Nie moge odpalic safe mode

[Professor00179]

Nie bardzo wiem, czy ten problem wpada pod kategorie sprzetu czy programow, ale wydaje sie to byc nastepstwem wirusa, wiec zdecywalem sie napisac w tym dziale.

Komputer zassal Ukash Virus, ktory wlasciwie zablokowal dostep do komputera. Wydaje mi sie, ze sam bede w stanie usunac to badziewie, ale nie moge odpalic safe mode. Za kazdym razem, gdy probuje uruchomic ten tryb, komputer sie ponownie restartuje... Nie mam problemow z odpaleniem normalnego trybu, ale wirus od razu blokuje dostep do wszelkich opcji (kto sie z tym syfem spotkal, ten wie- to juz moj 3ci raz, nadal nie doszedlem z ktorej strony to 'zasysam').

Jak skutecznie odpalic safe mode i czy jest jakis inny sposob na uzycie system restore?

W konsekwencji, nie moge uruchomic zadnej opcji, bo albo wirus, albo reboot zmuszaja mnie do zaczynania od nowa. Probowalem odpalic windows repair (XP) z plytki, ale pyta mnie o jakis numer windowsa i haslo. O co z tym chodzi?

[Sevard]

Numer Windowsa to numer instalacji, zazwyczaj będzie to 1, jeśli masz tylko jednego Windowsa. Hasło to hasło konta Administrator.

Jak objawia się niemożność załadowania trybu awaryjnego?

Próbowałeś usunąć wirusa z poziomu zewnętrznego antywirusa (np. Dr.Web LiveCD)?

[Professor00179]

Wybierajac jeden z trybow awaryjnych (safe mode, safe mode and network etc.), komputer po prostu sie restartuje, zamiast przejsc do login screen.

Próbowałeś usunąć wirusa z poziomu zewnętrznego antywirusa (np. Dr.Web LiveCD)?

Nie, i nie mam pojecia jak to zrobic. Wnioskuje jednak, ze najpierw bede musial odpalic komputer w safe mode.

EDIT: Udalo mi sie odpalic recovery console, ktora z komend moglaby rozwiazac problem?

EDIT 2: Udalo mi sie odpalic system restore. Dostalem info mowiace 'restore failed/incomplete', ale jednak dziala.

Nadal mam smiecie na komputerze, od razu zablokowaly avire a glowne strony antywirusow nie dzialaja, na szczescie sciagam cos z innej strony. Zobacze co z tego bedzie i poinformuje o dalszych problemach/sukcesach

EDIT 3: System restore w ogole nie zadzialal, w dodatku stracilem poprzednie checkpointy i nie moge nic wczytac. Moge jednak odpalac komputer w safe mode, wiec jezeli ktos zna antywirus, ktory automatycznie wyszukalby i unieszkodliwil Ukash Virus, prosilbym o pomoc

[Sevard]

Płyty LiveCD uruchamia się z pominięciem systemu, więc uruchomienie trybu awaryjnego nie było potrzebne, no ale nic.

W trybie awaryjnym zrób następujące rzeczy:

1. Przeskanuj kompa programem Malwarebytes' Anti-Malware, pozwól mu naprawić co znajdzie, a powstały log wrzuć na forum.

2. Uruchom OTL, we wszystkich sekcjach zaznacz opcję użyj filtrowania i kliknij opcję Skanuj. Wrzuć obydwa powstałe logi na forum.

[Professor00179]

1. przeskanowalem dwa razy, za pierwszym quick scan, za drugim full. Wszelkie znalezione wirusy/trojany usunalem, ale nadal cos jest, bo nie odpala mi w ogole normalnego trybu pracy i nie moge wejsc na strony z antywirusami. Probowalem wyslac w zalacznikach, ale nie wyswietlalo mi dokumentow, wiec po prostu je wkleje.

2. Wlasnie sciagam

LOG 1

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.06.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

michal :: MICHAL-BDA264C8 [administrator]

Protection: Enabled

3/6/2012 4:33:02 PM

mbam-log-2012-03-06 (16-33-02).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 165981

Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 14

HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.

HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> No action taken.

HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> No action taken.

HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> No action taken.

HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.

HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.

HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> No action taken.

HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 8

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;á?z?;XA?0öm?Á? -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UebMebwn (Trojan.Inject) -> Data: C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe -> Quarantined and deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UebMebwn (Trojan.Inject) -> Data: C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{FE08D958-4FD2-4945-2284-38F959148C9C} (Trojan.ZbotR.Gen) -> Data: "C:\Documents and Settings\michal\Application Data\Voekxu\ufob.exe" -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{329C95AF-E868-C2FE-B618-355F124172C2} (Trojan.ZbotR.Gen) -> Data: "C:\Documents and Settings\michal\Application Data\Koegit\dyhuhya.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 10

C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> No action taken.

c:\documents and settings\michal\local settings\application data\mbjatbnw\uebmebwn.exe (Trojan.Inject) -> Delete on reboot.

c:\documents and settings\michal\start menu\programs\startup\uebmebwn.exe (Trojan.Inject) -> Quarantined and deleted successfully.

c:\windows\system32\config\systemprofile\start menu\programs\startup\uebmebwn.exe (Trojan.Inject) -> Delete on reboot.

C:\WINDOWS\system32\UR9CxquHH (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\michal\Local Settings\Temp\mmyhjdytvcywygjb.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\michal\Local Settings\Temp\mor.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\mmyhjdytvcywygjb.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\michal\Local Settings\Temp\0.14734339778355143g8j8.exe (Exploit.Drop.4) -> Quarantined and deleted successfully.

C:\Documents and Settings\michal\Start Menu\Programs\Startup\0.14734339778355143g8j8.exe.lnk (Backdoor.Agent) -> Quarantined and deleted successfully.

(end)

LOG 2

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.06.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

michal :: MICHAL-BDA264C8 [administrator]

Protection: Disabled

3/6/2012 4:46:34 PM

mbam-log-2012-03-06 (16-46-34).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 181013

Time elapsed: 2 hour(s), 7 minute(s), 20 second(s) [aborted]

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 14

HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.

HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> No action taken.

HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> No action taken.

HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> No action taken.

HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.

HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.

HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> No action taken.

HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 6

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;á?z?;XA?0öm?Á? -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UebMebwn (Trojan.Inject) -> Data: C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe -> Quarantined and deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UebMebwn (Trojan.Inject) -> Data: C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 26

C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> No action taken.

c:\documents and settings\michal\local settings\application data\mbjatbnw\uebmebwn.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\cscthxpa.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\michal\Local Settings\Application Data\iBryte\Implementations\playbryte\Assemblies\1\BrowserObjects.dll (Adware.IBryte) -> Quarantined and deleted successfully.

C:\Documents and Settings\michal\Local Settings\Temp\mmyhjdytvcywygjb.exe (Trojan.Inject) -> Quarantined and deleted successfully.

c:\documents and settings\michal\start menu\programs\startup\uebmebwn.exe (Trojan.Inject) -> Delete on reboot.

C:\Program Files\OpenOffice.org 3\program\h6pByW3 (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP57\A0032073.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP57\A0032078.dll (Adware.IBryte) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP57\A0032083.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP57\A0032402.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP57\A0032407.dll (Adware.IBryte) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP57\A0032412.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP58\A0032414.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP58\A0032419.dll (Adware.IBryte) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP58\A0032424.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP58\A0032851.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP58\A0032855.dll (Adware.IBryte) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP58\A0032860.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP58\A0040323.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP58\A0037326.dll (Adware.IBryte) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP58\A0037331.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49139A58-0379-4986-9A5C-C026CE8773C9}\RP58\A0037322.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UR9CxquHH (Trojan.Inject) -> Quarantined and deleted successfully.

c:\windows\system32\config\systemprofile\start menu\programs\startup\uebmebwn.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\mmyhjdytvcywygjb.exe (Trojan.Inject) -> Quarantined and deleted successfully.

(end)

Log z OTL:

OTL logfile created on: 3/6/2012 7:20:43 PM - Run 1

OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\michal\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 77.50% Memory free

5.09 Gb Paging File | 4.47 Gb Available in Paging File | 87.69% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 6.37 Gb Free Space | 13.05% Space Free | Partition Type: NTFS

Drive D: | 19.53 Gb Total Space | 8.26 Gb Free Space | 42.26% Space Free | Partition Type: NTFS

Drive E: | 48.83 Gb Total Space | 4.79 Gb Free Space | 9.80% Space Free | Partition Type: NTFS

Drive F: | 48.83 Gb Total Space | 7.17 Gb Free Space | 14.69% Space Free | Partition Type: NTFS

Drive G: | 48.83 Gb Total Space | 2.88 Gb Free Space | 5.91% Space Free | Partition Type: NTFS

Drive H: | 48.83 Gb Total Space | 10.16 Gb Free Space | 20.81% Space Free | Partition Type: NTFS

Drive I: | 97.65 Gb Total Space | 81.87 Gb Free Space | 83.83% Space Free | Partition Type: NTFS

Drive J: | 104.43 Gb Total Space | 66.44 Gb Free Space | 63.62% Space Free | Partition Type: NTFS

Computer Name: MICHAL-BDA264C8 | User Name: michal | Logged in as Administrator.

Cannot determine boot mode. | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 19:20:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\michal\My Documents\Downloads\OTL.com

PRC - [2012/02/18 11:09:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe

PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/20 06:52:42 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2012/02/18 11:09:11 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe

MOD - [2008/12/05 17:03:52 | 000,098,304 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/03/06 18:58:06 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2012/03/06 18:56:37 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\Temp\cscthxpa.sys -- (Micorsoft Windows Service)

DRV - [2012/02/22 18:52:07 | 000,022,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)

DRV - [2012/02/15 20:36:29 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/11/10 03:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/01/20 10:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/12/25 09:32:32 | 003,721,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)

DRV - [2008/11/04 02:21:04 | 000,083,296 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)

DRV - [2008/10/30 13:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}

IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=ab946a70-246f-46ae-be5f-73b8842c6de5&query={searchTerms}

IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchTerm...0FF%3BFORID%3A1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 11:09:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/04 23:00:11 | 000,000,000 | ---D | M]

[2012/01/14 13:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\michal\Application Data\Mozilla\Extensions

[2012/02/16 11:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\michal\Application Data\Mozilla\Firefox\Profiles\cjagtwox.default\extensions

[2012/02/16 11:37:05 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Documents and Settings\michal\Application Data\Mozilla\Firefox\Profiles\cjagtwox.default\extensions\playbryte@playbryte.com

[2012/02/18 11:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/02/18 11:09:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/02/14 22:13:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/10/03 09:14:54 | 000,184,320 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll

[2012/02/13 11:56:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/13 11:56:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [iBryte playbryte Desktop] C:\Program Files\iBryte\playbryte\ibrytedesktop.exe File not found

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background File not found

O4 - HKCU..\Run: [uebMebwn] C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\michal\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C46EABB6-C7CE-4017-B267-4FB1EBFCD250}: DhcpNameServer = 194.168.4.100 194.168.8.100

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe) - C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\michal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\michal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/01/14 12:46:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 16:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Malwarebytes

[2012/03/06 16:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/06 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/03/06 16:30:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/03/06 16:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/03/05 23:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2012/03/04 20:33:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2012/03/04 20:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw

[2012/03/03 22:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ubisoft

[2012/02/29 19:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Viykro

[2012/02/29 19:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Koegit

[2012/02/25 01:42:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/02/23 15:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\dvdcss

[2012/02/23 15:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digiarty

[2012/02/23 15:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Digiarty

[2012/02/23 15:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2012/02/23 15:07:06 | 000,045,056 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\WNASPI32.DLL

[2012/02/23 15:07:06 | 000,025,244 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS

[2012/02/23 15:07:06 | 000,005,600 | ---- | C] (Adaptec) -- C:\WINDOWS\System\WINASPI.DLL

[2012/02/23 15:07:06 | 000,004,672 | ---- | C] (Adaptec) -- C:\WINDOWS\System\WOWPOST.EXE

[2012/02/23 15:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy DVD Rip

[2012/02/21 21:01:26 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2012/02/21 21:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Start Menu\Programs\THQ

[2012/02/21 21:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AGEIA

[2012/02/21 21:00:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA

[2012/02/21 21:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies

[2012/02/21 20:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2012/02/19 22:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\My Documents\szkola

[2012/02/18 12:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Lunch Design

[2012/02/17 00:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Voekxu

[2012/02/17 00:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Gidupy

[2012/02/17 00:31:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2012/02/16 17:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Dropbox

[2012/02/16 15:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\gtk-2.0

[2012/02/16 15:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\.thumbnails

[2012/02/16 15:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\My Documents\gegl-0.0

[2012/02/16 15:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\.gimp-2.6

[2012/02/16 11:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP

[2012/02/16 11:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0

[2012/02/16 11:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\iBryte

[2012/02/16 11:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Local Settings\Application Data\iBryte

[2012/02/14 22:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\OpenOffice.org

[2012/02/14 22:15:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3

[2012/02/14 22:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2012/02/14 22:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2012/02/14 22:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/02/14 22:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012/02/14 22:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Sun

[2012/02/07 20:42:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2012/02/06 20:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Avira

[2012/02/06 20:33:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2012/02/06 20:33:13 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2012/02/06 20:33:13 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2012/02/06 20:33:13 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys

[2012/02/06 20:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012/02/06 20:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/06 19:02:29 | 000,433,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/06 19:02:29 | 000,067,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/06 18:57:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/03/06 18:56:32 | 000,097,904 | -H-- | M] () -- C:\WINDOWS\System32\UR9CxquHH

[2012/03/06 18:56:22 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job

[2012/03/06 18:55:19 | 000,097,904 | -H-- | M] () -- C:\Documents and Settings\michal\h6pByW3

[2012/03/06 16:30:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/03 18:26:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/02 07:24:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/02/25 02:26:46 | 000,011,459 | ---- | M] () -- C:\Documents and Settings\michal\.recently-used.xbel

[2012/02/25 01:36:24 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\michal\My Documents\Document.rtf

[2012/02/23 19:59:27 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\michal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/02/23 15:06:44 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy DVD Rip.lnk

[2012/02/22 18:52:07 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2012/02/21 22:35:57 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\michal\Application Data\PnkBstrK.sys

[2012/02/21 22:35:39 | 002,506,752 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe

[2012/02/21 21:01:26 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2012/02/20 23:18:38 | 000,009,672 | ---- | M] () -- C:\Documents and Settings\michal\My Documents\usprawiedliwienie.odt

[2012/02/16 17:39:47 | 001,213,103 | ---- | M] () -- C:\Documents and Settings\michal\My Documents\Park Hill.pdf

[2012/02/16 11:37:56 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk

[2012/02/15 20:36:29 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2012/02/15 12:06:56 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/02/14 22:18:14 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\michal\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

[2012/02/10 16:57:16 | 000,013,132 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2012/02/10 07:43:12 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\michal\My Documents\quiz.rtf

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 18:56:32 | 000,097,904 | -H-- | C] () -- C:\WINDOWS\System32\UR9CxquHH

[2012/03/06 18:55:17 | 000,097,904 | -H-- | C] () -- C:\Documents and Settings\michal\h6pByW3

[2012/03/06 16:30:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/25 02:26:46 | 000,011,459 | ---- | C] () -- C:\Documents and Settings\michal\.recently-used.xbel

[2012/02/25 01:36:24 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\michal\My Documents\Document.rtf

[2012/02/23 15:06:44 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy DVD Rip.lnk

[2012/02/21 22:27:04 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2012/02/21 22:27:04 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\michal\Application Data\PnkBstrK.sys

[2012/02/21 22:26:50 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2012/02/21 22:26:48 | 002,506,752 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe

[2012/02/21 22:26:48 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2012/02/21 07:40:13 | 000,009,672 | ---- | C] () -- C:\Documents and Settings\michal\My Documents\usprawiedliwienie.odt

[2012/02/16 17:39:46 | 001,213,103 | ---- | C] () -- C:\Documents and Settings\michal\My Documents\Park Hill.pdf

[2012/02/16 11:37:56 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk

[2012/02/14 22:18:14 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\michal\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

[2012/02/10 16:57:16 | 000,013,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2012/02/10 07:43:12 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\michal\My Documents\quiz.rtf

[2012/01/26 00:26:51 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\michal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/14 13:09:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2012/01/14 13:09:01 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2012/01/14 13:09:01 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2012/01/14 13:09:01 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2012/01/14 13:00:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/01/14 12:48:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/01/14 12:44:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2012/01/14 12:33:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012/01/14 12:30:58 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll

[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

========== LOP Check ==========

[2012/01/24 21:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core

[2012/01/24 21:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2012/02/23 15:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2012/02/23 15:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Application Data\Digiarty

[2012/02/17 02:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Application Data\Dropbox

[2012/02/23 22:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Application Data\Gidupy

[2012/02/25 02:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Application Data\gtk-2.0

[2012/03/03 18:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Application Data\Koegit

[2012/01/14 21:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Application Data\LolClient

[2012/01/20 23:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Application Data\Need for Speed World

[2012/02/05 18:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Application Data\Nullsoft

[2012/02/14 22:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Application Data\OpenOffice.org

[2012/03/03 14:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Application Data\Viykro

[2012/02/22 19:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Application Data\Voekxu

[2012/03/06 18:56:22 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Codec Update Service.job

========== Purity Check ==========

< End of report >

[Sevard]

No ok, możliwe, że sptd coś zamieszał.

Uruchom OTL, w oknie Własne opcje skanowania/Skrypt wklej

:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

DRV - [2012/03/06 18:56:37 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\Temp\cscthxpa.sys -- (Micorsoft Windows Service)

O4 - HKLM..\Run: [iBryte playbryte Desktop] C:\Program Files\iBryte\playbryte\ibrytedesktop.exe File not found

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe) - C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe File not found


:Files

C:\Config.Msi

C:\WINDOWS\System32\UR9CxquHH

C:\Documents and Settings\michal\h6pByW3


:Reg

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Shell"=-


:Commands

[emptytemp]

I kliknij Wykonaj skrypt.

Po zakończeniu pracy wyświetli się log, który wrzuć na forum. Poza tym wykonaj nowe skanowanie OTL i log z tego skanowania również daj na forum. Do tego daj też log extras z OTL.

Następnie wykonaj nowy skan Malwarebytes' i jeśli coś znajdzie, to pozwól mu to usunąć.

Napisz, czy to pomogło.

[Professor00179]

log po uruchomieniu skryptu (nie bylo extras):

All processes killed

========== OTL ==========

Service WDICA stopped successfully!

Service WDICA deleted successfully!

Service PDRFRAME stopped successfully!

Service PDRFRAME deleted successfully!

Service PDRELI stopped successfully!

Service PDRELI deleted successfully!

Service PDFRAME stopped successfully!

Service PDFRAME deleted successfully!

Service PDCOMP stopped successfully!

Service PDCOMP deleted successfully!

Service PCIDump stopped successfully!

Service PCIDump deleted successfully!

Service lbrtfdc stopped successfully!

Service lbrtfdc deleted successfully!

Service i2omgmt stopped successfully!

Service i2omgmt deleted successfully!

Service Changer stopped successfully!

Service Changer deleted successfully!

Service HidServ stopped successfully!

Service HidServ deleted successfully!

Service AppMgmt stopped successfully!

Service AppMgmt deleted successfully!

Service Micorsoft Windows Service stopped successfully!

Service Micorsoft Windows Service deleted successfully!

C:\WINDOWS\Temp\cscthxpa.sys moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iBryte playbryte Desktop deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe deleted successfully.

========== FILES ==========

C:\Config.Msi folder moved successfully.

C:\WINDOWS\System32\UR9CxquHH moved successfully.

File\Folder C:\Documents and Settings\michal\h6pByW3 not found.

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: michal

->Temp folder emptied: 2195270880 bytes

->Temporary Internet Files folder emptied: 7628143 bytes

->Java cache emptied: 122615 bytes

->FireFox cache emptied: 245639379 bytes

->Flash cache emptied: 38399 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2421613 bytes

%systemroot%\System32 .tmp files removed: 2939921 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 26823267 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 150366426 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 326122719 bytes

Total Files Cleaned = 2,821.00 mb

OTL by OldTimer - Version 3.2.35.1 log created on 03062012_202804

Files\Folders moved on Reboot...

File move failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6QPP2D9G\dotnetfx35setup[1].exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Log OTL po ponownym skanie (nie bylo extras):

OTL logfile created on: 3/6/2012 8:37:23 PM - Run 2

OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\michal\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 84.01% Memory free

5.09 Gb Paging File | 4.65 Gb Available in Paging File | 91.33% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 14.72 Gb Free Space | 30.15% Space Free | Partition Type: NTFS

Drive D: | 19.53 Gb Total Space | 8.44 Gb Free Space | 43.19% Space Free | Partition Type: NTFS

Drive E: | 48.83 Gb Total Space | 7.77 Gb Free Space | 15.92% Space Free | Partition Type: NTFS

Drive F: | 48.83 Gb Total Space | 8.41 Gb Free Space | 17.23% Space Free | Partition Type: NTFS

Drive G: | 48.83 Gb Total Space | 6.22 Gb Free Space | 12.73% Space Free | Partition Type: NTFS

Drive H: | 48.83 Gb Total Space | 13.80 Gb Free Space | 28.26% Space Free | Partition Type: NTFS

Drive I: | 97.65 Gb Total Space | 83.75 Gb Free Space | 85.76% Space Free | Partition Type: NTFS

Drive J: | 104.43 Gb Total Space | 75.09 Gb Free Space | 71.91% Space Free | Partition Type: NTFS

Drive K: | 564.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MICHAL-BDA264C8 | User Name: michal | Logged in as Administrator.

Cannot determine boot mode. | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 19:20:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\michal\My Documents\Downloads\OTL.com

PRC - [2012/02/18 11:09:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe

PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/14 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/18 11:09:11 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe

MOD - [2008/12/05 17:03:52 | 000,196,608 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)

========== Driver Services (SafeList) ==========

DRV - [2012/03/06 20:33:30 | 000,016,608 | ---- | M] (Windows ? 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2012/03/06 20:33:29 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\michal\Local Settings\Temp\cscthxpa.sys -- (Micorsoft Windows Service)

DRV - [2012/02/22 18:52:07 | 000,022,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)

DRV - [2012/02/15 20:36:29 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/11/10 03:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/01/20 10:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/12/25 09:32:32 | 003,721,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)

DRV - [2008/11/04 02:21:04 | 000,083,296 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)

DRV - [2008/10/30 13:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}

IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=ab946a70-246f-46ae-be5f-73b8842c6de5&query={searchTerms}

IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchTerm...0FF%3BFORID%3A1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 11:09:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/04 23:00:11 | 000,000,000 | ---D | M]

[2012/01/14 13:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\michal\Application Data\Mozilla\Extensions

[2012/02/16 11:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\michal\Application Data\Mozilla\Firefox\Profiles\cjagtwox.default\extensions

[2012/02/16 11:37:05 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Documents and Settings\michal\Application Data\Mozilla\Firefox\Profiles\cjagtwox.default\extensions\playbryte@playbryte.com

[2012/02/18 11:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/02/18 11:09:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/02/14 22:13:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/10/03 09:14:54 | 000,184,320 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll

[2012/02/13 11:56:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/13 11:56:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background File not found

O4 - HKCU..\Run: [uebMebwn] C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\michal\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C46EABB6-C7CE-4017-B267-4FB1EBFCD250}: DhcpNameServer = 194.168.4.100 194.168.8.100

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe) - C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\michal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\michal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/01/14 12:46:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/04/14 12:00:00 | 000,000,110 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 20:28:04 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/03/06 16:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Malwarebytes

[2012/03/06 16:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/06 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/03/06 16:30:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/03/06 16:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/03/05 23:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2012/03/04 20:33:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

EDIT: Windows dziala juz w miare normalnie, moglem odpalic system w normalnym trybie i nie wyskoczyl zaden wirus. Komputer jeszcze troche muli, nadal mam pare smieci. Wiekszym problemem wydaje sie byc komunikat "minimum virtual memory too low", o co chodzi?

[Sevard]

Sprawdź ustawienia pamięci wirtualnej (Kliknij prawym przyciskiem myszy ikonę Mój komputer > Właściwości. Na karcie Zaawansowane kliknij Ustawienia w polu Wydajność. W oknie, które się pojawi wybierz kartę Zaawansowane i kliknij przycisk Zmień w polu Pamięć wirtualna).

A wracając do szkodników:

1. Ponownie przeskanuj system programem Malwarebytes' Anti-Malware (tym razem w trybie normalnym) i wrzuć na forum loga, jeśli jeszcze coś znajdzie.

2. Przeskanuj kompa programem Dr.Web CureIt! i napisz, czy coś znalazł.

3. Sprawdź system programem TDSSKiller. Na razie nie pozwalaj mu nic naprawiać, niech po prostu sprawdzi system. Po zakończeniu procesu powstanie log, który wrzuć na forum.

[Professor00179]

Przede wszystki,. przepraszam za brak jakiegokolwiek kontaktu. Bylem bardzo zajety, wiec zdecydowalem sie pracowac na komputerze w aktualnym stanie (dziala wiec nie jest zle).

Przeskanowalem komputer Dr Webem i znalazl 5 virusow. Wszystkie usunalem.

Aktualnie skanuje komputer TDSSKillerem, a skan z malewarebytes jest ponizej:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.16.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

michal :: MICHAL-BDA264C8 [administrator]

Protection: Enabled

3/16/2012 7:40:44 PM

mbam-log-2012-03-16 (19-40-44).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 167570

Time elapsed: 2 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 14

HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 4

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;á?z?;XA?0öm?Á? -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.

(end)

EDIT: Skan TDSSKillera nie wykryl niczego, przeskanowal okolo 200 obiektow i nie znalazl zadnych nieprawidlowosci. Nie bardzo wiem jak wkleic report, bo nie moge go otworzyc w text document.

[Sevard]

Ok, Malwarebytes' teraz wyczyścił to co miał wyczyścić.

Daj nowy log z OTL to zobaczę, czy coś się nie odtwarza.

[Professor00179]

Raport OTL:

OTL logfile created on: 3/16/2012 9:12:22 PM - Run 3

OTL by OldTimer - Version 3.2.37.1 Folder = C:\Documents and Settings\michal\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.35% Memory free

5.09 Gb Paging File | 4.13 Gb Available in Paging File | 81.08% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 10.55 Gb Free Space | 21.60% Space Free | Partition Type: NTFS

Drive D: | 19.53 Gb Total Space | 8.42 Gb Free Space | 43.12% Space Free | Partition Type: NTFS

Drive E: | 48.83 Gb Total Space | 7.57 Gb Free Space | 15.51% Space Free | Partition Type: NTFS

Drive F: | 48.83 Gb Total Space | 8.33 Gb Free Space | 17.06% Space Free | Partition Type: NTFS

Drive G: | 48.83 Gb Total Space | 5.92 Gb Free Space | 12.13% Space Free | Partition Type: NTFS

Drive H: | 48.83 Gb Total Space | 13.23 Gb Free Space | 27.09% Space Free | Partition Type: NTFS

Drive I: | 97.65 Gb Total Space | 83.76 Gb Free Space | 85.77% Space Free | Partition Type: NTFS

Drive J: | 104.43 Gb Total Space | 71.72 Gb Free Space | 68.68% Space Free | Partition Type: NTFS

Computer Name: MICHAL-BDA264C8 | User Name: michal | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/16 21:11:01 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\michal\My Documents\Downloads\OTL.com

PRC - [2012/03/16 19:53:58 | 003,089,488 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe

PRC - [2012/03/16 19:52:55 | 002,564,608 | ---- | M] () -- C:\Documents and Settings\michal\My Documents\Downloads\LeagueofLegends.exe

PRC - [2012/02/18 11:09:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/16 19:53:58 | 003,089,488 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe

MOD - [2012/03/16 19:52:55 | 002,564,608 | ---- | M] () -- C:\Documents and Settings\michal\My Documents\Downloads\LeagueofLegends.exe

MOD - [2012/02/20 06:52:42 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2012/02/18 11:09:11 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2009/08/11 19:19:04 | 000,797,184 | ---- | M] () -- C:\Program Files\XP Codec Pack\filters\ac3filter.ax

MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)

========== Driver Services (SafeList) ==========

DRV - [2012/03/16 19:43:56 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\jgjd.sys -- (mvlpao)

DRV - [2012/03/16 16:21:48 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2012/02/22 18:52:07 | 000,022,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)

DRV - [2012/02/15 20:36:29 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/11/10 03:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/01/20 10:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/12/25 09:32:32 | 003,721,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)

DRV - [2008/11/04 02:21:04 | 000,083,296 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)

DRV - [2008/10/30 13:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}

IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=ab946a70-246f-46ae-be5f-73b8842c6de5&query={searchTerms}

IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchTerm...0FF%3BFORID%3A1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 11:09:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/16 16:28:10 | 000,000,000 | ---D | M]

[2012/01/14 13:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\michal\Application Data\Mozilla\Extensions

[2012/02/16 11:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\michal\Application Data\Mozilla\Firefox\Profiles\cjagtwox.default\extensions

[2012/02/16 11:37:05 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Documents and Settings\michal\Application Data\Mozilla\Firefox\Profiles\cjagtwox.default\extensions\playbryte@playbryte.com

[2012/02/18 11:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/02/18 11:09:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/02/14 22:13:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/13 11:56:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/13 11:56:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File not found

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background File not found

O4 - HKCU..\Run: [uebMebwn] C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe File not found

O4 - Startup: C:\Documents and Settings\michal\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C46EABB6-C7CE-4017-B267-4FB1EBFCD250}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe) - File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\michal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\michal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/01/14 12:46:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/16 19:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Local Settings\Application Data\PMB Files

[2012/03/16 19:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2012/03/16 19:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks

[2012/03/16 19:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Start Menu\Programs\WinRAR

[2012/03/16 19:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR

[2012/03/16 19:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\DoctorWeb

[2012/03/12 05:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software

[2012/03/09 21:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Start Menu\Programs\BadCopy Pro

[2012/03/06 20:28:04 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/03/06 16:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Malwarebytes

[2012/03/06 16:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/06 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/03/06 16:30:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/03/06 16:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/03/05 23:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2012/03/04 20:33:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2012/03/04 20:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw

[2012/03/03 22:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ubisoft

[2012/02/29 19:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Viykro

[2012/02/29 19:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Koegit

[2012/02/23 15:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\dvdcss

[2012/02/23 15:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digiarty

[2012/02/23 15:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Digiarty

[2012/02/23 15:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2012/02/23 15:07:06 | 000,045,056 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\WNASPI32.DLL

[2012/02/23 15:07:06 | 000,025,244 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS

[2012/02/23 15:07:06 | 000,005,600 | ---- | C] (Adaptec) -- C:\WINDOWS\System\WINASPI.DLL

[2012/02/23 15:07:06 | 000,004,672 | ---- | C] (Adaptec) -- C:\WINDOWS\System\WOWPOST.EXE

[2012/02/23 15:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy DVD Rip

[2012/02/21 21:01:26 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2012/02/21 21:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Start Menu\Programs\THQ

[2012/02/21 21:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AGEIA

[2012/02/21 21:00:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA

[2012/02/21 21:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies

[2012/02/21 20:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2012/02/19 22:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\My Documents\szkola

[2012/02/18 12:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Lunch Design

[2012/02/17 00:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Voekxu

[2012/02/17 00:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Gidupy

[2012/02/17 00:31:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2012/02/16 17:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\Dropbox

[2012/02/16 15:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Application Data\gtk-2.0

[2012/02/16 15:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\.thumbnails

[2012/02/16 15:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\My Documents\gegl-0.0

[2012/02/16 15:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\.gimp-2.6

[2012/02/16 11:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP

[2012/02/16 11:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0

[2012/02/16 11:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\iBryte

[2012/02/16 11:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Local Settings\Application Data\iBryte

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/16 19:43:56 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\jgjd.sys

[2012/03/16 19:33:17 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job

[2012/03/16 19:12:45 | 000,433,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/16 19:12:45 | 000,067,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/16 19:08:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/03/16 19:05:19 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\kqckglq.sys

[2012/03/16 16:21:48 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys

[2012/03/16 07:17:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/12 07:18:10 | 000,018,002 | ---- | M] () -- C:\Documents and Settings\michal\.recently-used.xbel

[2012/03/10 06:53:11 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\michal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/03/06 16:30:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/02 07:24:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/02/25 01:36:24 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\michal\My Documents\Document.rtf

[2012/02/23 15:06:44 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy DVD Rip.lnk

[2012/02/22 18:52:07 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2012/02/21 22:35:57 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\michal\Application Data\PnkBstrK.sys

[2012/02/21 22:35:39 | 002,506,752 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe

[2012/02/21 21:01:26 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2012/02/20 23:18:38 | 000,009,672 | ---- | M] () -- C:\Documents and Settings\michal\My Documents\usprawiedliwienie.odt

[2012/02/20 06:52:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012/02/16 17:39:47 | 001,213,103 | ---- | M] () -- C:\Documents and Settings\michal\My Documents\Park Hill.pdf

[2012/02/16 11:37:56 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/16 19:43:56 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jgjd.sys

[2012/03/16 19:05:19 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\kqckglq.sys

[2012/03/12 07:18:10 | 000,018,002 | ---- | C] () -- C:\Documents and Settings\michal\.recently-used.xbel

[2012/03/06 16:30:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/25 01:36:24 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\michal\My Documents\Document.rtf

[2012/02/23 15:06:44 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy DVD Rip.lnk

[2012/02/21 22:27:04 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2012/02/21 22:27:04 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\michal\Application Data\PnkBstrK.sys

[2012/02/21 22:26:50 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2012/02/21 22:26:48 | 002,506,752 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe

[2012/02/21 22:26:48 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2012/02/21 07:40:13 | 000,009,672 | ---- | C] () -- C:\Documents and Settings\michal\My Documents\usprawiedliwienie.odt

[2012/02/16 17:39:46 | 001,213,103 | ---- | C] () -- C:\Documents and Settings\michal\My Documents\Park Hill.pdf

[2012/02/16 11:37:56 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk

[2012/02/10 16:57:16 | 000,013,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2012/01/26 00:26:51 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\michal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/14 13:09:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2012/01/14 13:09:01 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2012/01/14 13:09:01 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2012/01/14 13:09:01 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2012/01/14 13:00:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/01/14 12:48:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/01/14 12:44:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2012/01/14 12:33:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012/01/14 12:30:58 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll

[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

< End of report >

[Sevard]

Uruchom OTL, w oknie Własne opcje skanowania/Skrypt wklej

:OTL

O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File not found

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background File not found

O4 - HKCU..\Run: [UebMebwn] C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe File not found

O4 - Startup: C:\Documents and Settings\michal\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found

O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\michal\Local Settings\Application Data\mbjatbnw\uebmebwn.exe) - File not found

DRV - [2012/03/16 19:43:56 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\jgjd.sys -- (mvlpao)


:Files

[2012/03/16 19:05:19 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\kqckglq.sys


:Commands

[emptytemp]

I kliknij Wykonaj skrypt. Wrzuć na forum log, który powstanie po zakończeniu wykonywania skryptu oraz nowy log z OTL.