Skocz do zawartości

Temat został przeniesiony do archiwum

Ten temat przebywa obecnie w archiwum. Dodawanie nowych odpowiedzi zostało zablokowane.

przemo8848

Wirus "Polizja Biuro Służby kryminalnej"

Rekomendowane odpowiedzi

Mam wirusa który wyłudza pieniądze. Jak go usunąć? Nie można nic zrobić po starcie systemu, nie mogę uruchomić żadnych programów. Co zrobić?

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Pobierz na czystym systemie FRST lub OTL: KLIK i umieść na bezpośrednio na pendrivie .

 

Wejdź w Tryb awaryjny z wierszem polecenia, zaloguj się na swoje konto i wpisz: notepad . Wejdź w Plik > Otwórz > Komputer, znajdź literę pendriva i wpisz w zależności od narzędzia X:\OTL.EXE lub X:\FRST.EXE - gdzie X to litera pendriva .

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Masz coś takiego : ?

8g506r.jpg

 

1.Uruchom OTL i w okno własne opcje skanowania/skrypt

 

Wklej:


:OTL
SRV - File not found [Auto | Stopped] -- C:\PROGRA~2\uvtkeclifoqjufmrfap.bfg -- (Winmgmt)


:Files
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pafrmfujqofilcektvu.lnk
:Commands
[emptytemp]

 

2.Kliknij wykonaj skrypt

Użyj adwcleaner

http://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner

opcja usuń

Tstowałem tą wersję na wirtualnej maszynie i gdzie indziej widziałem pliki infekcji niż to co u ciebie w logu dlatego zrobisz mi dodatowy skan.

Pobierz:

 

http://jpshortstuff.247fixes.com/SystemLook.exe

 

uruchom i wpisz w okienko

 

:dir
%appdata%

daj look i podaj raport

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

------->>@Dyso

 

zaraz to przejrzę ... (to trochę potrwa, bo masz duuużo infekcji.

 

1) Użyj TDSSKiller

Ma usunąć tego Rootkita NECURS C:\Windows\System32\drivers\1cb497b677156d7c.sys -- (1cb497b677156d7c)

Daj z tego raport.

 

2) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL

[2009-07-14 01:11:59 | 000,060,416 | ---- | C] () -- C:\Users\Dysonans\AppData\Roaming\cache.dat

[2013-09-10 19:11:32 | 000,000,004 | ---- | C] () -- C:\Users\Dysonans\AppData\Roaming\cache.ini

O20 - HKCU Winlogon: Shell - (C:\Users\Dysonans\AppData\Roaming\cache.dat) - C:\Users\Dysonans\AppData\Roaming\cache.dat ()

[2013-05-14 03:36:14 | 000,000,000 | -HSD | M] -- C:\Users\Dysonans\AppData\Roaming\wyUpdate AU

[2013-05-11 05:41:23 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\x11sigzobaqz133qyxxx3mmubduonbyb2

[2013-04-20 11:55:31 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\x3mwv2qpd2zuiey2rbgevgwck3cz1baa2

[2013-04-24 18:57:47 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xa21hnuslvwfjatyz1fagn3e2lk3gmow2

[2013-05-18 04:13:34 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xaudpdpqdvkdzi3zkdxduttn2mck1dpk2

[2013-04-20 17:18:21 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xbrsxlxzt1iqirhhxwlxzisgiqhpbe3r2

[2013-06-02 11:21:27 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xc3xshcsl3sntv1jqpkqbhqjwrtxclar2

[2013-04-23 12:54:03 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xcniidoyqajl3vveesx3xmhjv3pnhnzi2

[2013-05-28 23:54:14 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xcpbrlximzelleshwotn111llrqfjxlz2

[2013-05-26 16:59:30 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xdax2ksbjunjnnmfcnjuru3htfqotvm12

[2013-05-12 03:56:16 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xdmvenfa2nnkk1kzgaokrgf2zsawus322

[2013-05-05 02:47:19 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xdryvnnpsmrgobqfnq3aqvpnz3h1wehg2

[2013-04-14 10:18:07 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xeh3edk3mttygujrdbrytfhwv2uqjozy2

[2013-04-26 04:44:55 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xehvzz3jfbt3etcwyabdxwzmdw2knlul2

[2013-05-11 21:49:39 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xelyc3zarbnyygk3yaka1z2czeprqigi2

[2013-07-22 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xevwocpktmntp3qqdadpme2h2uflsawi2

[2013-04-29 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xfk2xauouxyjhdjoicznyzvblnr3ko2z2

[2013-05-26 09:39:17 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xfuue2assotasbdqpluofrd2cmpwrtds2

[2013-05-25 22:52:20 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xfydpbnbkrhksenhyybccdvegtlnfvlp2

[2013-05-07 05:38:14 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xg3tirejsvhzxmznjxqsuvxdbpyvpo1o2

[2013-04-28 03:10:59 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xga1dyxld2vjk3i33tfecsgnbsruboiv2

[2013-04-12 02:20:31 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xgbphx3o3culykzqia3vhsnfelo3mkm32

[2013-06-03 07:12:50 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xgefp1kf3sfepieiexmpef3ncqsefpes2

[2013-04-29 06:01:25 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xhnnlobxezisnouclv1yjsppkvrgaqac2

[2013-04-22 03:30:51 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xihosh33lsqohxp1tebwziliiexznnuj2

[2013-04-26 16:31:25 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\ximdpuxx1vobpzsdhlmoweowvoywbwjk2

[2013-04-27 20:09:09 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xnj3mq23qjaxmr1k3medlgpaoo2mlvbj2

[2013-05-30 15:07:18 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xoaybmczhidlzb1aoeazvtxbstehfllg2

[2013-06-02 16:30:47 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xpdbglpbrehvl3utlqgfv2t1np3gnjsn2

[2013-05-27 18:24:21 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xpt2wnfyyyldawgup2bonyhaa3qinyj22

[2013-04-16 13:55:36 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xqapnlqoiwmz3vnxxfjklegrloqwvaus2

[2013-05-19 09:25:50 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xqbgm1ayiyhdedzhrkofxlmeciovkwlz2

[2013-05-08 20:45:21 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xqhyy2rvoembcxkjgifnjwhqfp3cglih2

[2013-04-28 21:24:37 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xqsfiuwecbbb1hlnys1hzwxzte2kt3zv2

[2013-04-14 12:59:04 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xrgnnw2hkyw3zidxdnvbqly2yddk1bdn2

[2013-06-02 19:48:52 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xs21tuhzcdulheqscrmstygiyztse13l2

[2013-07-28 06:31:07 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xs3vngukzyksgghvxwwr2n3zzmbpdtfx2

[2013-04-17 07:20:21 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xsbo3xeiegzvxbeatoqhktckzydkerzn2

[2013-05-28 05:46:52 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xsnwx33lxggp1zfjuxsf3q1qmbdlvf2p2

[2013-05-06 07:31:04 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xtlrwdrqciqczmllepb1mb2gsn3nqxwf2

[2013-05-12 11:20:32 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xtnwpunorvemi1endjsxm3israfofsmx2

[2013-06-02 21:33:02 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xuiskqtnt2hdropgq2gx32ck211vcypx2

[2013-05-30 17:07:18 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xv1yyekfcatppcntrprbnvjmaxybstok2

[2013-05-30 15:43:14 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xv3bvidxcgfkm3m1y2tjhahkwfgtflj32

[2013-05-14 06:34:21 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xvdypid12prdktrksdss1ugmpybjxqjn2

[2013-07-27 09:18:44 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xvxtyodwe1xmuzncx2d1lrvydyq1tgbl2

[2013-07-15 17:40:07 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xwftgryxojpjageaxohfwmxo1ilodzkf2

[2013-05-20 07:24:04 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xwivaytsvb2lvswbkoancmpio311tzhr2

[2013-04-17 12:53:34 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xwqrmss1qeyzzv3piggxkaxrzyig2tgc2

[2013-05-26 14:10:45 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xxbuwttn1uzklhzysob3ibkmolgwlcaq2

[2013-04-11 03:45:28 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xxj1j2vffpzahhejxnehiskthollgra32

[2013-04-12 12:57:18 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xy23sannzwmsuequtiubqgixbcsccwep2

[2013-05-30 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xzfdrg2ir2mcammq1o1babs3begqzhig2

[2013-05-17 06:51:44 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xzmzrnmwyljomzwviseovoxtobhspx1x2

[2013-04-16 10:30:50 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xzzbqdakxwtcaxkosbesdo1kc2zw3pfv2

[2013-05-31 10:47:13 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\xzzcitxhg3jmrxsama1ekdxobw2h3pqp2

[2012-11-25 23:43:30 | 000,000,000 | ---D | M] -- C:\Users\Dysonans\AppData\Roaming\OpenCandy

[2012-07-19 18:43:41 | 000,000,000 | -H-- | C] () -- C:\Users\Dysonans\AppData\Roaming\Edg1yFHEEhjE

[2013-04-11 03:45:24 | 000,159,744 | ---- | C] () -- C:\Users\Dysonans\AppData\Roaming\Optimizer.exe

[2013-05-21 21:38:20 | 000,013,824 | ---- | C] () -- C:\Windows\System32\IfpukvImhovy.dll

[2013-08-02 09:52:21 | 000,209,455 | RHS- | C] () -- C:\Users\Dysonans\sougi.exe

[2013-08-02 09:52:03 | 000,209,455 | RHS- | C] () -- C:\Users\Dysonans\wousui.exe

[2013-05-17 06:51:42 | 000,438,272 | ---- | C] (Sqk58 vC0IMwyJ2R jNxMz9yG YOj5 Ewl4iagJVn sMRfD) -- C:\Users\Dysonans\AppData\Roaming\svchost.exe

[2013-01-22 12:48:21 | 000,200,192 | ---- | C] (blbknmvh) -- C:\Users\Dysonans\AppData\Roaming\Mktktw.exe

[2013-07-17 05:34:07 | 000,119,296 | -HS- | C] (Hilgraeve, Inc.) -- C:\Users\Dysonans\AppData\Roaming\updater.exe

[2013-05-21 21:50:39 | 000,050,176 | -H-- | C] (Khronos Group) -- C:\Users\Dysonans\AppData\Roaming\opencl.dll

[2013-09-10 19:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge

O4 - HKCU..\Run: [skypeUpdates] C:\Users\Dysonans\AppData\Roaming\updater.exe (Hilgraeve, Inc.)

O4 - HKCU..\Run: [sogcitifumik] C:\Users\Dysonans\sogcitifumik.exe File not found

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [sujamuxtemun] C:\Users\Dysonans\sujamuxtemun.exe File not found

O4 - HKCU..\Run: [tcpudp] C:\Windows\1553446765.exe File not found

O4 - HKCU..\Run: [ticmohaveaho] C:\Users\Dysonans\ticmohaveaho.exe File not found

O4 - HKCU..\Run: [tooola] C:\Users\Dysonans\tooola.exe /p File not found

O4 - HKCU..\Run: [tycciziqfinu] C:\Users\Dysonans\tycciziqfinu.exe File not found

O4 - HKCU..\Run: [tyssutepwysw] C:\Users\Dysonans\tyssutepwysw.exe File not found

O4 - HKCU..\Run: [vitawexwitze] C:\Users\Dysonans\vitawexwitze.exe File not found

O4 - HKCU..\Run: [vudazixisrud] C:\Users\Dysonans\vudazixisrud.exe File not found

O4 - HKCU..\Run: [wasovotbutga] C:\Users\Dysonans\wasovotbutga.exe File not found

O4 - HKCU..\Run: [Windows] C:\Users\Dysonans\AppData\Roaming\Optimizer.exe ()

O4 - HKCU..\Run: [Windows Init] C:\Users\Dysonans\AppData\Roaming\xs3vngukzyksgghvxwwr2n3zzmbpdtfx2\svcnost.exe ()

O4 - HKCU..\Run: [Windows Optimization systems. Inc] C:\Users\Dysonans\AppData\Roaming\svchost.exe (Sqk58 vC0IMwyJ2R jNxMz9yG YOj5 Ewl4iagJVn sMRfD)

O4 - HKCU..\Run: [xozzifsoldep] C:\Users\Dysonans\xozzifsoldep.exe File not found

O4 - HKCU..\Run: [Zialo] C:\Users\Dysonans\AppData\Roaming\Ropao\zialo.exe (Solutionphrase Inc.)

F3 - HKCU WinNT: Load - (C:\Users\Dysonans\LOCALS~1\Temp\msiqczxb.com) - C:\Users\Dysonans\Local Settings\Temp\msiqczxb.com ()

O4 - HKCU..\Run: [killosqomalu] c:\users\dysonans\killosqomalu.exe File not found

O4 - HKCU..\Run: [kuqgyzytigji] c:\users\dysonans\kuqgyzytigji.exe File not found

O4 - HKCU..\Run: [kymucexsixzi] c:\users\dysonans\kymucexsixzi.exe File not found

O4 - HKCU..\Run: [laqakotholuq] C:\Users\Dysonans\laqakotholuq.exe File not found

O4 - HKCU..\Run: [lelisroprilu] C:\Users\Dysonans\lelisroprilu.exe File not found

O4 - HKCU..\Run: [Microsoft Antivirus Scanner] C:\Users\Dysonans\a3.dll ()

O4 - HKCU..\Run: [Microsoft Firewall 2.9] C:\Users\Dysonans\AppData\Roaming\WMPRWISE.EXE ()

O4 - HKCU..\Run: [Mktktw] I:\RECYCLER\0xA25D5DBD.exe File not found

O4 - HKCU..\Run: [nyzamufdelyg] C:\Users\Dysonans\nyzamufdelyg.exe File not found

O4 - HKCU..\Run: [pafqutakpolo] C:\Users\Dysonans\pafqutakpolo.exe File not found

O4 - HKCU..\Run: [pesyvazqonyr] C:\Users\Dysonans\pesyvazqonyr.exe File not found

O4 - HKCU..\Run: [pijorlepehor] C:\Users\Dysonans\pijorlepehor.exe File not found

O4 - HKCU..\Run: [posinkuragix] C:\Users\Dysonans\posinkuragix.exe File not found

O4 - HKCU..\Run: [pymofhygusim] C:\Users\Dysonans\pymofhygusim.exe File not found

O4 - HKCU..\Run: [qiturugcenxa] C:\Users\Dysonans\qiturugcenxa.exe File not found

O4 - HKCU..\Run: [qokozypkabaq] c:\users\dysonans\qokozypkabaq.exe File not found

O4 - HKCU..\Run: [qyxhaggemixe] C:\Users\Dysonans\qyxhaggemixe.exe File not found

O4 - HKCU..\Run: [rapixxagibna] C:\Users\Dysonans\rapixxagibna.exe File not found

O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found

O4 - HKCU..\Run: [RegistryWm] C:\Users\Dysonans\AppData\Roaming\qtwm.exe ()

O4 - HKCU..\Run: [remwepqixynn] C:\Users\Dysonans\remwepqixynn.exe File not found

O4 - HKCU..\Run: [rypdubcifobf] C:\Users\Dysonans\rypdubcifobf.exe File not found

O4 - HKCU..\Run: [samimupkomjo] C:\Users\Dysonans\samimupkomjo.exe File not found

O4 - HKCU..\Run: [sD2014] C:\Users\Dysonans\AppData\Roaming\9CdahNhd\9CdahNhd.exe File not found

O4 - HKCU..\Run: [skypeUpdate] C:\Users\Dysonans\AppData\Roaming\SkypeUpdate.exe ()

[2013-09-09 22:34:58 | 000,593,688 | ---- | C] (TMRG, Inc.) -- C:\Windows\System32\rlls.dll

[2013-08-01 04:47:33 | 000,101,888 | RHS- | C] () -- C:\Users\Dysonans\haetai.exe

O4 - HKCU..\Run: [gicpelzekitu] C:\Users\Dysonans\gicpelzekitu.exe File not found

O4 - HKCU..\Run: [HDebugger] C:\Users\Dysonans\AppData\Local\Temp\364465.exe ()

O4 - HKCU..\Run: [hiclynkirsah] C:\Users\Dysonans\hiclynkirsah.exe File not found

O4 - HKCU..\Run: [hifoflykzifd] C:\Users\Dysonans\hifoflykzifd.exe File not found

O4 - HKCU..\Run: [HostSVC] C:\Users\Dysonans\AppData\Roaming\dwm.exe ()

O4 - HKCU..\Run: [jezumzugurpi] C:\Users\Dysonans\jezumzugurpi.exe File not found

O4 - HKCU..\Run: [kidvymecavyf] C:\Users\Dysonans\kidvymecavyf.exe File not found

O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found

O4 - HKCU..\Run: [fathywindypo] C:\Users\Dysonans\fathywindypo.exe File not found

O4 - HKCU..\Run: [fiksaqviqfux] C:\Users\Dysonans\fiksaqviqfux.exe File not found

O4 - HKCU..\Run: [fimbannolced] C:\Users\Dysonans\fimbannolced.exe File not found

O4 - HKCU..\Run: [binxiksembyd] C:\Users\Dysonans\binxiksembyd.exe File not found

O4 - HKCU..\Run: [bixjapusdice] C:\Users\Dysonans\bixjapusdice.exe File not found

O4 - HKCU..\Run: [bocjogfabgis] C:\Users\Dysonans\bocjogfabgis.exe File not found

O4 - HKCU..\Run: [buzkammomzat] C:\Users\Dysonans\buzkammomzat.exe File not found

O4 - HKCU..\Run: [cafcabeapaku] C:\Users\Dysonans\cafcabeapaku.exe File not found

O4 - HKCU..\Run: [cobipnobabit] C:\Users\Dysonans\cobipnobabit.exe File not found

O4 - HKCU..\Run: [cordozjocosi] C:\Users\Dysonans\cordozjocosi.exe File not found

O4 - HKCU..\Run: [cudkugzyqhem] C:\Users\Dysonans\cudkugzyqhem.exe File not found

DRV - [2013-06-18 15:11:50 | 000,061,184 | ---- | M] () [unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\1cb497b677156d7c.sys -- (1cb497b677156d7c)

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\zzxalbxi.sys -- (zzxalbxi)

SRV - [2013-08-17 00:02:28 | 000,186,136 | ---- | M] (TMRG, Inc.) [Auto | Stopped] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)

SRV - [2013-06-18 15:11:50 | 000,061,184 | ---- | M] () [unknown (-1) | Unknown] -- C:\Windows\System32\drivers\1cb497b677156d7c.sys -- (1cb497b677156d7c)

 

:Commands

[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.

Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

 

F.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Ok zabieram się za to, dzięki!

 

TDS Skiller:

Mój link

 

OTL Raport po restarcie systemu:

Mój link

OTL:

Mój link

Extras:

Mój link

 

Dodam tylko, że zainfekowane pliki mogą być dłużej na dysku niż 30 dni, może ma to jakieś znaczenie ;)

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

------->>@Dyso

 

W międzyczasie zacznij myśleć nad zainstalowaniem jakiegoś Antywirusa, bo w logach nie dostrzegam żadnego.

Pewnie nie miałbyś aż tylu infekcji, gdybyś miał Antywirusa.

 

F.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Ściągam właśnie trial Kaspersky antywirusa, jeśli przypadnie mi do gustu to zainwestuję (chyba, że polecasz coś tańszego z podobną efektywnością).

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Może być nawet jakiś darmowy - chodzi o to, by choć w minimalnym stopniu ochraniał komputer, bo do tej pory infekcje miały szeroko otwarte drzwi do Twego komputera.

Żaden Antywirus nie chroni w 100%, ale lepsza nawet mała ochrona, niż żadna.

 

F.

 

EDIT:

Nie zauważyłam, że dałeś logi zaraz je przejrzę ...

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Nie zauważyłam, że dałeś logi zaraz je przejrzę ...

 

 

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL

O4 - HKCU..\Run: [{5C1CA32F-CB68-AD41-D412-FBAFE900D8B2}] C:\Users\Dysonans\AppData\Roaming\Ropao\zialo.exe File not found

 

:Commands

[emptytemp]

Kliknij w Wykonaj Skrypt.

Raportu z tego już nie dawaj.

 

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

Jednocześnie zniknie TDSSKiller.

 

( LockedFile.Multi.Generic )

W logu TDDSSKiller jest dużo tak oznaczonych sterowników.

Nie wiem, czy to efekt działania Rootkita NECURS, czy może po prostu te sterowniki nie mają sygnatury z winy producenta.

Jednak jeśli zauważysz jakieś niepokojące objawy działania Systemu, to założysz temat na http://www.fixitpc.pl/

Tam @Picasso oceni, czy ma to związek z NECURS, czy nie

zapisz gdzieś sobie ten log z TDSSKiller, by móc go tam pokazać.

 

F.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

----------->>@Kestrel

 

1) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL

SRV - File not found [Auto | Stopped] -- C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver)

SRV - [2011-07-27 13:06:44 | 000,267,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (lvupdtio)

IE - HKU\S-1-5-21-3222982257-960968669-1864993870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.babylon.com/home

IE - HKU\S-1-5-21-3222982257-960968669-1864993870-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-3222982257-960968669-1864993870-1000\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0&install_country=PL&install_date=20111004&user_guid=C43DEE568BAE4762AE974E6EDB7FCD4D&machine_id=93ed9ca5c8b6a8431c77f6aa05099ea7&browser=IE&os=win&os_version=6.1-x86-SP0&iesrc={referrer:source}

IE - HKU\S-1-5-21-3222982257-960968669-1864993870-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()

O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()

O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

[2013-09-13 14:22:59 | 095,025,368 | ---- | M] () -- C:\ProgramData\1lfwl3e8z.pff

[2013-09-13 14:07:16 | 000,000,000 | ---- | M] () -- C:\ProgramData\1lfwl3e8z.ctrl

[2013-09-13 13:59:10 | 000,001,033 | ---- | M] () -- C:\Users\Iceman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1lfwl3e8z.lnk

[2013-09-13 13:59:06 | 000,155,648 | ---- | M] () -- C:\ProgramData\z8e3lwfl1.plz

 

:Commands

[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

 

2) Użyj Adw-Cleaner z opcji USUŃ http://forum.pclab.pl/topic/896975-Narz%C4%99dzia-u%C5%BCywane-do-dezynfekcji/

Daj z tego raport.

Najnowsza wersja Adw-Cleaner'a nie ma polskiej wersji, i działa trochę inaczej: najpierw kliknij na SCAN, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk CLEAN, to kliknij na niego.

 

3) Zrób nowy log OTL.

 

4) Zainstaluj nowszą, bezpieczniejszą wersję Javy:

>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz: Windows x86 Offline lub Online)

 

 

F.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Raport po wykonaniu skryptu i restarcie komputera:

 

 

All processes killed

========== OTL ==========

Service matlabserver stopped successfully!

Service matlabserver deleted successfully!

File C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe not found.

Service Updater Service for StartNow Toolbar stopped successfully!

Service Updater Service for StartNow Toolbar deleted successfully!

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe moved successfully.

Service lvupdtio stopped successfully!

Service lvupdtio deleted successfully!

HKU\S-1-5-21-3222982257-960968669-1864993870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!

HKEY_USERS\S-1-5-21-3222982257-960968669-1864993870-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3222982257-960968669-1864993870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ not found.

Registry key HKEY_USERS\S-1-5-21-3222982257-960968669-1864993870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.

C:\Program Files\StartNow Toolbar\Toolbar32.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.

File C:\Program Files\StartNow Toolbar\Toolbar32.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper deleted successfully.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

C:\ProgramData\1lfwl3e8z.pff moved successfully.

C:\ProgramData\1lfwl3e8z.ctrl moved successfully.

C:\Users\Iceman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1lfwl3e8z.lnk moved successfully.

C:\ProgramData\z8e3lwfl1.plz moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Agnieszka

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Iceman

->Temp folder emptied: 7874865209 bytes

->Temporary Internet Files folder emptied: 28795808 bytes

->Java cache emptied: 2907039 bytes

->Google Chrome cache emptied: 9668505 bytes

->Opera cache emptied: 57956612 bytes

->Flash cache emptied: 64218 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 97156070 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 6769188 bytes

RecycleBin emptied: 7579458663 bytes

 

Total Files Cleaned = 14 932,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 09132013_175301

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

----------------------------------------------------------------------------------------------------------------------------------------------------------------

 

RAPORT PO UŻYCIU ADW-CLEANER:

 

# AdwCleaner v3.003 - Report created 13/09/2013 at 18:09:23

# Updated 07/09/2013 by Xplode

# Operating System : Windows 7 Ultimate (32 bits)

# Username : Iceman - IICEMAN

# Running from : H:\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\Iceman\Qtrax

Folder Deleted : C:\Users\Iceman\AppData\Local\Babylon

Folder Deleted : C:\Users\Iceman\AppData\Roaming\Babylon

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pc-tools-firewall-plus_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pc-tools-firewall-plus_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\StartNow Toolbar

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\StartNow Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

 

-\\ Google Chrome v29.0.1547.66

 

[ File : C:\Users\Iceman\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [3740 octets] - [13/09/2013 18:08:46]

AdwCleaner[s0].txt - [3705 octets] - [13/09/2013 18:09:23]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3765 octets] ##########

----------------------------------------------------------------------------------------------------------------------------------------------------------------

 

NOWY LOG OTL:

 

OTL logfile created on: 2013-09-13 18:14:10 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = H:\

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,92 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 63,39% Memory free

5,84 Gb Paging File | 4,60 Gb Available in Paging File | 78,83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 45,80 Gb Total Space | 12,50 Gb Free Space | 27,29% Space Free | Partition Type: NTFS

Drive D: | 250,00 Gb Total Space | 65,34 Gb Free Space | 26,14% Space Free | Partition Type: NTFS

Drive E: | 300,27 Gb Total Space | 10,82 Gb Free Space | 3,60% Space Free | Partition Type: NTFS

Drive F: | 3,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 2,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive H: | 14,42 Gb Total Space | 4,94 Gb Free Space | 34,29% Space Free | Partition Type: FAT32

 

Computer Name: IICEMAN | User Name: Iceman | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013-09-13 14:43:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL.com

PRC - [2013-06-28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2013-06-28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2013-03-07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013-03-07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013-02-05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

PRC - [2012-12-19 00:06:42 | 000,172,344 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe

PRC - [2012-11-30 13:34:58 | 000,054,464 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe

PRC - [2012-11-30 13:34:10 | 000,054,472 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

PRC - [2012-11-28 16:42:16 | 000,371,352 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

PRC - [2012-11-28 16:28:52 | 000,060,568 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lktsrv.exe

PRC - [2012-11-28 16:10:28 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lkads.exe

PRC - [2012-11-21 10:19:06 | 000,051,360 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe

PRC - [2012-09-26 15:03:52 | 000,258,776 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe

PRC - [2012-09-18 09:32:42 | 000,661,184 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe

PRC - [2012-06-07 22:42:14 | 000,680,624 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe

PRC - [2011-09-17 15:54:02 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe

PRC - [2010-10-27 08:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe

PRC - [2010-10-09 10:51:48 | 000,736,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

PRC - [2010-08-17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

PRC - [2010-08-11 20:18:42 | 000,866,944 | ---- | M] (ASUS) -- C:\Program Files\P4G\BatteryLife.exe

PRC - [2010-08-11 15:45:00 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2010-08-11 15:44:38 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2010-07-23 16:05:28 | 001,316,144 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe

PRC - [2010-07-12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe

PRC - [2010-07-02 13:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe

PRC - [2010-06-22 11:05:38 | 000,303,744 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\System32\FBAgent.exe

PRC - [2010-06-09 09:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files\ASUS\ControlDeck\ControlDeck.exe

PRC - [2010-05-03 14:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe

PRC - [2010-05-03 14:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe

PRC - [2010-04-13 09:32:42 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe

PRC - [2010-04-07 07:16:54 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe

PRC - [2010-02-23 12:47:04 | 001,024,368 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

PRC - [2009-12-15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

PRC - [2009-09-30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009-09-30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009-09-23 10:11:54 | 001,160,320 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

PRC - [2009-07-31 10:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

PRC - [2009-07-23 10:30:06 | 000,544,768 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe

PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009-06-24 12:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe

PRC - [2009-06-19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

PRC - [2009-06-19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

PRC - [2009-06-15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

PRC - [2008-12-22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe

PRC - [2008-08-13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

PRC - [2008-03-31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

PRC - [2007-11-30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe

PRC - [2007-08-03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2007-06-27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007-06-27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2005-07-06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012-09-18 09:32:42 | 001,958,560 | ---- | M] () -- C:\Program Files\National Instruments\Shared\NI Error Reporting\niwsrp.dll

MOD - [2012-01-26 09:36:18 | 000,278,528 | R--- | M] () -- C:\Program Files\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll

MOD - [2010-08-26 15:52:38 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

MOD - [2010-08-11 21:20:40 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2010-07-14 16:12:52 | 000,021,120 | ---- | M] () -- C:\Program Files\P4G\DevMng.dll

MOD - [2010-07-02 13:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe

MOD - [2010-02-23 15:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files\ASUS\ControlDeck\Brightness.dll

MOD - [2010-02-23 15:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files\ASUS\ControlDeck\HelpFunc.dll

MOD - [2010-02-23 15:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files\ASUS\ControlDeck\P4GControl.dll

MOD - [2010-02-23 15:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files\ASUS\ControlDeck\Resolution.dll

MOD - [2010-02-23 15:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files\ASUS\ControlDeck\Volume.dll

MOD - [2009-09-17 13:41:42 | 000,267,264 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswcore.dll

MOD - [2009-09-15 16:45:58 | 000,228,864 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll

MOD - [2009-09-15 10:47:10 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ResItf.dll

MOD - [2009-09-11 16:40:20 | 000,084,992 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\cxcmrt.dll

MOD - [2009-07-14 10:07:28 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_pl_31bf3856ad364e35\PresentationCore.resources.dll

MOD - [2009-07-14 10:07:18 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009-07-14 10:07:18 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pl_b77a5c561934e089\System.resources.dll

MOD - [2009-07-14 06:45:49 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e033d390dc7e9567b6960b0f530cf30\System.Management.ni.dll

MOD - [2009-07-14 06:43:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39f5a71b5185d267b0f55cd4cea26d6b\PresentationFramework.Aero.ni.dll

MOD - [2009-07-14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll

MOD - [2009-07-14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll

MOD - [2009-07-14 06:43:20 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll

MOD - [2009-07-14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll

MOD - [2009-07-14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll

MOD - [2009-07-14 06:42:55 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll

MOD - [2009-07-14 06:42:45 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll

MOD - [2009-07-14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll

MOD - [2009-07-14 06:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll

MOD - [2009-07-14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll

MOD - [2009-07-14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll

MOD - [2009-07-08 11:24:16 | 000,167,424 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll

MOD - [2009-07-03 13:40:34 | 000,085,504 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\LogonStartup.dll

MOD - [2009-07-03 13:21:16 | 000,042,496 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\iphelper.dll

MOD - [2009-07-03 13:13:56 | 000,297,984 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswui.dll

MOD - [2009-07-03 13:13:16 | 000,074,752 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswobj.dll

MOD - [2009-07-03 13:12:32 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswhlp.dll

MOD - [2009-07-03 13:12:24 | 000,065,024 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswgblset.dll

MOD - [2009-07-03 13:12:14 | 000,089,088 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswds.dll

MOD - [2009-07-01 16:46:24 | 000,461,824 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll

MOD - [2008-09-30 23:02:44 | 000,009,216 | ---- | M] () -- C:\Program Files\ASUS\Splendid\GLCDdll.dll

MOD - [2007-11-30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe

MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll

MOD - [2007-06-15 10:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll

MOD - [2007-06-01 17:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013-09-10 22:45:06 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013-06-28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2013-04-19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013-03-07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013-02-05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)

SRV - [2012-12-19 00:06:42 | 000,172,344 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)

SRV - [2012-11-30 13:34:58 | 000,054,464 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)

SRV - [2012-11-30 13:34:10 | 000,054,472 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)

SRV - [2012-11-28 16:42:16 | 000,371,352 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)

SRV - [2012-11-28 16:28:52 | 000,060,568 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)

SRV - [2012-11-28 16:10:28 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds)

SRV - [2012-11-24 13:39:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012-11-21 10:19:06 | 000,051,360 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)

SRV - [2012-09-26 15:03:52 | 000,258,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)

SRV - [2012-06-07 22:42:14 | 000,680,624 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)

SRV - [2012-05-18 13:25:58 | 000,139,488 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)

SRV - [2010-10-27 08:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)

SRV - [2010-10-09 10:51:48 | 000,736,040 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)

SRV - [2010-08-11 15:44:38 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2010-08-02 10:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)

SRV - [2010-06-22 11:05:38 | 000,303,744 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\System32\FBAgent.exe -- (AFBAgent)

SRV - [2010-02-23 13:19:44 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)

SRV - [2010-02-23 13:19:44 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2009-12-15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2009-09-30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2009-09-30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009-06-15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2008-03-31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

SRV - [2007-08-03 12:24:54 | 000,125,496 | ---- | M] () [On_Demand | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\ipswuio.sys -- (ipswuio)

DRV - [2013-06-17 21:13:16 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2013-03-07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2013-03-07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2013-03-07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2013-03-07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2013-03-07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2013-03-07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013-03-07 01:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2013-03-07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011-11-04 20:34:56 | 000,019,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)

DRV - [2011-09-17 15:52:38 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)

DRV - [2011-07-12 12:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)

DRV - [2011-07-12 12:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)

DRV - [2011-07-12 12:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)

DRV - [2010-08-11 16:14:50 | 006,379,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2010-08-11 15:10:50 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2010-07-19 20:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)

DRV - [2010-07-19 20:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV - [2010-07-19 20:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2010-07-15 02:47:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)

DRV - [2010-07-14 08:17:18 | 000,526,464 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2010-03-02 10:43:20 | 001,263,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2010-02-25 05:27:00 | 000,098,928 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JME.sys -- (JME)

DRV - [2010-02-23 13:57:30 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2009-09-17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)

DRV - [2009-08-20 04:39:58 | 001,760,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)

DRV - [2009-08-18 10:23:28 | 000,119,408 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2009-07-20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009-07-02 17:36:10 | 000,013,880 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys -- (ASMMAP)

DRV - [2009-05-13 09:06:48 | 000,014,392 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2008-05-23 17:25:42 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2007-08-03 06:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-21-3222982257-960968669-1864993870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =

IE - HKU\S-1-5-21-3222982257-960968669-1864993870-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3222982257-960968669-1864993870-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3222982257-960968669-1864993870-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

 

 

 

========== Chrome ==========

 

CHR - homepage: http://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Iceman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: YouTube = C:\Users\Iceman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Szukaj w Google = C:\Users\Iceman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Users\Iceman\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

CHR - Extension: Skype Click to Call = C:\Users\Iceman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

CHR - Extension: Gmail = C:\Users\Iceman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NI Update Service] C:\Program Files\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments)

O4 - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe ()

O4 - HKU\S-1-5-21-3222982257-960968669-1864993870-1000..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-3222982257-960968669-1864993870-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)

O4 - HKU\S-1-5-21-3222982257-960968669-1864993870-1000..\Run: [NIRegistrationWizard] C:\Program Files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()

O4 - HKU\S-1-5-21-3222982257-960968669-1864993870-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47EE6183-0733-4592-B142-FE44BADDFCE5}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B37A0AEF-ECD9-4EC1-AD75-255D75F6DEEC}: DhcpNameServer = 192.168.160.2 149.156.96.9

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEC5C2A2-28F5-4E53-95E5-F47C636F2D72}: DhcpNameServer = 192.168.42.129

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2012-03-06 20:11:17 | 019,990,920 | R--- | M] (Ubisoft) - G:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2012-02-29 18:45:57 | 000,000,066 | R--- | M] () - G:\autorun.inf -- [ UDF ]

O32 - AutoRun File - [2013-06-24 17:58:10 | 000,000,000 | -HS- | M] () - H:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{263df050-e141-11e0-914d-f46d04b669f1}\Shell - "" = AutoRun

O33 - MountPoints2\{263df050-e141-11e0-914d-f46d04b669f1}\Shell\AutoRun\command - "" = H:\autorun.exe

O33 - MountPoints2\{386baeac-0ff7-11e2-996c-f46d04b669f1}\Shell - "" = AutoRun

O33 - MountPoints2\{386baeac-0ff7-11e2-996c-f46d04b669f1}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2012-03-06 20:11:17 | 019,990,920 | R--- | M] (Ubisoft)

O33 - MountPoints2\{39bc4bb5-4d85-11e1-8388-f46d04b669f1}\Shell - "" = AutoRun

O33 - MountPoints2\{39bc4bb5-4d85-11e1-8388-f46d04b669f1}\Shell\AutoRun\command - "" = G:\setup.exe -- [2012-03-06 20:11:18 | 000,978,312 | R--- | M] (Ubisoft)

O33 - MountPoints2\{d156ea2d-d780-11e2-ad78-f46d04b669f1}\Shell - "" = AutoRun

O33 - MountPoints2\{d156ea2d-d780-11e2-ad78-f46d04b669f1}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2012-03-06 20:11:17 | 019,990,920 | R--- | M] (Ubisoft)

O33 - MountPoints2\{d83b08ac-6285-11e2-ad5f-f46d04b669f1}\Shell - "" = AutoRun

O33 - MountPoints2\{d83b08ac-6285-11e2-ad5f-f46d04b669f1}\Shell\AutoRun\command - "" = G:\Launch.exe

O33 - MountPoints2\{facc6e1d-1477-11e3-82a1-f46d04b669f1}\Shell - "" = AutoRun

O33 - MountPoints2\{facc6e1d-1477-11e3-82a1-f46d04b669f1}\Shell\AutoRun\command - "" = H:\HTC_Sync_Manager_PC.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013-09-13 18:08:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013-08-27 17:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailShare

[2013-08-27 17:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\MailShare

[2012-12-20 03:36:18 | 000,377,584 | ---- | C] (National Instruments) -- C:\Users\Iceman\autorun.exe

 

========== Files - Modified Within 30 Days ==========

 

[2013-09-13 18:17:02 | 000,737,480 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2013-09-13 18:17:02 | 000,651,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013-09-13 18:17:02 | 000,154,136 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2013-09-13 18:17:02 | 000,120,580 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013-09-13 18:13:12 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012b Startup Accelerator.job

[2013-09-13 18:11:14 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe

[2013-09-13 18:10:54 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013-09-13 18:10:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013-09-13 18:10:24 | 2350,288,896 | -HS- | M] () -- C:\hiberfil.sys

[2013-09-13 18:02:54 | 000,010,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013-09-13 18:02:54 | 000,010,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013-09-13 14:10:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013-09-13 13:54:37 | 000,261,193 | ---- | M] () -- C:\Users\Iceman\Desktop\rozklad_2013-2014z-rok-III-b.pdf

[2013-09-13 13:49:10 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013-09-10 22:45:05 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013-09-10 22:45:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

 

========== Files Created - No Company Name ==========

 

[2013-09-13 13:54:37 | 000,261,193 | ---- | C] () -- C:\Users\Iceman\Desktop\rozklad_2013-2014z-rok-III-b.pdf

[2013-03-21 13:37:03 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013-03-21 13:37:01 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013-03-11 17:18:54 | 000,000,801 | ---- | C] () -- C:\Windows\QIII.INI

[2012-12-24 13:32:08 | 000,028,475 | ---- | C] () -- C:\Users\Iceman\AppData\Roaming\UserTile.png

[2012-12-20 03:36:26 | 000,061,437 | ---- | C] () -- C:\Users\Iceman\setup.ini

[2012-12-20 03:36:26 | 000,000,303 | ---- | C] () -- C:\Users\Iceman\nidist.id

[2012-12-20 03:36:16 | 000,000,539 | ---- | C] () -- C:\Users\Iceman\autorun.inf

[2012-12-19 14:54:36 | 000,030,782 | ---- | C] () -- C:\Users\Iceman\readme.html

[2012-12-13 01:57:42 | 001,433,800 | ---- | C] () -- C:\Users\Iceman\setup.exe

[2012-11-21 13:08:19 | 000,000,080 | ---- | C] () -- C:\Windows\matlab.ini

[2012-06-19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe

[2012-05-23 14:50:42 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini

[2012-02-09 12:01:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe

[2011-11-27 23:25:16 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011-11-27 23:25:15 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2011-11-04 20:34:56 | 000,019,552 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys

[2011-11-01 23:09:41 | 000,000,168 | ---- | C] () -- C:\Windows\usdthank.ini

[2011-11-01 23:09:41 | 000,000,031 | ---- | C] () -- C:\Windows\idc.ini

[2011-10-30 16:22:17 | 000,000,600 | ---- | C] () -- C:\Users\Iceman\AppData\Local\PUTTY.RND

[2011-10-21 18:47:51 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe

[2011-10-18 20:31:56 | 000,003,584 | ---- | C] () -- C:\Users\Iceman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-10-04 22:55:30 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011-10-04 22:55:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011-10-04 22:55:26 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011-10-04 22:55:26 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011-10-04 22:55:26 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2011-09-17 15:46:41 | 000,001,950 | ---- | C] () -- C:\Windows\System32\AutoRunFilter.ini

[2011-09-17 15:46:41 | 000,001,472 | ---- | C] () -- C:\Windows\System32\ServiceFilter.ini

[2011-09-17 15:46:41 | 000,000,105 | ---- | C] () -- C:\Windows\System32\FastBoot.ini

[2011-09-17 15:46:41 | 000,000,080 | ---- | C] () -- C:\Windows\System32\Defrag.ini

[2011-09-17 15:46:41 | 000,000,052 | ---- | C] () -- C:\Windows\System32\RemoveFont.ini

[2011-09-17 15:46:41 | 000,000,015 | ---- | C] () -- C:\Windows\System32\BootTime.ini

[2011-09-17 15:45:32 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

[2011-09-17 15:45:23 | 001,760,384 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2011-09-17 15:45:23 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

[2011-09-17 15:45:23 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2011-09-17 15:45:23 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2011-09-17 15:44:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011-09-17 15:39:51 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat

 

========== ZeroAccess Check ==========

 

[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013-06-24 20:05:52 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\Autodesk

[2012-02-02 12:17:23 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\DAEMON Tools Lite

[2011-09-19 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\Gadu-Gadu 10

[2011-09-22 17:16:40 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\Lionhead Studios

[2011-10-02 20:39:16 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\Nowe Gadu-Gadu

[2011-09-19 18:54:30 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\OpenFM

[2011-10-26 22:51:26 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\Opera

[2011-12-05 01:25:52 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\PCToolsFirewallPlus

[2011-11-27 23:25:14 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\PunkBuster

[2011-10-19 22:53:33 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\Rovio

[2012-01-19 04:20:01 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\Softland

[2013-05-16 20:22:47 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\Subversion

[2012-01-19 04:12:26 | 000,000,000 | ---D | M] -- C:\Users\Iceman\AppData\Roaming\WordToPDF

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C31F31E6

 

< End of report >

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

---------->>@Kestrel

 

Sądząc po nowym logu, to jest już OK.

Kończymy:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

 

F.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

----------->>@Predii

 

ja tu wcale nie widzę tej infekcji.

zrób jeszcze log z OTL na ustawieniu "wszyscy użytkownicy".

zrób też log z FRST http://forum.pclab.pl/topic/893302-WA%C5%BBNE-Wymagane-logi-systemowe-w-tym-dziale/

 

W międzyczasie możesz ściągnąć Adw-Cleaner z opcji USUŃ http://forum.pclab.pl/topic/896975-Narz%C4%99dzia-u%C5%BCywane-do-dezynfekcji/

trzeba go będzie użyć, ale dopóki jesteś w Trybie Awaryjnym, to raczej nie uda się to.

 

F.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

--------->>@Predii

 

Otwórz Notatnik i wklej w nim:

HKU\Predi\...\Winlogon: [shell] explorer.exe,C:\Documents and Settings\Predi\Dane aplikacji\data.dat [ 2008-04-14] () <==== ATTENTION

C:\Documents and Settings\Predi\Ustawienia lokalne\Temp\xyvmoigndlackpjcljt.bfg

C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\dl_210500.exe

C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\dl_61375.exe

C:\Documents and Settings\Predi\Ustawienia lokalne\Temp\uttE0.tmp.exe

HKU\Predi\...\Run: [NTRedirect] - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Predi\Dane aplikacji\BabSolution\Shared\enhancedNT.dll",Run

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt.

 

Użyj Adw-Cleaner z opcji USUŃ http://forum.pclab.pl/topic/896975-Narz%C4%99dzia-u%C5%BCywane-do-dezynfekcji/

Daj z tego raport.

Najnowsza wersja Adw-Cleaner'a nie ma polskiej wersji, i działa trochę inaczej: najpierw kliknij na SCAN, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk CLEAN, to kliknij na niego.

 

Zrób nowy log z OTL.

Zrób nowy log z FRST.

 

F.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

C:\Documents and Settings\Predi\Dane aplikacji\data.dat

Hm, z raportu usuwania FRST wcale nie wynika, że usunął ten plik infekcji.

Podejrzewam też, że jest podobny plik data.ini, choć w logach go nie było widać.

Otwórz Notatnik i wklej w nim:

C:\Documents and Settings\Predi\Dane aplikacji\data.dat

C:\Documents and Settings\Predi\Dane aplikacji\data.ini

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt.

 

Spróbuj wejsć na Tryb Normalny.

Jeśli się uda, to użyjesz Adw-Cleaner, zrobisz potem log z OTL i z FRST.

 

F.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

--------->>@Predii

 

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL

[2013-08-23 08:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate

[2013-09-19 15:08:40 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found

O20 - AppInit_DLLs: (c:\docume~1\alluse~1\daneap~1\bitguard\261673~1.238\{c16c1~1\bitguard.dll) - File not found

O4 - HKU\S-1-5-21-789336058-515967899-1417001333-1004..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Predi\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Documents and Settings\All Users\Dane aplikacji\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension

IE - HKU\S-1-5-21-789336058-515967899-1417001333-1004\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found

IE - HKU\S-1-5-21-789336058-515967899-1417001333-1004\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LGVirHid.sys -- (LGVirHid)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LGSHidFilt.Sys -- (LGSHidFilt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LGBusEnum.sys -- (LGBusEnum)

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -- (BitGuard)

 

:Files

C:\Documents and Settings\Predi\Dane aplikacji\Mozilla\Firefox\Profiles\nlal3dak.default\searchplugins\BitGuard.xml

C:\Documents and Settings\Predi\Dane aplikacji\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

C:\Documents and Settings\All Users\Dane aplikacji\Browser Manager

 

:Reg

[-HKEY_USERS\S-1-5-21-789336058-515967899-1417001333-1004\Software\Microsoft\Internet Explorer\SearchScopes\{5B058EE1-302A-4A74-BD08-95AA8E592080}]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"=-

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"=-

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"=-

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"=-

[HKEY_USERS\S-1-5-21-789336058-515967899-1417001333-1004\Software\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"=-

[HKEY_USERS\S-1-5-21-789336058-515967899-1417001333-1004\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

 

:Commands

[emptytemp]

Kliknij w Wykonaj Skrypt.

Raportu z tego już nie dawaj.

 

Potem kończymy:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

FRST -usuń ręcznie (jeśli nie zniknie razem z OTL).

 

Zainstaluj nowszą, bezpieczniejszą wersję Javy:

>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz: Windows x86 Offline lub Online)

 

F.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

  • Ostatnio przeglądający   0 użytkowników

    Brak zarejestrowanych użytkowników przeglądających tę stronę.

  • Tematy

  • Odpowiedzi

    • Rdr 2 nie jest dobrą grą do sprawdzania stabilnośći oc .
    • Cześć, Aktualnie posiadam Optix MAG272C MSI. Niby ma naprawdę dosyć dobre ustawienia jak 165HZ, 1ms, HDR, natomiast bardzo męczą mi się przy nim oczy. Nie mogę wytrzymywać w pracy jako programista. Ekran jest tak jakby trochę nie wyraźny dla mnie, jakby cień. Naprawdę tragedia. Zależy mi głównie na tym, żeby oczy męczyły mi się jak najmniej, aby obraz był po prostu jakościowy do pracy biurowej/dla programisty. Opcjonalną cechą jest kompatybilność z Macbookiem (na razie mam zwykłego paviliona na linuxie). Na razie znalazłem takie, które mogłyby się sprawdzić. Inne cechy: 1444p minimum, 27 cali, prosty nie zakrzywiony, w moim przypadku odbieram zakrzywienie jako dużo gorszą jakość i droższą opcje. Nie wiem czy lepiej patrzeć w 32 cale czy w 27, żeby wzrok się mnie męczył.   https://www.x-kom.pl/p/1160222-monitor-led-27-dell-g2724d.html#Specyfikacja https://iiyama-sklep.pl/1149-monitory-gamingowe-g-master-red-eagle-monitor-iiyama-g-master-red-eagle-gcb3480wqsu-b1-34-zagiete-va-led-180hz-04ms-2xhdmi-2xdisplayport-hub-usb-freesync--4948570122257.html INNE: https://www.x-kom.pl/p/1168419-monitor-led-27-lg-ultragear-27gr93u-b.html?utm_source=forum&utm_medium=pclab-dl&utm_campaign=Q1 https://www.x-kom.pl/p/1160222-monitor-led-27-dell-g2724d.html?utm_source=forum&utm_medium=pclab-dl&utm_campaign=Q1 1. https://www.amazon.com/ASUS-1080P-Gaming-Monitor-VG246H/dp/B071KHHDNK?linkCode=sl1&tag=suzlyfee-20&linkId=ea51b393324ca79167d5322a38606c89&language=en_US&ref_=as_li_ss_tl&th=1 2. Dell SE3223Q -https://www.amazon.com/Dell-SE3223Q-31-5-inch-Monitor-Gray/dp/B0B2GRMGFL?&linkCode=sl1&tag=suzlyfee-20&linkId=09491e0d74e512c4fa21d9984e748fb4&language=en_US&ref_=as_li_ss_tl  
    • Thermalright Peerless Assassin za 184zł z amazona, ciężko znaleźć coś lepszego "taniego"
    • Jest pełno info, że GTA V nie lubi szybkich maszyn, w tym też dużo filmików na yt "jak sobie z tym poradzić". Niestety, większość filmików dotyczy sytuacji, gdy stuttery pojawiają się regularnie w odstępach kilkusekundowych, a u mnie sytuacja wygląda tak, że gra zacina się raz na kilka/kilkanaście minut na około 1-3 s, co mocno wkurza. Tym bardziej, że na serwerach RP zwykle przy tym stutterze po prostu gra wywala się. I: tak, stuttery są zarówno w online, jak i offline.
  • Aktywni użytkownicy

×
×
  • Dodaj nową pozycję...