Bardzo prosze o sprawdzenie loga

Wszystko co dotyczy bezpieczeństwa systemów oraz walki z malware, w szczególności analiza logów
anula

Użytkownik
Posty: 27
Rejestracja: 17 sie 2012, 12:09

Bardzo prosze o sprawdzenie loga

Post17 sie 2012, 12:13

OTL logfile created on: 17/08/2012 11:00:43 - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\tAbZa\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 43.03% Memory free
3.74 Gb Paging File | 2.61 Gb Available in Paging File | 69.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 118.91 Gb Total Space | 23.65 Gb Free Space | 19.89% Space Free | Partition Type: NTFS
Drive D: | 113.88 Gb Total Space | 74.80 Gb Free Space | 65.68% Space Free | Partition Type: NTFS
Drive E: | 856.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TABZA-PC | User Name: tAbZa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 11:00:11 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\tAbZa\Downloads\OTL(1).exe
PRC - [2012/08/15 16:32:26 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.3.0.14\ccsvchst.exe
PRC - [2012/05/22 08:31:56 | 001,822,344 | ---- | M] (MusicLab, LLC) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2012/04/25 08:22:16 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files\O2\Connection Manager\ImpWiFiSvc.exe
PRC - [2009/07/27 03:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/10 17:09:38 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/15 16:32:25 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/04/25 08:22:15 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/08/15 16:32:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe -- (N360)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/25 08:22:16 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/28 18:10:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files\O2\Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2012/08/14 15:13:37 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120816.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/08/14 15:13:37 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/14 15:13:37 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/14 15:13:37 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120816.021\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/14 14:42:35 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/08/13 23:13:46 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120815.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/11 00:45:54 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120811.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/07/06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0603000.00E\srtsp.sys -- (SRTSP)
DRV - [2012/07/06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0603000.00E\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0603000.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/05/22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0603000.00E\symefa.sys -- (SymEFA)
DRV - [2011/11/17 04:38:00 | 000,318,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0603000.00E\symnets.sys -- (SymNetS)
DRV - [2011/11/17 04:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0603000.00E\ironx86.sys -- (SymIRON)
DRV - [2011/08/16 07:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0603000.00E\symds.sys -- (SymDS)
DRV - [2010/12/02 13:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/12/02 13:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/12/02 13:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/12/02 13:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/09 08:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/04/07 10:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/03/25 03:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 04:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/02/04 23:20:22 | 000,012,672 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HP8107.sys -- (HP8107Fltr)
DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/04/10 17:09:40 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2005/11/14 13:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2005/05/31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/04/30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BtNetDrv.sys -- (BT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&SearchSource=4&ctid=CT2786678


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No CLSID value found
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&AF=108714&babsrc=SP_ss&mntrId=a02050920000000000000617c46b1310
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT2481033.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Ashampoo PO Customized Web Search"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/11 20:55:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/08/14 14:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012/08/17 10:35:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 08:22:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/16 10:31:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Users\tAbZa\AppData\Roaming\Mozilla\Firefox\Profiles/d7k9f4lc.default\extensions\superfish@superfish.com

[2012/05/22 20:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tAbZa\AppData\Roaming\mozilla\Extensions
[2012/08/17 10:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tAbZa\AppData\Roaming\mozilla\Firefox\Profiles\d7k9f4lc.default\extensions
[2012/08/17 10:07:23 | 000,000,915 | ---- | M] () -- C:\Users\tAbZa\AppData\Roaming\Mozilla\Firefox\Profiles\d7k9f4lc.default\searchplugins\conduit.xml
[2011/09/02 11:18:57 | 000,002,506 | ---- | M] () -- C:\Users\tAbZa\AppData\Roaming\Mozilla\Firefox\Profiles\d7k9f4lc.default\searchplugins\SearchResults.xml
[2012/05/22 20:44:42 | 000,002,515 | ---- | M] () -- C:\Users\tAbZa\AppData\Roaming\Mozilla\Firefox\Profiles\d7k9f4lc.default\searchplugins\Search_Results.xml
[2012/05/22 20:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/12 14:33:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/22 20:45:44 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2012/04/25 08:22:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/29 18:34:06 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012/03/03 20:14:52 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/29 18:34:06 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012/02/29 18:34:06 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012/02/29 18:34:06 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011/09/02 11:18:57 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/05/22 20:44:42 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/29 18:34:06 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012/02/29 18:34:06 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - homepage: Dostępne tylko dla zarejestrowanych użytkowników
CHR - default_search_provider: Search Results ()
CHR - default_search_provider: search_url = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: Dostępne tylko dla zarejestrowanych użytkowników
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: uTorrentBar = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\
CHR - Extension: YouTube = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Szukaj w Google = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Szukaj w Google = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: CANON iMAGE GATEWAY Album Plugin Utility = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/06/28 18:03:08 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.3.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DataMngr) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll (MusicLab, LLC)
O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-21-3425353342-21393617-1818682444-1000..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Dostępne tylko dla zarejestrowanych użytkowników (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE369C5A-AA86-47C8-A4D6-871C42AF9129}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/02/11 12:17:29 | 000,000,034 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{49c76169-c3f6-11e1-928e-00030d000001}\Shell - "" = AutoRun
O33 - MountPoints2\{49c76169-c3f6-11e1-928e-00030d000001}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{54e7348f-a0fc-11e0-a41a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{54e7348f-a0fc-11e0-a41a-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\index.html
O33 - MountPoints2\{8e3b6988-bd35-11e1-b752-00030d000001}\Shell - "" = AutoRun
O33 - MountPoints2\{8e3b6988-bd35-11e1-b752-00030d000001}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8e3b6997-bd35-11e1-b752-00030d000001}\Shell - "" = AutoRun
O33 - MountPoints2\{8e3b6997-bd35-11e1-b752-00030d000001}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c6527868-bb8a-11e1-bf9c-00030d000001}\Shell - "" = AutoRun
O33 - MountPoints2\{c6527868-bb8a-11e1-bf9c-00030d000001}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{c65278f3-bb8a-11e1-bf9c-00030d000001}\Shell - "" = AutoRun
O33 - MountPoints2\{c65278f3-bb8a-11e1-bf9c-00030d000001}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{d9737bdd-be0a-11e1-972c-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{d9737bdd-be0a-11e1-972c-001e101f57d0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 09:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/08/15 15:32:06 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/08/15 12:24:41 | 000,924,320 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0603000.00E\symefa.sys
[2012/08/15 12:24:41 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0603000.00E\symnets.sys
[2012/08/15 12:24:40 | 000,574,112 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0603000.00E\srtsp.sys
[2012/08/15 12:24:40 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0603000.00E\symds.sys
[2012/08/15 12:24:40 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0603000.00E\ironx86.sys
[2012/08/15 12:24:40 | 000,132,768 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0603000.00E\ccsetx86.sys
[2012/08/15 12:24:40 | 000,032,928 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0603000.00E\srtspx.sys
[2012/08/15 12:24:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0603000.00E
[2012/08/14 14:42:35 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/08/14 14:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/08/14 14:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/14 14:40:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2012/08/14 14:40:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/08/14 14:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2012/08/14 14:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/08/10 16:52:14 | 000,000,000 | ---D | C] -- C:\Users\tAbZa\Desktop\Nowy folder
[2012/07/30 14:52:15 | 000,000,000 | ---D | C] -- C:\Users\tAbZa\Desktop\dokumenty
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 10:38:06 | 000,702,178 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012/08/17 10:38:06 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/17 10:38:06 | 000,139,064 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012/08/17 10:38:06 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/17 10:33:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 10:33:06 | 1504,325,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/17 10:07:55 | 000,000,009 | ---- | M] () -- C:\END
[2012/08/17 09:36:14 | 000,078,643 | ---- | M] () -- C:\Users\tAbZa\Desktop\iron-man.jpg
[2012/08/17 09:32:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/15 20:57:32 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\N360\0603000.00E\VT20120731.038
[2012/08/15 16:32:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/15 16:32:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/15 16:32:18 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/08/15 15:01:57 | 000,002,232 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/08/15 15:01:47 | 001,548,260 | ---- | M] () -- C:\Windows\System32\drivers\N360\0603000.00E\Cat.DB
[2012/08/15 07:14:35 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 07:14:34 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 14:42:35 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/08/14 14:42:35 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/08/14 14:42:35 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/08/14 11:31:57 | 000,302,354 | ---- | M] () -- C:\Users\tAbZa\Desktop\IMG-1.pdf
[2012/08/10 06:44:34 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0603000.00E\isolate.ini
[2012/08/08 12:32:41 | 000,001,490 | ---- | M] () -- C:\Users\tAbZa\Desktop\Nowy dokument sformatowany.rtf
[2012/08/05 20:47:59 | 000,003,562 | ---- | M] () -- C:\Users\tAbZa\Documents\JACEK TELEGLOW CV.rtf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 10:07:08 | 000,000,009 | ---- | C] () -- C:\END
[2012/08/17 09:36:12 | 000,078,643 | ---- | C] () -- C:\Users\tAbZa\Desktop\iron-man.jpg
[2012/08/15 20:57:50 | 000,008,942 | ---- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\VT20120731.038
[2012/08/15 15:01:03 | 001,548,260 | ---- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\Cat.DB
[2012/08/15 12:24:41 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\symnet.cat
[2012/08/15 12:24:41 | 000,007,434 | ---- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\symefa.cat
[2012/08/15 12:24:41 | 000,003,435 | ---- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\symefa.inf
[2012/08/15 12:24:41 | 000,001,441 | R--- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\symnet.inf
[2012/08/15 12:24:40 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\symds.cat
[2012/08/15 12:24:40 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\iron.cat
[2012/08/15 12:24:40 | 000,007,398 | ---- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\srtspx.cat
[2012/08/15 12:24:40 | 000,007,380 | ---- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\srtsp.cat
[2012/08/15 12:24:40 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\symds.inf
[2012/08/15 12:24:40 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\srtspx.inf
[2012/08/15 12:24:40 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\srtsp.inf
[2012/08/15 12:24:40 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\ccsetx86.inf
[2012/08/15 12:24:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\iron.inf
[2012/08/15 12:24:39 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\ccsetx86.cat
[2012/08/15 12:24:20 | 000,008,942 | ---- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\symvtcer.dat
[2012/08/15 12:24:20 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0603000.00E\isolate.ini
[2012/08/14 14:42:35 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/08/14 14:42:35 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/08/14 14:42:15 | 000,002,232 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/08/14 11:31:57 | 000,302,354 | ---- | C] () -- C:\Users\tAbZa\Desktop\IMG-1.pdf
[2012/08/08 12:31:20 | 000,001,490 | ---- | C] () -- C:\Users\tAbZa\Desktop\Nowy dokument sformatowany.rtf
[2012/06/04 12:25:18 | 000,109,016 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/05/28 11:31:10 | 000,013,304 | ---- | C] () -- C:\Windows\System32\drivers\BTNetFilter.sys
[2012/05/28 11:31:09 | 000,011,860 | ---- | C] () -- C:\Windows\System32\drivers\VBTEnum.sys
[2012/05/22 20:54:22 | 000,045,056 | ---- | C] () -- C:\Users\tAbZa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/09 14:09:38 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/02/25 13:45:42 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/01/22 17:06:24 | 000,002,034 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/08/03 10:25:08 | 000,000,000 | ---- | C] () -- C:\Users\tAbZa\AppData\Local\{1B83781E-34F6-4E03-9937-B57DE5DB09C6}
[2011/07/04 08:27:41 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/04 08:25:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/28 21:15:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/27 22:34:46 | 000,702,178 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2011/06/27 22:34:46 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2011/06/27 22:34:46 | 000,139,064 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2011/06/27 22:34:46 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat

< End of report >
Na górę
Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:
Skontaktuj się z kominekl

Bardzo prosze o sprawdzenie loga

Post17 sie 2012, 15:04

Podawanie logów.


Logi wklejaj na -> Dostępne tylko dla zarejestrowanych użytkowników, a następnie podawaj linki do nich.

O33 - MountPoints2\{54e7348f-a0fc-11e0-a41a-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\index.html


Z podłączonymi pamięciami przenośnymi użyj USBFix z opcji Deletion i zaprezentuj log -> http://www.hotfix.pl/uzytkowanie-progra ... x-a310.htm.

Logi.


Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników ... =2&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników ... 06&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników ... =CT2481033
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No CLSID value found
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&AF=108714&babsrc=SP_ss&mntrId=a02050920000000000000617c46b1310
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników ... =2&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników ... 06&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..CT2481033.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Ashampoo PO Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=2&q="
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2012/08/17 10:07:23 | 000,000,915 | ---- | M] () -- C:\Users\tAbZa\AppData\Roaming\Mozilla\Firefox\Profiles\d7k9f4lc.default\searchplugins\conduit.xml
[2011/09/02 11:18:57 | 000,002,506 | ---- | M] () -- C:\Users\tAbZa\AppData\Roaming\Mozilla\Firefox\Profiles\d7k9f4lc.default\searchplugins\SearchResults.xml
[2012/05/22 20:44:42 | 000,002,515 | ---- | M] () -- C:\Users\tAbZa\AppData\Roaming\Mozilla\Firefox\Profiles\d7k9f4lc.default\searchplugins\Search_Results.xml
[2012/08/12 14:33:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/22 20:45:44 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2012/03/03 20:14:52 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/02 11:18:57 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/05/22 20:44:42 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
CHR - Extension: uTorrentBar = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\
CHR - Extension: Szukaj w Google = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: CANON iMAGE GATEWAY Album Plugin Utility = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O3 - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKU\S-1-5-21-3425353342-21393617-1818682444-1000..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found

:Files
C:\Windows\tasks\*.*
C:\Users\tAbZa\AppData\Local\{1B83781E-34F6-4E03-9937-B57DE5DB09C6}

:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]


Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL (oba) -> http://hotfix.pl/articles.php?article_id=143 + log z TDSSKiller -> http://www.hotfix.pl/instrukcja-obslugi ... r-a341.htm.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
Na górę
anula

Użytkownik
Posty: 27
Rejestracja: 17 sie 2012, 12:09

Bardzo prosze o sprawdzenie loga

Post17 sie 2012, 17:12

jejku jest mi strasznie wstyd, ale nie znam sie zupelnie na komputerach. Jak otwieram program otl mam tylko mozliwosc scan. Nie widzie nigdzie polecenia: wykonaj skrypt :chaja:

-- 17 sie 2012, 15:53 --

All processes killed
========== OTL ==========
Service VGPU stopped successfully!
Service VGPU deleted successfully!
File System32\drivers\rdvgkmd.sys not found.
Service tsusbhub stopped successfully!
Service tsusbhub deleted successfully!
File system32\drivers\tsusbhub.sys not found.
Service Synth3dVsc stopped successfully!
Service Synth3dVsc deleted successfully!
File System32\drivers\synth3dvsc.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-3425353342-21393617-1818682444-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3425353342-21393617-1818682444-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_USERS\S-1-5-21-3425353342-21393617-1818682444-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d43723ae-1ae1-4a25-a6a4-bf0929273cab} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}\ not found.
HKEY_USERS\S-1-5-21-3425353342-21393617-1818682444-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3425353342-21393617-1818682444-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3425353342-21393617-1818682444-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_USERS\S-1-5-21-3425353342-21393617-1818682444-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKU\S-1-5-21-3425353342-21393617-1818682444-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: true removed from CT2481033.browser.search.defaultthis.engineName
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Ashampoo PO Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\tAbZa\AppData\Roaming\Mozilla\Firefox\Profiles\d7k9f4lc.default\searchplugins\conduit.xml moved successfully.
C:\Users\tAbZa\AppData\Roaming\Mozilla\Firefox\Profiles\d7k9f4lc.default\searchplugins\SearchResults.xml moved successfully.
C:\Users\tAbZa\AppData\Roaming\Mozilla\Firefox\Profiles\d7k9f4lc.default\searchplugins\Search_Results.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully.
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully.
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully.
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Options folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Media\rssItem folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Media\popup folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Media\icons\useful_components folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Media\icons\urlGadget folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Media\icons folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Media\base64\searchBox folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Media\base64\rssItem folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Media\base64\ifarme folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Media\base64\icons folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Media\base64\dyamincMenu folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Media\base64 folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Media folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\services\translation folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\services\alerts folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\services folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\popup\view folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\popup folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\model folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\lib folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\xmlMenu\view folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\xmlMenu folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\urlGadget\view folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\urlGadget folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\multiRssItem\view folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\multiRssItem folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\menuPanel\view folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\menuPanel folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\dynamicMenu\view folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\dynamicMenu folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\contextMenu\view folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\contextMenu folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\container folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\components\view\InjectScript folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\components\view folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\components folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items\about folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\items folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\css folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\controller folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\API\component\view folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\API\component folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js\API folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\js folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0\Css folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.4.2_0 folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\zh_TW folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\zh_CN folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\vi folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\uk folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\tr folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\th folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\sv folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\sr folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\sl folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\sk folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\ru folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\ro folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\pt_PT folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\pt_BR folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\pl folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\no folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\nl folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\lv folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\lt folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\ko folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\ja folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\it folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\id folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\hu folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\hr folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\hi folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\he folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\fr folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\fil folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\fi folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\et folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\es_419 folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\es folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\en_US folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\en_GB folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\en folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\el folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\de folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\da folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\cs folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\ca folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\bg folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\ar folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0 folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0 folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\zh_TW folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\zh_CN folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\pt_BR folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\ja folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\fr folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\es folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\en folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\de folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\images folder moved successfully.
C:\Users\tAbZa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-3425353342-21393617-1818682444-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_USERS\S-1-5-21-3425353342-21393617-1818682444-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
File ptyflash] not found.
File earallrestorepoints] not found.
File ptytemp] not found.

OTL by OldTimer - Version 3.2.57.0 log created on 08172012_144854

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

-- 17 sie 2012, 15:55 --

sorry znow wkleilam loga tutaj a nie na stronke ktora mi podales, wybaczcie :roll:

-- 17 sie 2012, 15:59 --

Juz widze ze jest lepiej :D czekam nadalsze instrukcje i wybaczcie mi, jestem w tych sprawach jak dolar - zielona. A tak chcialabym sie tego nauczyc...

-- 17 sie 2012, 16:29 --

LOG OTL. exe Dostępne tylko dla zarejestrowanych użytkowników

-- 17 sie 2012, 16:55 --

Musialam zrobic jeszcze raz bo mi sie laptop zawiesil.

Dostępne tylko dla zarejestrowanych użytkowników
Dostępne tylko dla zarejestrowanych użytkowników

Dziekuje za pomoc.

-- 17 sie 2012, 17:12 --

jezeli chodzi o log TDSSKiller to zrobilam go, wyszlo mi
Found :0 threats
Neutralized: 0threats
Quarantined :0 threats

W zaden sposob nie moglam skopiowac raportu.
Pozdrawiam.
Na górę
Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:
Skontaktuj się z kominekl

Bardzo prosze o sprawdzenie loga

Post17 sie 2012, 21:37

USBFix.


Miałeś Go użyć.

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call


Odinstaluj to oprogramowanie.

Logi.


Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=2&sr=0&q="
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

:Files
C:\Windows\tasks\*.*
C:\Users\tAbZa\AppData\Roaming\Babylon

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]


Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL + log z Autoruns -> http://www.hotfix.pl/optymalizacja-auto ... s-a128.htm.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
Na górę
anula

Użytkownik
Posty: 27
Rejestracja: 17 sie 2012, 12:09

Bardzo prosze o sprawdzenie loga

Post18 sie 2012, 19:58

Log z usuwania Dostępne tylko dla zarejestrowanych użytkowników

-- 18 sie 2012, 18:14 --

Log z autoruns... hmm to troche trudne, ale sprobuje. Tak czy inaczej dziekuje Ci kominekl, za Twoj czas i cierpliwosc.

-- 18 sie 2012, 18:46 --

Nowe logi z OTL
Dostępne tylko dla zarejestrowanych użytkowników
Dostępne tylko dla zarejestrowanych użytkowników

-- 18 sie 2012, 18:53 --

Nie wiem czy dobrze to zrobilam, tutaj jest link:

Kod: Zaznacz cały

http://speedy.sh/2vqCa/AutoRuns.arn


-- 18 sie 2012, 19:58 --

Zrobila log z autoruns jeszcze raz lecz tym razem chyba skompresowalam :

Kod: Zaznacz cały

http://speedy.sh/K2USw/AutoRuns.arn
Na górę
Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:
Skontaktuj się z kominekl

Bardzo prosze o sprawdzenie loga

Post18 sie 2012, 20:55

USBFix.


Nadal czekam na log z Niego z opcji Deletion przy podłączonych pamięciach przenośnych.

Autoruns.


W Autoruns odznacz, a następnie usuń (co się będzie dało):

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Adobe ARM
APSDaemon
CanonMyPrinter
CanonSolutionMenu
DATAMNGR
DivXUpdate
iTunesHelper


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

BlueSoleil.lnk


HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

Microsoft Windows


HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Skype


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Wszystko.


HKLM\Software\Microsoft\Internet Explorer\Toolbar

Wszystko.


Task Scheduler

Wszystko.


HKLM\System\CurrentControlSet\Services

AdobeARMservice
Apple Mobile Device
iPod Service
MozillaMaintenance
ose
SkypeUpdate
WinDefend
WMPNetworkSvc


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

Wszystko.


HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

Wszystko.


Logi.


Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Users\tAbZa\AppData\Roaming\Mozilla\Firefox\Profiles/d7k9f4lc.default\extensions\superfish@superfish.com

:Files
C:\Users\tAbZa\AppData\Local\{1B83781E-34F6-4E03-9937-B57DE5DB09C6}

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]


Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL + log z ADWCleaner (z opcji Delete) -> Dostępne tylko dla zarejestrowanych użytkowników.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
Na górę
anula

Użytkownik
Posty: 27
Rejestracja: 17 sie 2012, 12:09

Bardzo prosze o sprawdzenie loga

Post19 sie 2012, 00:22

Nie wiem jak uzyc USB fix. Nie wiem co to sa te nosniki pamieci. czasem uzywalam tzw. palucha z 1gb pamieci, podpinam iphona kablem, nie wiem wytlumacz mi o co chodzi prosze. I jak mam odblokowac funkcje zapisu :think:

-- 18 sie 2012, 23:24 --

Ja mam pytanie zanim usune wszystko z mojego laptopa. Czy mam usunac moja drukarke? Przeciez jej uzywam. A antywirus norton? Zaplacilam za niego sporo jak dla mnie.

-- 19 sie 2012, 00:22 --

Zrobilam skrypt ale gdy laptop zrestartowal sie wszytko bylo o wiele wieksze niz normalnie, a najgorsze bylo to, ze zgubilo mi siec. Nie moglam polaczyc sie z internetem. I dlatego nie podalam logu z usuwania. Gdyby maz sie dowiedzial chyba by mnie zjadl. Zrobilam restart do wczesniejszego punktu i wszystko wrocilo do normy. Nie chce juz ruszac tego. Boje sie ze narobie tu balaganu. Jak moge zakonczyc to nie narazajac internetu i ogolnie laptopa :roll:
Na górę
Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:
Skontaktuj się z kominekl

Bardzo prosze o sprawdzenie loga

Post19 sie 2012, 11:23

Nie wiem jak uzyc USB fix. Nie wiem co to sa te nosniki pamieci. czasem uzywalam tzw. palucha z 1gb pamieci, podpinam iphona kablem, nie wiem wytlumacz mi o co chodzi prosze. I jak mam odblokowac funkcje zapisu :think:


Pendrive`y i tego typu pierdoły podpinasz pod USB i używasz USBFix z opcji Deletion (to konieczne, bo są tu oznaki infekcji).

Ja mam pytanie zanim usune wszystko z mojego laptopa. Czy mam usunac moja drukarke? Przeciez jej uzywam. A antywirus norton? Zaplacilam za niego sporo jak dla mnie.


Nie usuniemy antywirusa tylko zbędne wpisy od Niego. On sam nadal będzie działać.

Ja mam pytanie zanim usune wszystko z mojego laptopa.


Wszystko z danej zakładki ;) .

Zrobilam skrypt ale gdy laptop zrestartowal sie wszytko bylo o wiele wieksze niz normalnie, a najgorsze bylo to, ze zgubilo mi siec. Nie moglam polaczyc sie z internetem. I dlatego nie podalam logu z usuwania. Gdyby maz sie dowiedzial chyba by mnie zjadl. Zrobilam restart do wczesniejszego punktu i wszystko wrocilo do normy. Nie chce juz ruszac tego. Boje sie ze narobie tu balaganu. Jak moge zakonczyc to nie narazajac internetu i ogolnie laptopa :roll:


Skrypt był przystosowany do użycia po wykonaniu wpisów w Autoruns. Na razie Go teraz nie wykonuj. Zastosuj się do powyższych instrukcji i dopiero po ich wykonaniu podaj nowe logi z OTL.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
Na górę
anula

Użytkownik
Posty: 27
Rejestracja: 17 sie 2012, 12:09

Bardzo prosze o sprawdzenie loga

Post19 sie 2012, 13:31

Ok sprubuje, talk jak mam odblokowac cubicle zapisu? I cay do USB mam tez podlaczyc drukarke I iPhone

-- 19 sie 2012, 13:04 --

Podlaczylam paluchy z pamiecia. Nie podlaczalam drukarki i iphone. Nie wiem czy dobrze zrobilam. Na koniec wyskoczylo mi:
Please send the file:
C:\UsbFix_Upload_Me_TABZA-PC.zip

-- 19 sie 2012, 13:13 --

Oto log z USBfix:
Dostępne tylko dla zarejestrowanych użytkowników

-- 19 sie 2012, 13:31 --

I co mam teraz zrobic ;)
Na górę
Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:
Skontaktuj się z kominekl

Bardzo prosze o sprawdzenie loga

Post19 sie 2012, 21:38

I co mam teraz zrobic ;)


Czekamy na nowe logi z OTL.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
Na górę
anula

Użytkownik
Posty: 27
Rejestracja: 17 sie 2012, 12:09

Bardzo prosze o sprawdzenie loga

Post19 sie 2012, 23:38

Logi z OTL :
Dostępne tylko dla zarejestrowanych użytkowników
Dostępne tylko dla zarejestrowanych użytkowników
czekam na dalsze instrukcje :)
Na górę
Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:
Skontaktuj się z kominekl

Bardzo prosze o sprawdzenie loga

Post20 sie 2012, 17:24

czekam na dalsze instrukcje :)


W Autoruns nie usunęłaś wszystkiego, o co prosiłam. Popraw to teraz.

USBFix.


Odinstaluj.

Logi.


Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\SearchScopes,DefaultScope = ${searchCLSID}
IE - HKU\S-1-5-21-3425353342-21393617-1818682444-1000\..\SearchScopes\${searchCLSID}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&src={referrer:source?}
O3 - HKLM\..\Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

:Files
$Recycle.Bin /alldrives
C:\TDSSKiller.2.7.22.0_17.08.2012_15.59.28_log.txt
C:\TDSSKiller.2.8.6.0_17.08.2012_16.14.05_log.txt
C:\UsbFix.txt
D:\01c0476a706f5603d565
C:\UsbFix
C:\Windows\System32\drivers\etc\hosts.ics
C:\UsbFix_Upload_Me_TABZA-PC.zip
C:\Users\tAbZa\Desktop\AutoRuns.zip

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]


Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
Na górę
anula

Użytkownik
Posty: 27
Rejestracja: 17 sie 2012, 12:09

Bardzo prosze o sprawdzenie loga

Post20 sie 2012, 18:26

Log z autoruns

Kod: Zaznacz cały

http://speedy.sh/JDknY/AutoRuns-2.zip


-- 20 sie 2012, 18:26 --

Nie wszystko moglam usunac. I nie wiem dlaczego strasznie zaiweszal mi sie program autoruns. Gdy usuwalam po kolei co mi kazales, program zawieszal sie kilka razy i musialam otwierac od poczatku. W ogole strasznie czesto zawiesza mi sie laptop. Mam nadzieje ze to co robimy pomoze :)
Na górę
Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:
Skontaktuj się z kominekl

Bardzo prosze o sprawdzenie loga

Post20 sie 2012, 19:10

Autoruns.


W Autoruns odznaczyłaś nie to, co trzeba (choć część trafiłaś). Nie wiem czemu tak poodznaczałaś, ale to nie tak. Użyj punktu przywracania sprzed działaniami, które zrobiłaś w Autoruns.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
Na górę
anula

Użytkownik
Posty: 27
Rejestracja: 17 sie 2012, 12:09

Bardzo prosze o sprawdzenie loga

Post20 sie 2012, 19:30

Zrobilam skrypt I znow wszystko otworzyło mi się wieelkie tylko ze tym razem wparowal maz I powiedzial zebym nie lazla :) powem szczerze ze boje sie. Zrobilam restart na 18/08 I nie Wiem czy mam ruszac dalej czy zostawić to tak jak jest.
Na górę

  • Reklama

Wróć do „Bezpieczeństwo”



Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 2 gości