Wirus "Polizja Biuro Służby kryminalnej"

mefiuss · 28 Października 2013

Raport :
All processes killed
========== OTL ==========
C:\Documents and Settings\JA\Dane aplikacji\Other.res moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\JA\Dane aplikacji\Other.res deleted successfully.
File C:\Documents and Settings\JA\Dane aplikacji\Other.res not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cnesse deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lutina deleted successfully.
C:\Documents and Settings\JA\Dane aplikacji\cnesse\lutina.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uqfutayn deleted successfully.
C:\Documents and Settings\JA\Dane aplikacji\Qoefum\qusuu.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@macromedia.com/FlashPlayer10\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@macromedia.com/FlashPlayer10\ deleted successfully.
Error: No service named WebClient was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient deleted successfully.
========== FILES ==========
C:\Documents and Settings\JA\Dane aplikacji\Qoefum folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\cnesse\aubmis64 folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\cnesse\aubmis32 folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\cnesse folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JA
->Temp folder emptied: 814501 bytes
->Temporary Internet Files folder emptied: 837224 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5372 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10282013_204057

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL.txt:

OTL logfile created on: 2013-10-28 20:44:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = I:\
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,48 Mb Total Physical Memory | 732,63 Mb Available Physical Memory | 71,58% Memory free
1,33 Gb Paging File | 1,10 Gb Available in Paging File | 82,89% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 6,93 Gb Free Space | 18,60% Space Free | Partition Type: NTFS
Drive D: | 37,26 Gb Total Space | 16,00 Gb Free Space | 42,94% Space Free | Partition Type: NTFS
Drive I: | 1,88 Gb Total Space | 1,83 Gb Free Space | 97,33% Space Free | Partition Type: FAT32

Computer Name: SPEED_XP | User Name: JA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-10-28 17:31:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2013-06-30 14:56:29 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\adblock.exe
PRC - [2009-12-18 11:24:34 | 000,107,840 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
PRC - [2009-02-23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008-03-04 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008-01-29 00:09:38 | 001,502,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-01-22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007-09-05 10:20:12 | 000,036,352 | ---- | M] (VisualTaskTips.com) -- C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
PRC - [2007-05-11 01:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2007-05-11 01:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe
PRC - [2006-10-05 19:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe
PRC - [2006-09-22 00:33:15 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2006-09-07 18:19:27 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006-08-30 09:58:38 | 000,049,152 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\VMSnap3.EXE
PRC - [2006-08-04 10:35:54 | 000,217,088 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2006-08-04 10:35:52 | 000,135,168 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2006-08-04 10:35:52 | 000,106,496 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2006-08-04 10:28:58 | 000,262,144 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2006-06-28 16:54:06 | 000,049,152 | ---- | M] (Vimicro) -- C:\WINDOWS\Domino.EXE
PRC - [2004-09-19 11:27:46 | 000,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe

========== Modules (No Company Name) ==========

MOD - [2013-06-30 14:56:29 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\adblock.exe
MOD - [2012-12-18 15:28:46 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
MOD - [2008-01-22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2007-09-20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007-09-05 10:20:04 | 000,007,680 | ---- | M] () -- C:\Program Files\Utilities\VisualTaskTips\VttHooks.dll
MOD - [2006-10-05 19:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe
MOD - [2006-09-07 18:19:27 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2006-09-07 18:19:01 | 000,008,704 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2006-09-07 18:18:56 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2004-09-19 11:27:46 | 000,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe
MOD - [2004-09-19 11:27:36 | 000,069,632 | ---- | M] () -- C:\Program Files\LClock\LC.dll
MOD - [2004-09-19 11:27:32 | 000,081,920 | ---- | M] () -- C:\Program Files\LClock\Calendar.dll
MOD - [2004-08-03 22:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013-10-24 18:32:38 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-06-30 14:56:29 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\adblock.exe -- (BannerBlocker2)
SRV - [2008-01-22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007-05-11 01:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2006-09-22 00:33:15 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2006-08-04 10:35:54 | 000,217,088 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2006-08-04 10:35:52 | 000,135,168 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2006-08-04 10:35:52 | 000,106,496 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2006-08-04 10:28:58 | 000,262,144 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aqwvuyys)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (all5n74j)
DRV - [2010-03-10 10:26:36 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009-10-13 17:06:41 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009-10-13 17:06:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009-02-24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006-09-07 18:19:22 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2006-08-31 09:30:18 | 000,392,058 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2006-08-04 10:35:56 | 000,023,296 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2006-08-04 10:35:56 | 000,015,616 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2006-08-04 10:35:56 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006-08-04 10:35:54 | 000,022,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2006-08-04 10:35:52 | 000,094,848 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2006-08-04 10:35:52 | 000,009,216 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2006-08-04 10:28:58 | 000,011,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006-04-25 09:57:42 | 000,428,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303)
DRV - [2006-02-25 16:13:06 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2006-02-16 16:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2006-01-10 03:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003-07-02 03:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-10-24 18:32:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-10-24 18:32:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-01-06 22:06:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011-03-13 09:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Extensions
[2013-10-07 18:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\aovmhv0f.default\extensions
[2012-03-28 18:47:31 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\aovmhv0f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013-10-24 18:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-10-24 18:32:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012-03-27 16:50:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012-03-27 16:50:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2001-10-26 16:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) File not found
O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.EXE (Vimicro)
O4 - HKLM..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe ()
O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O4 - Startup: C:\Documents and Settings\JA\Menu Start\Programy\Autostart\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE4997AC-6E9F-4978-BEFA-B7E2EF2E74BD}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009-10-12 20:40:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-10-28 18:36:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JA\Recent
[2013-10-28 18:09:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-10-24 18:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013-10-28 20:42:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-10-28 20:42:34 | 001,430,233 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2013-10-27 12:17:10 | 000,497,690 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2013-10-27 12:17:10 | 000,438,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-10-27 12:17:10 | 000,084,444 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2013-10-27 12:17:10 | 000,067,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-10-27 12:12:51 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-10-20 17:58:23 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-602162358-839522115-1001UA.job
[2013-10-20 17:58:22 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-602162358-839522115-1001Core.job

========== Files Created - No Company Name ==========

[2013-04-12 09:38:20 | 000,528,398 | ---- | C] () -- C:\WINDOWS\System32\adnav.exe
[2013-04-12 09:38:20 | 000,318,019 | ---- | C] () -- C:\WINDOWS\System32\libcurl-4.dll
[2013-04-12 09:38:20 | 000,304,845 | ---- | C] () -- C:\WINDOWS\System32\adstop.exe
[2013-04-12 09:38:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\libidn-11.dll
[2013-04-12 09:38:20 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\librtmp.dll
[2013-04-12 09:38:20 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\adblock.exe
[2013-04-12 09:38:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2013-04-12 09:38:20 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\libgcc_s_dw2-1.dll
[2013-04-12 09:38:20 | 000,011,362 | ---- | C] () -- C:\WINDOWS\System32\mingwm10.dll
[2013-02-20 11:31:54 | 000,153,355 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2013-02-20 11:31:54 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2009-11-27 10:07:30 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\JA\GoToAssistDownloadHelper.exe

========== ZeroAccess Check ==========

[2009-11-05 19:46:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-01-29 00:15:07 | 001,738,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 11:22:07 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004-08-03 22:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

filutka78 · 28 Października 2013

---------------->>@mefiuss

Jest OK, kończymy:

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

Zainstaluj nowszą, bezpieczniejszą wersję Javy:

>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz: Windows x86 Offline lub Online)

Windows XP Professional Edition Dodatek Service Pack 2

Twój komputer nie jest w ogóle chroniony od ... 2010 roku.

F.

mefiuss · 28 Października 2013

Dziękuje Ci kolego za pomoc, jest to komputer stacjonarny którego rzadko używam, właściwie nawet nie ja, tylko rodzina, myślisz że instalacja chociażby avasta lub jakiegokolwiek darmowego antywirusa pomoże coś ? Jestem otwarty na podpowiedzi

NoLife · 28 Października 2013

Google dymi, na wirusa jest skuteczna pigułka - "combofix".

filutka78 · 28 Października 2013

----------->>@mefiuss

Antywirusa warto mieć. Nie zabezpieczy na 100%, ale zawsze coś tam ochroni.

Problem w tym, że Twój System jest dziurawy bez Service Pack 3, i łatek wydanych po 2010 roku, więc dużo infekcji ma szeroko otwartą drogę do Twego komputera.

Teoretycznie mógłbyś zainstalować Service Pack 3 stąd >http://www.dobreprogramy.pl/Windows-XP-PL-Service-Pack,Program,Windows,12243.html (bo z Microsoftu już nie możesz ściągnąć).

Ale masz chyba zbyt mało miejsca na partycji Systemowej.

Drive C: | 37,27 Gb Total Space | 6,93 Gb Free Space | 18,60% Space Free

Service Pack, i następne łatki na pewno się zmieszcza, ale potem już zostanie baaardzo mało miejsca na tej partycji.

F.

majer18 · 28 Października 2013

Witam,

kilkanaście dni temu pojawiła mi się "Polizja" ale po wyłączeniu kompa "z buta" nie pojawiła się więcej. Bardzo proszę o przejrzenie loga czy wszystko jest w porządku:

OTL - http://www.wklejto.pl/178806

Extras: http://www.wklejto.pl/178807

Dziękuję i pozdrawiam

mefiuss · 28 Października 2013

----------->>@mefiuss

Antywirusa warto mieć. Nie zabezpieczy na 100%, ale zawsze coś tam ochroni.
Problem w tym, że Twój System jest dziurawy bez Service Pack 3, i łatek wydanych po 2010 roku, więc dużo infekcji ma szeroko otwartą drogę do Twego komputera.
Teoretycznie mógłbyś zainstalować Service Pack 3 stąd >http://www.dobreprogramy.pl/Windows-XP-PL-Service-Pack,Program,Windows,12243.html (bo z Microsoftu już nie możesz ściągnąć).
Ale masz chyba zbyt mało miejsca na partycji Systemowej.

Service Pack, i następne łatki na pewno się zmieszcza, ale potem już zostanie baaardzo mało miejsca na tej partycji.

F.

Dzięki za pomoc i odpowiedź, zaopatrzę sie w jakiegoś antywirusa a gdy znajde chwile czasu zorganizuje wolne miejsce na dysku

filutka78 · 28 Października 2013

--------->>@majer18

W logach nie widzę tej infekcji, więc pewnie miałeś najnowszą wersję infekcji: komunikat "POLIZJI" pojawia się tylko raz, i po zamknięciu okienka komunikatu infekcja samoczynnie znika z komputera.

Są sponsorskie śmieci, więc:

1) Użyj >Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).

najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.

Pokaż raport z niego C:\AdwCleaner[s1].txt

2) Zrób nowy log z OTL.

3) Zainstaluj nowszą, bezpieczniejszą wersję Javy:

>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz: Windows x86 Offline lub Online

F.

majer18 · 28 Października 2013

----->>@Filutka78

Poniżej logi z AdvCleaner i OTL:

AdwCleaner - http://www.wklejto.pl/178814

OTL- http://www.wklejto.pl/178821

Extras - http://www.wklejto.pl/178818

Dziękuje!!!

filutka78 · 29 Października 2013

--------->>@majer18

Kosmetyka:

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
SRV - File not found [On_Demand | Stopped] -- D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
O33 - MountPoints2\{c291c9ce-200f-11e2-8aa3-0016d4f7ccbc}\Shell\AutoRun\command - "" = G:\wubi.exe
O33 - MountPoints2\{fbb41218-4dcc-11e1-9401-0016d4f7ccbc}\Shell\AutoRun\command - "" = G:\./MI.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
DRV - File not found [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CE116F92-945E-4AD5-8F5C-9B0B0CA6F7CC}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B14158EB-DC05-4236-A58C-83A51097B8B9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4D9575BC-DEA0-4033-BCF6-A657046FE832}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{817D4CCB-CF86-4D7E-8952-5B60485380BC}]

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt.

Raportu z tego już nie dawaj.

Potem kończymy:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

F.

eren · 29 Października 2013

Witam,zazwyczaj nie łapię wirusów, co najwyżej robią to moi rodzice. Tym razem jednak złapałem tego wirusa osobiście, w dodatku udało mu się wykonać zdjęcie kamerką. Do rzeczy:

Windows 7 z SP1 (wersja 6.1.7601)

Nie mogę/nie potrafię uruchomić OTL przez notepad - każdorazowo wczytuje mi szereg znaków (każdy wie, o co chodzi). Pozostałe tryby awaryjne nie działają (po włączeniu safe mode/safe mode with networking i zalogowaniu, komputer restartuje się [logging out, shutting down etc, nie raptownie]).

Jeśli mam być szczery, to po godzinie przeglądania forum i różnych poradników nie jestem ani trochę bliżej usunięcia tego cholerstwa. Bardzo proszę o pomoc.

filutka78 · 29 Października 2013

---------->>@eren

Jeśli bardzo dobrze znasz się na komputerach, to zrób log z FRST wg >>http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/#entry32551

Jeśli sam się nie znasz, to rozejrzyj się wśród swoich znajomych - może ktoś z nich się zna.

Jeśli ani Ty, ani nikt z Twoich znajomych nie zna się bardzo dobrze na komputerach, to sformatuj partycję Systemową, i wgraj System od nowa.

F.

parek64 · 30 Października 2013

Też padłem ofiarą polizji

Poniżej log z FRST z prośbą o pomoc

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by SYSTEM on MININT-GB9S3SP on 30-10-2013 07:12:25
Running from H:\
Windows 7 Professional (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\Winlogon: [userinit] c:\windows\system32\userinit.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe
HKLM-x32\...\Run: [AveoSTI.exe] - C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [32768 2010-12-02] (AVEO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-10-02] ()
HKU\user\...\Run: [MFP and Storage Server] - [x]
HKU\user\...\Run: [HP Deskjet 5520 series (NET)] - C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP COLOR.lnk
ShortcutTarget: Powiadomienia monitorowania tuszu - HP COLOR.lnk -> C:\Program Files\HP\HP Deskjet 5520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [348672 2010-12-31] (AVEO Corp)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
S2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
S3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( )
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [199168 2009-10-06] ( )
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [126720 2012-03-28] (Gemalto)
S3 NUS_Bus64; C:\Windows\System32\DRIVERS\NUS_Bus64.sys [34816 2011-10-14] (Elite Silicon Technology Inc.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-30 07:11 - 2013-10-30 07:11 - 00000000 ____D C:\FRST
2013-10-27 16:08 - 2013-10-27 16:08 - 00000000 ____D C:\Users\user\AppData\Local\{4AEFD6DE-D7AE-4975-9DC6-AD0798D22149}
2013-10-26 09:59 - 2013-10-26 09:59 - 00000000 ____D C:\Users\user\AppData\Local\{124CCDE8-F0A1-4C0E-BB7E-0BAA308B5539}
2013-10-25 19:30 - 2013-10-25 19:30 - 00000000 ____D C:\Users\user\AppData\Local\{3199D339-B04A-4622-83BA-74F9F75C2B4D}
2013-10-25 06:43 - 2013-10-25 06:43 - 00000000 ____D C:\Users\user\AppData\Local\{9B9AB3AD-D1D1-4D6C-B1FC-D1CE28A92BAD}
2013-10-24 07:16 - 2013-10-24 07:16 - 00000000 ____D C:\Users\user\AppData\Local\{07B9C6D4-597F-4F5A-8F02-55B45BB0ED46}
2013-10-23 19:15 - 2013-10-23 19:16 - 00000000 ____D C:\Users\user\AppData\Local\{C7E92F17-43B8-4BC5-B59E-273781D7E39F}
2013-10-23 07:15 - 2013-10-23 07:15 - 00000000 ____D C:\Users\user\AppData\Local\{6E114C90-8A3D-4800-8B7C-BB63D0F99E90}
2013-10-22 18:38 - 2013-10-22 18:39 - 00000000 ____D C:\Users\user\AppData\Local\{C2FD0737-4E49-4523-A00D-6EF1F1719904}
2013-10-22 06:22 - 2013-10-22 06:23 - 00000000 ____D C:\Users\user\AppData\Local\{B44403D1-033C-49DF-82A6-111D08FF323F}
2013-10-21 18:19 - 2013-10-21 18:19 - 00000000 ____D C:\Users\user\AppData\Local\{34247DEC-02BC-472A-A36A-DD93ED451F8C}
2013-10-20 21:07 - 2013-10-20 21:07 - 00000000 ____D C:\Users\user\AppData\Local\{C3EA2EC2-D91C-4493-98EF-2CAF3256FED8}
2013-10-19 21:16 - 2013-10-19 21:16 - 00000000 ____D C:\Users\user\AppData\Local\{E5318ECB-D6B5-447E-952F-82856247230F}
2013-10-19 09:14 - 2013-10-19 09:15 - 00000000 ____D C:\Users\user\AppData\Local\{56D2F8AC-662E-4ED0-BF08-2CE2B58D33AF}
2013-10-18 07:02 - 2013-10-18 07:02 - 00000000 ____D C:\Users\user\AppData\Local\{BB072A53-8525-424B-A56E-5E8BC79B0E54}
2013-10-17 19:01 - 2013-10-17 19:02 - 00000000 ____D C:\Users\user\AppData\Local\{A76222C4-73E5-4DF9-BE46-0A367039E859}
2013-10-17 07:01 - 2013-10-17 07:01 - 00000000 ____D C:\Users\user\AppData\Local\{145876D8-3FF5-4A7F-8C24-C6124400A1EF}
2013-10-15 19:52 - 2013-10-15 19:52 - 00000000 ____D C:\Users\user\AppData\Local\{BFBF9CD1-C538-4DA7-A92C-13ED08F401FE}
2013-10-15 07:52 - 2013-10-15 07:52 - 00000000 ____D C:\Users\user\AppData\Local\{26EB9470-CAA5-4E38-8C59-51380A317C24}
2013-10-14 18:20 - 2013-10-14 18:20 - 00000000 ____D C:\Users\user\AppData\Local\{2BB1C654-08EC-4DD9-B8C8-9605A69738E3}
2013-10-13 09:20 - 2013-10-13 09:21 - 00000000 ____D C:\Users\user\AppData\Local\{B8DE15EE-4057-4654-B01B-1518FB281001}
2013-10-12 09:12 - 2013-10-12 09:12 - 00000000 ____D C:\Users\user\AppData\Local\{B423CCCC-7174-4485-A4B5-77CE77D211EF}
2013-10-11 10:42 - 2013-10-11 10:43 - 00000000 ____D C:\Users\user\AppData\Local\{15A14214-F212-42F5-883A-AC3411939E77}
2013-10-10 21:38 - 2013-10-10 21:38 - 00000000 ____D C:\Users\user\AppData\Local\{3BA55975-99FF-4871-8C4E-AEB13EF8EF3D}
2013-10-10 13:39 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 13:39 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 13:39 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-10 13:39 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-10 13:39 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-10 13:39 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-10 13:39 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-10 13:39 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 13:39 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-10 13:39 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 08:12 - 2013-10-10 08:12 - 00000000 ____D C:\Users\user\AppData\Local\{60862C38-823C-499D-8045-7A433473E7AD}
2013-10-10 06:50 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-10 06:50 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-10 06:50 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-10 06:50 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 06:50 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-10 06:50 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-10 06:50 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-10 06:50 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-10 06:50 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-10 06:50 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 06:50 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 06:50 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 06:50 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 06:50 - 2013-08-29 02:50 - 00155136 _____ C:\Users\user\AppData\Roaming\Other.res
2013-10-10 06:50 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 06:50 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 06:50 - 2013-08-29 02:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbser.sys
2013-10-10 06:50 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 06:50 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 06:50 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 06:50 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 06:50 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-10 06:50 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-10 06:50 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-10 06:50 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 06:50 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 06:50 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-10 06:50 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-10 06:50 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-10 06:50 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-10 06:50 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-10 06:50 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 06:50 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 06:50 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 06:50 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-10 06:50 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-10 06:50 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-10 06:50 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-10 06:50 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-10 06:50 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-10 06:50 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-10 06:50 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-10 06:50 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-10 06:50 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 06:50 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 06:50 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 06:50 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-10 06:50 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 06:50 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 20:03 - 2013-10-09 20:03 - 00000000 ____D C:\Users\user\AppData\Local\{248A4E62-240F-486C-A50C-8C6F84457AF5}
2013-10-09 08:03 - 2013-10-09 08:03 - 00000000 ____D C:\Users\user\AppData\Local\{FCCF937A-89B3-492B-A83A-5D96E4F33437}
2013-10-08 19:32 - 2013-10-08 19:33 - 00000000 ____D C:\Users\user\AppData\Local\{42C736FD-F14A-4BAF-A7B8-F1B5A49A3F84}
2013-10-08 07:32 - 2013-10-08 07:32 - 00000000 ____D C:\Users\user\AppData\Local\{827EACD6-7989-4884-86A5-E8F681DCC938}
2013-10-07 07:46 - 2013-10-07 07:46 - 00000000 ____D C:\Users\user\AppData\Local\Avg2014
2013-10-07 07:36 - 2013-10-07 07:36 - 00000000 ____D C:\Users\user\AppData\Local\{495A3CEE-51E1-4445-B359-E7E59A196AFA}
2013-10-06 16:08 - 2013-10-06 16:08 - 00000000 ____D C:\Users\user\AppData\Local\{58C38A72-A4AF-41A3-9B6D-301D32024C6B}
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 ____D C:\Users\user\AppData\Local\{70A32007-ADA6-4082-8930-A031EE0A57C6}
2013-10-04 19:00 - 2013-10-04 19:00 - 00000000 ____D C:\Users\user\AppData\Local\{72ED392B-F7D4-42F8-9B15-19033719B7BC}
2013-10-04 06:47 - 2013-10-04 06:47 - 00000000 ____D C:\Users\user\AppData\Local\{0B3F20D9-BF24-4760-84EC-9F1B7B82AAA2}
2013-10-03 18:46 - 2013-10-03 18:47 - 00000000 ____D C:\Users\user\AppData\Local\{CCF3D9E6-0E83-419A-8125-62A926382D4C}
2013-10-03 06:46 - 2013-10-03 06:46 - 00000000 ____D C:\Users\user\AppData\Local\{F14912CE-5974-456F-9B50-2BB96452BCFF}
2013-10-02 18:37 - 2013-10-02 18:37 - 00000000 ____D C:\Users\user\AppData\Local\{31770DAF-49A0-4320-B636-A111393EB132}
2013-10-02 06:37 - 2013-10-02 06:37 - 00000000 ____D C:\Users\user\AppData\Local\{33D6F9E3-FB48-468F-B5B9-F9F478FE12DB}
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Users\user\AppData\Local\{B6159716-B150-4FAF-A53D-10D134C1EF8F}
2013-09-30 20:11 - 2013-09-30 20:12 - 00000000 ____D C:\Users\user\AppData\Local\{8A8FBB26-F29A-4C3E-BD62-A7BC7A4BA525}
2013-09-30 08:11 - 2013-09-30 08:11 - 00000000 ____D C:\Users\user\AppData\Local\{0563E106-7F3D-4245-9CE1-59A06FE0DDBD}

==================== One Month Modified Files and Folders =======

2013-10-30 07:31 - 2009-07-14 19:09 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-30 07:11 - 2013-10-30 07:11 - 00000000 ____D C:\FRST
2013-10-30 06:59 - 2013-01-23 12:18 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-10-30 06:59 - 2012-11-27 12:24 - 00000000 ____D C:\Users\user\AppData\Roaming\AVG2013
2013-10-30 06:59 - 2012-11-27 12:07 - 00000000 ____D C:\ProgramData\MFAData
2013-10-30 06:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2013-10-30 06:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-30 06:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-30 06:58 - 2013-01-23 12:18 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-10-30 06:58 - 2012-05-14 12:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-30 06:58 - 2012-05-14 12:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-30 06:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-30 06:58 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-29 16:50 - 2012-12-18 16:05 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-10-27 16:08 - 2013-10-27 16:08 - 00000000 ____D C:\Users\user\AppData\Local\{4AEFD6DE-D7AE-4975-9DC6-AD0798D22149}
2013-10-26 17:05 - 2011-06-14 21:01 - 01421194 _____ C:\Windows\WindowsUpdate.log
2013-10-26 17:02 - 2011-06-16 09:20 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{929F28D0-2C14-4C81-8B51-C3613FA77575}
2013-10-26 16:32 - 2013-05-09 09:02 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-26 16:31 - 2012-04-04 07:42 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-26 15:55 - 2009-07-14 18:55 - 00748186 _____ C:\Windows\System32\perfh015.dat
2013-10-26 15:55 - 2009-07-14 18:55 - 00160720 _____ C:\Windows\System32\perfc015.dat
2013-10-26 15:55 - 2009-07-14 06:13 - 01693670 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-26 12:16 - 2009-07-14 05:45 - 00016032 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-26 12:16 - 2009-07-14 05:45 - 00016032 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-26 12:06 - 2013-05-09 09:02 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-26 12:05 - 2013-07-19 07:16 - 00009296 _____ C:\Windows\setupact.log
2013-10-26 12:05 - 2013-06-07 21:51 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-10-26 12:05 - 2013-06-03 10:16 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-10-26 12:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-26 09:59 - 2013-10-26 09:59 - 00000000 ____D C:\Users\user\AppData\Local\{124CCDE8-F0A1-4C0E-BB7E-0BAA308B5539}
2013-10-25 19:30 - 2013-10-25 19:30 - 00000000 ____D C:\Users\user\AppData\Local\{3199D339-B04A-4622-83BA-74F9F75C2B4D}
2013-10-25 06:43 - 2013-10-25 06:43 - 00000000 ____D C:\Users\user\AppData\Local\{9B9AB3AD-D1D1-4D6C-B1FC-D1CE28A92BAD}
2013-10-24 07:16 - 2013-10-24 07:16 - 00000000 ____D C:\Users\user\AppData\Local\{07B9C6D4-597F-4F5A-8F02-55B45BB0ED46}
2013-10-23 19:16 - 2013-10-23 19:15 - 00000000 ____D C:\Users\user\AppData\Local\{C7E92F17-43B8-4BC5-B59E-273781D7E39F}
2013-10-23 07:15 - 2013-10-23 07:15 - 00000000 ____D C:\Users\user\AppData\Local\{6E114C90-8A3D-4800-8B7C-BB63D0F99E90}
2013-10-22 18:39 - 2013-10-22 18:38 - 00000000 ____D C:\Users\user\AppData\Local\{C2FD0737-4E49-4523-A00D-6EF1F1719904}
2013-10-22 17:15 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-22 06:23 - 2013-10-22 06:22 - 00000000 ____D C:\Users\user\AppData\Local\{B44403D1-033C-49DF-82A6-111D08FF323F}
2013-10-21 18:19 - 2013-10-21 18:19 - 00000000 ____D C:\Users\user\AppData\Local\{34247DEC-02BC-472A-A36A-DD93ED451F8C}
2013-10-20 21:07 - 2013-10-20 21:07 - 00000000 ____D C:\Users\user\AppData\Local\{C3EA2EC2-D91C-4493-98EF-2CAF3256FED8}
2013-10-19 21:16 - 2013-10-19 21:16 - 00000000 ____D C:\Users\user\AppData\Local\{E5318ECB-D6B5-447E-952F-82856247230F}
2013-10-19 09:15 - 2013-10-19 09:14 - 00000000 ____D C:\Users\user\AppData\Local\{56D2F8AC-662E-4ED0-BF08-2CE2B58D33AF}
2013-10-18 13:22 - 2013-05-09 09:03 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-18 07:02 - 2013-10-18 07:02 - 00000000 ____D C:\Users\user\AppData\Local\{BB072A53-8525-424B-A56E-5E8BC79B0E54}
2013-10-17 19:02 - 2013-10-17 19:01 - 00000000 ____D C:\Users\user\AppData\Local\{A76222C4-73E5-4DF9-BE46-0A367039E859}
2013-10-17 07:01 - 2013-10-17 07:01 - 00000000 ____D C:\Users\user\AppData\Local\{145876D8-3FF5-4A7F-8C24-C6124400A1EF}
2013-10-15 19:52 - 2013-10-15 19:52 - 00000000 ____D C:\Users\user\AppData\Local\{BFBF9CD1-C538-4DA7-A92C-13ED08F401FE}
2013-10-15 08:27 - 2013-05-09 09:02 - 00004040 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-15 08:27 - 2013-05-09 09:02 - 00003788 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-15 07:52 - 2013-10-15 07:52 - 00000000 ____D C:\Users\user\AppData\Local\{26EB9470-CAA5-4E38-8C59-51380A317C24}
2013-10-14 18:20 - 2013-10-14 18:20 - 00000000 ____D C:\Users\user\AppData\Local\{2BB1C654-08EC-4DD9-B8C8-9605A69738E3}
2013-10-13 09:21 - 2013-10-13 09:20 - 00000000 ____D C:\Users\user\AppData\Local\{B8DE15EE-4057-4654-B01B-1518FB281001}
2013-10-12 09:12 - 2013-10-12 09:12 - 00000000 ____D C:\Users\user\AppData\Local\{B423CCCC-7174-4485-A4B5-77CE77D211EF}
2013-10-12 09:01 - 2013-07-23 18:35 - 00002316 _____ C:\Windows\PFRO.log
2013-10-11 17:26 - 2012-02-26 16:48 - 00000000 ____D C:\Users\user\AppData\Local\Google
2013-10-11 10:43 - 2013-10-11 10:42 - 00000000 ____D C:\Users\user\AppData\Local\{15A14214-F212-42F5-883A-AC3411939E77}
2013-10-10 21:38 - 2013-10-10 21:38 - 00000000 ____D C:\Users\user\AppData\Local\{3BA55975-99FF-4871-8C4E-AEB13EF8EF3D}
2013-10-10 21:33 - 2009-07-14 05:45 - 00295416 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-10 13:35 - 2011-06-17 10:21 - 01669808 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 13:15 - 2013-07-17 13:04 - 00000000 ____D C:\Windows\System32\MRT
2013-10-10 13:15 - 2011-06-17 07:17 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-10 08:12 - 2013-10-10 08:12 - 00000000 ____D C:\Users\user\AppData\Local\{60862C38-823C-499D-8045-7A433473E7AD}
2013-10-09 20:03 - 2013-10-09 20:03 - 00000000 ____D C:\Users\user\AppData\Local\{248A4E62-240F-486C-A50C-8C6F84457AF5}
2013-10-09 09:31 - 2012-04-04 07:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 09:31 - 2012-04-04 07:42 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 09:31 - 2011-06-16 09:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 08:03 - 2013-10-09 08:03 - 00000000 ____D C:\Users\user\AppData\Local\{FCCF937A-89B3-492B-A83A-5D96E4F33437}
2013-10-08 19:33 - 2013-10-08 19:32 - 00000000 ____D C:\Users\user\AppData\Local\{42C736FD-F14A-4BAF-A7B8-F1B5A49A3F84}
2013-10-08 07:32 - 2013-10-08 07:32 - 00000000 ____D C:\Users\user\AppData\Local\{827EACD6-7989-4884-86A5-E8F681DCC938}
2013-10-07 07:46 - 2013-10-07 07:46 - 00000000 ____D C:\Users\user\AppData\Local\Avg2014
2013-10-07 07:36 - 2013-10-07 07:36 - 00000000 ____D C:\Users\user\AppData\Local\{495A3CEE-51E1-4445-B359-E7E59A196AFA}
2013-10-06 16:08 - 2013-10-06 16:08 - 00000000 ____D C:\Users\user\AppData\Local\{58C38A72-A4AF-41A3-9B6D-301D32024C6B}
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 ____D C:\Users\user\AppData\Local\{70A32007-ADA6-4082-8930-A031EE0A57C6}
2013-10-04 19:00 - 2013-10-04 19:00 - 00000000 ____D C:\Users\user\AppData\Local\{72ED392B-F7D4-42F8-9B15-19033719B7BC}
2013-10-04 06:47 - 2013-10-04 06:47 - 00000000 ____D C:\Users\user\AppData\Local\{0B3F20D9-BF24-4760-84EC-9F1B7B82AAA2}
2013-10-03 18:47 - 2013-10-03 18:46 - 00000000 ____D C:\Users\user\AppData\Local\{CCF3D9E6-0E83-419A-8125-62A926382D4C}
2013-10-03 06:46 - 2013-10-03 06:46 - 00000000 ____D C:\Users\user\AppData\Local\{F14912CE-5974-456F-9B50-2BB96452BCFF}
2013-10-02 18:37 - 2013-10-02 18:37 - 00000000 ____D C:\Users\user\AppData\Local\{31770DAF-49A0-4320-B636-A111393EB132}
2013-10-02 06:37 - 2013-10-02 06:37 - 00000000 ____D C:\Users\user\AppData\Local\{33D6F9E3-FB48-468F-B5B9-F9F478FE12DB}
2013-10-02 06:20 - 2013-01-23 12:18 - 00046368 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Users\user\AppData\Local\{B6159716-B150-4FAF-A53D-10D134C1EF8F}
2013-09-30 20:12 - 2013-09-30 20:11 - 00000000 ____D C:\Users\user\AppData\Local\{8A8FBB26-F29A-4C3E-BD62-A7BC7A4BA525}
2013-09-30 08:11 - 2013-09-30 08:11 - 00000000 ____D C:\Users\user\AppData\Local\{0563E106-7F3D-4245-9CE1-59A06FE0DDBD}

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

3
Restore point made on: 2013-09-12 13:49:25
Restore point made on: 2013-10-10 13:01:48
Restore point made on: 2013-10-26 17:05:59

==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 1782.71 MB
Available physical RAM: 1247.15 MB
Total Pagefile: 1782.71 MB
Available Pagefile: 1241.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.45 GB) (Free:109.24 GB) NTFS
Drive d: (Dane) (Fixed) (Total:143.66 GB) (Free:121.34 GB) NTFS
Drive f: (kopia systemu) (Fixed) (Total:4.88 GB) (Free:1.91 GB) NTFS
Drive h: () (Removable) (Total:1.87 GB) (Free:1.85 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 09B2811E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

LastRegBack: 2013-09-15 19:02

==================== End Of Log ============================

FRST.txt

filutka78 · 30 Października 2013

----------->>@parek64

1. Otwórz Notatnik i wklej w nim:

C:\Users\user\AppData\Roaming\Other.res

Plik zapisz pod nazwą fixlist.txt. Umieść obok narzędzia FRST.

2. Uruchom FRST, wskaż mu Windows 7 jako system do naprawy, wybierz opcję Fix. Powstanie plik fixlog.txt.

Daj go.

Spróbuj wejść w Tryb normalny.

Jeśli się uda, to:

Odinstaluj niepotrzebny AVG Secure Search (nie pomyl z AVG 2013!)

Potem zrób logi z normalnego FRST.

F.

parek64 · 30 Października 2013

----------->>@parek64

1. Otwórz Notatnik i wklej w nim:

Plik zapisz pod nazwą fixlist.txt. Umieść obok narzędzia FRST.

2. Uruchom FRST, wskaż mu Windows 7 jako system do naprawy, wybierz opcję Fix. Powstanie plik fixlog.txt.
Daj go.
Spróbuj wejść w Tryb normalny.
Jeśli się uda, to:
Odinstaluj niepotrzebny AVG Secure Search (nie pomyl z AVG 2013!)

Potem zrób logi z normalnego FRST.

F.

Odpalił:)Wielkie dzięki

poniżej fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013
Ran by SYSTEM at 2013-10-30 07:56:38 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
C:\Users\user\AppData\Roaming\Other.res

*****************

C:\Users\user\AppData\Roaming\Other.res => Moved successfully.

==== End of Fixlog ====

jeszcze mam wrzucić loga z FRST?

filutka78 · 30 Października 2013

----------->>@parek64

tak, ale zrobionego z normalnego FRST a nie bootowalnego http://forum.pclab.pl/topic/893302-WA%C5%BBNE-Wymagane-logi-systemowe-w-tym-dziale/page__p__11808087entry11808087

Chodzi o to, że w logu bootowalnego FRST nie było klucza tej infekcji, może w normalnym będzie widoczny?

F.

parek64 · 30 Października 2013

----------->>@parek64

tak, ale zrobionego z normalnego FRST a nie bootowalnego http://forum.pclab.pl/topic/893302-WA%C5%BBNE-Wymagane-logi-systemowe-w-tym-dziale/page__p__11808087entry11808087
Chodzi o to, że w logu bootowalnego FRST nie było klucza tej infekcji, może w normalnym będzie widoczny?

F.

1. FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by user (administrator) on PREZES on 30-10-2013 07:38:51
Running from D:\Instal
Windows 7 Professional Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe
(AVEO) C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicator.exe
(Malwarebytes Corporation) d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HP Deskjet 5520 series (NET)] - C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe
HKLM-x32\...\Run: [AveoSTI.exe] - C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [32768 2010-12-02] (AVEO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-10-02] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP COLOR.lnk
ShortcutTarget: Powiadomienia monitorowania tuszu - HP COLOR.lnk -> C:\Program Files\HP\HP Deskjet 5520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Pomocnik logowania za pomocÄ… identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://xnetos.pl/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1

Chrome:
=======
CHR HomePage: hxxp://www.wp.pl/?homepage
CHR RestoreOnStartup: "hxxp://www.wp.pl/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AVG Secure Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [348672 2010-12-31] (AVEO Corp)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
R3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( )
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [199168 2009-10-06] ( )
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [126720 2012-03-28] (Gemalto)
R3 NUS_Bus64; C:\Windows\System32\DRIVERS\NUS_Bus64.sys [34816 2011-10-14] (Elite Silicon Technology Inc.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-30 07:29 - 2013-10-30 07:29 - 00023659 _____ C:\ComboFix.txt
2013-10-30 07:11 - 2013-10-30 07:11 - 00000000 ____D C:\FRST
2013-10-30 07:10 - 2013-10-30 07:29 - 00000000 ____D C:\Qoobox
2013-10-30 07:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-30 07:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-30 07:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-30 07:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-30 07:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-30 07:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-30 07:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-30 07:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-30 07:09 - 2013-10-30 07:26 - 00000000 ____D C:\Windows\erdnt
2013-10-27 16:08 - 2013-10-27 16:08 - 00000000 ____D C:\Users\user\AppData\Local\{4AEFD6DE-D7AE-4975-9DC6-AD0798D22149}
2013-10-26 09:59 - 2013-10-26 09:59 - 00000000 ____D C:\Users\user\AppData\Local\{124CCDE8-F0A1-4C0E-BB7E-0BAA308B5539}
2013-10-25 19:30 - 2013-10-25 19:30 - 00000000 ____D C:\Users\user\AppData\Local\{3199D339-B04A-4622-83BA-74F9F75C2B4D}
2013-10-25 06:43 - 2013-10-25 06:43 - 00000000 ____D C:\Users\user\AppData\Local\{9B9AB3AD-D1D1-4D6C-B1FC-D1CE28A92BAD}
2013-10-24 07:16 - 2013-10-24 07:16 - 00000000 ____D C:\Users\user\AppData\Local\{07B9C6D4-597F-4F5A-8F02-55B45BB0ED46}
2013-10-23 19:15 - 2013-10-23 19:16 - 00000000 ____D C:\Users\user\AppData\Local\{C7E92F17-43B8-4BC5-B59E-273781D7E39F}
2013-10-23 07:15 - 2013-10-23 07:15 - 00000000 ____D C:\Users\user\AppData\Local\{6E114C90-8A3D-4800-8B7C-BB63D0F99E90}
2013-10-22 18:38 - 2013-10-22 18:39 - 00000000 ____D C:\Users\user\AppData\Local\{C2FD0737-4E49-4523-A00D-6EF1F1719904}
2013-10-22 06:22 - 2013-10-22 06:23 - 00000000 ____D C:\Users\user\AppData\Local\{B44403D1-033C-49DF-82A6-111D08FF323F}
2013-10-21 18:19 - 2013-10-21 18:19 - 00000000 ____D C:\Users\user\AppData\Local\{34247DEC-02BC-472A-A36A-DD93ED451F8C}
2013-10-20 21:07 - 2013-10-20 21:07 - 00000000 ____D C:\Users\user\AppData\Local\{C3EA2EC2-D91C-4493-98EF-2CAF3256FED8}
2013-10-19 21:16 - 2013-10-19 21:16 - 00000000 ____D C:\Users\user\AppData\Local\{E5318ECB-D6B5-447E-952F-82856247230F}
2013-10-19 09:14 - 2013-10-19 09:15 - 00000000 ____D C:\Users\user\AppData\Local\{56D2F8AC-662E-4ED0-BF08-2CE2B58D33AF}
2013-10-18 07:02 - 2013-10-18 07:02 - 00000000 ____D C:\Users\user\AppData\Local\{BB072A53-8525-424B-A56E-5E8BC79B0E54}
2013-10-17 19:01 - 2013-10-17 19:02 - 00000000 ____D C:\Users\user\AppData\Local\{A76222C4-73E5-4DF9-BE46-0A367039E859}
2013-10-17 07:01 - 2013-10-17 07:01 - 00000000 ____D C:\Users\user\AppData\Local\{145876D8-3FF5-4A7F-8C24-C6124400A1EF}
2013-10-15 19:52 - 2013-10-15 19:52 - 00000000 ____D C:\Users\user\AppData\Local\{BFBF9CD1-C538-4DA7-A92C-13ED08F401FE}
2013-10-15 07:52 - 2013-10-15 07:52 - 00000000 ____D C:\Users\user\AppData\Local\{26EB9470-CAA5-4E38-8C59-51380A317C24}
2013-10-14 18:20 - 2013-10-14 18:20 - 00000000 ____D C:\Users\user\AppData\Local\{2BB1C654-08EC-4DD9-B8C8-9605A69738E3}
2013-10-13 09:20 - 2013-10-13 09:21 - 00000000 ____D C:\Users\user\AppData\Local\{B8DE15EE-4057-4654-B01B-1518FB281001}
2013-10-12 09:12 - 2013-10-12 09:12 - 00000000 ____D C:\Users\user\AppData\Local\{B423CCCC-7174-4485-A4B5-77CE77D211EF}
2013-10-11 10:42 - 2013-10-11 10:43 - 00000000 ____D C:\Users\user\AppData\Local\{15A14214-F212-42F5-883A-AC3411939E77}
2013-10-10 21:38 - 2013-10-10 21:38 - 00000000 ____D C:\Users\user\AppData\Local\{3BA55975-99FF-4871-8C4E-AEB13EF8EF3D}
2013-10-10 13:39 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 13:39 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 13:39 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 13:39 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 13:39 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 13:39 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 13:39 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 13:39 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 13:39 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 13:39 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 08:12 - 2013-10-10 08:12 - 00000000 ____D C:\Users\user\AppData\Local\{60862C38-823C-499D-8045-7A433473E7AD}
2013-10-10 06:50 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 06:50 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 06:50 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 06:50 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 06:50 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 06:50 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 06:50 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 06:50 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 06:50 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 06:50 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 06:50 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 06:50 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 06:50 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 06:50 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 06:50 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 06:50 - 2013-08-29 02:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2013-10-10 06:50 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 06:50 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 06:50 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 06:50 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 06:50 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 06:50 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 06:50 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 06:50 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 06:50 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 06:50 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 06:50 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 06:50 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 06:50 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 06:50 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 06:50 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 06:50 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 06:50 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 06:50 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 06:50 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 06:50 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 06:50 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 06:50 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 06:50 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 06:50 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 06:50 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 06:50 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 06:50 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 06:50 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 06:50 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 06:50 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 06:50 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 06:50 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 20:03 - 2013-10-09 20:03 - 00000000 ____D C:\Users\user\AppData\Local\{248A4E62-240F-486C-A50C-8C6F84457AF5}
2013-10-09 08:03 - 2013-10-09 08:03 - 00000000 ____D C:\Users\user\AppData\Local\{FCCF937A-89B3-492B-A83A-5D96E4F33437}
2013-10-08 19:32 - 2013-10-08 19:33 - 00000000 ____D C:\Users\user\AppData\Local\{42C736FD-F14A-4BAF-A7B8-F1B5A49A3F84}
2013-10-08 07:32 - 2013-10-08 07:32 - 00000000 ____D C:\Users\user\AppData\Local\{827EACD6-7989-4884-86A5-E8F681DCC938}
2013-10-07 07:46 - 2013-10-07 07:46 - 00000000 ____D C:\Users\user\AppData\Local\Avg2014
2013-10-07 07:36 - 2013-10-07 07:36 - 00000000 ____D C:\Users\user\AppData\Local\{495A3CEE-51E1-4445-B359-E7E59A196AFA}
2013-10-06 16:08 - 2013-10-06 16:08 - 00000000 ____D C:\Users\user\AppData\Local\{58C38A72-A4AF-41A3-9B6D-301D32024C6B}
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 ____D C:\Users\user\AppData\Local\{70A32007-ADA6-4082-8930-A031EE0A57C6}
2013-10-04 19:00 - 2013-10-04 19:00 - 00000000 ____D C:\Users\user\AppData\Local\{72ED392B-F7D4-42F8-9B15-19033719B7BC}
2013-10-04 06:47 - 2013-10-04 06:47 - 00000000 ____D C:\Users\user\AppData\Local\{0B3F20D9-BF24-4760-84EC-9F1B7B82AAA2}
2013-10-03 18:46 - 2013-10-03 18:47 - 00000000 ____D C:\Users\user\AppData\Local\{CCF3D9E6-0E83-419A-8125-62A926382D4C}
2013-10-03 06:46 - 2013-10-03 06:46 - 00000000 ____D C:\Users\user\AppData\Local\{F14912CE-5974-456F-9B50-2BB96452BCFF}
2013-10-02 18:37 - 2013-10-02 18:37 - 00000000 ____D C:\Users\user\AppData\Local\{31770DAF-49A0-4320-B636-A111393EB132}
2013-10-02 06:37 - 2013-10-02 06:37 - 00000000 ____D C:\Users\user\AppData\Local\{33D6F9E3-FB48-468F-B5B9-F9F478FE12DB}
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Users\user\AppData\Local\{B6159716-B150-4FAF-A53D-10D134C1EF8F}
2013-09-30 20:11 - 2013-09-30 20:12 - 00000000 ____D C:\Users\user\AppData\Local\{8A8FBB26-F29A-4C3E-BD62-A7BC7A4BA525}
2013-09-30 08:11 - 2013-09-30 08:11 - 00000000 ____D C:\Users\user\AppData\Local\{0563E106-7F3D-4245-9CE1-59A06FE0DDBD}

==================== One Month Modified Files and Folders =======

2013-10-30 07:36 - 2011-06-16 09:20 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{929F28D0-2C14-4C81-8B51-C3613FA77575}
2013-10-30 07:32 - 2013-05-09 09:02 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 07:31 - 2012-04-04 07:42 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 07:31 - 2009-07-14 19:09 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-30 07:30 - 2012-12-18 16:05 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-10-30 07:30 - 2011-06-14 21:57 - 00000000 ____D C:\Windows\Panther
2013-10-30 07:29 - 2013-10-30 07:29 - 00023659 _____ C:\ComboFix.txt
2013-10-30 07:29 - 2013-10-30 07:10 - 00000000 ____D C:\Qoobox
2013-10-30 07:29 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-10-30 07:27 - 2011-06-14 21:01 - 01439696 ____N C:\Windows\WindowsUpdate.log
2013-10-30 07:26 - 2013-10-30 07:09 - 00000000 ____D C:\Windows\erdnt
2013-10-30 07:25 - 2009-07-14 05:45 - 00016032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 07:25 - 2009-07-14 05:45 - 00016032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 07:24 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-10-30 07:11 - 2013-10-30 07:11 - 00000000 ____D C:\FRST
2013-10-30 07:06 - 2012-11-27 12:07 - 00000000 ____D C:\ProgramData\MFAData
2013-10-30 07:06 - 2009-07-14 18:55 - 00748186 _____ C:\Windows\system32\perfh015.dat
2013-10-30 07:06 - 2009-07-14 18:55 - 00160720 _____ C:\Windows\system32\perfc015.dat
2013-10-30 07:06 - 2009-07-14 06:13 - 01693670 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-30 06:59 - 2013-05-09 09:02 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 06:59 - 2013-01-23 12:18 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-10-30 06:59 - 2012-11-27 12:24 - 00000000 ____D C:\Users\user\AppData\Roaming\AVG2013
2013-10-30 06:59 - 2011-06-14 15:05 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-30 06:59 - 2011-06-14 15:05 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-30 06:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2013-10-30 06:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-30 06:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-30 06:58 - 2013-01-23 12:18 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-10-30 06:58 - 2012-05-14 12:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-30 06:58 - 2012-05-14 12:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-30 06:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-30 06:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-30 06:58 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-27 16:08 - 2013-10-27 16:08 - 00000000 ____D C:\Users\user\AppData\Local\{4AEFD6DE-D7AE-4975-9DC6-AD0798D22149}
2013-10-26 09:59 - 2013-10-26 09:59 - 00000000 ____D C:\Users\user\AppData\Local\{124CCDE8-F0A1-4C0E-BB7E-0BAA308B5539}
2013-10-25 19:30 - 2013-10-25 19:30 - 00000000 ____D C:\Users\user\AppData\Local\{3199D339-B04A-4622-83BA-74F9F75C2B4D}
2013-10-25 06:43 - 2013-10-25 06:43 - 00000000 ____D C:\Users\user\AppData\Local\{9B9AB3AD-D1D1-4D6C-B1FC-D1CE28A92BAD}
2013-10-24 07:16 - 2013-10-24 07:16 - 00000000 ____D C:\Users\user\AppData\Local\{07B9C6D4-597F-4F5A-8F02-55B45BB0ED46}
2013-10-23 19:16 - 2013-10-23 19:15 - 00000000 ____D C:\Users\user\AppData\Local\{C7E92F17-43B8-4BC5-B59E-273781D7E39F}
2013-10-23 07:15 - 2013-10-23 07:15 - 00000000 ____D C:\Users\user\AppData\Local\{6E114C90-8A3D-4800-8B7C-BB63D0F99E90}
2013-10-22 18:39 - 2013-10-22 18:38 - 00000000 ____D C:\Users\user\AppData\Local\{C2FD0737-4E49-4523-A00D-6EF1F1719904}
2013-10-22 17:15 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-22 06:23 - 2013-10-22 06:22 - 00000000 ____D C:\Users\user\AppData\Local\{B44403D1-033C-49DF-82A6-111D08FF323F}
2013-10-21 18:19 - 2013-10-21 18:19 - 00000000 ____D C:\Users\user\AppData\Local\{34247DEC-02BC-472A-A36A-DD93ED451F8C}
2013-10-20 21:07 - 2013-10-20 21:07 - 00000000 ____D C:\Users\user\AppData\Local\{C3EA2EC2-D91C-4493-98EF-2CAF3256FED8}
2013-10-19 21:16 - 2013-10-19 21:16 - 00000000 ____D C:\Users\user\AppData\Local\{E5318ECB-D6B5-447E-952F-82856247230F}
2013-10-19 09:15 - 2013-10-19 09:14 - 00000000 ____D C:\Users\user\AppData\Local\{56D2F8AC-662E-4ED0-BF08-2CE2B58D33AF}
2013-10-18 07:02 - 2013-10-18 07:02 - 00000000 ____D C:\Users\user\AppData\Local\{BB072A53-8525-424B-A56E-5E8BC79B0E54}
2013-10-17 19:02 - 2013-10-17 19:01 - 00000000 ____D C:\Users\user\AppData\Local\{A76222C4-73E5-4DF9-BE46-0A367039E859}
2013-10-17 07:01 - 2013-10-17 07:01 - 00000000 ____D C:\Users\user\AppData\Local\{145876D8-3FF5-4A7F-8C24-C6124400A1EF}
2013-10-15 19:52 - 2013-10-15 19:52 - 00000000 ____D C:\Users\user\AppData\Local\{BFBF9CD1-C538-4DA7-A92C-13ED08F401FE}
2013-10-15 08:27 - 2013-05-09 09:02 - 00004040 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-15 08:27 - 2013-05-09 09:02 - 00003788 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-15 07:52 - 2013-10-15 07:52 - 00000000 ____D C:\Users\user\AppData\Local\{26EB9470-CAA5-4E38-8C59-51380A317C24}
2013-10-14 18:20 - 2013-10-14 18:20 - 00000000 ____D C:\Users\user\AppData\Local\{2BB1C654-08EC-4DD9-B8C8-9605A69738E3}
2013-10-13 09:21 - 2013-10-13 09:20 - 00000000 ____D C:\Users\user\AppData\Local\{B8DE15EE-4057-4654-B01B-1518FB281001}
2013-10-12 09:12 - 2013-10-12 09:12 - 00000000 ____D C:\Users\user\AppData\Local\{B423CCCC-7174-4485-A4B5-77CE77D211EF}
2013-10-11 17:26 - 2012-02-26 16:48 - 00000000 ____D C:\Users\user\AppData\Local\Google
2013-10-11 10:43 - 2013-10-11 10:42 - 00000000 ____D C:\Users\user\AppData\Local\{15A14214-F212-42F5-883A-AC3411939E77}
2013-10-10 21:38 - 2013-10-10 21:38 - 00000000 ____D C:\Users\user\AppData\Local\{3BA55975-99FF-4871-8C4E-AEB13EF8EF3D}
2013-10-10 21:33 - 2009-07-14 05:45 - 00295416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 13:35 - 2011-06-17 10:21 - 01669808 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 13:22 - 2013-07-17 13:04 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 13:15 - 2011-06-17 07:17 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 08:12 - 2013-10-10 08:12 - 00000000 ____D C:\Users\user\AppData\Local\{60862C38-823C-499D-8045-7A433473E7AD}
2013-10-09 20:03 - 2013-10-09 20:03 - 00000000 ____D C:\Users\user\AppData\Local\{248A4E62-240F-486C-A50C-8C6F84457AF5}
2013-10-09 09:31 - 2012-04-04 07:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 09:31 - 2012-04-04 07:42 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 09:31 - 2011-06-16 09:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 08:03 - 2013-10-09 08:03 - 00000000 ____D C:\Users\user\AppData\Local\{FCCF937A-89B3-492B-A83A-5D96E4F33437}
2013-10-08 19:33 - 2013-10-08 19:32 - 00000000 ____D C:\Users\user\AppData\Local\{42C736FD-F14A-4BAF-A7B8-F1B5A49A3F84}
2013-10-08 07:32 - 2013-10-08 07:32 - 00000000 ____D C:\Users\user\AppData\Local\{827EACD6-7989-4884-86A5-E8F681DCC938}
2013-10-07 07:46 - 2013-10-07 07:46 - 00000000 ____D C:\Users\user\AppData\Local\Avg2014
2013-10-07 07:36 - 2013-10-07 07:36 - 00000000 ____D C:\Users\user\AppData\Local\{495A3CEE-51E1-4445-B359-E7E59A196AFA}
2013-10-06 16:08 - 2013-10-06 16:08 - 00000000 ____D C:\Users\user\AppData\Local\{58C38A72-A4AF-41A3-9B6D-301D32024C6B}
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 ____D C:\Users\user\AppData\Local\{70A32007-ADA6-4082-8930-A031EE0A57C6}
2013-10-04 19:00 - 2013-10-04 19:00 - 00000000 ____D C:\Users\user\AppData\Local\{72ED392B-F7D4-42F8-9B15-19033719B7BC}
2013-10-04 06:47 - 2013-10-04 06:47 - 00000000 ____D C:\Users\user\AppData\Local\{0B3F20D9-BF24-4760-84EC-9F1B7B82AAA2}
2013-10-03 18:47 - 2013-10-03 18:46 - 00000000 ____D C:\Users\user\AppData\Local\{CCF3D9E6-0E83-419A-8125-62A926382D4C}
2013-10-03 06:46 - 2013-10-03 06:46 - 00000000 ____D C:\Users\user\AppData\Local\{F14912CE-5974-456F-9B50-2BB96452BCFF}
2013-10-02 18:37 - 2013-10-02 18:37 - 00000000 ____D C:\Users\user\AppData\Local\{31770DAF-49A0-4320-B636-A111393EB132}
2013-10-02 06:37 - 2013-10-02 06:37 - 00000000 ____D C:\Users\user\AppData\Local\{33D6F9E3-FB48-468F-B5B9-F9F478FE12DB}
2013-10-02 06:20 - 2013-01-23 12:18 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Users\user\AppData\Local\{B6159716-B150-4FAF-A53D-10D134C1EF8F}
2013-09-30 20:12 - 2013-09-30 20:11 - 00000000 ____D C:\Users\user\AppData\Local\{8A8FBB26-F29A-4C3E-BD62-A7BC7A4BA525}
2013-09-30 08:11 - 2013-09-30 08:11 - 00000000 ____D C:\Users\user\AppData\Local\{0563E106-7F3D-4245-9CE1-59A06FE0DDBD}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-15 19:02

==================== End Of Log ============================

Nie wiem jeszcze jak usunąć AVG Secure Search. Nie ma go w opcjach do odinstalowania.

Jeszcze raz log FRST po przeskanowaniu ADWCLEANER

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by user (administrator) on PREZES on 30-10-2013 09:57:09
Running from D:\Instal
Windows 7 Professional Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVEO) C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HP Deskjet 5520 series (NET)] - C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe
HKLM-x32\...\Run: [AveoSTI.exe] - C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [32768 2010-12-02] (AVEO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP COLOR.lnk
ShortcutTarget: Powiadomienia monitorowania tuszu - HP COLOR.lnk -> C:\Program Files\HP\HP Deskjet 5520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://xnetos.pl/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1

Chrome:
=======
CHR HomePage: hxxp://www.wp.pl/?homepage
CHR RestoreOnStartup: "hxxp://www.wp.pl/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)

==================== Drivers (Whitelisted) ====================

S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [348672 2010-12-31] (AVEO Corp)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
R3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( )
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [199168 2009-10-06] ( )
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [126720 2012-03-28] (Gemalto)
R3 NUS_Bus64; C:\Windows\System32\DRIVERS\NUS_Bus64.sys [34816 2011-10-14] (Elite Silicon Technology Inc.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-30 07:53 - 2013-10-30 07:53 - 00000056 _____ C:\Windows\setupact.log
2013-10-30 07:53 - 2013-10-30 07:53 - 00000000 _____ C:\Windows\setuperr.log
2013-10-30 07:52 - 2013-10-30 07:52 - 00000552 _____ C:\Windows\PFRO.log
2013-10-30 07:48 - 2013-10-30 07:50 - 00000000 ____D C:\AdwCleaner
2013-10-30 07:29 - 2013-10-30 07:29 - 00023659 _____ C:\ComboFix.txt
2013-10-30 07:11 - 2013-10-30 07:11 - 00000000 ____D C:\FRST
2013-10-30 07:10 - 2013-10-30 07:29 - 00000000 ____D C:\Qoobox
2013-10-30 07:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-30 07:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-30 07:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-30 07:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-30 07:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-30 07:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-30 07:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-30 07:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-30 07:09 - 2013-10-30 07:26 - 00000000 ____D C:\Windows\erdnt
2013-10-27 16:08 - 2013-10-27 16:08 - 00000000 ____D C:\Users\user\AppData\Local\{4AEFD6DE-D7AE-4975-9DC6-AD0798D22149}
2013-10-26 09:59 - 2013-10-26 09:59 - 00000000 ____D C:\Users\user\AppData\Local\{124CCDE8-F0A1-4C0E-BB7E-0BAA308B5539}
2013-10-25 19:30 - 2013-10-25 19:30 - 00000000 ____D C:\Users\user\AppData\Local\{3199D339-B04A-4622-83BA-74F9F75C2B4D}
2013-10-25 06:43 - 2013-10-25 06:43 - 00000000 ____D C:\Users\user\AppData\Local\{9B9AB3AD-D1D1-4D6C-B1FC-D1CE28A92BAD}
2013-10-24 07:16 - 2013-10-24 07:16 - 00000000 ____D C:\Users\user\AppData\Local\{07B9C6D4-597F-4F5A-8F02-55B45BB0ED46}
2013-10-23 19:15 - 2013-10-23 19:16 - 00000000 ____D C:\Users\user\AppData\Local\{C7E92F17-43B8-4BC5-B59E-273781D7E39F}
2013-10-23 07:15 - 2013-10-23 07:15 - 00000000 ____D C:\Users\user\AppData\Local\{6E114C90-8A3D-4800-8B7C-BB63D0F99E90}
2013-10-22 18:38 - 2013-10-22 18:39 - 00000000 ____D C:\Users\user\AppData\Local\{C2FD0737-4E49-4523-A00D-6EF1F1719904}
2013-10-22 06:22 - 2013-10-22 06:23 - 00000000 ____D C:\Users\user\AppData\Local\{B44403D1-033C-49DF-82A6-111D08FF323F}
2013-10-21 18:19 - 2013-10-21 18:19 - 00000000 ____D C:\Users\user\AppData\Local\{34247DEC-02BC-472A-A36A-DD93ED451F8C}
2013-10-20 21:07 - 2013-10-20 21:07 - 00000000 ____D C:\Users\user\AppData\Local\{C3EA2EC2-D91C-4493-98EF-2CAF3256FED8}
2013-10-19 21:16 - 2013-10-19 21:16 - 00000000 ____D C:\Users\user\AppData\Local\{E5318ECB-D6B5-447E-952F-82856247230F}
2013-10-19 09:14 - 2013-10-19 09:15 - 00000000 ____D C:\Users\user\AppData\Local\{56D2F8AC-662E-4ED0-BF08-2CE2B58D33AF}
2013-10-18 07:02 - 2013-10-18 07:02 - 00000000 ____D C:\Users\user\AppData\Local\{BB072A53-8525-424B-A56E-5E8BC79B0E54}
2013-10-17 19:01 - 2013-10-17 19:02 - 00000000 ____D C:\Users\user\AppData\Local\{A76222C4-73E5-4DF9-BE46-0A367039E859}
2013-10-17 07:01 - 2013-10-17 07:01 - 00000000 ____D C:\Users\user\AppData\Local\{145876D8-3FF5-4A7F-8C24-C6124400A1EF}
2013-10-15 19:52 - 2013-10-15 19:52 - 00000000 ____D C:\Users\user\AppData\Local\{BFBF9CD1-C538-4DA7-A92C-13ED08F401FE}
2013-10-15 07:52 - 2013-10-15 07:52 - 00000000 ____D C:\Users\user\AppData\Local\{26EB9470-CAA5-4E38-8C59-51380A317C24}
2013-10-14 18:20 - 2013-10-14 18:20 - 00000000 ____D C:\Users\user\AppData\Local\{2BB1C654-08EC-4DD9-B8C8-9605A69738E3}
2013-10-13 09:20 - 2013-10-13 09:21 - 00000000 ____D C:\Users\user\AppData\Local\{B8DE15EE-4057-4654-B01B-1518FB281001}
2013-10-12 09:12 - 2013-10-12 09:12 - 00000000 ____D C:\Users\user\AppData\Local\{B423CCCC-7174-4485-A4B5-77CE77D211EF}
2013-10-11 10:42 - 2013-10-11 10:43 - 00000000 ____D C:\Users\user\AppData\Local\{15A14214-F212-42F5-883A-AC3411939E77}
2013-10-10 21:38 - 2013-10-10 21:38 - 00000000 ____D C:\Users\user\AppData\Local\{3BA55975-99FF-4871-8C4E-AEB13EF8EF3D}
2013-10-10 13:39 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 13:39 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 13:39 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 13:39 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 13:39 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 13:39 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 13:39 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 13:39 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 13:39 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 13:39 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 13:39 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 13:39 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 08:12 - 2013-10-10 08:12 - 00000000 ____D C:\Users\user\AppData\Local\{60862C38-823C-499D-8045-7A433473E7AD}
2013-10-10 06:50 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 06:50 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 06:50 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 06:50 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 06:50 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 06:50 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 06:50 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 06:50 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 06:50 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 06:50 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 06:50 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 06:50 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 06:50 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 06:50 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 06:50 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 06:50 - 2013-08-29 02:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2013-10-10 06:50 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 06:50 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 06:50 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 06:50 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 06:50 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 06:50 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 06:50 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 06:50 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 06:50 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 06:50 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 06:50 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 06:50 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 06:50 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 06:50 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 06:50 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 06:50 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 06:50 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 06:50 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 06:50 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 06:50 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 06:50 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 06:50 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 06:50 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 06:50 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 06:50 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 06:50 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 06:50 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 06:50 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 06:50 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 06:50 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 06:50 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 06:50 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 20:03 - 2013-10-09 20:03 - 00000000 ____D C:\Users\user\AppData\Local\{248A4E62-240F-486C-A50C-8C6F84457AF5}
2013-10-09 08:03 - 2013-10-09 08:03 - 00000000 ____D C:\Users\user\AppData\Local\{FCCF937A-89B3-492B-A83A-5D96E4F33437}
2013-10-08 19:32 - 2013-10-08 19:33 - 00000000 ____D C:\Users\user\AppData\Local\{42C736FD-F14A-4BAF-A7B8-F1B5A49A3F84}
2013-10-08 07:32 - 2013-10-08 07:32 - 00000000 ____D C:\Users\user\AppData\Local\{827EACD6-7989-4884-86A5-E8F681DCC938}
2013-10-07 07:46 - 2013-10-07 07:46 - 00000000 ____D C:\Users\user\AppData\Local\Avg2014
2013-10-07 07:36 - 2013-10-07 07:36 - 00000000 ____D C:\Users\user\AppData\Local\{495A3CEE-51E1-4445-B359-E7E59A196AFA}
2013-10-06 16:08 - 2013-10-06 16:08 - 00000000 ____D C:\Users\user\AppData\Local\{58C38A72-A4AF-41A3-9B6D-301D32024C6B}
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 ____D C:\Users\user\AppData\Local\{70A32007-ADA6-4082-8930-A031EE0A57C6}
2013-10-04 19:00 - 2013-10-04 19:00 - 00000000 ____D C:\Users\user\AppData\Local\{72ED392B-F7D4-42F8-9B15-19033719B7BC}
2013-10-04 06:47 - 2013-10-04 06:47 - 00000000 ____D C:\Users\user\AppData\Local\{0B3F20D9-BF24-4760-84EC-9F1B7B82AAA2}
2013-10-03 18:46 - 2013-10-03 18:47 - 00000000 ____D C:\Users\user\AppData\Local\{CCF3D9E6-0E83-419A-8125-62A926382D4C}
2013-10-03 06:46 - 2013-10-03 06:46 - 00000000 ____D C:\Users\user\AppData\Local\{F14912CE-5974-456F-9B50-2BB96452BCFF}
2013-10-02 18:37 - 2013-10-02 18:37 - 00000000 ____D C:\Users\user\AppData\Local\{31770DAF-49A0-4320-B636-A111393EB132}
2013-10-02 06:37 - 2013-10-02 06:37 - 00000000 ____D C:\Users\user\AppData\Local\{33D6F9E3-FB48-468F-B5B9-F9F478FE12DB}
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Users\user\AppData\Local\{B6159716-B150-4FAF-A53D-10D134C1EF8F}
2013-09-30 20:11 - 2013-09-30 20:12 - 00000000 ____D C:\Users\user\AppData\Local\{8A8FBB26-F29A-4C3E-BD62-A7BC7A4BA525}
2013-09-30 08:11 - 2013-09-30 08:11 - 00000000 ____D C:\Users\user\AppData\Local\{0563E106-7F3D-4245-9CE1-59A06FE0DDBD}

==================== One Month Modified Files and Folders =======

2013-10-30 09:56 - 2011-06-16 09:20 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{929F28D0-2C14-4C81-8B51-C3613FA77575}
2013-10-30 07:53 - 2013-10-30 07:53 - 00000056 _____ C:\Windows\setupact.log
2013-10-30 07:53 - 2013-10-30 07:53 - 00000000 _____ C:\Windows\setuperr.log
2013-10-30 07:53 - 2013-05-09 09:02 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 07:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-30 07:52 - 2013-10-30 07:52 - 00000552 _____ C:\Windows\PFRO.log
2013-10-30 07:50 - 2013-10-30 07:48 - 00000000 ____D C:\AdwCleaner
2013-10-30 07:50 - 2011-06-14 21:01 - 01450092 _____ C:\Windows\WindowsUpdate.log
2013-10-30 07:32 - 2013-05-09 09:02 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 07:31 - 2012-04-04 07:42 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 07:31 - 2009-07-14 19:09 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-30 07:30 - 2012-12-18 16:05 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-10-30 07:30 - 2011-06-14 21:57 - 00000000 ____D C:\Windows\Panther
2013-10-30 07:29 - 2013-10-30 07:29 - 00023659 _____ C:\ComboFix.txt
2013-10-30 07:29 - 2013-10-30 07:10 - 00000000 ____D C:\Qoobox
2013-10-30 07:29 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-10-30 07:26 - 2013-10-30 07:09 - 00000000 ____D C:\Windows\erdnt
2013-10-30 07:25 - 2009-07-14 05:45 - 00016032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 07:25 - 2009-07-14 05:45 - 00016032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 07:24 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-10-30 07:11 - 2013-10-30 07:11 - 00000000 ____D C:\FRST
2013-10-30 07:06 - 2012-11-27 12:07 - 00000000 ____D C:\ProgramData\MFAData
2013-10-30 07:06 - 2009-07-14 18:55 - 00748186 _____ C:\Windows\system32\perfh015.dat
2013-10-30 07:06 - 2009-07-14 18:55 - 00160720 _____ C:\Windows\system32\perfc015.dat
2013-10-30 07:06 - 2009-07-14 06:13 - 01693670 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-30 06:59 - 2012-11-27 12:24 - 00000000 ____D C:\Users\user\AppData\Roaming\AVG2013
2013-10-30 06:59 - 2011-06-14 15:05 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-30 06:59 - 2011-06-14 15:05 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-30 06:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2013-10-30 06:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-30 06:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-30 06:58 - 2012-05-14 12:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-30 06:58 - 2012-05-14 12:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-30 06:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-30 06:58 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-27 16:08 - 2013-10-27 16:08 - 00000000 ____D C:\Users\user\AppData\Local\{4AEFD6DE-D7AE-4975-9DC6-AD0798D22149}
2013-10-26 09:59 - 2013-10-26 09:59 - 00000000 ____D C:\Users\user\AppData\Local\{124CCDE8-F0A1-4C0E-BB7E-0BAA308B5539}
2013-10-25 19:30 - 2013-10-25 19:30 - 00000000 ____D C:\Users\user\AppData\Local\{3199D339-B04A-4622-83BA-74F9F75C2B4D}
2013-10-25 06:43 - 2013-10-25 06:43 - 00000000 ____D C:\Users\user\AppData\Local\{9B9AB3AD-D1D1-4D6C-B1FC-D1CE28A92BAD}
2013-10-24 07:16 - 2013-10-24 07:16 - 00000000 ____D C:\Users\user\AppData\Local\{07B9C6D4-597F-4F5A-8F02-55B45BB0ED46}
2013-10-23 19:16 - 2013-10-23 19:15 - 00000000 ____D C:\Users\user\AppData\Local\{C7E92F17-43B8-4BC5-B59E-273781D7E39F}
2013-10-23 07:15 - 2013-10-23 07:15 - 00000000 ____D C:\Users\user\AppData\Local\{6E114C90-8A3D-4800-8B7C-BB63D0F99E90}
2013-10-22 18:39 - 2013-10-22 18:38 - 00000000 ____D C:\Users\user\AppData\Local\{C2FD0737-4E49-4523-A00D-6EF1F1719904}
2013-10-22 17:15 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-22 06:23 - 2013-10-22 06:22 - 00000000 ____D C:\Users\user\AppData\Local\{B44403D1-033C-49DF-82A6-111D08FF323F}
2013-10-21 18:19 - 2013-10-21 18:19 - 00000000 ____D C:\Users\user\AppData\Local\{34247DEC-02BC-472A-A36A-DD93ED451F8C}
2013-10-20 21:07 - 2013-10-20 21:07 - 00000000 ____D C:\Users\user\AppData\Local\{C3EA2EC2-D91C-4493-98EF-2CAF3256FED8}
2013-10-19 21:16 - 2013-10-19 21:16 - 00000000 ____D C:\Users\user\AppData\Local\{E5318ECB-D6B5-447E-952F-82856247230F}
2013-10-19 09:15 - 2013-10-19 09:14 - 00000000 ____D C:\Users\user\AppData\Local\{56D2F8AC-662E-4ED0-BF08-2CE2B58D33AF}
2013-10-18 07:02 - 2013-10-18 07:02 - 00000000 ____D C:\Users\user\AppData\Local\{BB072A53-8525-424B-A56E-5E8BC79B0E54}
2013-10-17 19:02 - 2013-10-17 19:01 - 00000000 ____D C:\Users\user\AppData\Local\{A76222C4-73E5-4DF9-BE46-0A367039E859}
2013-10-17 07:01 - 2013-10-17 07:01 - 00000000 ____D C:\Users\user\AppData\Local\{145876D8-3FF5-4A7F-8C24-C6124400A1EF}
2013-10-15 19:52 - 2013-10-15 19:52 - 00000000 ____D C:\Users\user\AppData\Local\{BFBF9CD1-C538-4DA7-A92C-13ED08F401FE}
2013-10-15 08:27 - 2013-05-09 09:02 - 00004040 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-15 08:27 - 2013-05-09 09:02 - 00003788 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-15 07:52 - 2013-10-15 07:52 - 00000000 ____D C:\Users\user\AppData\Local\{26EB9470-CAA5-4E38-8C59-51380A317C24}
2013-10-14 18:20 - 2013-10-14 18:20 - 00000000 ____D C:\Users\user\AppData\Local\{2BB1C654-08EC-4DD9-B8C8-9605A69738E3}
2013-10-13 09:21 - 2013-10-13 09:20 - 00000000 ____D C:\Users\user\AppData\Local\{B8DE15EE-4057-4654-B01B-1518FB281001}
2013-10-12 09:12 - 2013-10-12 09:12 - 00000000 ____D C:\Users\user\AppData\Local\{B423CCCC-7174-4485-A4B5-77CE77D211EF}
2013-10-11 17:26 - 2012-02-26 16:48 - 00000000 ____D C:\Users\user\AppData\Local\Google
2013-10-11 10:43 - 2013-10-11 10:42 - 00000000 ____D C:\Users\user\AppData\Local\{15A14214-F212-42F5-883A-AC3411939E77}
2013-10-10 21:38 - 2013-10-10 21:38 - 00000000 ____D C:\Users\user\AppData\Local\{3BA55975-99FF-4871-8C4E-AEB13EF8EF3D}
2013-10-10 21:33 - 2009-07-14 05:45 - 00295416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 13:35 - 2011-06-17 10:21 - 01669808 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 13:22 - 2013-07-17 13:04 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 13:15 - 2011-06-17 07:17 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 08:12 - 2013-10-10 08:12 - 00000000 ____D C:\Users\user\AppData\Local\{60862C38-823C-499D-8045-7A433473E7AD}
2013-10-09 20:03 - 2013-10-09 20:03 - 00000000 ____D C:\Users\user\AppData\Local\{248A4E62-240F-486C-A50C-8C6F84457AF5}
2013-10-09 09:31 - 2012-04-04 07:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 09:31 - 2012-04-04 07:42 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 09:31 - 2011-06-16 09:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 08:03 - 2013-10-09 08:03 - 00000000 ____D C:\Users\user\AppData\Local\{FCCF937A-89B3-492B-A83A-5D96E4F33437}
2013-10-08 19:33 - 2013-10-08 19:32 - 00000000 ____D C:\Users\user\AppData\Local\{42C736FD-F14A-4BAF-A7B8-F1B5A49A3F84}
2013-10-08 07:32 - 2013-10-08 07:32 - 00000000 ____D C:\Users\user\AppData\Local\{827EACD6-7989-4884-86A5-E8F681DCC938}
2013-10-07 07:46 - 2013-10-07 07:46 - 00000000 ____D C:\Users\user\AppData\Local\Avg2014
2013-10-07 07:36 - 2013-10-07 07:36 - 00000000 ____D C:\Users\user\AppData\Local\{495A3CEE-51E1-4445-B359-E7E59A196AFA}
2013-10-06 16:08 - 2013-10-06 16:08 - 00000000 ____D C:\Users\user\AppData\Local\{58C38A72-A4AF-41A3-9B6D-301D32024C6B}
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 ____D C:\Users\user\AppData\Local\{70A32007-ADA6-4082-8930-A031EE0A57C6}
2013-10-04 19:00 - 2013-10-04 19:00 - 00000000 ____D C:\Users\user\AppData\Local\{72ED392B-F7D4-42F8-9B15-19033719B7BC}
2013-10-04 06:47 - 2013-10-04 06:47 - 00000000 ____D C:\Users\user\AppData\Local\{0B3F20D9-BF24-4760-84EC-9F1B7B82AAA2}
2013-10-03 18:47 - 2013-10-03 18:46 - 00000000 ____D C:\Users\user\AppData\Local\{CCF3D9E6-0E83-419A-8125-62A926382D4C}
2013-10-03 06:46 - 2013-10-03 06:46 - 00000000 ____D C:\Users\user\AppData\Local\{F14912CE-5974-456F-9B50-2BB96452BCFF}
2013-10-02 18:37 - 2013-10-02 18:37 - 00000000 ____D C:\Users\user\AppData\Local\{31770DAF-49A0-4320-B636-A111393EB132}
2013-10-02 06:37 - 2013-10-02 06:37 - 00000000 ____D C:\Users\user\AppData\Local\{33D6F9E3-FB48-468F-B5B9-F9F478FE12DB}
2013-10-02 06:20 - 2013-01-23 12:18 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Users\user\AppData\Local\{B6159716-B150-4FAF-A53D-10D134C1EF8F}
2013-09-30 20:12 - 2013-09-30 20:11 - 00000000 ____D C:\Users\user\AppData\Local\{8A8FBB26-F29A-4C3E-BD62-A7BC7A4BA525}
2013-09-30 08:11 - 2013-09-30 08:11 - 00000000 ____D C:\Users\user\AppData\Local\{0563E106-7F3D-4245-9CE1-59A06FE0DDBD}

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-15 19:02

==================== End Of Log ============================

filutka78 · 30 Października 2013

----------->>@parek64

W tych logach także nie ma klucza infekcji, ale widzę, że masz ComboFixa - może on usunął ten klucz?

Otwórz Notatnik i wklej w nim:

C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
C:\Program Files (x86)\Common Files\AVG Secure Search
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
C:\ProgramData\AVG January 2013 Campaign
Task: {5BBE7B43-6276-493C-B66D-2DE874A55BB0} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
C:\Windows\system32\Drivers\avgtpx64.sys
D C:\Program Files (x86)\AVG Secure Search
C:\ProgramData\AVG Secure Search
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx
CHR Extension: (AVG Secure Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-10-02] ()

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt.

Nie dawaj już tego logu.

Potem kończymy:

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.

przez SHIFT+DEL usuń pozostały folder C:\FRST

F.

parek64 · 30 Października 2013

----------->>@parek64

W tych logach także nie ma klucza infekcji, ale widzę, że masz ComboFixa - może on usunął ten klucz?

Otwórz Notatnik i wklej w nim:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt.
Nie dawaj już tego logu.
Potem kończymy:
Otwórz Notatnik i wklej w nim:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST

F.

Użyłem Combofix-a i Adwcleaner

Instaluje mi się teraz nowa wersja AVG 2014. Po instalacji zrobię jeszcze to co dałeś powyżej. W miedzy czasie do poprzedniego postu wrzuciłem loga FRST po przeskanowaniu adwcleaner i usunął mi AVG Secure Search.

Dzięki za pomoc i cierpliwość.

eren · 30 Października 2013

Dziękuję za odpowiedź, wstawiam log (przy okazji zrozumiałem, co robiłem źle ostatnio...):

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by SYSTEM on MININT-0O50FIH on 30-10-2013 11:40:19
Running from D:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-11-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-11-25] (Atheros Commnucations)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2011-01-13] (Synaptics Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [4035152 2011-09-22] (ESET)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKU\aquirlan\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [880496 2012-05-26] (BitTorrent, Inc.)
HKU\aquirlan\...\Winlogon: [shell] explorer.exe,C:\Users\aquirlan\AppData\Roaming\Other.res [159232 2013-08-01] () <==== ATTENTION 

==================== Services (Whitelisted) =================

S2 DsiWMIService; C:\Program Files\launch manager\dsiwmis.exe [353360 2011-06-30] (Dritek System Inc.)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET)

==================== Drivers (Whitelisted) ====================

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-17] (DT Soft Ltd)
S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)
S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)
S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-30 11:39 - 2013-10-30 11:39 - 00000000 ____D C:\FRST
2013-10-18 00:29 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-18 00:29 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-18 00:29 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-18 00:29 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-18 00:28 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-18 00:28 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-18 00:28 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-18 00:28 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-18 00:28 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-18 00:28 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-18 00:28 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-18 00:28 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-18 00:28 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-18 00:28 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-18 00:28 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-18 00:28 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-18 00:28 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-18 00:28 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-18 00:28 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-18 00:28 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-18 00:28 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-18 00:28 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-18 00:28 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-18 00:28 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-18 00:28 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-18 00:28 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-18 00:28 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-18 00:28 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-18 00:27 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-18 00:27 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-18 00:27 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-10 00:56 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-10 00:56 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 00:55 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-10 00:55 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-10 00:55 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-10 00:55 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-10 00:55 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 00:55 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 00:55 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 00:55 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-10 00:55 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 00:55 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 00:48 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-10 00:48 - 2012-11-28 14:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-10-10 00:48 - 2012-11-28 14:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-10-10 00:48 - 2012-11-28 14:56 - 00000003 _____ C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-10 00:43 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-10 00:43 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-10 00:43 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-10 00:43 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-10 00:41 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-10 00:41 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-10 00:41 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 00:41 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-01 14:01 - 2013-10-16 10:41 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-01 13:52 - 2013-10-29 11:06 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-01 13:52 - 2013-10-29 11:05 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-01 13:52 - 2013-10-10 00:00 - 00004048 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-01 13:52 - 2013-10-10 00:00 - 00003796 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-01 13:52 - 2013-10-01 14:01 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Google
2013-10-01 13:52 - 2013-10-01 14:00 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-01 13:51 - 2013-10-01 13:55 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Deployment
2013-10-01 13:51 - 2013-10-01 13:51 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Apps\2.0

==================== One Month Modified Files and Folders =======

2013-10-30 11:39 - 2013-10-30 11:39 - 00000000 ____D C:\FRST
2013-10-29 11:06 - 2013-10-01 13:52 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-29 11:06 - 2011-10-18 02:18 - 00000000 ____D C:\Users\aquirlan\AppData\Roaming\uTorrent
2013-10-29 11:05 - 2013-10-01 13:52 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-29 11:05 - 2011-10-17 06:22 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-10-29 11:04 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 11:04 - 2009-07-13 20:51 - 00050828 _____ C:\Windows\setupact.log
2013-10-29 09:58 - 2011-12-05 01:13 - 00687574 _____ C:\Windows\System32\perfh015.dat
2013-10-29 09:58 - 2011-12-05 01:13 - 00131160 _____ C:\Windows\System32\perfc015.dat
2013-10-29 09:58 - 2009-07-13 21:13 - 01523412 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-29 08:43 - 2011-10-17 02:35 - 01213113 _____ C:\Windows\WindowsUpdate.log
2013-10-29 08:27 - 2011-10-24 02:42 - 00000000 ____D C:\Users\aquirlan\Documents\notatki
2013-10-29 08:26 - 2012-12-29 15:59 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-28 12:34 - 2013-09-26 00:46 - 00000000 ____D C:\Windows\rescache
2013-10-23 04:14 - 2011-10-17 04:38 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Microsoft Games
2013-10-20 14:28 - 2009-07-13 20:45 - 00013952 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 14:28 - 2009-07-13 20:45 - 00013952 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-18 11:22 - 2009-07-13 20:45 - 00419824 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-18 11:20 - 2012-06-11 01:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-18 11:20 - 2012-06-11 01:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-18 11:20 - 2011-10-17 10:51 - 00057714 _____ C:\Windows\PFRO.log
2013-10-18 00:39 - 2011-10-27 00:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-18 00:07 - 2013-08-22 01:03 - 00000000 ____D C:\Windows\System32\MRT
2013-10-18 00:07 - 2011-10-17 09:30 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-16 10:41 - 2013-10-01 14:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-11 01:22 - 2012-12-29 15:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 01:22 - 2012-12-29 15:59 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 01:22 - 2011-10-17 08:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-10 00:00 - 2013-10-01 13:52 - 00004048 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-10 00:00 - 2013-10-01 13:52 - 00003796 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-01 23:11 - 2011-10-26 12:06 - 00000000 ____D C:\Users\aquirlan\AppData\Local\CrashDumps
2013-10-01 14:01 - 2013-10-01 13:52 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Google
2013-10-01 14:00 - 2013-10-01 13:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-01 13:55 - 2013-10-01 13:51 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Deployment
2013-10-01 13:51 - 2013-10-01 13:51 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Apps\2.0

Some content of TEMP:
====================
C:\Users\aquirlan\AppData\Local\Temp\AskSLib.dll
C:\Users\aquirlan\AppData\Local\Temp\AutoRun.exe
C:\Users\aquirlan\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\aquirlan\AppData\Local\Temp\drm_dialogs.dll
C:\Users\aquirlan\AppData\Local\Temp\ICReinstall_Hamachi_Downloader.exe
C:\Users\aquirlan\AppData\Local\Temp\jinstaller141i.exe
C:\Users\aquirlan\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\aquirlan\AppData\Local\Temp\ose00000.exe
C:\Users\aquirlan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\aquirlan\AppData\Local\Temp\TwUtTYH.exe
C:\Users\aquirlan\AppData\Local\Temp\TwUtTYH0.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

1
Restore point made on: 2013-10-29 08:40:38

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 3818.9 MB
Available physical RAM: 3261.79 MB
Total Pagefile: 3817.05 MB
Available Pagefile: 3252.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:6.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RALLY2) (Removable) (Total:3.73 GB) (Free:3.64 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 99914AAB)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)


LastRegBack: 2013-10-11 00:27

==================== End Of Log ============================

filutka78 · 30 Października 2013

---------->>@eren

1. Otwórz Notatnik i wklej w nim:

HKU\aquirlan\...\Winlogon: [shell] explorer.exe,C:\Users\aquirlan\AppData\Roaming\Other.res [159232 2013-08-01] () <==== ATTENTION
C:\Users\aquirlan\AppData\Roaming\Other.res
C:\Users\aquirlan\AppData\Local\Temp\AskSLib.dll
C:\Users\aquirlan\AppData\Local\Temp\AutoRun.exe
C:\Users\aquirlan\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\aquirlan\AppData\Local\Temp\drm_dialogs.dll
C:\Users\aquirlan\AppData\Local\Temp\ICReinstall_Hamachi_Downloader.exe
C:\Users\aquirlan\AppData\Local\Temp\jinstaller141i.exe
C:\Users\aquirlan\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\aquirlan\AppData\Local\Temp\ose00000.exe
C:\Users\aquirlan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\aquirlan\AppData\Local\Temp\TwUtTYH.exe
C:\Users\aquirlan\AppData\Local\Temp\TwUtTYH0.exe

Plik zapisz pod nazwą fixlist.txt. Umieść obok narzędzia FRST.

2. Uruchom FRST, wskaż mu Windows 7 jako system do naprawy, wybierz opcję Fix. Powstanie plik fixlog.txt.

Daj go

3) Zrób logi z normalnego FRST >http://forum.pclab.pl/topic/893302-WA%C5%BBNE-Wymagane-logi-systemowe-w-tym-dziale/page__p__11808087entry11808087

F.

Kostor · 30 Października 2013

Witam.

Potrzebuję pomocy własnie z tym wirusem.

Przesyłam odpowiednie dane:

http://www.wklej.org/id/1162548/ Addition

http://www.wklej.org/id/1162551/ Extras

http://www.wklej.org/id/1162553/ FRST

http://www.wklej.org/id/1162554/ OTL

Mam nadzieję, że dobrze wszystko przedstawiłem.

Pozdrawiam.

filutka78 · 30 Października 2013

---------->>@Kostor

Otwórz Notatnik i wklej w nim:

HKU\xp\...\Winlogon: [shell] explorer.exe,C:\Documents and Settings\xp\Dane aplikacji\Other.res [ 2008-04-14] () <==== ATTENTION
C:\Documents and Settings\xp\Dane aplikacji\Other.res
HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\SHSetup.exe
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\AskSLib.dll
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\avguidx.dll
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\DefaultPackOffer.dll
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\drm_dialogs.dll
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\drm_dyndata_7330012.dll
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\FP_AX_MSI_INSTALLER.exe
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\GenericWndApi.dll
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\hpzmsi01.exe
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\hpzscr01.EXE
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\hpzswp01.exe
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\incredibar_install.exe
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\MachineIdCreator.exe
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\oi_{E8B7CB51-BAEA-47EC-ABF1-9D2E8DF0F8C9}.exe
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\setup_softonic_tuto4pc_pl_1.exe
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\ugoOrrf.exe
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\ugoOrrf0.exe
C:\Documents and Settings\xp\Ustawienia lokalne\Temp\UNINSTALL.EXE

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj go.

Zrób nowy log z FRST (bez Addition)

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

Sprawdź, czy naprawdę nie masz tych plików Systemowych?

Jeśli to prawda, to konieczne będzie sformatowanie dysku i wgranie Systemu od nowa.

F.

eren · 30 Października 2013

fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2013
Ran by SYSTEM at 2013-10-30 17:25:42 Run:1
Running from D:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\aquirlan\...\Winlogon: [shell] explorer.exe,C:\Users\aquirlan\AppData\Roaming\Other.res [159232 2013-08-01] () <==== ATTENTION
C:\Users\aquirlan\AppData\Roaming\Other.res
C:\Users\aquirlan\AppData\Local\Temp\AskSLib.dll
C:\Users\aquirlan\AppData\Local\Temp\AutoRun.exe
C:\Users\aquirlan\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\aquirlan\AppData\Local\Temp\drm_dialogs.dll
C:\Users\aquirlan\AppData\Local\Temp\ICReinstall_Hamachi_Downloader.exe
C:\Users\aquirlan\AppData\Local\Temp\jinstaller141i.exe
C:\Users\aquirlan\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\aquirlan\AppData\Local\Temp\ose00000.exe
C:\Users\aquirlan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\aquirlan\AppData\Local\Temp\TwUtTYH.exe
C:\Users\aquirlan\AppData\Local\Temp\TwUtTYH0.exe
*****************

HKU\aquirlan\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\aquirlan\AppData\Roaming\Other.res => Moved successfully.
C:\Users\aquirlan\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\aquirlan\AppData\Local\Temp\AutoRun.exe => Moved successfully.
C:\Users\aquirlan\AppData\Local\Temp\AutoRunGUI.dll => Moved successfully.
C:\Users\aquirlan\AppData\Local\Temp\drm_dialogs.dll => Moved successfully.
C:\Users\aquirlan\AppData\Local\Temp\ICReinstall_Hamachi_Downloader.exe => Moved successfully.
C:\Users\aquirlan\AppData\Local\Temp\jinstaller141i.exe => Moved successfully.
C:\Users\aquirlan\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\aquirlan\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\aquirlan\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\aquirlan\AppData\Local\Temp\TwUtTYH.exe => Moved successfully.
C:\Users\aquirlan\AppData\Local\Temp\TwUtTYH0.exe => Moved successfully.

==== End of Fixlog ====

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by aquirlan (administrator) on ASP1RE on 30-10-2013 17:32:11
Running from D:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files\launch manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Dritek System Inc.) C:\Program Files\launch manager\LMworker.exe
(Dritek System Inc.) C:\Program Files\launch manager\LMutilps32.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-11-25] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-11-25] (Atheros Commnucations)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2011-01-13] (Synaptics Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [4035152 2011-09-22] (ESET)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [880496 2012-05-26] (BitTorrent, Inc.)
MountPoints2: {00da3f82-27ac-11e3-b250-b870f4e2ffe9} - D:\LGAutoRun.exe
MountPoints2: {2da2f470-f8ce-11e0-bae3-b870f4e2ffe9} - E:\RunGame.exe
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\aquirlan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\aquirlan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\aquirlan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\aquirlan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\aquirlan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\aquirlan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 DsiWMIService; C:\Program Files\launch manager\dsiwmis.exe [353360 2011-07-01] (Dritek System Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-17] (DT Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-30 20:39 - 2013-10-30 20:39 - 00000000 ____D C:\FRST
2013-10-18 09:29 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-18 09:29 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-18 09:29 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-18 09:29 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-18 09:28 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-18 09:28 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-18 09:28 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-18 09:28 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-18 09:28 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-18 09:28 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-18 09:28 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-18 09:28 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-18 09:28 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-18 09:28 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-18 09:28 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-18 09:28 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-18 09:28 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-18 09:28 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-18 09:28 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-18 09:28 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-18 09:28 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-18 09:28 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-18 09:28 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-18 09:28 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-18 09:28 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-18 09:28 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-18 09:28 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-18 09:28 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-18 09:27 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-18 09:27 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-18 09:27 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 09:56 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 09:56 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 09:55 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 09:55 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 09:55 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 09:55 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 09:55 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 09:55 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 09:55 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 09:55 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 09:55 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 09:55 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 09:48 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 09:48 - 2012-11-28 23:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-10 09:48 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-10 09:48 - 2012-11-28 23:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-10 09:43 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 09:43 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 09:43 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 09:43 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 09:41 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 09:41 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 09:41 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 09:41 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-01 23:01 - 2013-10-16 19:41 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-01 22:52 - 2013-10-30 17:29 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-01 22:52 - 2013-10-29 20:06 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-01 22:52 - 2013-10-10 09:00 - 00004048 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-01 22:52 - 2013-10-10 09:00 - 00003796 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-01 22:52 - 2013-10-01 23:01 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Google
2013-10-01 22:52 - 2013-10-01 23:00 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-01 22:51 - 2013-10-01 22:55 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Deployment
2013-10-01 22:51 - 2013-10-01 22:51 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Apps\2.0

==================== One Month Modified Files and Folders =======

2013-10-30 20:39 - 2013-10-30 20:39 - 00000000 ____D C:\FRST
2013-10-30 17:35 - 2011-10-18 11:18 - 00000000 ____D C:\Users\aquirlan\AppData\Roaming\uTorrent
2013-10-30 17:34 - 2011-10-17 11:35 - 01250473 _____ C:\Windows\WindowsUpdate.log
2013-10-30 17:30 - 2011-10-17 15:22 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-10-30 17:29 - 2013-10-01 22:52 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 17:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-30 17:28 - 2009-07-14 05:51 - 00050884 _____ C:\Windows\setupact.log
2013-10-29 20:06 - 2013-10-01 22:52 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-29 18:58 - 2011-12-05 10:13 - 00687574 _____ C:\Windows\system32\perfh015.dat
2013-10-29 18:58 - 2011-12-05 10:13 - 00131160 _____ C:\Windows\system32\perfc015.dat
2013-10-29 18:58 - 2009-07-14 06:13 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-29 17:27 - 2011-10-24 11:42 - 00000000 ____D C:\Users\aquirlan\Documents\notatki
2013-10-29 17:26 - 2012-12-30 00:59 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-28 21:34 - 2013-09-26 09:46 - 00000000 ____D C:\Windows\rescache
2013-10-23 13:14 - 2011-10-17 13:38 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Microsoft Games
2013-10-20 23:28 - 2009-07-14 05:45 - 00013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 23:28 - 2009-07-14 05:45 - 00013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-18 20:22 - 2009-07-14 05:45 - 00419824 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-18 20:20 - 2012-06-11 10:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-18 20:20 - 2012-06-11 10:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-18 20:20 - 2011-10-17 19:51 - 00057714 _____ C:\Windows\PFRO.log
2013-10-18 09:39 - 2011-10-27 09:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-18 09:15 - 2013-08-22 10:03 - 00000000 ____D C:\Windows\system32\MRT
2013-10-18 09:07 - 2011-10-17 18:30 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-16 19:41 - 2013-10-01 23:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-11 10:22 - 2012-12-30 00:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 10:22 - 2012-12-30 00:59 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 10:22 - 2011-10-17 17:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-10 09:00 - 2013-10-01 22:52 - 00004048 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-10 09:00 - 2013-10-01 22:52 - 00003796 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-02 08:11 - 2011-10-26 21:06 - 00000000 ____D C:\Users\aquirlan\AppData\Local\CrashDumps
2013-10-01 23:01 - 2013-10-01 22:52 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Google
2013-10-01 23:00 - 2013-10-01 22:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-01 22:55 - 2013-10-01 22:51 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Deployment
2013-10-01 22:51 - 2013-10-01 22:51 - 00000000 ____D C:\Users\aquirlan\AppData\Local\Apps\2.0

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 09:27

==================== End Of Log ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2013
Ran by aquirlan at 2013-10-30 17:37:51
Running from D:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Zapora osobista (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

µTorrent (Version: 3.0.0)
µTorrent (x32 Version: 3.1.3)
AC3Filter 1.62b (x32 Version: 1.62b)
Adobe AIR (x32 Version: 2.0.3.13070)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.3) MUI (x32 Version: 10.1.3)
AMD APP SDK Runtime (Version: 2.4.650.9)
AMD Media Foundation Decoders (Version: 1.0.60524.2309)
AMD VISION Engine Control Center (x32 Version: 2011.0524.2352.41027)
Any Video Converter 3.5.2 (x32)
Apple Application Support (x32 Version: 2.1.5)
Apple Software Update (x32 Version: 2.1.3.127)
ASIO4ALL (x32 Version: 2.10)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.39)
Atheros Driver Installation Program (x32 Version: 9.0)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Bluetooth Win7 Suite (64) (Version: 7.2.0.45)
Broadcom 802.11 Network Adapter (Version: 5.100.235.19)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0524.2352.41027)
Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027)
Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027)
CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027)
CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027)
CCC Help Czech (x32 Version: 2011.0524.2351.41027)
CCC Help Danish (x32 Version: 2011.0524.2351.41027)
CCC Help Dutch (x32 Version: 2011.0524.2351.41027)
CCC Help English (x32 Version: 2011.0524.2351.41027)
CCC Help Finnish (x32 Version: 2011.0524.2351.41027)
CCC Help French (x32 Version: 2011.0524.2351.41027)
CCC Help German (x32 Version: 2011.0524.2351.41027)
CCC Help Greek (x32 Version: 2011.0524.2351.41027)
CCC Help Hungarian (x32 Version: 2011.0524.2351.41027)
CCC Help Italian (x32 Version: 2011.0524.2351.41027)
CCC Help Japanese (x32 Version: 2011.0524.2351.41027)
CCC Help Korean (x32 Version: 2011.0524.2351.41027)
CCC Help Norwegian (x32 Version: 2011.0524.2351.41027)
CCC Help Polish (x32 Version: 2011.0524.2351.41027)
CCC Help Portuguese (x32 Version: 2011.0524.2351.41027)
CCC Help Russian (x32 Version: 2011.0524.2351.41027)
CCC Help Spanish (x32 Version: 2011.0524.2351.41027)
CCC Help Swedish (x32 Version: 2011.0524.2351.41027)
CCC Help Thai (x32 Version: 2011.0524.2351.41027)
CCC Help Turkish (x32 Version: 2011.0524.2351.41027)
ccc-utility64 (Version: 2011.0524.2352.41027)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compact Wireless-G USB Adapter (x32)
Conexant HD Audio (Version: 8.54.8.50)
DAEMON Tools Lite (x32 Version: 4.41.3.0173)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Detektor Winampa (HKCU Version: 1.0.0.1)
DivX Setup (x32 Version: 2.6.0.34)
ESET Smart Security (Version: 5.0.95.0)
FIFA 2003 (x32)
FL Studio 10 (x32)
Flight Simulator X (x32)
Flight Simulator X Service Pack 1 (x32)
Free YouTube Download version 3.0.20.1228 (x32)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Heroes of Might and Magic V (x32)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 2.0.7.018)
HTC Sync (x32 Version: 3.0.5422)
IL Download Manager (x32)
Industry Giant 2 - Gold Edition (x32 Version: 1.0.0)
ipla 2.3.5 (x32 Version: 2.3.5)
Java 7 Update 13 (x32 Version: 7.0.130)
Java Auto Updater (x32 Version: 2.1.9.0)
Launch Manager (x32 Version: 5.1.7)
Lion King (x32)
Live 8.2.2 (x32)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
Microsoft Flight Simulator X (x32 Version: 10.0.60905)
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MPC-HC 1.6.3.5818 (x32 Version: 1.6.3.5818)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)
SCARM 0.9.7 beta (x32 Version: 0.9.7)
Skype™ 5.10 (x32 Version: 5.10.116)
Streamripper (Remove only) (x32)
SubEdit-Player (x32 Version: 4072)
Synaptics Pointing Device Driver (Version: 15.2.9.0)
TmNationsForever (x32)
Trainz Simulator 12 (x32)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VirtualDJ PRO Full (x32 Version: 7.0.5)
Winamp (x32 Version: 5.623 )
WinRAR 4.01 (64-bit) (Version: 4.01.0)
XTrkCAD Model Railroad Design Software (x32)

==================== Restore Points  =========================

29-10-2013 16:39:23 Windows Update

==================== Hosts content: ==========================

2013-04-01 11:43 - 2013-04-01 11:43 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1C6C2D9A-F608-4E01-A013-83AF7A1EFA85} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2010-08-18] ()
Task: {415D4764-E95C-44D6-87D6-E4CDACE50EF4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4D475066-03CB-4711-A67D-859E00692AB7} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {64E305B2-E243-4E56-8829-37AE04BB0B05} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B78A9CC1-401D-486F-988F-A3FA6B908F90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)
Task: {D3E6DB1D-DF7F-40D0-8F32-03B94DF5ACC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)
Task: {E077DEDB-FE4A-4B21-B8CB-74FD2D6A3158} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2013 07:11:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Zainicjowanie obiektu System Writer kopii zapasowej VSS przez Usługi kryptograficzne nie powiodło się.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (10/10/2013 09:50:42 AM) (Source: Application Error) (User: )
Description: System Windows nie może uzyskać dostępu do pliku  z jednej z następujących przyczyn:
problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak dysku.
System Windows zamknął program Microsoft Word z powodu tego błędu.

Program: Microsoft Word
Plik: 

Wartość błędu jest wyświetlona w sekcji Dodatkowe dane.
Akcja użytkownika
1. Otwórz plik ponownie.
Ta sytuacja może być przejściowym problemem, który sam się rozwiąże po ponownym uruchomieniu programu.
2.
Jeśli nadal nie można uzyskać dostępu do pliku i
- jest w sieci,
administrator sieci powinien sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem.
- jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały dysk jest włożony do komputera.
3. Sprawdź i napraw system plików, uruchamiając program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER.
4. Jeżeli problem nie ustąpi, przywróć plik z kopii zapasowej.
5. Ustal, czy można otworzyć inne pliki na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy, skontaktuj się z administratorem komputera lub dostawcą sprzętu
komputerowego, aby uzyskać dalszą pomoc.

Dodatkowe dane
Wartość błędu: 00000000
Typ dysku: 0

Error: (10/10/2013 09:50:42 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: WINWORD.EXE, wersja: 14.0.7106.5001, sygnatura czasowa: 0x520b3934
Nazwa modułu powodującego błąd: ole32.dll, wersja: 6.1.7601.17514, sygnatura czasowa: 0x4ce7b96f
Kod wyjątku: 0xc0000096
Przesunięcie błędu: 0x00048665
Identyfikator procesu powodującego błąd: 0x3340
Godzina uruchomienia aplikacji powodującej błąd: 0xWINWORD.EXE0
Ścieżka aplikacji powodującej błąd: WINWORD.EXE1
Ścieżka modułu powodującego błąd: WINWORD.EXE2
Identyfikator raportu: WINWORD.EXE3

Error: (10/10/2013 08:55:50 AM) (Source: Application Error) (User: )
Description: System Windows nie może uzyskać dostępu do pliku  z jednej z następujących przyczyn:
problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak dysku.
System Windows zamknął program Microsoft Word z powodu tego błędu.

Program: Microsoft Word
Plik: 

Wartość błędu jest wyświetlona w sekcji Dodatkowe dane.
Akcja użytkownika
1. Otwórz plik ponownie.
Ta sytuacja może być przejściowym problemem, który sam się rozwiąże po ponownym uruchomieniu programu.
2.
Jeśli nadal nie można uzyskać dostępu do pliku i
- jest w sieci,
administrator sieci powinien sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem.
- jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały dysk jest włożony do komputera.
3. Sprawdź i napraw system plików, uruchamiając program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER.
4. Jeżeli problem nie ustąpi, przywróć plik z kopii zapasowej.
5. Ustal, czy można otworzyć inne pliki na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy, skontaktuj się z administratorem komputera lub dostawcą sprzętu
komputerowego, aby uzyskać dalszą pomoc.

Dodatkowe dane
Wartość błędu: 00000000
Typ dysku: 0

Error: (10/10/2013 08:55:50 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: WINWORD.EXE, wersja: 14.0.7106.5001, sygnatura czasowa: 0x520b3934
Nazwa modułu powodującego błąd: ole32.dll, wersja: 6.1.7601.17514, sygnatura czasowa: 0x4ce7b96f
Kod wyjątku: 0xc0000096
Przesunięcie błędu: 0x00048665
Identyfikator procesu powodującego błąd: 0x2110
Godzina uruchomienia aplikacji powodującej błąd: 0xWINWORD.EXE0
Ścieżka aplikacji powodującej błąd: WINWORD.EXE1
Ścieżka modułu powodującego błąd: WINWORD.EXE2
Identyfikator raportu: WINWORD.EXE3

Error: (10/02/2013 08:10:42 AM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: DivXUpdate.exe, wersja: 1.0.6.15, sygnatura czasowa: 0x4e31ebcf
Nazwa modułu powodującego błąd: netprofm.dll_unloaded, wersja: 0.0.0.0, sygnatura czasowa: 0x4a5bda75
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x73cd2505
Identyfikator procesu powodującego błąd: 0x2a5c
Godzina uruchomienia aplikacji powodującej błąd: 0xDivXUpdate.exe0
Ścieżka aplikacji powodującej błąd: DivXUpdate.exe1
Ścieżka modułu powodującego błąd: DivXUpdate.exe2
Identyfikator raportu: DivXUpdate.exe3

Error: (09/30/2013 06:24:09 PM) (Source: Application Hang) (User: )
Description: Program IEXPLORE.EXE w wersji 10.0.9200.16686 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 2730

Godzina rozpoczęcia: 01cebc8199867dfb

Godzina zakończenia: 503

Ścieżka aplikacji: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Identyfikator raportu:

Error: (09/29/2013 11:08:52 PM) (Source: Application Hang) (User: )
Description: Program IEXPLORE.EXE w wersji 10.0.9200.16686 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 179c

Godzina rozpoczęcia: 01cebc7f4d222eb9

Godzina zakończenia: 173

Ścieżka aplikacji: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Identyfikator raportu:

Error: (09/26/2013 11:48:51 PM) (Source: Application Hang) (User: )
Description: Program IEXPLORE.EXE w wersji 10.0.9200.16686 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 1840

Godzina rozpoczęcia: 01cebb09d10e940f

Godzina zakończenia: 78

Ścieżka aplikacji: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Identyfikator raportu:

Error: (09/26/2013 01:08:36 PM) (Source: Application Hang) (User: )
Description: Program IEXPLORE.EXE w wersji 10.0.9200.16686 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 324

Godzina rozpoczęcia: 01cebaaf64205048

Godzina zakończenia: 3373

Ścieżka aplikacji: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Identyfikator raportu:


System errors:
=============
Error: (10/29/2013 07:11:35 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/29/2013 07:11:04 PM) (Source: Service Control Manager) (User: )
Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: 
AFD
CSC
DfsC
discache
ehdrv
EpfwLWF
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (10/29/2013 07:11:04 PM) (Source: DCOM) (User: )
Description: 1084TermService{F9A874B6-F8A8-4D73-B5A8-AB610816828B}

Error: (10/29/2013 07:11:03 PM) (Source: Service Control Manager) (User: )
Description: Usługa Network Location Awareness zależy od usługi Network Store Interface Service, której nie można uruchomić z powodu następującego błędu: 
%%1068

Error: (10/29/2013 07:11:03 PM) (Source: Service Control Manager) (User: )
Description: Usługa SMB 2.0 MiniRedirector zależy od usługi SMB MiniRedirector Wrapper and Engine, której nie można uruchomić z powodu następującego błędu: 
%%1068

Error: (10/29/2013 07:11:03 PM) (Source: Service Control Manager) (User: )
Description: Usługa SMB 1.x MiniRedirector zależy od usługi SMB MiniRedirector Wrapper and Engine, której nie można uruchomić z powodu następującego błędu: 
%%1068

Error: (10/29/2013 07:11:03 PM) (Source: Service Control Manager) (User: )
Description: Usługa SMB MiniRedirector Wrapper and Engine zależy od usługi Redirected Buffering Sub Sysytem, której nie można uruchomić z powodu następującego błędu: 
%%31

Error: (10/29/2013 07:11:03 PM) (Source: Service Control Manager) (User: )
Description: Usługa IP Helper zależy od usługi Network Store Interface Service, której nie można uruchomić z powodu następującego błędu: 
%%1068

Error: (10/29/2013 07:11:03 PM) (Source: Service Control Manager) (User: )
Description: Usługa Conexant Audio Message Service zależy od usługi Windows Audio, której nie można uruchomić z powodu następującego błędu: 
%%1068

Error: (10/29/2013 07:11:03 PM) (Source: Service Control Manager) (User: )
Description: Usługa Workstation zależy od usługi Network Store Interface Service, której nie można uruchomić z powodu następującego błędu: 
%%1068


Microsoft Office Sessions:
=========================
Error: (10/29/2013 07:11:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (10/10/2013 09:50:42 AM) (Source: Application Error)(User: )
Description: Microsoft Word000000000

Error: (10/10/2013 09:50:42 AM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.7106.5001520b3934ole32.dll6.1.7601.175144ce7b96fc000009600048665334001cec58e2ca6b70aC:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Windows\syswow64\ole32.dll0abd07b6-3189-11e3-b250-b870f4e2ffe9

Error: (10/10/2013 08:55:50 AM) (Source: Application Error)(User: )
Description: Microsoft Word000000000

Error: (10/10/2013 08:55:50 AM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.7106.5001520b3934ole32.dll6.1.7601.175144ce7b96fc000009600048665211001cec58d2041a55aC:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Windows\syswow64\ole32.dll607478a3-3181-11e3-b250-b870f4e2ffe9

Error: (10/02/2013 08:10:42 AM) (Source: Application Error)(User: )
Description: DivXUpdate.exe1.0.6.154e31ebcfnetprofm.dll_unloaded0.0.0.04a5bda75c000000573cd25052a5c01cebc344da0e0cbC:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exenetprofm.dllbf3fd4b5-2b31-11e3-b250-b870f4e2ffe9

Error: (09/30/2013 06:24:09 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16686273001cebc8199867dfb503C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/29/2013 11:08:52 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16686179c01cebc7f4d222eb9173C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/26/2013 11:48:51 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16686184001cebb09d10e940f78C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/26/2013 01:08:36 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.1668632401cebaaf642050483373C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3818.9 MB
Available physical RAM: 2195.14 MB
Total Pagefile: 7635.99 MB
Available Pagefile: 5801.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:6.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RALLY2) (Removable) (Total:3.73 GB) (Free:3.64 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 99914AAB)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

Po wszystkim komputer zastartował zauważalnie wolniej niż zwykle. Robię jeszcze pełny skan systemu aktualnym ESET Smart Security 5.

filutka78 · 30 Października 2013

--------->>@eren

W nowych logach nie widzę tej infekcji, więc kończymy:

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.

przez SHIFT+DEL usuń pozostały folder C:\FRST

Po wszystkim komputer zastartował zauważalnie wolniej niż zwykle

Na to Ci nic nie doradzę, to nie wina infekcji.

F.

Temat został przeniesiony do archiwum

Wirus "Polizja Biuro Służby kryminalnej"

Rekomendowane odpowiedzi

mefiuss 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

filutka78 11

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

mefiuss 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

NoLife 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

filutka78 11

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

majer18 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

mefiuss 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

filutka78 11

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

majer18 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

filutka78 11

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

eren 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

filutka78 11

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

parek64 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

filutka78 11

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

parek64 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

filutka78 11

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

parek64 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

filutka78 11

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

parek64 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

eren 0