Siema, 2 raz już został zaatakowany mój laptop przez ransomware (Pisze że został zablokowany komputer i wymaga się zapłaty 300zł - oczywiście to fejk)
Opisze swoją sytuacje, troche już ją rozwiązałem.
Miałem tak że ekran laptopa był zupełnie czarny, do czasu gdy wyświetlało się okno z logowaniem do systemu. Męczyłem się z tym 2 dni i pomyślałem żeby podłączyć kabel od monitora telewizor-laptop, i zadziałało, dzisiaj wszedłem na Tryb Awaryjny i mam logi z OTL, i ja jestem zielony z OTL, i daje w wasze ręce moje logi z OTL :
extras: http://wklej.eu/index.php?id=4a8f64ed58
otl: http://wklej.eu/index.php?id=b00c2e1320
Wirus ransomware
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
8 posty(ów)
• Strona 1 z 1
Wirus ransomware
przez RY9009 » 21 Wrz 2012, 22:36
UA: Opera/9.80 (Windows NT 5.1; U; pl) Presto/2.10.289 Version/12.00
- RY9009
- Forumowicz
- Posty: 4
- Dołączenie: 21 Wrz 2012, 21:52
Re: Wirus ransomware
przez kominekl » 22 Wrz 2012, 15:41
UA: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Microsoft Security Client" = Microsoft Security Essentials
"NSS" = Norton Security Scan
"UnityWebPlayer" = Unity Web Player
Odinstaluj to oprogramowanie.
Logi.
Uruchom OTL
w oknie Własne opcje skanowania/skrypt wklej:- Kod: Zaznacz wszystko
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Afc.sys -- (Afc)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={E30C0FC9-A459-401D-A4E9-C1C52F6FFF16}&mid=491f3c6af68b47d085e0d154341638ad-3c333f31aaa0ef966fb0a498672990d19e5a058e&lang=pl&ds=AVG&pr=fr&d=2012-07-27 21:26:42&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\..\SearchScopes\{9DF9FBF0-AD35-49FE-BB02-0DDCEC71D947}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7ADSA_plPL378
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.53.0
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B4f690ad6-c0e8-42ff-b137-662656e3bd08%7D&mid=491f3c6af68b47d085e0d154341638ad-3c333f31aaa0ef966fb0a498672990d19e5a058e&ds=AVG&v=12.2.5.32&lang=pl&pr=fr&d=2012-07-27%2021%3A26%3A42&sap=ku&q="
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ela\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
[2010-06-13 18:06:36 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Ela\AppData\Roaming\mozilla\Firefox\Profiles\6zy7gt44.default\extensions\[email protected]
[2011-12-19 08:20:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
O3 - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-3955828144-559123986-2932296864-1000..\Run: [VaultCredProvider] C:\Users\Ela\AppData\Local\Microsoft\Windows\3145\VaultCredProvider.exe ()
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
:Files
C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
C:\Program Files\Google\Update
C:\Users\Ela\AppData\LocalLow\Unity
C:\Users\Ela\AppData\Roaming\hellomoto
C:\Windows\tasks\*.*
C:\ProgramData\umfhwnabrxvpmif
C:\Users\Ela\AppData\Local\{9C384BBA-C6D9-48B1-A410-653321315015}
C:\Users\Ela\AppData\Local\{59D2BB74-2CC0-42C0-8558-DA7E73F9475B}
C:\Users\Ela\AppData\Local\{F62C6C0D-10C0-4942-A57B-31FA70D99188}
C:\Users\Ela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JCQ4T63H\patrz.pl\u
C:\Users\Ela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JCQ4T63H\www8.agame.com\games\flash\u
C:\Users\Ela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JCQ4T63H\www8.agame.com\mirror\flash\n
C:\Users\Ela\AppData\Roaming\Unity
:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]
Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podaj log z ADWCleaner (z opcji Delete)
otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p139531 + log z TDSSKiller otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p120292 + nowe logi z OTL + log z Autoruns otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p138589.Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
-
kominekl - Przyjaciel forum
- Posty: 4530
- Dołączenie: 03 Sty 2010, 16:07
- Miejscowość: Pasztowa Wola Kolonia
- Pochwały: 174
Re: Wirus ransomware
przez RY9009 » 22 Wrz 2012, 17:54
UA: Opera/9.80 (Windows NT 5.1; U; pl) Presto/2.10.289 Version/12.00
To czyli jak pousuwam programy które wymieniłeś oraz wykonam skrypt to mam podać logi z OTL;TDSSKiller;ADWCleaner i też z Autoruns? ... jeśli tak to ja już biorę się za robote, dzięki na razie za ten skrypt.
- RY9009
- Forumowicz
- Posty: 4
- Dołączenie: 21 Wrz 2012, 21:52
Re: Wirus ransomware
przez mateo8898 » 22 Wrz 2012, 17:56
UA: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Tak
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Wirus ransomware
przez RY9009 » 22 Wrz 2012, 21:08
UA: Opera/9.80 (Windows NT 5.1; U; pl) Presto/2.10.289 Version/12.00
Ok, działa wszystko, nie mam logów tylko z TDSSKiller. poprostu nie działał mi ten program, nie wiem dlaczego ...
AdwCleaner :
OTL :
OTL/Extras:
i AutoRuns:
http://www.sendspace.pl/file/ca4e34c00c338e461a50ac1
AdwCleaner :
- Kod: Zaznacz wszystko
# AdwCleaner v2.002 - Logfile created 09/22/2012 at 18:37:15
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Ela - ELA-LAPTOP
# Boot Mode : Normal
# Running from : G:\Poczebne żeczy\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Users\Ela\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Ela\AppData\LocalLow\AVG Secure Search
***** [Registry] *****
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Software
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={E30C0FC9-A459-401D-A4E9-C1C52F6FFF16}&mid=491f3c6af68b47d085e0d154341638ad-3c333f31aaa0ef966fb0a498672990d19e5a058e&lang=pl&ds=AVG&pr=fr&d=2012-07-27 21:26:42&v=12.2.5.32&sap=nt
-\\ Mozilla Firefox v3.6.3 (pl)
Profile name : default
File : C:\Users\Ela\AppData\Roaming\Mozilla\Firefox\Profiles\6zy7gt44.default\prefs.js
Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Ela\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found [l.35] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Found [l.38] : keyword = "isearch.avg.com",
Found [l.41] : search_url = "hxxps://isearch.avg.com/search?cid={E30C0FC9-A459-401D-A4E9-C1C52F6FFF16}&mid=491f3c6af68b47d085e0d154341638ad-3c333f31aaa0ef966fb0a498672990d19e5a058e&lang=pl&ds=AVG&pr=fr&d=2012-07-27 21:26:42&v=12.1.0.21&sap=dsp&q={searchTerms}",
*************************
AdwCleaner[R1].txt - [5078 octets] - [22/09/2012 18:37:15]
########## EOF - C:\AdwCleaner[R1].txt - [5138 octets] ##########
OTL :
- Kod: Zaznacz wszystko
OTL logfile created on: 2012-09-22 18:44:03 - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Ela\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,93 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 62,22% Memory free
3,86 Gb Paging File | 2,85 Gb Available in Paging File | 73,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 2,89 Gb Free Space | 7,40% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 106,67 Gb Free Space | 96,99% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 2,70 Gb Free Space | 72,40% Space Free | Partition Type: FAT32
Computer Name: ELA-LAPTOP | User Name: Ela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012-09-21 21:30:35 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Ela\Desktop\OTL.exe
PRC - [2012-08-30 21:15:41 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012-08-30 21:15:38 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012-08-13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012-07-31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012-07-26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012-06-13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012-03-26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012-03-19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012-02-14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-05-21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009-07-14 03:14:19 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAuthn.exe
PRC - [2007-02-10 17:03:52 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [2006-11-03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012-08-30 21:15:45 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012-08-30 21:15:43 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012-08-30 21:15:38 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2012-09-22 18:04:36 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-08-30 21:15:41 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012-08-13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-03-26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010-05-30 12:26:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-05-21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2012-08-30 21:15:43 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012-08-24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012-07-26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012-04-19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012-03-20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012-01-31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-12-23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-12-23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011-12-23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011-12-23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009-10-05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2006-12-05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006-08-04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005-11-14 14:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2005-08-30 02:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ig?hl=pl
IE - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2191
FF - prefs.js..extensions.enabledItems: avg@toolbar:12.2.5.32
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-09 19:33:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-09-10 17:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012-08-30 21:15:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-17 18:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-08-06 14:13:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-09 19:33:28 | 000,000,000 | ---D | M]
[2010-06-13 16:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ela\AppData\Roaming\mozilla\Extensions
[2012-09-22 18:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ela\AppData\Roaming\mozilla\Firefox\Profiles\6zy7gt44.default\extensions
[2011-06-12 17:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-09-10 17:31:03 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011-02-09 19:33:28 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-08-30 21:15:54 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
File not found (No name found) -- C:\USERS\ELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ZY7GT44.DEFAULT\EXTENSIONS\[email protected]
[2010-04-01 19:33:11 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-08-30 21:15:37 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2010-04-01 19:33:11 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2010-04-01 19:33:11 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2010-04-01 19:33:11 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2010-04-01 19:33:11 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-04-01 19:33:11 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: http://www.google.com
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={E30C0FC9-A459-401D-A4E9-C1C52F6FFF16}&mid=491f3c6af68b47d085e0d154341638ad-3c333f31aaa0ef966fb0a498672990d19e5a058e&lang=pl&ds=AVG&pr=fr&d=2012-07-27 21:26:42&v=12.1.0.21&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ela\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: AVG Secure Search = C:\Users\Ela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.1.0.21_0\
CHR - Extension: AVG Safe Search = C:\Users\Ela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Users\Ela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.75.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE5D2CF-738F-409F-A228-03418389DBBD}: DhcpNameServer = 94.75.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA592E19-F459-4A5E-8988-8E0378F15A52}: DhcpNameServer = 94.75.115.220 94.75.115.221 212.76.34.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB5BCCF6-6BFD-4921-98E3-136FD2880DA1}: DhcpNameServer = 94.75.112.7
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk G:\
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012-09-22 18:27:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-21 21:30:33 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Ela\Desktop\OTL.exe
[2012-09-19 21:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012-09-12 16:00:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012-09-12 16:00:24 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012-09-12 16:00:24 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012-09-12 16:00:23 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012-09-10 17:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-08-24 15:43:18 | 000,301,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012-09-22 18:41:25 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-22 18:41:25 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-22 18:38:14 | 000,700,246 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-09-22 18:38:14 | 000,618,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-09-22 18:38:14 | 000,136,224 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-09-22 18:38:14 | 000,107,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-09-22 18:33:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-22 18:33:30 | 1554,669,568 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-22 18:24:17 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-09-22 18:04:31 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-09-22 18:04:31 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-09-22 17:57:53 | 095,498,845 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012-09-21 21:30:35 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Ela\Desktop\OTL.exe
[2012-09-14 17:36:14 | 000,146,906 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012-09-10 17:31:03 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012-09-05 19:01:24 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012-08-30 21:15:43 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012-08-24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011-02-09 19:22:21 | 000,172,559 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010-12-31 13:12:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[color=#E56717]========== LOP Check ==========[/color]
[2011-09-01 12:20:40 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\.minecraft
[2012-06-27 19:05:09 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\AVG2012
[2010-03-01 10:04:04 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\OpenOffice.org
[2010-06-22 07:16:29 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\TeamViewer
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
OTL/Extras:
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 2012-09-22 18:44:03 - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Ela\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,93 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 62,22% Memory free
3,86 Gb Paging File | 2,85 Gb Available in Paging File | 73,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 2,89 Gb Free Space | 7,40% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 106,67 Gb Free Space | 96,99% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 2,70 Gb Free Space | 72,40% Space Free | Partition Type: FAT32
Computer Name: ELA-LAPTOP | User Name: Ela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3955828144-559123986-2932296864-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1701765B-6D93-43C6-A835-DD423517581F}" = OpenOffice.org 3.2
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FE93ACC-83FB-4FE5-9147-8BAD2D33E2EF}" = AVG 2012
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43592B2E-C393-433F-8D0E-5A4B15A8C786}" = Microsoft Antimalware Service PL-PL Language Pack
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E0C89A4-4040-47C7-AD0C-0E8226B6AFE2}" = AVG 2012
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client PL-PL Language Pack
"{5BD29DC3-EE5C-4E1F-932D-94848CFDD39E}" = ArcSoft VideoImpression 2
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.5 - Polish
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F1AB76C0-333F-11D5-BF46-0002B306C443}" = 3D Ultra Pinball Thrillride
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"3D Live Snooker_is1" = 3D Live Snooker v2.70
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Atlas Świata 2000" = Atlas Świata 2000
"Atlas Świata_is1" = Atlas Świata
"Autoatlas Polski_is1" = Autoatlas Polski
"AVG" = AVG 2012
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Encyklopedia wiedzy komputerowej v. 2.0_is1" = Encyklopedia wiedzy komputerowej na CD v. 2.0
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NirSoft IE PassView" = NirSoft IE PassView
"Pinball XP for Vista and Windows 7_is1" = Pinball
"RealAlt_is1" = Real Alternative 2.0.2
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 5" = TeamViewer 5
"TVWiz" = Intel(R) TV Wizard
"WheelMouse" = iWheelZoom 7.80
"WinRAR archiver" = WinRAR 4.01 (32-bitowy)
"wwii_pl" = Rajd na Berlin
"Zuma_Deluxe!_1.0" = Zuma Deluxe! 1.0
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2012-09-10 11:32:01 | Computer Name = Ela-Laptop | Source = MsiInstaller | ID = 1013
Description =
Error - 2012-09-10 11:32:03 | Computer Name = Ela-Laptop | Source = MsiInstaller | ID = 1013
Description =
Error - 2012-09-10 11:32:05 | Computer Name = Ela-Laptop | Source = MsiInstaller | ID = 1013
Description =
Error - 2012-09-10 11:32:07 | Computer Name = Ela-Laptop | Source = MsiInstaller | ID = 1013
Description =
Error - 2012-09-13 11:31:28 | Computer Name = Ela-Laptop | Source = SideBySide | ID = 16842827
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe”. Błąd w pliku manifestu lub w pliku zasad „C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe” w wierszu 2. Użycie
wielu elementów requestedPrivileges w manifeście jest niedozwolone.
Error - 2012-09-13 12:17:55 | Computer Name = Ela-Laptop | Source = SideBySide | ID = 16842827
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe”. Błąd w pliku manifestu lub w pliku zasad „C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe” w wierszu 2. Użycie
wielu elementów requestedPrivileges w manifeście jest niedozwolone.
Error - 2012-09-17 10:43:29 | Computer Name = Ela-Laptop | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: iexplore.exe, wersja: 8.0.7601.17514,
sygnatura czasowa: 0x4ce79912 Nazwa modułu powodującego błąd: skypeieplugin.dll_unloaded,
wersja: 0.0.0.0, sygnatura czasowa: 0x4e92c055 Kod wyjątku: 0xc0000005 Przesunięcie
błędu: 0x67602910 Identyfikator procesu powodującego błąd: 0xed4 Godzina uruchomienia
aplikacji powodującej błąd: 0x01cd94e11f257a26 Ścieżka aplikacji powodującej błąd:
C:\Program Files\Internet Explorer\iexplore.exe Ścieżka modułu powodującego błąd:
skypeieplugin.dll Identyfikator raportu: 0b1b6eef-00d6-11e2-a603-001d72f2d15e
Error - 2012-09-18 12:08:19 | Computer Name = Ela-Laptop | Source = SideBySide | ID = 16842827
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe”. Błąd w pliku manifestu lub w pliku zasad „C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe” w wierszu 2. Użycie
wielu elementów requestedPrivileges w manifeście jest niedozwolone.
Error - 2012-09-18 12:44:29 | Computer Name = Ela-Laptop | Source = Application Hang | ID = 1002
Description = Program iexplore.exe w wersji 8.0.7601.17514 zatrzymał interakcję
z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
Centrum akcji. Identyfikator procesu: 1438 Godzina rozpoczęcia: 01cd95ba49387f0c Godzina
zakończenia: 31 Ścieżka aplikacji: C:\Program Files\Internet Explorer\iexplore.exe
Identyfikator
raportu: 1803022e-01b0-11e2-a63c-001d72f2d15e
Error - 2012-09-22 12:24:18 | Computer Name = Ela-Laptop | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials
on a computer running in safe mode. Your computer is currently running in safe
mode. To install Security Essentials, your computer must be running in normal mode.
Please restart your computer in normal mode, and then try to run the Security Essentials
Setup Wizard again. Error code:0x8004FF11.
[ System Events ]
Error - 2012-09-22 12:27:03 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:27:03 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:27:03 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7031
Description = Usługa Microsoft Antimalware Service niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1. W przeciągu 15000 milisekund zostanie podjęta następująca
czynność korekcyjna: Uruchom usługę ponownie.
Error - 2012-09-22 12:29:11 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:29:11 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:29:11 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:31:25 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:31:25 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:31:25 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:36:10 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%2
< End of report >
i AutoRuns:
http://www.sendspace.pl/file/ca4e34c00c338e461a50ac1
- RY9009
- Forumowicz
- Posty: 4
- Dołączenie: 21 Wrz 2012, 21:52
Re: Wirus ransomware
przez kominekl » 22 Wrz 2012, 22:02
UA: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
Ok, działa wszystko, nie mam logów tylko z TDSSKiller. poprostu nie działał mi ten program, nie wiem dlaczego ...
Szczegóły?
AdwCleaner :
Miało być z opcji Delete. Popraw.
Autoruns.
W Autoruns odznacz, a następnie usuń (co się będzie dało):
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe ARM
Adobe Reader Speed Launcher
HP Software Update
IgfxTray
Monitor
MSC
Persistence
SunJavaUpdateSched
WheelMouse
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Microsoft Windows
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Skype
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Wszystko.
HKLM\Software\Microsoft\Internet Explorer\Extensions
Wszystko.
Task Scheduler
Wszystko.
HKLM\System\CurrentControlSet\Services
gupdate
gupdatem
MsMpSvc
NisSrv
SkypeUpdate
WinDefend
WMPNetworkSvc
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Wszystko.
Zbędne Oprogramowanie.
Odinstaluj to o co prosiłem teraz, a następnie podaj nowe logi z OTL.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
-
kominekl - Przyjaciel forum
- Posty: 4530
- Dołączenie: 03 Sty 2010, 16:07
- Miejscowość: Pasztowa Wola Kolonia
- Pochwały: 174
Re: Wirus ransomware
przez RY9009 » 23 Wrz 2012, 12:33
UA: Opera/9.80 (Windows NT 5.1; U; pl) Presto/2.10.289 Version/12.00
Pousuwałem wszystko to o co prosiłeś; zarzucam nowe logi z OTL.
OTL:
OTL/EXTRAS:
OTL:
- Kod: Zaznacz wszystko
OTL logfile created on: 2012-09-22 22:49:11 - Run 3
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Ela\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,93 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 66,20% Memory free
3,86 Gb Paging File | 2,90 Gb Available in Paging File | 75,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 2,96 Gb Free Space | 7,59% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 106,67 Gb Free Space | 96,99% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 2,70 Gb Free Space | 72,40% Space Free | Partition Type: FAT32
Computer Name: ELA-LAPTOP | User Name: Ela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012-09-21 21:30:35 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Ela\Desktop\OTL.exe
PRC - [2012-08-30 21:15:41 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012-08-30 21:15:38 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012-08-13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012-07-31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012-07-26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012-06-13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012-03-26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012-03-19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012-02-14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-05-21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010-01-11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009-07-14 03:14:19 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAuthn.exe
PRC - [2007-02-10 17:03:52 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [2006-11-03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012-08-30 21:15:45 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012-08-30 21:15:43 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012-08-30 21:15:38 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - [2012-09-22 18:04:36 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-08-30 21:15:41 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012-08-13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-03-26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010-05-30 12:26:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-05-21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2012-08-30 21:15:43 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012-08-24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012-07-26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012-04-19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012-03-20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012-01-31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-12-23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-12-23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011-12-23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011-12-23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009-10-05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2006-12-05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006-08-04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005-11-14 14:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2005-08-30 02:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ig?hl=pl
IE - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2191
FF - prefs.js..extensions.enabledItems: avg@toolbar:12.2.5.32
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-09 19:33:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-09-10 17:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012-08-30 21:15:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-17 18:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-08-06 14:13:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-09 19:33:28 | 000,000,000 | ---D | M]
[2010-06-13 16:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ela\AppData\Roaming\mozilla\Extensions
[2012-09-22 18:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ela\AppData\Roaming\mozilla\Firefox\Profiles\6zy7gt44.default\extensions
[2011-06-12 17:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-09-10 17:31:03 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011-02-09 19:33:28 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-08-30 21:15:54 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
File not found (No name found) -- C:\USERS\ELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ZY7GT44.DEFAULT\EXTENSIONS\[email protected]
[2010-04-01 19:33:11 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-08-30 21:15:37 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2010-04-01 19:33:11 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2010-04-01 19:33:11 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2010-04-01 19:33:11 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2010-04-01 19:33:11 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-04-01 19:33:11 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: http://www.google.com
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={E30C0FC9-A459-401D-A4E9-C1C52F6FFF16}&mid=491f3c6af68b47d085e0d154341638ad-3c333f31aaa0ef966fb0a498672990d19e5a058e&lang=pl&ds=AVG&pr=fr&d=2012-07-27 21:26:42&v=12.1.0.21&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ela\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: AVG Secure Search = C:\Users\Ela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.1.0.21_0\
CHR - Extension: AVG Safe Search = C:\Users\Ela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Users\Ela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.75.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE5D2CF-738F-409F-A228-03418389DBBD}: DhcpNameServer = 94.75.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA592E19-F459-4A5E-8988-8E0378F15A52}: DhcpNameServer = 94.75.115.220 94.75.115.221 212.76.34.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB5BCCF6-6BFD-4921-98E3-136FD2880DA1}: DhcpNameServer = 94.75.112.7
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk G:\
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012-09-22 18:27:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-21 21:30:33 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Ela\Desktop\OTL.exe
[2012-09-19 21:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012-09-12 16:00:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012-09-12 16:00:24 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012-09-12 16:00:24 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012-09-12 16:00:23 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012-09-10 17:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-08-24 15:43:18 | 000,301,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012-09-22 22:39:48 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-22 22:39:48 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-22 22:36:43 | 000,700,246 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-09-22 22:36:43 | 000,618,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-09-22 22:36:43 | 000,136,224 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-09-22 22:36:43 | 000,107,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-09-22 22:32:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-22 22:32:22 | 1554,669,568 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-22 18:24:17 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-09-22 18:04:31 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-09-22 18:04:31 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-09-22 17:57:53 | 095,498,845 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012-09-21 21:30:35 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Ela\Desktop\OTL.exe
[2012-09-14 17:36:14 | 000,146,906 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012-09-10 17:31:03 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012-09-05 19:01:24 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012-08-30 21:15:43 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012-08-24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011-02-09 19:22:21 | 000,172,559 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010-12-31 13:12:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[color=#E56717]========== LOP Check ==========[/color]
[2011-09-01 12:20:40 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\.minecraft
[2012-06-27 19:05:09 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\AVG2012
[2010-03-01 10:04:04 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\OpenOffice.org
[2010-06-22 07:16:29 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\TeamViewer
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
OTL/EXTRAS:
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 2012-09-22 22:49:11 - Run 3
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Ela\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,93 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 66,20% Memory free
3,86 Gb Paging File | 2,90 Gb Available in Paging File | 75,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 2,96 Gb Free Space | 7,59% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 106,67 Gb Free Space | 96,99% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 2,70 Gb Free Space | 72,40% Space Free | Partition Type: FAT32
Computer Name: ELA-LAPTOP | User Name: Ela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3955828144-559123986-2932296864-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1701765B-6D93-43C6-A835-DD423517581F}" = OpenOffice.org 3.2
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FE93ACC-83FB-4FE5-9147-8BAD2D33E2EF}" = AVG 2012
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43592B2E-C393-433F-8D0E-5A4B15A8C786}" = Microsoft Antimalware Service PL-PL Language Pack
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E0C89A4-4040-47C7-AD0C-0E8226B6AFE2}" = AVG 2012
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client PL-PL Language Pack
"{5BD29DC3-EE5C-4E1F-932D-94848CFDD39E}" = ArcSoft VideoImpression 2
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.5 - Polish
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F1AB76C0-333F-11D5-BF46-0002B306C443}" = 3D Ultra Pinball Thrillride
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"3D Live Snooker_is1" = 3D Live Snooker v2.70
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Atlas Świata 2000" = Atlas Świata 2000
"Atlas Świata_is1" = Atlas Świata
"Autoatlas Polski_is1" = Autoatlas Polski
"AVG" = AVG 2012
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Encyklopedia wiedzy komputerowej v. 2.0_is1" = Encyklopedia wiedzy komputerowej na CD v. 2.0
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NirSoft IE PassView" = NirSoft IE PassView
"Pinball XP for Vista and Windows 7_is1" = Pinball
"RealAlt_is1" = Real Alternative 2.0.2
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 5" = TeamViewer 5
"TVWiz" = Intel(R) TV Wizard
"WheelMouse" = iWheelZoom 7.80
"WinRAR archiver" = WinRAR 4.01 (32-bitowy)
"wwii_pl" = Rajd na Berlin
"Zuma_Deluxe!_1.0" = Zuma Deluxe! 1.0
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2012-09-10 11:32:03 | Computer Name = Ela-Laptop | Source = MsiInstaller | ID = 1013
Description =
Error - 2012-09-10 11:32:05 | Computer Name = Ela-Laptop | Source = MsiInstaller | ID = 1013
Description =
Error - 2012-09-10 11:32:07 | Computer Name = Ela-Laptop | Source = MsiInstaller | ID = 1013
Description =
Error - 2012-09-13 11:31:28 | Computer Name = Ela-Laptop | Source = SideBySide | ID = 16842827
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe”. Błąd w pliku manifestu lub w pliku zasad „C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe” w wierszu 2. Użycie
wielu elementów requestedPrivileges w manifeście jest niedozwolone.
Error - 2012-09-13 12:17:55 | Computer Name = Ela-Laptop | Source = SideBySide | ID = 16842827
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe”. Błąd w pliku manifestu lub w pliku zasad „C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe” w wierszu 2. Użycie
wielu elementów requestedPrivileges w manifeście jest niedozwolone.
Error - 2012-09-17 10:43:29 | Computer Name = Ela-Laptop | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: iexplore.exe, wersja: 8.0.7601.17514,
sygnatura czasowa: 0x4ce79912 Nazwa modułu powodującego błąd: skypeieplugin.dll_unloaded,
wersja: 0.0.0.0, sygnatura czasowa: 0x4e92c055 Kod wyjątku: 0xc0000005 Przesunięcie
błędu: 0x67602910 Identyfikator procesu powodującego błąd: 0xed4 Godzina uruchomienia
aplikacji powodującej błąd: 0x01cd94e11f257a26 Ścieżka aplikacji powodującej błąd:
C:\Program Files\Internet Explorer\iexplore.exe Ścieżka modułu powodującego błąd:
skypeieplugin.dll Identyfikator raportu: 0b1b6eef-00d6-11e2-a603-001d72f2d15e
Error - 2012-09-18 12:08:19 | Computer Name = Ela-Laptop | Source = SideBySide | ID = 16842827
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe”. Błąd w pliku manifestu lub w pliku zasad „C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe” w wierszu 2. Użycie
wielu elementów requestedPrivileges w manifeście jest niedozwolone.
Error - 2012-09-18 12:44:29 | Computer Name = Ela-Laptop | Source = Application Hang | ID = 1002
Description = Program iexplore.exe w wersji 8.0.7601.17514 zatrzymał interakcję
z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
Centrum akcji. Identyfikator procesu: 1438 Godzina rozpoczęcia: 01cd95ba49387f0c Godzina
zakończenia: 31 Ścieżka aplikacji: C:\Program Files\Internet Explorer\iexplore.exe
Identyfikator
raportu: 1803022e-01b0-11e2-a63c-001d72f2d15e
Error - 2012-09-22 12:24:18 | Computer Name = Ela-Laptop | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials
on a computer running in safe mode. Your computer is currently running in safe
mode. To install Security Essentials, your computer must be running in normal mode.
Please restart your computer in normal mode, and then try to run the Security Essentials
Setup Wizard again. Error code:0x8004FF11.
Error - 2012-09-22 16:49:01 | Computer Name = Ela-Laptop | Source = Application Hang | ID = 1002
Description = Program OTL.exe w wersji 3.2.65.1 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: 14f4 Godzina rozpoczęcia: 01cd990399c68ef9 Godzina zakończenia:
16 Ścieżka aplikacji: C:\Users\Ela\Desktop\OTL.exe Identyfikator raportu:
[ System Events ]
Error - 2012-09-22 12:27:03 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:27:03 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7031
Description = Usługa Microsoft Antimalware Service niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1. W przeciągu 15000 milisekund zostanie podjęta następująca
czynność korekcyjna: Uruchom usługę ponownie.
Error - 2012-09-22 12:29:11 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:29:11 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:29:11 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:31:25 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:31:25 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:31:25 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068
Error - 2012-09-22 12:36:10 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%2
Error - 2012-09-22 16:34:45 | Computer Name = Ela-Laptop | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%2
< End of report >
- RY9009
- Forumowicz
- Posty: 4
- Dołączenie: 21 Wrz 2012, 21:52
Re: Wirus ransomware
przez kominekl » 23 Wrz 2012, 19:59
UA: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
ADWCleaner.
Nie widzę logu z funkcji Delete.
Zbędne Oprogramowanie.
Nadal widzę tu zbędne elementy. Wykonaj instrukcję.
Logi.
Uruchom OTL
w oknie Własne opcje skanowania/skrypt wklej::OTL
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKU\S-1-5-21-3955828144-559123986-2932296864-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]
Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
-
kominekl - Przyjaciel forum
- Posty: 4530
- Dołączenie: 03 Sty 2010, 16:07
- Miejscowość: Pasztowa Wola Kolonia
- Pochwały: 174
8 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Google [Bot]