Nie wyświetla plików z pendrive

[puma123]

Witajcie,

Nie wyświetla mi plików na pendrivie.

HiJackThis:
Przy skanowaniu wyskoczyły takie błędy:



Logi:





Gmer:

Kod: Zaznacz wszystko

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-25 15:08:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kfgdqfoc.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\syswow64\svchost.exe [4292:4432]  00000000002a10e0

---- EOF - GMER 2.1 ----


USBFix

Kod: Zaznacz wszystko

############################## | UsbFix V 7.129 | [Deletion]

User: Administrator1 (Administrator) # Administrator12
Updated 24/06/2013 by El Desaparecido
Started at 15:13:25 | 25/07/2013

Website: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: [email protected]

PC: Acer (Aspire E1-571G) (x64-based PC)
CPU: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz (2400)
RAM -> [Total : 3932 | Free : 2122]
BIOS: InsydeH2O Version 03.71.48V1.07
BOOT: Normal boot

OS: Microsoft Windows 7 Home Premium  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: McAfee  Anti-Virus i Anti-Spyware [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 448 Gb (343 Mb free - 77%) [Acer] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 2 Gb (2 Mb free - 100%) [GODDRIVE] # FAT

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\SOFTWARE | Run : [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
HKLM\SOFTWARE | Run : [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [BackupManagerTray] - "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
HKLM\SOFTWARE | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\SOFTWARE\wow6432Node | Run : [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [BackupManagerTray] - "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
HKLM\SOFTWARE\wow6432Node | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
HKLM\SOFTWARE\wow6432Node | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3761214776-854486660-3764415504-1000\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-19\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3761214776-854486660-3764415504-1000\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

################## | Stopped processes |

Stopped! C:\Windows\system32\nvvsvc.exe (608)
Stopped! C:\Windows\system32\WLANExt.exe (1324)
Stopped! C:\Windows\system32\conhost.exe (1336)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1544)
Stopped! C:\Windows\system32\nvvsvc.exe (1556)
Stopped! C:\Windows\System32\spoolsv.exe (1604)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1848)
Stopped! C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (1888)
Stopped! C:\Program Files (x86)\Launch Manager\dsiwmis.exe (1932)
Stopped! C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (2044)
Stopped! C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (1340)
Stopped! C:\Program Files (x86)\Launch Manager\LMutilps32.exe (1724)
Stopped! C:\ProgramData\DatacardService\HWDeviceService64.exe (812)
Stopped! C:\Program Files\Intel\iCLS Client\HeciServer.exe (1392)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (2000)
Stopped! C:\Program Files\Acer\Acer Updater\UpdaterService.exe (1980)
Stopped! C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (1988)
Stopped! C:\Windows\system32\mfevtps.exe (2076)
Stopped! C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (2096)
Stopped! C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (2156)
Stopped! C:\Windows\system32\rundll32.exe (2192)
Stopped! C:\Windows\system32\rundll32.exe (2200)
Stopped! C:\Windows\SysWOW64\rundll32.exe (2240)
Stopped! C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (2264)
Stopped! C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (2348)
Stopped! C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (2400)
Stopped! C:\Windows\system32\taskhost.exe (3324)
Stopped! C:\Windows\System32\igfxtray.exe (3772)
Stopped! C:\Windows\System32\hkcmd.exe (3788)
Stopped! C:\Windows\system32\igfxsrvc.exe (3804)
Stopped! C:\Windows\System32\igfxpers.exe (3816)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (3892)
Stopped! C:\Program Files\Elantech\ETDCtrl.exe (3948)
Stopped! C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (3976)
Stopped! C:\ProgramData\DatacardService\DCSHelper.exe (4092)
Stopped! C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (1672)
Stopped! C:\Program Files\mcafee.com\agent\mcagent.exe (3064)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3188)
Stopped! C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (2120)
Stopped! C:\Program Files (x86)\Launch Manager\LManager.exe (2708)
Stopped! C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (3596)
Stopped! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3564)
Stopped! C:\Windows\system32\igfxext.exe (3724)
Stopped! C:\Program Files (x86)\Launch Manager\LMworker.exe (3364)
Stopped! C:\Program Files\Elantech\ETDCtrlHelper.exe (1484)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (1660)
Stopped! C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (4108)
Stopped! C:\Windows\system32\SearchIndexer.exe (4216)
Stopped! C:\Windows\system32\taskeng.exe (4628)
Stopped! C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (4668)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (4100)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (4144)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (5152)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (5816)
Stopped! C:\Windows\system32\wuauclt.exe (5752)
Stopped! C:\Program Files\EgisTec IPS\PMMUpdate.exe (4724)
Stopped! C:\Program Files\EgisTec IPS\EgisUpdate.exe (4472)
Stopped! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2104)
Stopped! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3304)
Stopped! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (2168)
Stopped! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (3920)
Stopped! c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe (4804)
Stopped! C:\Windows\System32\WUDFHost.exe (2624)

################## | Files # Infected Folders |

Not deleted ! E:\autorun.inf

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\E
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{20b9a7fc-12ec-11e2-a6b5-b888e34deccc}

################## | Listing |

[09/10/2012 - 14:17:30 | SHD ]    C:\$Recycle.Bin
[09/10/2012 - 14:20:30 | D ]    C:\book
[06/03/2012 - 13:26:17 | N | 8192]    C:\BOOTSECT.BAK
[14/07/2009 - 07:08:56 | SHD ]    C:\Documents and Settings
[25/07/2013 - 05:21:21 | ASH | 3092533248]    C:\hiberfil.sys
[28/06/2012 - 23:59:11 | D ]    C:\Intel
[09/10/2012 - 18:35:37 | N | 40]    C:\log.txt
[09/10/2012 - 16:15:07 | D ]    C:\MININT
[27/06/2013 - 07:19:20 | D ]    C:\MSI
[10/10/2012 - 17:54:43 | RHD ]    C:\MSOCache
[09/10/2012 - 14:20:34 | D ]    C:\OEM
[25/07/2013 - 05:21:27 | ASH | 4123377664]    C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ]    C:\PerfLogs
[07/07/2013 - 20:43:25 | D ]    C:\Program Files
[25/07/2013 - 14:54:18 | D ]    C:\Program Files (x86)
[04/07/2013 - 21:45:17 | HD ]    C:\ProgramData
[09/10/2012 - 14:10:07 | SHD ]    C:\Recovery
[25/07/2013 - 14:54:17 | SHD ]    C:\System Volume Information
[31/12/2012 - 22:13:26 | D ]    C:\totalcmd
[25/07/2013 - 15:16:32 | D ]    C:\UsbFix
[25/07/2013 - 15:16:43 | A | 10056]    C:\UsbFix [Clean 1] Administrator12.txt
[09/10/2012 - 14:11:40 | D ]    C:\Users
[23/07/2013 - 12:58:21 | D ]    C:\Windows
[25/07/2013 - 06:04:08 | D ]    E:\ 
[25/07/2013 - 15:13:18 | N | 0]    E:\autorun.inf

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.net |


Bardzo Proszę o pomoc...

[mateo8898]

Napisałem Ci na PW, żebyś podał logi z OTL, a nie z tego starocia HijackThis.

[puma123]

Zaraz wrzucę, skanuje się...

/Edit:

Kod: Zaznacz wszystko

OTL logfile created on: 2013-07-25 15:24:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator1\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,84 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 54,97% Memory free
7,68 Gb Paging File | 5,67 Gb Available in Paging File | 73,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,66 Gb Total Space | 343,67 Gb Free Space | 76,77% Space Free | Partition Type: NTFS
 
Computer Name: Administrator12 | User Name: Administrator1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013-07-25 15:24:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator1\Downloads\OTL.exe
PRC - [2013-07-07 21:12:15 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013-07-03 11:08:30 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-03-02 09:59:26 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012-03-02 09:59:24 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012-03-02 09:59:24 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012-02-08 04:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013-07-07 21:12:15 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013-07-03 11:08:30 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2012-11-16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:[b]64bit:[/b] - [2012-11-09 07:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:[b]64bit:[/b] - [2012-11-09 07:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:[b]64bit:[/b] - [2012-11-09 07:33:08 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:[b]64bit:[/b] - [2012-08-31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:[b]64bit:[/b] - [2012-08-31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:[b]64bit:[/b] - [2012-08-31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:[b]64bit:[/b] - [2012-08-31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:[b]64bit:[/b] - [2012-08-31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:[b]64bit:[/b] - [2012-08-31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:[b]64bit:[/b] - [2012-08-31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:[b]64bit:[/b] - [2012-08-31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:[b]64bit:[/b] - [2012-02-08 02:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:[b]64bit:[/b] - [2012-02-07 03:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:[b]64bit:[/b] - [2012-02-03 07:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2011-01-28 22:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:[b]64bit:[/b] - [2010-09-23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-07-10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-07-03 11:08:30 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-02-05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012-12-18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-10-10 17:31:38 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe -- (PLAY ONLINE. RunOuc)
SRV - [2012-06-29 00:22:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-03-02 09:59:24 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012-02-29 15:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012-02-20 06:18:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-02-08 04:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-02-08 04:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-02-08 04:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-02-02 07:33:22 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-02-02 02:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012-01-18 13:33:22 | 000,111,776 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe -- (DCDhcpService)
SRV - [2012-01-06 00:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011-06-21 22:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011-06-07 21:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011-05-13 01:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011-03-14 17:27:34 | 000,346,976 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010-10-12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010-06-02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012-11-09 07:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:[b]64bit:[/b] - [2012-11-09 07:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:[b]64bit:[/b] - [2012-11-09 07:36:30 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:[b]64bit:[/b] - [2012-11-09 07:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:[b]64bit:[/b] - [2012-11-09 07:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:[b]64bit:[/b] - [2012-11-09 07:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:[b]64bit:[/b] - [2012-11-09 07:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:[b]64bit:[/b] - [2012-10-10 17:31:43 | 000,223,744 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:[b]64bit:[/b] - [2012-10-10 17:31:43 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:[b]64bit:[/b] - [2012-10-10 17:31:43 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:[b]64bit:[/b] - [2012-10-10 17:31:43 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:[b]64bit:[/b] - [2012-10-10 17:31:43 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV:[b]64bit:[/b] - [2012-10-10 17:31:43 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:[b]64bit:[/b] - [2012-10-10 17:31:43 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:[b]64bit:[/b] - [2012-05-03 23:59:06 | 000,081,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:[b]64bit:[/b] - [2012-04-20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:[b]64bit:[/b] - [2012-03-07 15:48:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2012-03-06 14:12:53 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:[b]64bit:[/b] - [2012-03-06 14:12:53 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:[b]64bit:[/b] - [2012-03-06 14:12:53 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012-02-14 20:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012-02-07 08:03:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:[b]64bit:[/b] - [2012-02-07 08:03:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:[b]64bit:[/b] - [2012-02-02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2012-02-01 04:55:58 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:[b]64bit:[/b] - [2012-01-19 10:30:42 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:[b]64bit:[/b] - [2012-01-11 06:38:28 | 002,801,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2011-12-06 13:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2011-11-10 11:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2011-11-04 11:21:38 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:[b]64bit:[/b] - [2011-11-04 11:21:36 | 000,068,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:[b]64bit:[/b] - [2011-09-02 15:36:58 | 000,051,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:[b]64bit:[/b] - [2011-07-14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-07-14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=4812_7&babsrc=SP_ss&mntrId=1091bdef00000000000074e54373edbe
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013-06-26 10:52:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-12-18 20:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2012-12-20 18:57:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012-10-10 18:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator1\AppData\Roaming\Mozilla\Extensions
[2013-07-03 11:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-07-03 11:08:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.pl/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
CHR - Extension: Gmail = C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20121010200946.dll (McAfee, Inc.)
O2:[b]64bit:[/b] - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121010200946.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\RunOnce: []  File not found
F3:[b]64bit:[/b] - HKCU WinNT: Load - (C:\Users\ADMINI~1\LOCALS~1\Temp\ccvihxvo.com) - C:\Users\Administrator1\Local Settings\Temp\ccvihxvo.com (House)
F3 - HKCU WinNT: Load - (C:\Users\ADMINI~1\LOCALS~1\Temp\ccvihxvo.com) - C:\Users\Administrator1\Local Settings\Temp\ccvihxvo.com (House)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A6992DB-70CD-4F79-93A5-F5B329D82D4F}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4906195-78BF-4ED8-AAA2-29ACC14207E0}: NameServer = 89.108.202.20 89.108.195.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAA4E071-C66E-468F-B504-C4477BDDE1EC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-07-25 15:16:43 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{20b9a80c-12ec-11e2-a6b5-b888e34deccc}\Shell - "" = AutoRun
O33 - MountPoints2\{20b9a80c-12ec-11e2-a6b5-b888e34deccc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]
 
[2013-07-25 15:21:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator1\Desktop\Skan logów
[2013-07-25 15:16:43 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2013-07-25 15:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013-07-25 14:56:14 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013-07-25 14:55:56 | 001,030,081 | ---- | C] (El Desaparecido - SosVirus.net) -- C:\Users\Administrator1\Desktop\UsbFix.exe
[2013-07-25 14:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013-07-25 14:54:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013-07-17 20:02:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator1\AppData\Local\{93CF1970-E492-4598-A8EE-C2D7F797CFE3}
[2013-07-17 11:24:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator1\MediaEspresso
[2013-07-15 08:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
[2013-07-08 16:46:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator1\AppData\Roaming\CyberLink
[2013-07-07 20:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013-07-05 06:41:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator1\AppData\Roaming\Apple Computer
[2013-07-04 21:47:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator1\AppData\Local\Apple Computer
[2013-07-04 21:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013-07-04 21:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013-07-04 21:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013-07-04 21:43:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013-07-04 21:43:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator1\AppData\Local\Apple
[2013-07-04 21:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013-07-04 21:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013-07-04 08:48:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator1\Local Settings
[2013-07-03 11:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-06-29 10:48:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator1\Documents\Dokumenty
[2013-06-28 19:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware
[2013-06-28 19:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSPaudioware
[2013-06-28 19:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\VSTPlugins
[2013-06-28 19:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\PSPaudioware
[2013-06-27 07:19:20 | 000,000,000 | ---D | C] -- C:\MSI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]
 
[2013-07-25 15:25:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-07-25 15:16:43 | 000,003,368 | ---- | M] () -- C:\Upload_UsbFix.zip
[2013-07-25 14:56:11 | 001,030,081 | ---- | M] (El Desaparecido - SosVirus.net) -- C:\Users\Administrator1\Desktop\UsbFix.exe
[2013-07-25 14:54:18 | 000,003,015 | ---- | M] () -- C:\Users\Administrator1\Desktop\HiJackThis.lnk
[2013-07-25 13:30:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-07-25 08:24:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-07-25 05:51:01 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-07-25 05:51:01 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-07-25 05:34:13 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-07-25 05:34:13 | 000,697,912 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-07-25 05:34:13 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-07-25 05:34:13 | 000,134,990 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-07-25 05:34:13 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-07-25 05:21:21 | 3092,533,248 | -HS- | M] () -- C:\hiberfil.sys
[2013-07-07 21:12:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-07-07 21:12:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-06-23 10:45:54 | 004,988,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013-07-25 15:16:43 | 000,003,368 | ---- | C] () -- C:\Upload_UsbFix.zip
[2013-07-25 14:54:18 | 000,003,015 | ---- | C] () -- C:\Users\Administrator1\Desktop\HiJackThis.lnk
[2013-07-25 14:54:14 | 000,377,856 | ---- | C] () -- C:\Users\Administrator1\Desktop\gmer.exe
[2013-07-04 21:43:45 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012-12-02 12:07:32 | 000,007,666 | ---- | C] () -- C:\Users\Administrator1\AppData\Local\Resmon.ResmonCfg
[2012-10-10 18:02:47 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini
[2012-03-06 13:19:55 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012-03-06 13:19:53 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012-03-06 13:19:45 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012-03-06 13:19:45 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-03-06 13:19:44 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012-02-03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


[mateo8898]

Z OTL powinny być 2 logi, poza tym wklejamy je na http://www.wklej.eu/

[puma123]

Extras.Txt

http://www.wklej.eu/index.php?id=233327a94f

OTL.Txt

http://www.wklej.eu/index.php?id=b4efdc716d

[mateo8898]

Oczywiście jest tutaj infekcja.

Odinstaluj: Bing Bar, McAfee Security Scan Plus. Następnie:

Uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=4812_7&babsrc=SP_ss&mntrId=1091bdef00000000000074e54373edbe
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\RunOnce: [] File not found
F3:64bit: - HKCU WinNT: Load - (C:\Users\ADMINI~1\LOCALS~1\Temp\ccvihxvo.com) - C:\Users\Administrator1\Local Settings\Temp\ccvihxvo.com (House)
F3 - HKCU WinNT: Load - (C:\Users\ADMINI~1\LOCALS~1\Temp\ccvihxvo.com) - C:\Users\Administrator1\Local Settings\Temp\ccvihxvo.com (House)

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"=-

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Podajesz log z usuwania + nowe logi z OTL.

[puma123]

To wyskoczyło po restarcie systemu:
http://www.wklej.eu/index.php?id=b202f541d7

Zaraz wkleję logi...

/Edit:
OTL.Txt
http://www.wklej.eu/index.php?id=d7f9a82956

[mateo8898]

Chciałem, żebyś odinstalował McAfee Security Scan Plus, a nie antywira McAfee...

Wklej w OTL:

:OTL
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121010200946.dll File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121010200946.dll File not found

Klikasz Wykonaj skrypt, następnie Sprzątanie

W UsbFix Uninstall

Przeczyść dysk oraz rejestr CCleaner

Wykonaj pełne skanowanie Malwarebytes' Anti-Malware - jeśli coś znajdzie usuń i daj raport (po uruchomieniu odrzuć okres testowy)

Zainstaluj antywira.

[puma123]

Raport:

Kod: Zaznacz wszystko

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Wersja bazy: v2013.07.25.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator1 :: Administrator12 [administrator]

2013-07-25 20:01:39
mbam-log-2013-07-25 (20-01-39).txt

Typ skanowania: Pełne skanowanie (C:\|)
Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM
Odznaczone opcje skanowania: P2P
Przeskanowano obiektów: 418512
Upłynęło: 47 minut(y), 46 sekund(y)

Wykrytych procesów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych modułów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych kluczy rejestru: 0
(Nie znaleziono zagrożeń)

Wykrytych wartości rejestru: 0
(Nie znaleziono zagrożeń)

Wykryte wpisy rejestru systemowego: 0
(Nie znaleziono zagrożeń)

wykrytych folderów: 0
(Nie znaleziono zagrożeń)

Wykrytych plików: 5
C:\MSI\TrustedInstaller.exe (Worm.Gamarue) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
C:\Users\Administrator1\Documents\Puma\Nowy folder (2)\FL STUDIO Dodatki\VST do Kompresji\PSPaudioware.PSP.Vintage.Warmer.2.VST.RTAS.v2.5.0.x86.x64.Incl.Keygen-ASSiGN.7z (RiskWare.Tool.CK) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
C:\Users\Administrator1\Documents\Puma\Nowy folder (2)\FL STUDIO Dodatki\VST do Kompresji\PSPaudioware.PSP.Vintage.Warmer.2.VST.RTAS.v2.5.0.x86.x64.Incl.Keygen-ASSiGN\asgn0434.r04 (RiskWare.Tool.CK) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
C:\Users\Administrator1\Documents\Puma\Nowy folder (2)\FL STUDIO Dodatki\VST do Kompresji\PSPaudioware.PSP.Vintage.Warmer.2.VST.RTAS.v2.5.0.x86.x64.Incl.Keygen-ASSiGN\keygen.exe (RiskWare.Tool.CK) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
C:\Users\Administrator1\Local Settings\Temp\ccisufaxu.exe (Worm.Gamarue) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.

(zakończone)


Jest jeden mały problem, nie mogę odpalić Windows Media Player'a
SS:


Malwarebytes Anti-Malware Usunąć czy zostawić??

[mateo8898]

Opróżnij kwarantannę Malwarebytes. Możesz go zostawić jako skaner na żądanie.

Co do WMP, wejdź w Start w wyszukiwaniu wpisz cmd i uruchom z prawokilku Uruchom jako administrator

W oknie konsoli wpisz polecenia:

regsvr32 jscript.dll
regsvr32 vbscript.dll

Po każdej linijce ENTER.

[puma123]

Dalej nie działa

[mateo8898]

Użyj tego http://go.microsoft.com/?linkid=9648765

[puma123]

Dzięki wielkie za pomoc


Mam jeszcze takie jedno pytanie:
Mam na pulpicie 2 ukryte pliki w rozszerzeniu .jpg ("Folder.jpg" i "AlbumArtSmall.jpg") jest to grafika okładki jakiejś starej piosenki, której nawet już nie mam na lapku. Jak odpalam jakąś piosenke z pulpitu w WMP to pojawia się ta okładka, a nie ta, która jest w piosence. Jak to usunąć??

[mateo8898]

Usuń te pliki.

[puma123]

Działa. Jeszcze raz dzięki wielkie za pomoc