Depertament policji wirus

justynka1989 · 15 Listopad 2012 13:46

OTL logfile created on: 2012-11-15 14:10:21 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jasmina\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,48% Memory free

6,19 Gb Paging File | 5,76 Gb Available in Paging File | 93,05% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 179,30 Gb Total Space | 92,17 Gb Free Space | 51,40% Space Free | Partition Type: NTFS

Computer Name: JASMINA-PC | User Name: jasmina | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-15 14:05:15 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Users\jasmina\Downloads\OTL.exe

PRC - [2012-11-12 14:22:38 | 002,254,768 | ---- | M] (LogMeIn Inc.) – C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2012-11-12 14:22:36 | 001,431,472 | ---- | M] (LogMeIn Inc.) – C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2012-10-26 22:23:37 | 000,917,984 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008-10-29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) – C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012-10-26 22:23:36 | 002,295,264 | ---- | M] () – C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2009-12-18 05:05:30 | 000,016,832 | ---- | M] () – C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll

========== Services (SafeList) ==========

SRV - [2012-11-12 14:22:36 | 001,431,472 | ---- | M] (LogMeIn Inc.) [Auto | Running] – C:\Program Files\LogMeIn Hamachi\hamachi-2.exe – (Hamachi2Svc)

SRV - [2012-10-26 22:23:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] – C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe – (MozillaMaintenance)

SRV - [2012-07-13 12:28:36 | 000,160,944 | R— | M] (Skype Technologies) [Auto | Stopped] – C:\Program Files\Skype\Updater\Updater.exe – (SkypeUpdate)

SRV - [2012-01-19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] – C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe – (TeamViewer7)

SRV - [2011-11-28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] – C:\Program Files\AVAST Software\Avast\AvastSvc.exe – (avast! Antivirus)

SRV - [2011-10-25 22:56:56 | 002,485,072 | ---- | M] (O&O Software GmbH) [Auto | Stopped] – C:\Program Files\OO Software\Defrag\oodag.exe – (OODefragAgent)

SRV - [2010-03-26 20:33:00 | 000,593,920 | ---- | M] ( ) [Auto | Stopped] – C:\Windows\System32\lmabcoms.exe – (lmab_device)

SRV - [2009-02-20 17:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe – (BcmSqlStartupSvc)

SRV - [2008-03-10 23:14:54 | 000,229,376 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Sony\Network Utility\NSUService.exe – (NSUService)

SRV - [2008-03-05 05:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Sony\VAIO Media plus\SOHDs.exe – (SOHDs)

SRV - [2008-03-05 05:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Sony\VAIO Media plus\SOHDms.exe – (SOHDms)

SRV - [2008-03-05 05:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe – (SOHCImp)

SRV - [2008-03-03 23:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe – (VcmIAlzMgr)

SRV - [2008-03-03 22:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe – (VcmXmlIfHelper)

SRV - [2008-02-15 20:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe – (VzFw)

SRV - [2008-02-15 20:56:56 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe – (VAIO Entertainment TV Device Arbitration Service)

SRV - [2008-02-15 20:56:54 | 000,184,320 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe – (VzCdbSvc)

SRV - [2008-02-15 20:56:50 | 000,274,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe – (Vcsw)

SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)

SRV - [2007-11-28 11:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe – (SPTISRV)

SRV - [2007-11-28 11:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe – (MSCSPTISRV)

SRV - [2007-11-28 10:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe – (PACSPTISVR)

SRV - [2007-10-19 22:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] – C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe – (LVSrvLauncher)

SRV - [2007-10-19 22:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] – C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe – (LVPrcSrv)

SRV - [2007-10-19 22:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled | Stopped] – C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe – (LVCOMSer)

SRV - [2007-08-15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Disabled | Stopped] – C:\Program Files\Sony\VAIO Event Service\VESMgr.exe – (VAIO Event Service)

SRV - [2007-01-05 04:48:52 | 000,112,152 | R— | M] (InterVideo) [Disabled | Stopped] – c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe – (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – System32\Drivers\usbaapl.sys – (USBAAPL)

DRV - File not found [Kernel | Disabled | Stopped] – system32\DRIVERS\UIUSYS.SYS – (UIUSys)

DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\nwlnkfwd.sys – (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\nwlnkflt.sys – (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ipinip.sys – (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] – system32\drivers\RTKVHDA.sys – (IntcAzAudAddService)

DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\igdkmd32.sys – (igfx)

DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\adiusbaw.sys – (adiusbaw)

DRV - File not found [Kernel | Auto | Stopped] – System32\Drivers\adildr.sys – (ADILOADER)

DRV - [2011-12-08 05:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ssadmdm.sys – (ssadmdm)

DRV - [2011-12-08 05:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ssadbus.sys – (ssadbus)

DRV - [2011-12-08 05:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ssadserd.sys – (ssadserd)

DRV - [2011-12-08 05:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ssadadb.sys – (androidusb)

DRV - [2011-12-08 05:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ssadmdfl.sys – (ssadmdfl)

DRV - [2011-11-28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] – C:\Windows\System32\drivers\aswSnx.sys – (aswSnx)

DRV - [2011-11-28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] – C:\Windows\System32\drivers\aswSP.sys – (aswSP)

DRV - [2011-11-28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswRdr.sys – (aswRdr)

DRV - [2011-11-28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] – C:\Windows\System32\drivers\aswTdi.sys – (aswTdi)

DRV - [2011-11-28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] – C:\Windows\System32\drivers\aswMonFlt.sys – (aswMonFlt)

DRV - [2011-11-28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] – C:\Windows\System32\drivers\aswFsBlk.sys – (aswFsBlk)

DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\hamachi.sys – (hamachi)

DRV - [2008-02-23 01:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\Apfiltr.sys – (ApfiltrService)

DRV - [2008-02-12 01:49:44 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\nvlddmkm.sys – (nvlddmkm)

DRV - [2008-02-06 01:06:19 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] – C:\Windows\System32\drivers\XAudio.sys – (XAudio)

DRV - [2007-12-17 02:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\SFEP.sys – (SFEP)

DRV - [2007-12-14 05:03:35 | 000,758,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\athr.sys – (athr)

DRV - [2007-12-14 01:40:06 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] – C:\Windows\System32\drivers\DMICall.sys – (DMICall)

DRV - [2007-10-19 22:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\Lvckap.sys – (LVcKap)

DRV - [2007-10-12 03:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\LVPr2Mon.sys – (LVPr2Mon)

DRV - [2007-10-12 03:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\LVMVdrv.sys – (LVMVDrv)

DRV - [2007-10-12 03:00:43 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\LVUSBSta.sys – (LVUSBSta)

DRV - [2007-10-12 02:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\LV302V32.SYS – (PID_PEPI)

DRV - [2007-10-12 02:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\lv302af.sys – (pepifilter)

DRV - [2007-09-19 04:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\NETw4v32.sys – (NETw4v32)

DRV - [2007-06-06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ti21sony.sys – (ti21sony)

DRV - [2007-05-26 09:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\Windows\System32\drivers\WimFltr.sys – (WimFltr)

DRV - [2007-04-18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] – C:\Windows\System32\drivers\regi.sys – (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/burn4free/{FC0268F5-E798-4FF9-B4BF-C3A27750849F}

IE - HKLM…\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777

IE - HKLM…\SearchScopes{C15C0046-52DC-4CB5-B7E9-7595C9106585}: “URL” = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://partnerpage.google.com/eu.s [binary data over 200 bytes]

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://partnerpage.google.com/eu.s [binary data over 200 bytes]

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=136

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - No CLSID value found

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rlz=1I7SNYK_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\SearchScopes{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: “URL” = http://www.bigseekpro.com/search/browser/burn4free/{FC0268F5-E798-4FF9-B4BF-C3A27750849F}?q={searchTerms}

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\SearchScopes{C15C0046-52DC-4CB5-B7E9-7595C9106585}: “URL” = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7SNYK_en-GB

IE - HKU\S-1-5-21-868054459-1207084222-3928944599-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…browser.search.useDBForOrder: true

FF - prefs.js…browser.startup.homepage: “http://www.gazeta.pl/0,0.html?p=136”

FF - prefs.js…extensions.enabledAddons: IplextoALL@ALLPlayer.org:0.7.0

FF - prefs.js…extensions.enabledAddons: player@vividas.com:4.1.3

FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js…extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js…extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jasmina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\jasmina\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-01 17:15:16 | 000,000,000 | —D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\Components: C:\Program Files\Mozilla Firefox\components [2012-10-26 22:23:38 | 000,000,000 | —D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-11-15 14:02:36 | 000,000,000 | —D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\Components: C:\Program Files\Mozilla Firefox\components [2012-10-26 22:23:38 | 000,000,000 | —D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-11-15 14:02:36 | 000,000,000 | —D | M]

[2011-03-17 14:16:31 | 000,000,000 | —D | M] (No name found) – C:\Users\jasmina\AppData\Roaming\mozilla\Extensions

[2012-11-15 14:08:46 | 000,000,000 | —D | M] (No name found) – C:\Users\jasmina\AppData\Roaming\mozilla\Firefox\Profiles\icmjx9k7.default\extensions

[2012-11-15 14:09:13 | 000,000,000 | —D | M] (No name found) – C:\Users\jasmina\AppData\Roaming\mozilla\Firefox\Profiles\icmjx9k7.default\extensions{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}

[2012-11-15 14:09:13 | 000,000,000 | —D | M] (No name found) – C:\Users\jasmina\AppData\Roaming\mozilla\Firefox\Profiles\icmjx9k7.default\extensions{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2011-04-17 21:20:35 | 000,000,000 | —D | M] (Conduit Engine) – C:\Users\jasmina\AppData\Roaming\mozilla\Firefox\Profiles\icmjx9k7.default\extensions\engine@conduit.com

[2012-06-07 22:48:25 | 000,000,000 | —D | M] (Vividas player plugin) – C:\Users\jasmina\AppData\Roaming\mozilla\Firefox\Profiles\icmjx9k7.default\extensions\player@vividas.com

[2012-11-15 14:08:46 | 000,000,000 | —D | M] (No name found) – C:\Users\jasmina\AppData\Roaming\mozilla\Firefox\Profiles\icmjx9k7.default\extensions\staged

[2012-07-11 09:30:04 | 000,010,043 | ---- | M] () (No name found) – C:\Users\jasmina\AppData\Roaming\mozilla\firefox\profiles\icmjx9k7.default\extensions\IplextoALL@ALLPlayer.org.xpi

[2012-10-26 20:59:00 | 000,013,713 | ---- | M] () (No name found) – C:\Users\jasmina\AppData\Roaming\mozilla\firefox\profiles\icmjx9k7.default\extensions\YouTubetoALL@ALLPlayer.org.xpi

[2012-06-07 22:48:36 | 000,020,591 | ---- | M] () (No name found) – C:\Users\jasmina\AppData\Roaming\mozilla\firefox\profiles\icmjx9k7.default\extensions{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2011-06-03 08:16:34 | 000,002,376 | ---- | M] () – C:\Users\jasmina\AppData\Roaming\mozilla\firefox\profiles\icmjx9k7.default\searchplugins\search.xml

[2012-10-26 22:23:23 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions

[2012-10-26 22:23:37 | 000,261,600 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011-09-16 11:57:06 | 000,189,088 | ---- | M] ( ) – C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll

[2012-06-18 13:04:08 | 000,002,767 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2012-06-18 13:04:08 | 000,001,406 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2012-06-18 13:04:08 | 000,000,917 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2012-06-18 13:04:08 | 000,000,858 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2012-06-18 13:04:08 | 000,001,183 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-06-18 13:04:08 | 000,001,683 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - homepage: http://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\jasmina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: avast! WebRep = C:\Users\jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (YouTube To ALLPlayer) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files\ALLPlayer\YouTubeToALLPlayer.dll (ALLPlayer.org)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)

O3 - HKLM…\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\Toolbar\WebBrowser: (no name) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No CLSID value found.

O3 - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.

O4 - HKLM…\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM…\Run: [igfxTray] C:\Windows\system32\igfxtray.exe File not found

O4 - HKLM…\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM…\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM…\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)

O4 - HKU\S-1-5-19…\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20…\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\Run: [Facebook Update] C:\Users\jasmina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\lmab1err.exe ( )

O4 - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Users\jasmina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)

O4 - Startup: C:\Users\jasmina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\jasmina\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)

O7 - HKU\S-1-5-21-868054459-1207084222-3928944599-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 10.9.2)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 10.9.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{0654DD89-4F63-42A6-872F-B69E5B1D851C}: DhcpNameServer = 8.8.8.8 8.8.4.4

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

O24 - Desktop WallPaper: C:\Users\jasmina\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\jasmina\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat – [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (OODBS)

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-12 21:33:42 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2012-11-12 21:33:40 | 000,000,000 | —D | C] – C:\Program Files\LogMeIn Hamachi

[2012-11-02 14:54:06 | 000,044,544 | ---- | C] (Microsoft Corporation) – C:\ProgramData\lsass.exe

[2012-10-26 22:23:22 | 000,000,000 | —D | C] – C:\Program Files\Mozilla Firefox

[2012-10-26 21:12:20 | 000,821,736 | ---- | C] (Oracle Corporation) – C:\Windows\System32\npDeployJava1.dll

[2012-10-26 21:12:20 | 000,246,760 | ---- | C] (Oracle Corporation) – C:\Windows\System32\javaws.exe

[2012-10-26 21:11:46 | 000,174,056 | ---- | C] (Oracle Corporation) – C:\Windows\System32\javaw.exe

[2012-10-26 21:11:46 | 000,174,056 | ---- | C] (Oracle Corporation) – C:\Windows\System32\java.exe

[2012-10-26 21:11:46 | 000,093,672 | ---- | C] (Oracle Corporation) – C:\Windows\System32\WindowsAccessBridge.dll

[1 C:\Users\jasmina\Documents*.tmp files -> C:\Users\jasmina\Documents*.tmp ->]

========== Files - Modified Within 30 Days ==========

[2012-11-15 14:06:05 | 000,633,886 | ---- | M] () – C:\Windows\System32\perfh009.dat

[2012-11-15 14:06:05 | 000,118,772 | ---- | M] () – C:\Windows\System32\perfc009.dat

[2012-11-15 14:01:34 | 000,067,584 | --S- | M] () – C:\Windows\bootstat.dat

[2012-11-15 14:01:19 | 000,321,300 | ---- | M] () – C:\Windows\System32\oodbs.lor

[2012-11-15 13:58:35 | 083,023,306 | ---- | M] () – C:\ProgramData\0tbpw.pad

[2012-11-15 13:36:44 | 000,074,297 | ---- | M] () – C:\Users\jasmina\AppData\Roaming\nvModes.001

[2012-11-15 13:36:43 | 000,001,032 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012-11-15 13:35:36 | 000,003,216 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012-11-15 13:35:36 | 000,003,216 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012-11-15 13:24:16 | 000,001,036 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012-11-15 03:20:59 | 000,000,936 | ---- | M] () – C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-868054459-1207084222-3928944599-1003UA.job

[2012-11-14 15:21:01 | 000,000,914 | ---- | M] () – C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-868054459-1207084222-3928944599-1003Core.job

[2012-11-09 16:32:31 | 000,001,971 | ---- | M] () – C:\Users\Public\Desktop\Google Chrome.lnk

[2012-11-06 22:27:10 | 000,001,772 | ---- | M] () – C:\Users\jasmina\Desktop\Continue SweetIM Installation.lnk

[2012-11-02 14:54:13 | 000,000,760 | ---- | M] () – C:\Users\jasmina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

[2012-11-02 14:54:06 | 000,044,544 | ---- | M] (Microsoft Corporation) – C:\ProgramData\lsass.exe

[2012-10-27 07:32:23 | 000,008,268 | ---- | M] () – C:\Users\jasmina\AppData\Local\d3d9caps.dat

[2012-10-26 21:11:10 | 000,093,672 | ---- | M] (Oracle Corporation) – C:\Windows\System32\WindowsAccessBridge.dll

[2012-10-26 21:11:05 | 000,246,760 | ---- | M] (Oracle Corporation) – C:\Windows\System32\javaws.exe

[2012-10-26 21:11:05 | 000,174,056 | ---- | M] (Oracle Corporation) – C:\Windows\System32\javaw.exe

[2012-10-26 21:11:04 | 000,174,056 | ---- | M] (Oracle Corporation) – C:\Windows\System32\java.exe

[2012-10-26 21:11:03 | 000,821,736 | ---- | M] (Oracle Corporation) – C:\Windows\System32\npDeployJava1.dll

[2012-10-26 21:11:03 | 000,746,984 | ---- | M] (Oracle Corporation) – C:\Windows\System32\deployJava1.dll

[1 C:\Users\jasmina\Documents*.tmp files -> C:\Users\jasmina\Documents*.tmp ->]

========== Files Created - No Company Name ==========

[2012-11-06 22:26:58 | 000,001,772 | ---- | C] () – C:\Users\jasmina\Desktop\Continue SweetIM Installation.lnk

[2012-11-02 14:54:13 | 000,000,760 | ---- | C] () – C:\Users\jasmina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

[2012-11-02 14:54:10 | 083,023,306 | ---- | C] () – C:\ProgramData\0tbpw.pad

[2012-07-09 14:07:48 | 000,644,608 | ---- | C] () – C:\Windows\System32\xvidcore.dll

[2012-07-09 14:07:48 | 000,258,048 | ---- | C] () – C:\Windows\System32\libFLAC.dll

[2012-03-28 10:12:29 | 000,847,872 | ---- | C] ( ) – C:\Windows\System32\lmabusb1.dll

[2012-03-28 10:12:29 | 000,643,072 | ---- | C] ( ) – C:\Windows\System32\lmabpmui.dll

[2012-03-28 10:12:28 | 001,044,480 | ---- | C] ( ) – C:\Windows\System32\lmabserv.dll

[2012-03-28 10:12:28 | 000,569,344 | ---- | C] ( ) – C:\Windows\System32\lmablmpm.dll

[2012-03-28 10:12:28 | 000,479,232 | ---- | C] ( ) – C:\Windows\System32\lmabpar1.dll

[2012-03-28 10:12:28 | 000,339,968 | ---- | C] ( ) – C:\Windows\System32\lmabiesc.dll

[2012-03-28 10:12:27 | 000,905,216 | ---- | C] ( ) – C:\Windows\System32\lmabip1.dll

[2012-03-28 10:12:27 | 000,593,920 | ---- | C] ( ) – C:\Windows\System32\lmabcoms.exe

[2012-03-28 10:12:27 | 000,450,560 | ---- | C] ( ) – C:\Windows\System32\lmabiobj.dll

[2012-03-28 10:12:27 | 000,364,544 | ---- | C] ( ) – C:\Windows\System32\lmabinpa.dll

[2012-03-28 10:12:27 | 000,356,352 | ---- | C] ( ) – C:\Windows\System32\lmabhcp.dll

[2012-03-28 10:12:26 | 000,802,816 | ---- | C] ( ) – C:\Windows\System32\lmabcomc.dll

[2012-03-28 10:12:26 | 000,372,736 | ---- | C] ( ) – C:\Windows\System32\lmabcomm.dll

[2012-01-31 18:15:44 | 000,030,568 | ---- | C] () – C:\Windows\MusiccityDownload.exe

[2012-01-31 18:15:42 | 000,974,848 | ---- | C] () – C:\Windows\System32\cis-2.4.dll

[2012-01-31 18:15:42 | 000,081,920 | ---- | C] () – C:\Windows\System32\issacapi_bs-2.3.dll

[2012-01-31 18:15:42 | 000,065,536 | ---- | C] () – C:\Windows\System32\issacapi_pe-2.3.dll

[2012-01-31 18:15:42 | 000,057,344 | ---- | C] () – C:\Windows\System32\issacapi_se-2.3.dll

[2011-11-14 12:44:27 | 000,401,408 | ---- | C] ( ) – C:\Windows\System32\lexlog.dll

[2011-11-14 12:40:20 | 000,630,784 | ---- | C] ( ) – C:\Windows\System32\softcoin.dll

[2011-11-14 12:40:14 | 000,425,984 | ---- | C] ( ) – C:\Windows\System32\gencoin.dll

[2011-03-30 14:23:04 | 000,019,456 | ---- | C] () – C:\Users\jasmina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-03-16 22:59:21 | 000,008,268 | ---- | C] () – C:\Users\jasmina\AppData\Local\d3d9caps.dat

[2011-03-16 22:59:17 | 000,074,297 | ---- | C] () – C:\Users\jasmina\AppData\Roaming\nvModes.dat

[2011-03-16 22:59:17 | 000,074,297 | ---- | C] () – C:\Users\jasmina\AppData\Roaming\nvModes.001

[2011-03-07 09:40:53 | 000,000,032 | ---- | C] () – C:\ProgramData\ezsid.dat

[2011-02-27 06:23:59 | 000,000,046 | ---- | C] () – C:\Windows\adiras.ini

[2011-02-27 06:07:37 | 000,000,000 | ---- | C] () – C:\Windows\VAIOUpdt.INI

[2011-02-26 22:36:43 | 000,000,000 | ---- | C] () – C:\Windows\nsreg.dat

[2011-02-26 22:36:23 | 000,001,724 | ---- | C] () – C:\Users\jasmina\Mozilla Firefox.lnk

[2011-02-26 22:36:04 | 000,059,500 | ---- | C] () – C:\Windows\System32\lvcoinst.ini

========== ZeroAccess Check ==========

[2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

“” = %SystemRoot%\system32\shell32.dll – [2011-01-21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

“” = %systemroot%\system32\wbem\fastprox.dll – [2009-03-03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

“” = %systemroot%\system32\wbem\wbemess.dll – [2008-01-21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Both

========== LOP Check ==========

[2011-03-18 15:21:22 | 000,000,000 | —D | M] – C:\Users\jasmina\AppData\Roaming\Gadu-Gadu 10

[2012-11-13 19:50:24 | 000,000,000 | —D | M] – C:\Users\jasmina\AppData\Roaming\ipla

[2012-08-20 00:16:17 | 000,000,000 | —D | M] – C:\Users\jasmina\AppData\Roaming\IrfanView

[2012-07-09 14:41:20 | 000,000,000 | —D | M] – C:\Users\jasmina\AppData\Roaming\NapiProjekt

[2011-03-29 14:44:56 | 000,000,000 | —D | M] – C:\Users\jasmina\AppData\Roaming\OpenFM

[2011-06-30 18:44:23 | 000,000,000 | —D | M] – C:\Users\jasmina\AppData\Roaming\Opera

[2011-03-20 12:26:26 | 000,000,000 | —D | M] – C:\Users\jasmina\AppData\Roaming\RDRM

[2012-02-23 20:54:28 | 000,000,000 | —D | M] – C:\Users\jasmina\AppData\Roaming\Samsung

[2012-02-08 00:58:57 | 000,000,000 | —D | M] – C:\Users\jasmina\AppData\Roaming\TeamViewer

[2012-11-15 13:59:51 | 000,000,000 | —D | M] – C:\Users\jasmina\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

bardzo prosze o dalsza pomoc…

– Dodane 15.11.2012 (Cz) 14:53 –

resztę raportu extras,txt napiszę po dodaniu przez kogoś posta gdyż się nie zmieścił mi w poprzednim bardzo ale bardzo prosze o odpowiedz

– Dodane 15.11.2012 (Cz) 15:03 –

http://wklejto.pl/138513

http://wklejto.pl/138514

jeszcze raz bardzo proszę o pomoc

Acorus · 15 Listopad 2012 14:04

Logi wrzuć na wklej.org

justynka1989 · 15 Listopad 2012 14:05

wklejone

– Dodane 15.11.2012 (Cz) 15:10 –

http://wklejto.pl/138513

http://wklejto.pl/138514

Acorus · 15 Listopad 2012 14:11

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL DRV - File not found [Kernel | On_Demand | Stopped] – System32\Drivers\usbaapl.sys – (USBAAPL) DRV - File not found [Kernel | Disabled | Stopped] – system32\DRIVERS\UIUSYS.SYS – (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] – system32\drivers\RTKVHDA.sys – (IntcAzAudAddService) DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\igdkmd32.sys – (igfx) DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\adiusbaw.sys – (adiusbaw) DRV - File not found [Kernel | Auto | Stopped] – System32\Drivers\adildr.sys – (ADILOADER) O3 - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\Toolbar\WebBrowser: (no name) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No CLSID value found. O3 - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found. O4 - HKLM…\Run: [igfxTray] C:\Windows\system32\igfxtray.exe File not found O4 - HKU\S-1-5-21-868054459-1207084222-3928944599-1003…\Run: [Facebook Update] C:\Users\jasmina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Users\jasmina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) [2012-11-02 14:54:06 | 000,044,544 | ---- | C] (Microsoft Corporation) – C:\ProgramData\lsass.exe [2012-11-02 14:54:13 | 000,000,760 | ---- | C] () – C:\Users\jasmina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012-11-02 14:54:10 | 083,023,306 | ---- | C] () – C:\ProgramData\0tbpw.pad :Commands [emptytemp]

Kliknij Wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

justynka1989 · 15 Listopad 2012 14:32

a czy moge zrobic to w trybie awaryjnym z obsługa sieci czy musze uruchomić normalny

Acorus · 15 Listopad 2012 14:36

Po wykonaniu skryptu uruchomisz tryb normalny.

justynka1989 · 15 Listopad 2012 15:17

http://www.wklejto.pl/138519

http://www.wklejto.pl/138520

– Dodane 15.11.2012 (Cz) 16:29 –

na moje to ten raport z usuwania nie jest normalny

Acorus · 15 Listopad 2012 15:57

Na moje też.Nie wkleiłaś :OTL

justynka1989 · 15 Listopad 2012 20:46

a czy mogę to powtórzyć ? jestem pewna , że wszystko wkleiłam

Atis · 15 Listopad 2012 20:58

Nie wkleiłaś komendy :OTL

Wykonaj ponownie poprzedni skrypt.

Pokaż raport z usuwania i nowy log.