExport Filter CS5 Prefs

[2012-03-07 22:21:23 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini

[2012-03-07 22:21:08 | 000,001,024 | ---- | C] () -- C:\Users\Ola\.rnd

[2012-02-21 22:27:50 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012-02-21 22:27:50 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll

[2012-02-17 19:46:22 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012-02-17 19:46:16 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012-02-16 18:03:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011-12-06 03:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2011-12-06 03:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011-12-05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011-12-05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011-04-09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat


[color=#E56717]========== ZeroAccess Check ==========[/color]


[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64


[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64


[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]


[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:A1EDB939


< End of report >
#2

Logi umieszczaj na http://wklej.org/ Odinstaluj Spybot - Search & Destroy.

Do okna Własne opcje skanowania / skrypt wklej:

Kliknij Wykonaj skrypt i zatwierdź restart.

Pokaż raport z usuwania i nowy log Skanuj.

#3

Ok, poniżej podaję raport z usuwania:

http://wklej.org/id/936652/

A tu nowy log:

http://wklej.org/id/936667/

#4

Przywróć domyślny plik Hosts:

http://support.microsoft.com/kb/972034/pl

Uruchom OTL i kliknij Sprzątanie.

Usuń stare punkty przywracania:

Aby usunąć wszystkie punkty przywracania

Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware PRO.

http://wstaw.org/m/2012/12/29/2012-12-29_005346.png

#5

Ok, ogromne dzięki za wszystko :slight_smile: