Ukash-usuwanie(log-otl,combofix)

Dla specjalistów Bezpieczeństwo
#1

Ukash juz kilka razy bylo na forum ale nie mam pojecia jak czytac logi, wiec do was się kieruje. P.s fajnie jakby mnie ktoś nakierował gdzie można się nauczyć odczytywać logi czy robiliście to metodą prób błędów.

Otl log

OTL logfile created on: 2012-07-23 18:59:12 - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\admin\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


503,37 Mb Total Physical Memory | 199,71 Mb Available Physical Memory | 39,68% Memory free

1,20 Gb Paging File | 0,97 Gb Available in Paging File | 80,67% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19,53 Gb Total Space | 9,15 Gb Free Space | 46,86% Space Free | Partition Type: NTFS

Drive D: | 17,73 Gb Total Space | 5,66 Gb Free Space | 31,93% Space Free | Partition Type: NTFS


Computer Name: A-E5AD83FCB6CF4 | User Name: admin | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2012-07-23 18:59:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe

PRC - [2012-07-23 10:11:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008-04-14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2012-07-23 10:11:09 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012-06-10 23:03:16 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012-07-23 10:11:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012-07-03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012-06-10 23:03:22 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012-01-31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012-07-03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012-07-03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012-07-03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012-07-03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012-07-03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012-07-03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012-07-03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012-04-17 16:37:09 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2011-06-02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011-06-02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011-06-02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)

DRV - [2011-06-02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2010-12-21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)

DRV - [2007-02-08 14:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Sterownik karty Intel(R)

DRV - [2006-08-16 13:57:28 | 000,018,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2006-08-09 12:11:58 | 000,156,288 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2005-09-28 21:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2005-05-03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)

DRV - [2005-05-03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)

DRV - [2005-05-03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2005-03-10 17:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)

DRV - [2004-05-26 16:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2002-03-20 12:10:08 | 000,014,448 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109217&babsrc=HP_ss&mntrId=c811fbaf00000000000000166f6c7572

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109217&babsrc=SP_ss&mntrId=c811fbaf00000000000000166f6c7572

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109217&babsrc=adbartrp&mntrId=c811fbaf00000000000000166f6c7572&q="



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-23 18:44:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-23 10:11:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins


[2011-11-26 20:43:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Extensions

[2012-05-02 00:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\jtahp3cw.default\extensions

[2012-04-11 19:13:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\jtahp3cw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012-05-07 09:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012-02-07 21:22:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012-07-23 10:11:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012-06-18 22:15:44 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2012-02-07 23:14:44 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2012-06-18 22:15:44 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2012-06-18 22:15:44 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2012-06-18 22:15:44 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2012-06-18 22:15:44 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-06-18 22:15:44 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


[color=#E56717]========== Chrome ==========[/color]


CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Szukaj w Google = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

CHR - Extension: Gmail = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\


O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [unklbrfcowoakjc] C:\Documents and Settings\All Users\Dane aplikacji\unklbrfc.exe ()

O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)

O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKCU..\Run: [unklbrfcowoakjc] C:\Documents and Settings\All Users\Dane aplikacji\unklbrfc.exe ()

O4 - Startup: C:\Documents and Settings\admin\Menu Start\Programy\Autostart\Gmail Notifier.lnk = File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 79.139.52.1 91.123.160.5

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3656D901-BCFC-4F99-9EAB-8DEC4C55B798}: DhcpNameServer = 79.139.52.1 91.123.160.5

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-03-30 13:06:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2012-07-23 18:59:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe

[2012-07-23 18:58:57 | 004,582,474 | ---- | C] (Swearware) -- C:\Documents and Settings\admin\Pulpit\ComboFix.exe

[2012-07-23 18:45:48 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012-07-23 18:45:48 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012-07-23 18:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Free Antivirus

[2012-07-23 18:45:41 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012-07-23 18:45:41 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012-07-23 18:45:40 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012-07-23 18:45:40 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012-07-23 18:45:40 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012-07-23 18:45:39 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012-07-23 18:44:30 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012-07-23 18:44:26 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012-07-23 18:30:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo

[2012-07-23 18:30:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje obrazy

[2012-07-23 18:30:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moja muzyka

[2012-07-23 18:30:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2012-07-23 18:21:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012-07-23 17:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\taetjinkorhzrfb

[2012-07-16 14:57:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Recent

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2012-07-23 18:59:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012-07-23 18:59:07 | 004,582,474 | ---- | M] (Swearware) -- C:\Documents and Settings\admin\Pulpit\ComboFix.exe

[2012-07-23 18:59:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe

[2012-07-23 18:53:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-07-23 18:51:58 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012-07-23 18:51:56 | 001,425,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012-07-23 18:45:48 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk

[2012-07-23 18:45:40 | 000,002,644 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012-07-23 18:34:00 | 089,340,632 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\avast_free_antivirus_setup.exe

[2012-07-23 17:51:54 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\wswkcnlpgimaqcj

[2012-07-23 17:48:28 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\unklbrfc.exe

[2012-07-23 17:48:28 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ciidvuuu.exe

[2012-07-23 17:48:28 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\admin\0.15509704030252003.exe

[2012-07-23 17:38:08 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-838170752-839522115-1003UA.job

[2012-07-23 17:28:31 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012-07-23 16:38:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-838170752-839522115-1003Core.job

[2012-07-22 18:35:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012-07-16 18:43:29 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\Google Chrome.lnk

[2012-07-16 17:37:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012-07-03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012-07-03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012-07-03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012-07-03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012-07-03 18:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012-07-03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012-07-03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012-07-03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012-07-03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012-07-03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012-06-25 00:28:19 | 000,000,347 | ---- | M] () -- C:\WINDOWS\XIIIHooligans.ini

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2012-07-23 18:45:48 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk

[2012-07-23 18:45:43 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012-07-23 18:28:40 | 089,340,632 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\avast_free_antivirus_setup.exe

[2012-07-23 17:49:27 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\unklbrfc.exe

[2012-07-23 17:49:14 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ciidvuuu.exe

[2012-07-23 17:48:52 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\wswkcnlpgimaqcj

[2012-07-23 17:48:28 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\admin\0.15509704030252003.exe

[2012-07-16 17:34:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2012-06-25 00:12:35 | 000,000,347 | ---- | C] () -- C:\WINDOWS\XIIIHooligans.ini

[2012-06-18 21:39:14 | 000,017,331 | ---- | C] () -- C:\Documents and Settings\admin\.recently-used.xbel

[2012-06-06 14:42:46 | 000,015,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2012-05-26 13:26:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012-05-12 09:41:59 | 000,105,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2012-03-28 22:11:08 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe

[2012-03-28 22:11:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll

[2012-03-28 22:11:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll

[2012-03-28 22:11:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll

[2012-03-28 22:11:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

[2012-02-15 08:59:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011-12-27 15:05:35 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\admin\Dane aplikacji\gnuplot_history

[2011-12-13 02:51:41 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2011-12-13 02:51:38 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011-12-13 02:51:38 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011-12-13 02:51:38 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011-12-10 03:22:10 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-12-01 23:53:40 | 000,000,567 | ---- | C] () -- C:\WINDOWS\wgnuplot.ini

[2011-11-26 01:08:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll

[2011-11-26 00:25:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2011-11-26 00:25:21 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2011-11-26 00:25:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2011-11-25 23:27:21 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011-11-25 23:26:05 | 001,425,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011-11-25 22:48:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011-11-25 22:42:01 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat


[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9


< End of report >
#2

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

Kliknij Wykonaj skrypt.

Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

Logi umieszczaj na wklej.org

#3

usuwanie

http://wklej.org/id/796332/

nowy log

http://wklej.org/id/796343/

P.S wszystko gra chyba że jakieś inne zabawki gdzieś siedzą zbunkrowane.

#4

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Wyłącz i włącz przywracanie systemu.

http://www.searchengines.pl/Czyszczenie … 41981.html

Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete

Zainstaluj aktualizacje do programow wskazanych przez Security Check

analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html jako out of date.

#5

Wklejam dla pewności bo już sobie tam uaktualnie co trzeba. Dzięki.

http://wklej.org/id/796478/