Problem z kartą pamięci - skrót do folderu

Dla specjalistów Bezpieczeństwo
#1

Cześć

mam duży problem z kartami pamięci SD wkładanymi do komputera, podobnie z pendrive’ami. Czytałem dużo tematów tu na forum i pewne kroki już poczyniłem (czyszczenie programem UsbFIX, OTL, AdwCleaner) i niestety nic nie pomogło. Miałem na karcie pamięci bardzo dużo bardzo ważnych zdjęć, po jej włożeniu pojawił się jakiś skrót 2kb, żadnych zdjęć na karcie. Wyczyszczenie komputera ww. programami nie przyniosło rezultatów. Poniżej wklejam logi z OTL i UsbFix (już po wykonaniu czyszczenia):

UsbFix:

############################## | UsbFix V 7.138 | [Research]


User: Olusia (Administrator) # OLUS

Updated 20/09/2013 by El Desaparecido - Team SosVirus

Started at 20:14:13 | 21/09/2013


Website: http://www.usbfix.net/

Forum : http://www.sosvirus.net/

Upload Malware: http://www.sosvirus.net/upload_malware.php

Contact: http://www.usbfix.net/contact/


PC: ASUSTeK Computer INC. (1201NL) (X86-based PC)

CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (1599)

RAM -> [Total : 1791 | Free : 1200]

BIOS: BIOS Date: 01/20/10 14:11:07 Ver: 08.00.15

BOOT: Normal boot


OS: Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Dodatek Service Pack 3

WB: Windows Internet Explorer 8.0.6001.18702


SC: Security Center Service [Enabled]

WU: Windows Update Service [Enabled]

FW: Windows FireWall Service [Enabled]


C:\ (%systemdrive%) -> Fixed drive # 80 Gb (50 Mb free - 63%) [] # NTFS

D:\ -> Fixed drive # 64 Gb (51 Mb free - 80%) [] # NTFS

E:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [] # FAT32

F:\ -> CD-ROM


################## | Active Processes |


C:\WINDOWS\System32\smss.exe (724)

C:\WINDOWS\system32\winlogon.exe (800)

C:\WINDOWS\system32\services.exe (844)

C:\WINDOWS\system32\lsass.exe (856)

C:\WINDOWS\system32\nvsvc32.exe (1020)

C:\WINDOWS\system32\svchost.exe (1044)

C:\WINDOWS\System32\svchost.exe (1152)

C:\WINDOWS\system32\spoolsv.exe (1668)

C:\WINDOWS\Explorer.EXE (1804)

C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe (1896)

C:\Documents and Settings\All Users\Dane aplikacji\Internet Manager\OnlineUpdate\ouc.exe (416)

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (436)

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (472)

C:\WINDOWS\system32\svchost.exe (572)

C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (676)

C:\WINDOWS\system32\RUNDLL32.EXE (752)

C:\WINDOWS\RTHDCPL.EXE (108)

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (972)

C:\Program Files\EeePC\ACPI\AsEPCMon.exe (976)

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1200)

C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (1220)

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (1296)

C:\Program Files\Common Files\Real\Update_OB\realsched.exe (1304)

C:\Program Files\blueconnect\DataCardMonitor.exe (1312)

C:\Program Files\Common Files\Java\Java Update\jusched.exe (1228)

C:\WINDOWS\system32\ctfmon.exe (1360)

C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (1412)

C:\Documents and Settings\Olusia\Dane aplikacji\blueconnect\ouc.exe (1380)

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (1860)

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (120)

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (412)

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (2724)

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe (2868)

C:\WINDOWS\system32\wbem\wmiapsrv.exe (3140)

C:\WINDOWS\system32\wuauclt.exe (3364)

C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (3444)

C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (3548)

C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (3592)

C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (3676)

C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (4092)

C:\Program Files\T-Mobile\InternetManager_H\Internet Manager.exe (3268)

C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (1592)

C:\UsbFix\Go.exe (3736)


################## | El Desaparecido Section |


HKLM\SOFTWARE | Run : [nwiz] - nwiz.exe /installquiet

HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE

HKLM\SOFTWARE | Run : [AsusACPIServer] - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

HKLM\SOFTWARE | Run : [AsusEPCMonitor] - C:\Program Files\EeePC\ACPI\AsEPCMon.exe

HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

HKLM\SOFTWARE | Run : [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe

HKLM\SOFTWARE | Run : [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto

HKLM\SOFTWARE | Run : [ASUS VIBE] - C:\Program Files\ASUS\ASUS VIBE\ASUS VIBE.exe /S

HKLM\SOFTWARE | Run : [DTRun] - C:\Program Files\ArcSoft\TotalMedia Theatre 3\uDTRun.exe

HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HKLM\SOFTWARE | Run : [DataCardMonitor] - C:\Program Files\blueconnect\DataCardMonitor.exe

HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

HKLM\SOFTWARE | RunOnce : [] - 

HKLM\SOFTWARE | Policies\Explorer\run : [23647] - C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\ccishx.exe

HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

HKU\S-1-5-21-423058549-4209211474-658904553-1006\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe

HKU\S-1-5-21-423058549-4209211474-658904553-1006\SOFTWARE | Run : [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

HKU\S-1-5-21-423058549-4209211474-658904553-1006\SOFTWARE | Run : [Google Update] - "C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c

HKU\S-1-5-21-423058549-4209211474-658904553-1006\SOFTWARE | Run : [HW_OPENEYE_OUC_blueconnect] - "C:\Program Files\blueconnect\UpdateDog\ouc.exe"

HKU\S-1-5-21-423058549-4209211474-658904553-1006\SOFTWARE | Run : [ALLUpdate] - "C:\Program Files\OpenSubtitlesPlayer\ALLUpdate.exe" "sleep"

HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE


################## | Files # Infected Folders |


Found ! E:\Removable Disk (4GB).lnk

Found ! F:\AutoRun.exe

Found ! E:\_WPPMHBAYN.nil

Found ! E:\desktop.ini

Found ! E:\ 

Found ! F:\AUTORUN.INF

Found ! F:\SysConfig.dat


################## | Registry |



################## | Mountpoints2 |


HKCU\.\.\.\.\Explorer\MountPoints2\F

Shell\AutoRun\Command = F:\AutoRun.exe




################## | Vaccin |


C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)


################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

OTL:

OTL logfile created on: 2013-09-21 20:24:12 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Olusia\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1,75 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 64,58% Memory free

3,09 Gb Paging File | 2,56 Gb Available in Paging File | 82,85% Paging File free

Paging file location(s): C:\pagefile.sys 1524 2688 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 80,01 Gb Total Space | 50,23 Gb Free Space | 62,78% Space Free | Partition Type: NTFS

Drive D: | 64,11 Gb Total Space | 51,20 Gb Free Space | 79,86% Space Free | Partition Type: NTFS

Drive E: | 3,73 Gb Total Space | 3,72 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

Drive F: | 41,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS


Computer Name: OLUS | User Name: Olusia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2013-09-21 20:22:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Olusia\Pulpit\OTL.exe

PRC - [2013-09-17 05:21:30 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

PRC - [2013-07-08 13:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2012-10-10 21:36:59 | 000,520,032 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\Internet Manager.exe

PRC - [2012-10-10 21:36:59 | 000,224,096 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Internet Manager\OnlineUpdate\ouc.exe

PRC - [2012-07-05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

PRC - [2012-04-15 18:51:27 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\blueconnect\DataCardMonitor.exe

PRC - [2011-05-25 18:15:59 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe

PRC - [2009-12-31 16:25:02 | 000,994,216 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

PRC - [2009-12-31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Olusia\Dane aplikacji\blueconnect\ouc.exe

PRC - [2009-11-09 15:34:04 | 000,401,072 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

PRC - [2009-08-27 17:53:56 | 000,735,208 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe

PRC - [2009-05-08 17:54:20 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe

PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2003-04-09 18:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

PRC - [2003-04-09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

PRC - [2003-04-09 17:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe

PRC - [2003-04-09 17:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2013-09-17 05:21:27 | 000,410,576 | ---- | M] () -- C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll

MOD - [2013-09-17 05:21:26 | 013,611,984 | ---- | M] () -- C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll

MOD - [2013-09-17 05:21:25 | 004,053,456 | ---- | M] () -- C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\29.0.1547.76\pdf.dll

MOD - [2013-09-17 05:20:31 | 001,604,560 | ---- | M] () -- C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll

MOD - [2012-10-10 21:37:05 | 000,277,504 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\XFramePlugin.dll

MOD - [2012-10-10 21:37:05 | 000,168,960 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\XCodec.dll

MOD - [2012-10-10 21:37:05 | 000,120,160 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\Win7Support.dll

MOD - [2012-10-10 21:37:04 | 000,818,688 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\SMSUIPlugin.dll

MOD - [2012-10-10 21:37:04 | 000,686,080 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\SmsAppPlugin.dll

MOD - [2012-10-10 21:37:04 | 000,423,424 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\USSDUIPlugin.dll

MOD - [2012-10-10 21:37:04 | 000,319,488 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\StatusBarMgrPlugin.dll

MOD - [2012-10-10 21:37:04 | 000,272,384 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\sdk.dll

MOD - [2012-10-10 21:37:04 | 000,219,136 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\SmsSrvPlugin.dll

MOD - [2012-10-10 21:37:04 | 000,142,336 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\USSDSrvPlugin.dll

MOD - [2012-10-10 21:37:04 | 000,135,168 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\Trace.dll

MOD - [2012-10-10 21:37:04 | 000,131,936 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\ServiceUIPlugin.dll

MOD - [2012-10-10 21:37:03 | 009,515,520 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\QtGui4.dll

MOD - [2012-10-10 21:37:03 | 001,148,416 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\QtNetwork4.dll

MOD - [2012-10-10 21:37:03 | 001,148,416 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Internet Manager\OnlineUpdate\QtNetwork4.dll

MOD - [2012-10-10 21:37:03 | 000,398,336 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\QtXml4.dll

MOD - [2012-10-10 21:37:02 | 002,415,104 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\QtCore4.dll

MOD - [2012-10-10 21:37:02 | 002,415,104 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Internet Manager\OnlineUpdate\QtCore4.dll

MOD - [2012-10-10 21:37:02 | 000,545,280 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\PluginContainer.dll

MOD - [2012-10-10 21:37:02 | 000,387,072 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\Proxy.dll

MOD - [2012-10-10 21:37:02 | 000,082,944 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\plugins\imageformats\qgif4.dll

MOD - [2012-10-10 21:37:02 | 000,081,920 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\plugins\imageformats\qico4.dll

MOD - [2012-10-10 21:37:01 | 001,107,296 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NDISAPI.dll

MOD - [2012-10-10 21:37:01 | 000,804,864 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\MiniFramePlugin.dll

MOD - [2012-10-10 21:37:01 | 000,524,640 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NetInfoUIExPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,501,248 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DeviceMgrUIPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,434,016 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DialupUIPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,424,448 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NetSettingPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,421,216 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\core.dll

MOD - [2012-10-10 21:37:01 | 000,337,408 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DeviceAppPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,332,640 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NetConnectPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,313,856 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NetInfoRecordUIPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,300,544 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DeviceSrvPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,295,936 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NetInfoSrvPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,271,872 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\MenuMgrPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,250,720 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\LiveUpdateInterface.dll

MOD - [2012-10-10 21:37:01 | 000,224,256 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NetSrvPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,221,696 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\Common.dll

MOD - [2012-10-10 21:37:01 | 000,211,968 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DialUpPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,178,688 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NDISPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,158,720 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NetConnectSrvPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,157,184 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DataServicePlugin.dll

MOD - [2012-10-10 21:37:01 | 000,138,240 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\HelpUIPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,133,632 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\OSDialup.dll

MOD - [2012-10-10 21:37:01 | 000,131,584 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\OSNDIS.dll

MOD - [2012-10-10 21:37:01 | 000,117,248 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\LayoutPlugin.dll

MOD - [2012-10-10 21:37:01 | 000,101,888 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\OSAdapt.dll

MOD - [2012-10-10 21:37:01 | 000,099,328 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\CompressRatePlugin.dll

MOD - [2012-10-10 21:37:01 | 000,097,280 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NotifyServicePlugin.dll

MOD - [2012-10-10 21:37:01 | 000,065,536 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\OSPowerMgr.dll

MOD - [2012-10-10 21:37:01 | 000,043,008 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\libgcc_s_dw2-1.dll

MOD - [2012-10-10 21:37:01 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll

MOD - [2012-10-10 21:37:01 | 000,011,362 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\mingwm10.dll

MOD - [2012-10-10 21:37:01 | 000,011,362 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Internet Manager\OnlineUpdate\mingwm10.dll

MOD - [2012-10-10 21:36:59 | 001,084,416 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\AddrBookPlugin.dll

MOD - [2012-10-10 21:36:59 | 000,796,160 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\AddrBookUIPlugin.dll

MOD - [2012-10-10 21:36:59 | 000,520,032 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\Internet Manager.exe

MOD - [2012-10-10 21:36:59 | 000,262,656 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\AddrBookSrvPlugin.dll

MOD - [2012-10-10 21:36:59 | 000,239,104 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\AtCodec.dll

MOD - [2012-10-10 21:36:59 | 000,224,096 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Internet Manager\OnlineUpdate\ouc.exe

MOD - [2012-10-10 21:36:59 | 000,123,904 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\ATR2SMgr.dll

MOD - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe

MOD - [2010-03-15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2009-11-09 15:34:04 | 000,401,072 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

MOD - [2009-08-27 17:53:56 | 000,735,208 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe

MOD - [2009-08-27 17:29:08 | 000,182,240 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Parser.dll

MOD - [2009-08-27 17:22:14 | 000,161,768 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Enumeration.dll

MOD - [2009-08-27 16:45:26 | 000,120,808 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\ClientSocket.dll

MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL

MOD - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll



[color=#E56717]========== Services (SafeList) ==========[/color]


SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2013-07-08 13:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2012-10-10 21:36:59 | 000,224,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)

SRV - [2012-07-05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)

SRV - [2003-03-09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\vsapint.sys -- (vsapint)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)

DRV - [2013-01-31 10:19:34 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2013-01-31 10:19:34 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)

DRV - [2013-01-31 10:19:34 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)

DRV - [2013-01-31 10:19:34 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)

DRV - [2013-01-31 10:19:34 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV - [2012-10-10 21:37:06 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)

DRV - [2012-10-10 21:37:05 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2012-10-10 21:37:05 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)

DRV - [2012-10-10 21:37:05 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2012-10-10 21:37:05 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)

DRV - [2012-10-10 21:37:05 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)

DRV - [2012-10-10 21:37:05 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad)

DRV - [2012-10-10 21:37:05 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)

DRV - [2012-10-10 21:37:05 | 000,007,552 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys -- (filtertdidriver)

DRV - [2010-01-06 18:37:36 | 000,182,144 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMIksdrv.sys -- (usbsmi)

DRV - [2009-12-25 11:39:00 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)

DRV - [2009-11-26 05:05:00 | 000,056,992 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2009-11-17 13:51:38 | 005,956,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2009-09-23 05:08:48 | 000,561,024 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8192se.sys -- (RTL8192se)

DRV - [2009-08-05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2009-06-29 10:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2009-03-02 07:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)

DRV - [2008-11-03 09:03:28 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2008-08-05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008-04-08 19:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)

DRV - [2006-01-04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}

IE - HKCU\..\SearchScopes\{AE0DDE3D-B9C3-410F-85BD-539E97FB6030}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=en_PL&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^PL&apn_uid=eb825d7b-f754-47c9-91ba-16f4bc24ac22&apn_sauid=BA446461-0BDD-4508-9AC1-0BEAB04CEF52

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



[color=#E56717]========== FireFox ==========[/color]


FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1879: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1939: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.872: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2012-10-10 21:37:15 | 000,000,000 | ---D | M]


[2012-10-12 08:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions


[color=#E56717]========== Chrome ==========[/color]


CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\29.0.1547.76\pdf.dll

CHR - plugin: SweetIM GC Helper (Enabled) = C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\mgHelperGC.dll

CHR - plugin: SweetIM GC Helper (Enabled) = C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\


O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [ASUS VIBE] C:\Program Files\ASUS\ASUS VIBE\ASUS VIBE.exe (ecm)

O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)

O4 - HKLM..\Run: [DTRun] C:\Program Files\ArcSoft\TotalMedia Theatre 3\uDTRun.exe File not found

O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [ALLUpdate] "C:\Program Files\OpenSubtitlesPlayer\ALLUpdate.exe" "sleep" File not found

O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()

O4 - HKCU..\Run: [HW_OPENEYE_OUC_blueconnect] C:\Program Files\blueconnect\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)

O4 - HKLM..\RunOnce: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 23647 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\ccishx.exe (Hause)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found

O15 - HKCU\..Trusted Domains: polbank24.pl ([www] https in Zaufane witryny)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.158.199.1 213.158.199.5

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13846754-A5AC-4207-96A7-EBE077D450E9}: DhcpNameServer = 213.158.199.1 213.158.199.5

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Olusia/USTAWI~1/Temp/msohtmlclip1/01/clip_image001.jpg

O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\EeePC_wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\EeePC_wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-02-06 03:32:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O32 - AutoRun File - [2013-09-21 20:00:43 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [NTFS]

O32 - AutoRun File - [2013-09-21 20:00:43 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [NTFS]

O32 - Unable to obtain root file information for disk E:\

O32 - AutoRun File - [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [CDFS]

O32 - AutoRun File - [2009-09-25 04:46:52 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [CDFS]

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:21 | 000,148,320 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2013-09-21 20:22:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Olusia\Pulpit\OTL.exe

[2013-09-21 20:00:43 | 000,000,000 | RHSD | C] -- C:\Autorun.inf

[2013-09-21 19:17:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013-09-21 18:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Olusia\Dane aplikacji\UsbFix

[2013-09-21 18:36:49 | 000,000,000 | ---D | C] -- C:\UsbFix

[2013-09-21 18:35:29 | 001,381,261 | ---- | C] (El Desaparecido - SosVirus.net - UsbFix.net) -- C:\Documents and Settings\Olusia\Pulpit\UsbFix.exe

[2013-09-21 17:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\avgchrome

[2013-09-21 17:35:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions

[2013-09-21 17:35:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2013-09-21 20:25:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-423058549-4209211474-658904553-1006UA.job

[2013-09-21 20:22:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Olusia\Pulpit\OTL.exe

[2013-09-21 20:18:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013-09-21 20:14:10 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\Olusia\Pulpit\SosVirus On Facebook.lnk

[2013-09-21 20:14:10 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\Olusia\Pulpit\UsbFix Faire un Don.lnk

[2013-09-21 20:14:10 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\Olusia\Pulpit\SosVirus Forum.lnk

[2013-09-21 20:12:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Olusia.job

[2013-09-21 20:12:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Olusia.job

[2013-09-21 20:07:06 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Olusia.job

[2013-09-21 20:06:47 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2013-09-21 20:06:31 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013-09-21 20:06:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013-09-21 19:46:53 | 000,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013-09-21 19:21:39 | 001,039,554 | ---- | M] () -- C:\Documents and Settings\Olusia\Pulpit\AdwCleaner.exe

[2013-09-21 18:43:45 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Olusia\Pulpit\Google Chrome.lnk

[2013-09-21 18:36:45 | 001,381,261 | ---- | M] (El Desaparecido - SosVirus.net - UsbFix.net) -- C:\Documents and Settings\Olusia\Pulpit\UsbFix.exe

[2013-09-21 18:03:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013-09-21 17:46:00 | 000,001,418 | ---- | M] () -- C:\Documents and Settings\Olusia\Moje dokumenty\Removable Disk (4GB).lnk

[2013-09-21 17:45:57 | 000,003,977 | ---- | M] () -- C:\Documents and Settings\Olusia\Moje dokumenty\ĺESKTOP.INI

[2013-09-21 17:45:55 | 000,005,642 | ---- | M] () -- C:\Documents and Settings\Olusia\Moje dokumenty\_WDUTMWXZUU.nil

[2013-09-21 17:45:49 | 000,005,719 | ---- | M] () -- C:\Documents and Settings\Olusia\Moje dokumenty\ĺWDEQG.NIL

[2013-09-21 17:45:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Olusia\Moje dokumenty\ĺIKON001.DSC

[2013-09-21 17:07:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013-08-30 21:08:36 | 000,000,519 | ---- | M] () -- C:\hpfr3420.xml

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2013-09-21 19:27:08 | 000,001,859 | ---- | C] () -- C:\Documents and Settings\Olusia\Pulpit\UsbFix Faire un Don.lnk

[2013-09-21 19:21:32 | 001,039,554 | ---- | C] () -- C:\Documents and Settings\Olusia\Pulpit\AdwCleaner.exe

[2013-09-21 18:36:52 | 000,001,867 | ---- | C] () -- C:\Documents and Settings\Olusia\Pulpit\SosVirus On Facebook.lnk

[2013-09-21 18:36:52 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\Olusia\Pulpit\SosVirus Forum.lnk

[2013-09-21 17:45:54 | 000,005,642 | ---- | C] () -- C:\Documents and Settings\Olusia\Moje dokumenty\_WDUTMWXZUU.nil

[2013-09-21 17:45:48 | 000,005,719 | ---- | C] () -- C:\Documents and Settings\Olusia\Moje dokumenty\ĺWDEQG.NIL

[2013-09-21 17:45:46 | 000,003,977 | ---- | C] () -- C:\Documents and Settings\Olusia\Moje dokumenty\ĺESKTOP.INI

[2013-09-21 17:45:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Olusia\Moje dokumenty\ĺIKON001.DSC

[2013-09-21 17:41:03 | 000,001,418 | ---- | C] () -- C:\Documents and Settings\Olusia\Moje dokumenty\Removable Disk (4GB).lnk

[2013-09-04 20:09:54 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Olusia.job

[2013-09-04 20:08:22 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Olusia.job

[2013-09-04 20:08:20 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Olusia.job

[2013-07-24 21:13:49 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Olusia\hpothb07.tif

[2013-07-24 21:13:49 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Olusia\hpothb07.dat

[2013-07-10 14:32:59 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2013-06-16 14:17:40 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat

[2013-06-16 14:17:40 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat

[2013-04-05 19:19:09 | 000,054,418 | -H-- | C] () -- C:\WINDOWS\hpothb07.dat

[2013-02-05 18:52:50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll

[2013-02-05 18:52:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll

[2013-02-05 18:52:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll

[2013-02-05 18:52:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

[2012-10-12 09:50:20 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2012-02-17 19:21:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012-02-03 13:42:56 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-04-06 19:35:41 | 000,000,364 | ---- | C] () -- C:\Documents and Settings\Olusia\Dane aplikacji\wklnhst.dat

[2011-03-07 14:35:12 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Olusia\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2010-02-06 05:37:43 | 000,131,368 | ---- | C] () -- C:\Documents and Settings\All Users\FullRemove.exe


[color=#E56717]========== ZeroAccess Check ==========[/color]


[2010-02-06 04:35:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2009-09-25 07:37:33 | 001,509,888 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-15 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both


[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AB689DEA


< End of report >

Będę wdzięczny za każdą możliwą pomoc!

Dziękuję!

#2

Wstaw raport z USBfix z opcji Listing (podłącz zainfekowane nośniki danych).

Dodane 21.09.2013 (So) 20:49

Odnośnie OTL