Co mam dalej zrobić z logiem z Combofix

[EnD50]

Kod: Zaznacz wszystko

ComboFix 11-08-18.03 - Kamil 2011-08-19  20:27:19.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1045.18.2046.767 [GMT 2:00]
Uruchomiony z: c:\users\Kamil\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\faCEmoodstlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\uninstall.exe
c:\program files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
c:\program files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome.manifest
c:\program files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome\queryexplorer.jar
c:\program files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults\preferences\prefs.js
c:\program files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\install.rdf
c:\program files (x86)\Registry Victor
c:\program files (x86)\Registry Victor\RegistryVictor.zip
c:\program files (x86)\Registry Victor\RWOptimizer.ini
c:\program files (x86)\Registry Victor\Settings.ini
c:\program files (x86)\Registry Victor\Utilities\Favorites\desktop.ini
c:\program files (x86)\Registry Victor\Utilities\Favorites\Links for Polska\Bezpieczeństwo w trybie online.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Links for Polska\Bezpieczny Internet.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Links for Polska\desktop.ini
c:\program files (x86)\Registry Victor\Utilities\Favorites\Links for Polska\Kultura.pl.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Links for Polska\Pogodynka.pl — oficjalny serwis pogodowy IMGW.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Links for Polska\Polska.pl.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Links\desktop.ini
c:\program files (x86)\Registry Victor\Utilities\Favorites\Links\Galeria obiektów Web Slice.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Links\Sugerowane witryny.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Microsoft — witryny sieci Web\Centrum bezpieczeństwa Microsoft.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Microsoft — witryny sieci Web\Dodatki programu Internet Explorer.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Microsoft — witryny sieci Web\Microsoft Office Online.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Microsoft — witryny sieci Web\Microsoft Store.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Microsoft — witryny sieci Web\Microsoft Technet.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Microsoft — witryny sieci Web\Microsoft w Polsce.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Microsoft — witryny sieci Web\Oryginalne oprogramowanie firmy Microsoft.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Microsoft — witryny sieci Web\Strona główna programu Internet Explorer.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Microsoft — witryny sieci Web\Strona główna systemu Windows.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Microsoft — witryny sieci Web\Technologia RSS.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Microsoft — witryny sieci Web\W domu.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Microsoft — witryny sieci Web\W pracy.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\MSN — witryny sieci Web\MSN Gospodarka.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\MSN — witryny sieci Web\MSN Rozrywka.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\MSN — witryny sieci Web\MSN Sport.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\MSN — witryny sieci Web\MSN Technologie.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\MSN — witryny sieci Web\MSN Wideo.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\MSN — witryny sieci Web\Portal MSN.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Windows Live\Galeria gadżetów Windows Live.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Windows Live\Poczta usługi Windows Live.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Windows Live\Programy usługi Windows Live.url
c:\program files (x86)\Registry Victor\Utilities\Favorites\Windows Live\Windows Live Spaces.url
c:\program files (x86)\ShopperReports3
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\CntntCntr.dll
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\link.ico
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\ShopperReportsUninstaller.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
C:\UNWISE32.EXE
c:\users\Kamil\AppData\Roaming\cacaoweb
c:\users\Kamil\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\Kamil\AppData\Roaming\cacaoweb\errorlog.txt
c:\users\Kamil\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Kamil\AppData\Roaming\cacaoweb\storage.db
c:\users\Kamil\AppData\Roaming\ShopperReports3
c:\windows\pl
c:\windows\pl\WLXPGSS.SCR.mui
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-07-19 do 2011-08-19  )))))))))))))))))))))))))))))))
.
.
2011-08-19 18:42 . 2011-08-19 18:42   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-08-19 17:29 . 2011-08-19 17:29   --------   d-----w-   c:\program files (x86)\KrView
2011-08-19 17:29 . 2011-08-19 17:29   327680   ------w-   c:\windows\Setup1.exe
2011-08-19 17:29 . 2011-08-19 17:29   73216   ----a-w-   c:\windows\ODEUNST.EXE
2011-08-19 17:29 . 2011-08-19 17:29   151622   ------w-   c:\windows\modcas.dll
2011-08-19 17:29 . 2011-08-19 17:29   1388544   ------w-   c:\windows\msvbvm60.dll
2011-08-19 17:29 . 2011-08-19 17:29   101888   ------w-   c:\windows\odestkit.dll
2011-08-19 17:14 . 2011-08-19 17:14   --------   d-----w-   c:\users\Kamil\AppData\Roaming\Easeware
2011-08-19 17:12 . 2011-08-19 17:12   --------   d-----w-   c:\program files\Easeware
2011-08-19 14:55 . 2011-08-19 14:55   --------   d-----w-   C:\NVIDIA
2011-08-19 14:08 . 2011-08-19 14:08   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-08-19 11:44 . 2011-08-19 11:44   --------   d-----w-   c:\program files\CCleaner
2011-08-19 11:11 . 2011-08-19 11:11   --------   d-----w-   c:\users\UpdatusUser
2011-08-19 09:46 . 2011-08-19 09:46   --------   d-----w-   C:\perflogs
2011-08-11 05:47 . 2011-06-15 10:02   106496   ----a-w-   c:\windows\system32\odbccu32.dll
2011-08-11 05:47 . 2011-06-15 10:02   106496   ----a-w-   c:\windows\system32\odbccr32.dll
2011-08-11 05:47 . 2011-06-15 10:02   212992   ----a-w-   c:\windows\system32\odbctrac.dll
2011-08-11 05:47 . 2011-06-15 10:02   163840   ----a-w-   c:\windows\system32\odbccp32.dll
2011-08-11 05:47 . 2011-06-15 09:59   126976   ----a-w-   c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-11 05:47 . 2011-06-15 08:55   86016   ----a-w-   c:\windows\SysWow64\odbccu32.dll
2011-08-11 05:47 . 2011-06-15 08:55   81920   ----a-w-   c:\windows\SysWow64\odbccr32.dll
2011-08-11 05:47 . 2011-06-15 08:55   319488   ----a-w-   c:\windows\SysWow64\odbcjt32.dll
2011-08-11 05:47 . 2011-06-15 08:55   163840   ----a-w-   c:\windows\SysWow64\odbctrac.dll
2011-08-11 05:47 . 2011-06-15 08:55   122880   ----a-w-   c:\windows\SysWow64\odbccp32.dll
2011-08-11 05:47 . 2011-06-15 08:54   94208   ----a-w-   c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2011-08-11 05:47 . 2011-07-09 02:46   288768   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-08-01 18:02 . 2011-08-01 18:02   686400   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-19 17:29 . 2010-10-04 15:17   198656   ------w-   c:\windows\SysWow64\comdlg32.ocx
2011-08-01 18:03 . 2010-06-04 17:19   48648   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-07-16 04:26 . 2011-08-11 05:46   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2011-07-01 09:11 . 2010-06-24 09:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-11 03:07 . 2011-07-13 19:11   3137536   ----a-w-   c:\windows\system32\win32k.sys
2011-05-24 11:42 . 2011-06-29 09:56   404480   ----a-w-   c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 09:56   64512   ----a-w-   c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 09:56   44544   ----a-w-   c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 09:56   145920   ----a-w-   c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 09:56   252928   ----a-w-   c:\windows\SysWow64\drvinst.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8532a8b7-c06a-41bb-936a-8ce73e4711ed}"= "c:\program files (x86)\gry\tbgr0.dll" [2010-10-18 3908192]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "c:\program files (x86)\Reganam\tbReg0.dll" [2010-10-18 3908192]
"{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files (x86)\Softonic-Polska\tbSof0.dll" [2010-10-18 3908192]
"{5b9db241-d008-4eab-a38c-90de49507198}"= "c:\program files (x86)\Zapu_Accelerator\tbZap0.dll" [2010-10-18 3908192]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files (x86)\BrotherSoft_Extreme\tbBrot.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}]
.
[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
.
[HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_CLASSES_ROOT\clsid\{5b9db241-d008-4eab-a38c-90de49507198}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26   3908192   ----a-w-   c:\program files (x86)\ConduitEngine\ConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2010-12-09 11:51   3911776   ----a-w-   c:\program files (x86)\BrotherSoft_Extreme\tbBrot.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5b9db241-d008-4eab-a38c-90de49507198}]
2010-10-18 10:26   3908192   ----a-w-   c:\program files (x86)\Zapu_Accelerator\tbZap0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}]
2010-10-18 10:26   3908192   ----a-w-   c:\program files (x86)\gry\tbgr0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
2010-10-18 10:26   3908192   ----a-w-   c:\program files (x86)\Softonic-Polska\tbSof0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
2010-10-18 10:26   3908192   ----a-w-   c:\program files (x86)\Reganam\tbReg0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8532a8b7-c06a-41bb-936a-8ce73e4711ed}"= "c:\program files (x86)\gry\tbgr0.dll" [2010-10-18 3908192]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "c:\program files (x86)\Reganam\tbReg0.dll" [2010-10-18 3908192]
"{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files (x86)\Softonic-Polska\tbSof0.dll" [2010-10-18 3908192]
"{5b9db241-d008-4eab-a38c-90de49507198}"= "c:\program files (x86)\Zapu_Accelerator\tbZap0.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin.dll" [2010-10-18 3908192]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files (x86)\BrotherSoft_Extreme\tbBrot.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}]
.
[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
.
[HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_CLASSES_ROOT\clsid\{5b9db241-d008-4eab-a38c-90de49507198}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"="c:\program files (x86)\Gadu-Gadu 10\gg.exe" [2011-05-05 13345376]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"Greenshot"="c:\program files (x86)\Greenshot\Greenshot.exe" [2010-07-12 548864]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Przypominacz Obserwatora"="c:\windows\Przypominacz.exe" [2007-03-12 295936]
"GLOB - Ksiezycowy"="c:\windows\GLOB.exe" [2007-02-02 251904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"BabylonToolbar"="c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe" [2010-11-07 286720]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files (x86)\Hamachi\hamachi.exe [2011-5-7 619048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1caf4debe7418e8;Usługa Google Update (gupdate1caf4debe7418e8);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 133104]
R3 dump_wmimmc;dump_wmimmc;d:\a.v.a\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 133104]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSP;avast! Self Protection; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [x]
S2 Nakido;Nakido;c:\program files (x86)\Nakido\nakido.exe [2010-09-08 337408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-08-19 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2011-08-19 07:06]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 10:01]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 10:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/home?AF=14676
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Pobierz używając Download &Express'a - c:\program files (x86)\Download Express\Add_Url.htm
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~2\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~2\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~2\DOWNLO~1\mdpph.dll
FF - ProfilePath - c:\users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\p30iqyts.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14676
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=14676&q=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files (x86)\Babylon-English\tbBaby.dll
BHO-{ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files (x86)\Babylon-English\tbBaby.dll
Toolbar-{ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files (x86)\Babylon-English\tbBaby.dll
Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe
Wow6432Node-HKCU-Run-cacaoweb - c:\users\Kamil\AppData\Roaming\cacaoweb\cacaoweb.exe
Wow6432Node-HKCU-Run-DriverFinder - c:\program files (x86)\DriverFinder\DriverFinder.exe
Wow6432Node-HKCU-Run-Rubin - e:\rubin\rubin.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Wow6432Node-HKLM-Run-TrayServer - c:\program files (x86)\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe
WebBrowser-{8532A8B7-C06A-41BB-936A-8CE73E4711ED} - (no file)
WebBrowser-{DB9D7A78-A76C-4BF2-97C6-258925EE1542} - (no file)
WebBrowser-{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - (no file)
WebBrowser-{5B9DB241-D008-4EAB-A38C-90DE49507198} - (no file)
WebBrowser-{CE18769B-C7FA-42D2-860D-17C4662C70AD} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Babylon-English Toolbar - c:\progra~2\BABYLO~1\UNWISE.EXE
AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-eMusic Promotion - d:\winamp\eMusic\Uninst-eMusic-promotion.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\uninstall.exe
AddRemove-SHOUTcastDSP - d:\winamp\uninst-dsp.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{BB25779E-744C-48F3-94DE-CD6F60A5AC55}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}\Service Center Setup PC.exe
AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}\Traktor Setup PC.exe
AddRemove-{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} - e:\nowy folder (2)\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2011-08-19  20:49:52
ComboFix-quarantined-files.txt  2011-08-19 18:49
.
Przed: 18 829 225 984 bajtów wolnych
Po: 19 476 103 168 bajtów wolnych
.
- - End Of File - - E71097CB4AD1D9369793E48E911EDABA


Pomoże ktoś ?? Co mam z tym dalej zrobić ?? Proszę o pomoc.

[kominekl]

Combofix`a nie używamy ot tak. To zbyt silnie ingerujące w system narzędzie. Podaj logi z OTL i GMER (poniżej instrukcje). Są jakieś problemy z komputerem?

OTL viewtopic.php?f=22&t=13967#p107754.
GMER viewtopic.php?f=22&t=13967#p88736.

[EnD50]

Tutaj jest log z OTL

OTL.txt
http://www.wklej.eu/index.php?id=c6c17b2aa0
a tu
Extras.txt
http://www.wklej.eu/index.php?id=dbd22ef7a5

Jak mi się skończy robić w gmer to wrzuce.

[EnD50]

Tutaj jest log z gmer
http://www.wklej.eu/index.php?id=9bd4a7fddd

Co dalej robić ??

[kominekl]

Są jakieś ogólnie problemy?

Odinstaluj toolbar`y Winamp Toolbar, Conduit Engine, VMN Toolbar, BrotherSoft Extreme Toolbar, gry Toolbar, Softonic-Polska Toolbar, Babylon-English Toolbar (BabylonToolbar), Reganam Toolbar, DAEMON Tools Toolbar. Następnie uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:

:OTL

IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {5b9db241-d008-4eab-a38c-90de49507198} - C:\Program Files (x86)\Zapu_Accelerator\tbZap0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files (x86)\gry\tbgr0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\tbSof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - File not found
IE - HKLM\..\URLSearchHook: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files (x86)\Reganam\tbReg0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-406542291-1020971207-3227168603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=14676
IE - HKU\S-1-5-21-406542291-1020971207-3227168603-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-406542291-1020971207-3227168603-1000\..\URLSearchHook: {5b9db241-d008-4eab-a38c-90de49507198} - C:\Program Files (x86)\Zapu_Accelerator\tbZap0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-406542291-1020971207-3227168603-1000\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files (x86)\gry\tbgr0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-406542291-1020971207-3227168603-1000\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\tbSof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-406542291-1020971207-3227168603-1000\..\URLSearchHook: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files (x86)\Reganam\tbReg0.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14676"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3.0244
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=14676&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2010-12-03 18:21:22 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011-08-19 11:56:14 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2011-08-01 19:27:18 | 000,000,000 | ---D | M] (Softonic-Polska Community Toolbar) -- C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}
[2011-08-01 19:16:30 | 000,000,000 | ---D | M] (Babylon-EnglishBB Community Toolbar) -- C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
[2011-05-16 19:23:43 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\[email protected]
[2011-03-25 19:07:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\[email protected]
[2010-12-22 17:23:04 | 000,000,941 | ---- | M] () -- C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\p30iqyts.default\searchplugins\conduit.xml
[2010-06-10 20:14:21 | 000,002,059 | ---- | M] () -- C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\p30iqyts.default\searchplugins\daemon-search.xml
[2010-12-03 18:41:53 | 000,001,196 | ---- | M] () -- C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\p30iqyts.default\searchplugins\winamp-search.xml
() (No name found) -- C:\USERS\KAMIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P30IQYTS.DEFAULT\EXTENSIONS\[email protected]
[2011-02-28 15:05:31 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Babylon-English Toolbar) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - File not found
O3 - HKLM\..\Toolbar: (Babylon-English Toolbar) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - File not found
O4 - HKU\S-1-5-21-406542291-1020971207-3227168603-1003..\RunOnce: [mctadmin] File not found
[2011-08-19 20:51:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-08-19 20:04:26 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
@Alternate Data Stream - 938 bytes C:\ProgramData\TEMP:24721E3C

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-
"DivXUpdate"=-
[HKEY_USERS\S-1-5-21-406542291-1020971207-3227168603-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"=-

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.

[EnD50]

Ogólnie obecnie mam problem z zbyt dużym użyciem procesora przez proces system i wyczytałem na forach że można tak jakoś temu zaradzić. Przez to mam 80-100% użycia procesora

Zaraz zrobię z tym skryptem

[EnD50]

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ deleted successfully.
C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5b9db241-d008-4eab-a38c-90de49507198} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b9db241-d008-4eab-a38c-90de49507198}\ deleted successfully.
C:\Program Files (x86)\Zapu_Accelerator\tbZap0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8532a8b7-c06a-41bb-936a-8ce73e4711ed} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}\ deleted successfully.
C:\Program Files (x86)\gry\tbgr0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}\ deleted successfully.
C:\Program Files (x86)\Softonic-Polska\tbSof0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ce18769b-c7fa-42d2-860d-17c4662c70ad} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{db9d7a78-a76c-4bf2-97c6-258925ee1542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db9d7a78-a76c-4bf2-97c6-258925ee1542}\ deleted successfully.
C:\Program Files (x86)\Reganam\tbReg0.dll moved successfully.
HKU\S-1-5-21-406542291-1020971207-3227168603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-406542291-1020971207-3227168603-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ not found.
File C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll not found.
Registry value HKEY_USERS\S-1-5-21-406542291-1020971207-3227168603-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5b9db241-d008-4eab-a38c-90de49507198} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b9db241-d008-4eab-a38c-90de49507198}\ not found.
File C:\Program Files (x86)\Zapu_Accelerator\tbZap0.dll not found.
Registry value HKEY_USERS\S-1-5-21-406542291-1020971207-3227168603-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8532a8b7-c06a-41bb-936a-8ce73e4711ed} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}\ not found.
File C:\Program Files (x86)\gry\tbgr0.dll not found.
Registry value HKEY_USERS\S-1-5-21-406542291-1020971207-3227168603-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}\ not found.
File C:\Program Files (x86)\Softonic-Polska\tbSof0.dll not found.
Registry value HKEY_USERS\S-1-5-21-406542291-1020971207-3227168603-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{db9d7a78-a76c-4bf2-97c6-258925ee1542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db9d7a78-a76c-4bf2-97c6-258925ee1542}\ not found.
File C:\Program Files (x86)\Reganam\tbReg0.dll not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "BrotherSoft Extreme Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14676" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: [email protected]:1.1.3.0244 removed from extensions.enabledItems
Prefs.js: [email protected]:1.2.1 removed from extensions.enabledItems
Prefs.js: [email protected]:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "http://search.babylon.com/?babsrc=adbartrp&AF=14676&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\modules folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\chrome folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}\searchplugin folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}\modules folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}\META-INF folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}\defaults folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}\components folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}\chrome folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\searchplugin folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\modules folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\META-INF folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\defaults folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\chrome folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad} folder moved successfully.
Folder C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\[email protected]\ not found.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\[email protected]\searchplugin folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\[email protected]\lib folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\[email protected]\DualPackage folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Kamil\AppData\Roaming\mozilla\Firefox\Profiles\p30iqyts.default\extensions\[email protected] folder moved successfully.
C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\p30iqyts.default\searchplugins\conduit.xml moved successfully.
C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\p30iqyts.default\searchplugins\daemon-search.xml moved successfully.
C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\p30iqyts.default\searchplugins\winamp-search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ce18769b-c7fa-42d2-860d-17c4662c70ad} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\ not found.
Registry value HKEY_USERS\S-1-5-21-406542291-1020971207-3227168603-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
ADS C:\ProgramData\TEMP:24721E3C deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
Registry value HKEY_USERS\S-1-5-21-406542291-1020971207-3227168603-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AutoStartNPSAgent deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: AppData
Temp folder emptied: 0 bytes

User: Default
Temp folder emptied: 0 bytes
Temporary Internet Files folder emptied: 67 bytes
Flash cache emptied: 56502 bytes

User: Default User
Temp folder emptied: 0 bytes
Temporary Internet Files folder emptied: 0 bytes
Flash cache emptied: 0 bytes

User: Kamil
Temp folder emptied: 2127150 bytes
Temporary Internet Files folder emptied: 1851526 bytes
Java cache emptied: 4748911 bytes
FireFox cache emptied: 67820820 bytes
Google Chrome cache emptied: 0 bytes
Flash cache emptied: 59449 bytes

User: Public
Temp folder emptied: 0 bytes

User: UpdatusUser
Temp folder emptied: 0 bytes
Temporary Internet Files folder emptied: 67 bytes
Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67965 bytes
RecycleBin emptied: 20125806 bytes

Total Files Cleaned = 92,00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 08192011_225050

Files\Folders moved on Reboot...
C:\Users\Kamil\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[EnD50]

Nie wiem co się stało ale jak dzisiaj włączyłem komputer to problem zniknął teraz mam 5-15% użycia procesora.

[EnD50]

Problem znowu wrócił już nie wiem co mam robić Pomoże ktoś ??

[kominekl]

Następnie podajesz nowe logi z OTL.

Wykonuj uważnie instrukcje . Podaj nowe logi z OTL, bo jeszcze nie skończyliśmy od strony logów. Zobacz, jak wygląda sytuacja zużycia procesora po wyłączeniu antywirusa. Daj również screen z menadżera zadań procesy, abyśmy mogli zobaczyć co jeszcze zjada procesor.

[EnD50]

Jeszcze raz skanować otl ??

[kominekl]

Tak. Musimy wyczyścić po toolbarach, które odinstalowałeś, oraz zobaczyć, jak teraz wygląda sytuacja z logami. Przypominam o sprawdzeniu sytuacji po wyłączeniu antywirusa, oraz o podaniu screenu (regulamin działu punkt 9).

[mateo8898]

Podaj logi z OTL i GMER (poniżej instrukcje). Są jakieś problemy z komputerem?

OTL viewtopic.php?f=22&t=13967#p107754.
GMER viewtopic.php?f=22&t=13967#p88736.

Dlaczego prosisz o log z Gmer w przypadku systemu 64-bit, z którym prawidłowo nie współpracuje???


Dorzuć raport z TDSSKiller viewtopic.php?f=22&t=13967&start=15#p120292

[EnD50]

Tu jest log z otl

OTL.txt
http://www.wklej.eu/index.php?id=22ce683508
Extras.txt
http://www.wklej.eu/index.php?id=7629d7ee3e


Mam avasta jak go wyłączam to ten proces dalej zżera ponad połowę procka.


A to screen z menadżera zadań
http://www.otofotki.pl/img2/ja774_Mened ... 7.png.html


Rano gdy włączyłem komputer wszystko działało dobrze ale po jakimś czasie wrócił ten proces system i znowu jest to samo

[EnD50]

Tutaj jest ten raport
http://www.wklej.eu/index.php?id=ab448b360f